1. Deleted User

    OP Deleted User Newbie

    Since I've been sitting on some of this for some time, I decided that it might be better if people who want to work more help with this.

    If you don't know what MITMing is, please don't ask; this is for people who know what to do.
    You can potentially brick with this if you mess up the SSL module - If you are enough of an idiot to do this, here is my guide to unbrick.

    Requirements
    • Charles Proxy or some other proxy with SSL MITM support, aswell as client certificate support. (Fiddler would work however I've personally had issues with it)
    • WUPServer with sys perms (Mocha CFW works, CBHC doesn't if I recall correctly)
    • The Nintendo Wii U Client Certificate - this can be obtained via Arian Kordi's website at https://ariankordi.net/cert
    Steps (These have been written for Charles Proxy, but should work with tweaks on other proxies)
    1. Download the Client Certificate, and optionally install Nintendo's Server Certificates.
    2. Open Charles Proxy, go to SSL Proxy; add *.nintendo.net port 443 to the domains to MITM.
    3. Add Wii U's common cert for client for *.nintendo.net port 443
    4. Enable HTTP proxy, but disable Browser and OS proxying
    5. Go to SSL proxy; export as a BINARY CERTIFICATE.
    6. Open WUPServer and run the command:
      Code:
      w.up("FILENAMEOFCERT.der", "/vol/storage_mlc01/sys/title/0005001b/10054000/content/scerts/CACERT_NINTENDO_CA_G3.der")
    7. Reboot your Wii U (or just go to System Settings and back)
    8. Connect your Wii U to the proxy, and test!
    A few notes:
    • Regular SSL without the proxy will no longer work for anything that uses the certificate you replaced.
    • Not all services use that one SSL certificate and thus not all services will work; at a later date (or if someone informs me) I can add a list of what services use what CA.
     
    Last edited Jul 18, 2017
  2. iAqua

    iAqua
    Member

    Joined:
    Dec 7, 2015
    Messages:
    2,848
    Country:
    United Kingdom
    oh my god I love you.

    btw the only reason no one responded is because you said if they don't know what mitm is they shouldn't respond.
     
    Last edited by iAqua, Jul 18, 2017
  3. Deleted User

    OP Deleted User Newbie

    xox gossip girl
     
    Anonymous456 and iAqua like this.
  4. Elveman

    Elveman B9S Shitpost Race Smogonite
    Member

    Joined:
    Feb 1, 2015
    Messages:
    453
    Country:
    Russia
    So... can this be our first step to custom Wii U servers (like altwfc)?
     
    Deleted User likes this.
  5. BullyWiiPlaza

    BullyWiiPlaza Nintendo Hacking <3
    Member

    Joined:
    Aug 2, 2014
    Messages:
    1,932
    Country:
    Germany
    Yeah
     
    Anonymous456 and Masterwin like this.
  6. povlur.

    povlur. GBAtemp Regular
    Member

    Joined:
    Aug 1, 2016
    Messages:
    111
    Country:
    Canada
    holy shit im so happy
     
  7. VinLark

    VinLark This Machine Used To Kill Bourgeois Sentimentality
    Member

    Joined:
    Jun 11, 2016
    Messages:
    4,347
    Country:
    United States
    I'm going to guess MITM means Man in the Middle Attack?

    Pretty cool. Life comes at you fast. This works on latest FW?
     
    Anonymous456 and Deleted User like this.
  8. Deleted User

    OP Deleted User Newbie

    Yes, Man In The Middle, that allows SSL interception.
    It should work fine on latest FW, I've used it with 5.5.1 and the SSL module hasn't changed..
     
  9. Deleted User

    OP Deleted User Newbie

    Very good stuff! Thanks for posting it, I'll for sure have some fun with this.
     
    Deleted User likes this.
  10. tunip3

    tunip3 [debugger active]
    Banned

    Joined:
    Oct 31, 2016
    Messages:
    1,675
    Country:
    United Kingdom
    which certificates is it
     
  11. Deleted User

    OP Deleted User Newbie

    Define "which certificate"? You replace the certificate Nintendo CA - G3. You need Cafe's Common Client Cert, which you can get from Arian's site.
     
    iAqua likes this.
  12. tunip3

    tunip3 [debugger active]
    Banned

    Joined:
    Oct 31, 2016
    Messages:
    1,675
    Country:
    United Kingdom
    so wiiu common prod 1
     
    Deleted User likes this.
  13. Deleted User

    OP Deleted User Newbie

    Yes.
     
  14. ariankordi

    ariankordi GBAtemp Fan
    Member

    Joined:
    Oct 25, 2014
    Messages:
    392
    Country:
    United States
    And the servers. Nintendo doesn't just have, like, 3 servers this time, and the account OAuth2 server is, well, OAuth2, but also way more complicated than anything Nintendo has done before (aside from e-commerce crypto maybe?) and also games will want their own servers, like Mario Kart TV stuff, and Splatoon wants to upload player + battle statistics after every match for SplatNet (by the way, more data than what EVEN SplatNet 2 shows is sent, so we could make a pretty sick SplatNet "Plus" server if we get to it).

    But, we can try. I think we can do it, with the power of the homebrew community.

    One of my ideas for integrating custom servers onto the Wii U is to either use a custom memory patcher that detects EVERYTHING and also patches EVERYTHING on the fly, OR to have a proxy that will use the custom servers for the system automatically only requiring the SSL setup of course, then we can make everyone use Let's Encrypt or something.
    I don't know.
     
    Deleted User likes this.
  15. Anonymous456

    Anonymous456 GBAtemp Regular
    Member

    Joined:
    Jan 11, 2017
    Messages:
    130
    Country:
    United States
    I don't understand how to do this.
     
  16. GRAnimated

    GRAnimated Advanced Member
    Newcomer

    Joined:
    Jan 9, 2017
    Messages:
    68
    Country:
    United States
    Hey, so I followed the entire guide, but unfortunately I was unable to get it working (done on RedNAND). Whenever my Wii U uses an online service, proxy or no proxy connected, it errors.
     
  17. iAqua

    iAqua
    Member

    Joined:
    Dec 7, 2015
    Messages:
    2,848
    Country:
    United Kingdom
    Just noting that me and @GRAnimated did solve this problem, but here's some troubleshooting tips for anyone experiencing issues.
    • make sure you're exporting your certificate as a .der not a .cer
    • ensure all your urls are enabled for ssl proxying
    • also make sure you have the wii u client certificate in the ssl proxying settings too.
    if anyone else is having problems with this you can contact me on discord at (aqua#6063)
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - connections,