"Nintendo Proxy" it's possible?

Discussion in '3DS - Flashcards & Custom Firmwares' started by Falkiner, Feb 4, 2016.

  1. Falkiner
    OP

    Falkiner Advanced Member

    Newcomer
    78
    15
    Mar 16, 2013
    Brazil
    On the Vita scene we have a program called "PS3.ProxyServer" that we can use to redirect the console update to a file on your computer, so we can update to whatever version we want (it's not possible to downgrade this way).

    I really don't have any idea of how the Nintendo Update works, but this can be possible? On Sony consoles we have just have a single file, so it's easy to redirect the update, on 3DS we have a bunch of CIA files I don't know if when the console update all those CIA are downloaded or just one file...

    Like, if someone soft-brick their console trying to downgrade it will need to restore, the system will restore, but when connected to the proxy it will download the 10.3 update files, so we can avoid users from going to 10.5.

    What you guys think?
     
  2. einhuman197

    einhuman197 GBAtemp Advanced Fan

    Member
    968
    361
    Aug 17, 2015
    Germany
    Inside your bootloader (´◉◞౪◟◉)
    Will only work on <9.2.
     
  3. mashers

    mashers Stubborn ape

    Member
    3,837
    5,157
    Jun 10, 2015
    Kongo Jungle
    Redirecting the updater server would be fairly trivial - a case of setting up a DNS server which resolved the updater server host names to IP addresses on the local network. The more difficult part would be to establish which files are downloaded from the server and in which format. Running some kind of sniffer on the network should reveal what is being sent and received. Hopefully it's just HTTP traffic so you could then host the files on a web server yourself, redirect the hosts using a DNS server, and have your web server serve the 10.3 update files. However, something tells me Nintendo wouldn't make it so easy and that the update server probably uses a non-standard protocol. Sniffing what is being sent and received would reveal this, but it would then be a case of working out the protocol and possibly making a custom server which conforms to this protocol in order to have it interact with the 3DS.

    Why? OP is talking about tricking the 3DS recovery mode into downloading the recovery files from a different server so you get the 10.3 CIAs instead of 10.5 (or whatever is the latest version at the time). I see no reason why 9.2 would be needed for that.
     
    einhuman197 and Voxel like this.
  4. einhuman197

    einhuman197 GBAtemp Advanced Fan

    Member
    968
    361
    Aug 17, 2015
    Germany
    Inside your bootloader (´◉◞౪◟◉)
    My mistake. I'm sorry
     
  5. ihaveamac

    ihaveamac GBAtemp Guru

    Member
    5,510
    6,105
    Apr 20, 2015
    United States
    Tigard, OR
    based on this guide for 8.1.0-0J to 9.2.0-20J (New3DS), the update server probably uses HTTPS.

    https://gbatemp.net/threads/guide-upgrading-8-1-0-0j-to-9-2-0-20j.384960/
     
    Falkiner likes this.
  6. mashers

    mashers Stubborn ape

    Member
    3,837
    5,157
    Jun 10, 2015
    Kongo Jungle
  7. ihaveamac

    ihaveamac GBAtemp Guru

    Member
    5,510
    6,105
    Apr 20, 2015
    United States
    Tigard, OR
    probably not unfortunately. "NTR CFW" isn't really a custom firmware like ReiNand or rxTools, but still requires kexpoits to get around the HTTPS thing.
     
  8. mashers

    mashers Stubborn ape

    Member
    3,837
    5,157
    Jun 10, 2015
    Kongo Jungle
    Also it won't help if the 3DS is softbricked anyway ;) I don't really understand the tutorial you linked to, but from what I can tell the changes made in NTR CFW are designed to make the NIM module communicate with a different server. Could this not be achieved using a custom DNS solution instead?
     
  9. ihaveamac

    ihaveamac GBAtemp Guru

    Member
    5,510
    6,105
    Apr 20, 2015
    United States
    Tigard, OR
    sure, but it still uses HTTPS and you can't really get around that without forcing the software to not use HTTPS I think.

    the reason tubehax worked is because the YouTube application didn't connect to youtube.com over a secure connection. updates do that however. if not, we'd have a super easy and safe way to get to 9.2 that isn't using sysUpdater. :(
     
  10. mashers

    mashers Stubborn ape

    Member
    3,837
    5,157
    Jun 10, 2015
    Kongo Jungle
    So is the problem with getting it to authenticate with the server over https?
     
  11. ihaveamac

    ihaveamac GBAtemp Guru

    Member
    5,510
    6,105
    Apr 20, 2015
    United States
    Tigard, OR
    pretty much, that's how HTTPS makes it secure
     
  12. mashers

    mashers Stubborn ape

    Member
    3,837
    5,157
    Jun 10, 2015
    Kongo Jungle
    But doesn't the server specify the authentication parameters? Or couldn't we used a hacked https server which allows open access and authenticates any credentials!
     
  13. ihaveamac

    ihaveamac GBAtemp Guru

    Member
    5,510
    6,105
    Apr 20, 2015
    United States
    Tigard, OR
    I don't think it works like that, unfortunately.

    let's take for example, YouTube again. if the YouTube app connected to youtube.com using HTTPS, the certificate would probably be invalid if we tried to redirect youtube.com to a different server. that same thing would happen if we redirected the update URLs to a different server.
     
  14. Rusb

    Rusb GBAtemp Regular

    Member
    138
    56
    Apr 17, 2014
  15. Arubaro

    Arubaro Soulspace Guardian

    Member
    1,669
    470
    Sep 4, 2015