Hacking Own wii u update server

[matgut10]

I have a wii u firmware version 5.2.0 and I want to update to 5.3.2
I know that is possible update to 5.3.2 through discs update, but I was just wondering if is possible create a proxy server to read the packets of communication between wii u and nintendo's update server and somehow download the update that I want and then make the wii u update through my "server" masked as nintendo's server.

All of the Nintendo Servers I've seen (3DS, Wii) seem to be simple HTTP servers, so it shouldn't be too hard to set one up.

What you guys think? Is it possible?

 

[TinyRick]

Simple answer: No.

 

[Uwabami]

No - reason:

https://en.wikipedia.org/wiki/Transport_Layer_Security

 

[matgut10]

hmm, got it. How about if I sniff the connection between the console and the server and limit the download to only 5.3.2, and lock the connection between the server when it goes to the following update?

 

[TinyRick]

I'm not sure if I can make the answer any simpler... Let's see.... N...o...

 

[Uwabami]

Have you read the article? Every manipulation to the data will make the signature fail. You would need Nintendo's private key to counter that (snowballs chance in hell) or alternatively, swap it with you own root certificate, which would require IOS level access - so also not possible yet.

 

[matgut10]

People here sound very aggressive. @aaronhong13 I just have some doubts, in cause of you think you know all, please just don't answer or try to be polite, in any case I use my rudeness so I wait the same.

http://wololo.net/2013/12/05/howto-use-a-proxy-server-with-your-ps4-to-sniff-psn-traffic-skfu-pr0xy/

I say all this cause I've read this article above, so it's possible to sniff ps4 update server and even find the file list of ps4.

Is it different for nintendo?

 

[Uwabami]

No, but you can't make the WiiU download another update because you would need to change the (signed) replies of Nintendo's server. You can't do that for the reasons stated in the linked article.

Also: sniffing traffic != changing traffic

 

[lefthandsword]

What interests my is how would the Wii U reacts when it fails to establish a SSL connection (too lazy to setup charlies to test)

 

[TinyRick]

Do you not know how basic encryption works? If you could somehow get your Wii-U to download files from your PC (server, MAC, whatever the hell you have), how are you going to get your machine to encrypt/sign the package so that your Wii-U will actually load it? Are you just going to just crack Nintendo's private key? If so go ahead... Using all the computing power in the world would still take you more then a couple lifetimes to actually 'crack' using brute-force. Depending on the type of encryption it may take longer than the Sun's estimated lifetime. As Uasbami stated, sniffing traffic != (that means does not equal) changing traffic. If you were to change the traffic you would invalidate the signature. If you crack the private key though please do share with the community as I'm sure the people here would be grateful and we would be able to do a whole lot more (like signing our own packages).

 

[Uwabami]

What interests my is how would the Wii U reacts when it fails to establish a SSL connection (too lazy to setup charlies to test)

Your first idea (before you edited it) was pretty good, but sadly, old replies are not valid in a new connection (good thinking, though). You probably noticed that yourself.

The connection would fail, as the signature would be invalid. Nintendo is bad with security, but not that bad.

 

[Evilengine]

buying a used 5.3.2 game should always be cheaper, than spending hours informing about manipulating official updates ^^ you can sell the game after...