Spoofing Nintendo's Update Server

Discussion in 'Wii U - Hacking & Backup Loaders' started by gamax92, Dec 2, 2012.

Thread Status:
Not open for further replies.
Dec 2, 2012

Spoofing Nintendo's Update Server by gamax92 at 9:25 PM (10,354 Views / 0 Likes) 9 replies

  1. gamax92
    OP

    Newcomer gamax92 Newbie

    Joined:
    Nov 25, 2012
    Messages:
    7
    Country:
    United States
    I'm just wondering, technically if you have a dns server program and a file server, you could have the Wii U Download content from your server instead of their servers.

    All of the Nintendo Servers I've seen (3DS, Wii) seem to be simple HTTP servers, so it shouldn't be too hard to set one up.

    Would there be any real usage of this server spoofing or is it just not worth it at this time.
     
  2. Cyan

    Global Moderator Cyan GBATemp's lurking knight

    Joined:
    Oct 27, 2002
    Messages:
    16,402
    Location:
    Engine room, learning
    Country:
    France
    The connection is established first as secure.
    Then the transfer is not secure and use only HTTP.

    start log of European WiiU update
    the eshop is secure, but the NUS server is not.

    Spoofing it will have which purpose?
    It require encrypted/signed files, so you can't replace links with your own files, and not even with someone else's files (different signature).
    if you replace a file by another one or from another region, you risk a brick (unless there's a checksum and the file is downloaded again)


    But maybe I don't see the purpose of doing it for the moment.
    I know 3DS is doing it to bypass Video's region lock. Is there the same thing on wiiU?
     
  3. gamax92
    OP

    Newcomer gamax92 Newbie

    Joined:
    Nov 25, 2012
    Messages:
    7
    Country:
    United States
    Ahh I though that the files on the shop were encrypted, i guess spoofing at this time won't serve any point at this moment unless it can be tricked.
     
  4. Rydian

    Member Rydian Resident Furvertâ„¢

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    Even if you could get the Wii U to download files from your PC instead of Nintendo's servers... what would be the use?

    You'd still need to actually make and encrypt+sign Wii U software that loads other programs and junk.
     
  5. sychotix

    Newcomer sychotix Advanced Member

    Joined:
    Jul 26, 2011
    Messages:
    64
    Country:
    United States
    I could possibly see there being a use of installing already signed content, as long as it isn't encrypted in the transfer as well.

    I.E. tell your 3DS to download a free app. Modify the download location to either be that of a different game in the eshop, or one you host yourself. Would the 3DS even notice the difference? Maybe.
     
  6. joka

    Newcomer joka Newbie

    Joined:
    Feb 13, 2007
    Messages:
    5
    Country:
    United States
    Hi, not really related, but have you tried sniffing packets in Miiverse? Particularly interested if there's any plaintext packets when viewing stuff like the activity log. Would check myself but no Wii U here so I'd appreciate it!
     
  7. SifJar

    Member SifJar Not a pirate

    Joined:
    Apr 4, 2009
    Messages:
    6,022
    Country:
    United Kingdom
    If you read the thread, you would have seen that e-shop is secure (i.e. uses HTTPS I think), but NUS is not. In other words, this could only work for updates, not e-shop content. (Unless you find a way to create a site certificate that the console would accept i.e. one signed with Nintendo's private keys).
     
  8. Supercool330

    Member Supercool330 GBAtemp Advanced Fan

    Joined:
    Sep 28, 2008
    Messages:
    659
    Country:
    United States
    Still, the Wii U will only install properly signed content with the proper TMD, so it isn't like you could use this to install anything differently. The only thing you could use this for is to set up a personal mirror of NUS or something.
     
  9. FierceDeity_

    Newcomer FierceDeity_ Newbie

    Joined:
    Nov 21, 2012
    Messages:
    7
    Country:
    Germany
    Actually it would rock for the people who have a REAL crappy internet connection. Give them a USB with the files, set up a web server, etc, so they can pull the update.
     
  10. thatmarksguy

    Newcomer thatmarksguy Newbie

    Joined:
    Dec 8, 2012
    Messages:
    1
    Country:
    Puerto Rico
    I've been monitoring packets with wireshark on the Wii U while in Miiverse. Here is what I have so far:

    1 - All comunication with Miiverse is encrypted.
    2 - Its https based. At this point I can only asume Miiverse comunicates with Nintendo through some REST api but without decrypting the requests I can't know. Only caught glimpses at certain IPs,URLs and headers.
    3 - I tried to do a man in the middle attack. At first I noticed the Wii U was using a Diffie Helman key exchange so just listening in the handshake and requests wouldn't work.
    4 - Moved on to proxy software that performs MitM attacks by spoofing the key exchanges. I noticed the Wii started using RSA style handshake instead of DHE.
    5 - This would have worked but when the Wii U communicates with the proxy, it notices that the SSL certificate that is issued by the proxy software cannot be verified by a Certificate Authority so it errors out and doesn't connect to Miiverse (and I can only asume this is the case cause the error number is not informative).
    6 - The Wii U connects to https://account.nintendo.net/ for logging in your Nintendo Network account on the Wii U. The certificate authority is Nintendo itself.
    7 - We can assume that the Wii U has installed Nintendo as a trusted CA and therefore won't complain when connecting directly to them with a certificate issued by them.
    8 - At this point we start talking about spoofing the Certificate Authority but I think this might not be possible as we can't install trusted root CAs on the Wii U.
    9 - This is all I have so far and I'm going crazy.


    Honestly I would like to reverse engineer the Miiverse and maybe be able to write some sort of client and API. But I'm not sure how to go on from here. I would love to have some help if possible. If I can see the plain text communication developing an API wont be so hard.
     
    H0neyBadger, joka and Cyan like this.
  11. Kafke
    This message by Kafke has been removed from public view by FIX94, Jan 25, 2015, Reason: ....
    Jan 25, 2015
  12. Kafke
    This message by Kafke has been removed from public view by FIX94, Jan 25, 2015, Reason: ....
    Jan 25, 2015
Thread Status:
Not open for further replies.

Share This Page