SSL Stripping?

Discussion in '3DS - ROM Hacking, Translations and Utilities' started by gudenau, Sep 19, 2015.

  1. gudenau
    OP

    gudenau Largely ignored

    Member
    GBAtemp Patron
    gudenau is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    3,300
    1,253
    Jul 7, 2010
    United States
    /dev/random
    Is there a public way to strip the SSL of all of the 3DS internet connections? I think it would be useful to strip the SSL layer and create a proxy on a PC to dump the internet traffic and re-add the SSL with the keys on the 3DS; this would make it look like a normal 3DS to Ninty and allow us to reverse the protocols at the same time.
     
  2. Twilight Princess

    Twilight Princess Newbie

    Newcomer
    3
    0
    Sep 19, 2015
    SSL strip doesn't work because the server only responds to https requests, the best way to see the transparent content is by intercepting the traffic, you can use wireshark or burpsuite for this with a self-signed certificate, though, I'm not sure if the 3DS requires a valid certificate to connect, and either way, what you want to accomplish with this?...
     
  3. shinyquagsire23

    shinyquagsire23 SALT/Sm4sh Leak Guy

    Member
    1,966
    3,249
    Nov 18, 2012
    United States
    Las Vegas
    It's definitely possible, but creating a modified SSL module with another cert injected into it is difficult to recover from if done incorrectly, and current CFWs don't have easy ways of restoring a proper copy in the event that you're locked out of launching apps from the menu.
     
  4. gudenau
    OP

    gudenau Largely ignored

    Member
    GBAtemp Patron
    gudenau is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    3,300
    1,253
    Jul 7, 2010
    United States
    /dev/random
    Which is why I think we could dump the 3DS certs and add the SSL layer on the PC, so we do not need to change the certs on the 3DS.

    — Posts automatically merged - Please don't double post! —

    Hrm, this could be usefull...
     
  5. Suiginou

    Suiginou (null)

    Member
    565
    588
    Jun 26, 2012
    Gambia, The
    pc + 8
    Dumping and decrypting the cert is already possible.

    *useful

    Nope. If you're removing the SSL layer, there won't be any CA in the first place anymore.

    What it can do is add a trusted cert to one connection; so instead of removing SSL entirely, you could instead hijack DNS, redirect requests to your own server for which you have a valid CA and individual certs per-domain signed by the CA. Then you'd need to make the ssl module call do what AddTrustedRootCert does whenever it's accessing your hijacked domain/IP before trying to connect.

    Alternative solution: Edit the exefs of the process/module you want to inspect and install that; pretty much everywhere, they're URLs in the form of https://addr/, where you can just replace https with http and the code usually figures out how to deal with it. Remember to add padding at the end of the string to keep offsets the same. Then you'll need a piece of code on your server that proxies the connection to the Nintendo servers, with ClCertA if needed.