Toggle sidebar

ROM Hack SSL Stripping?

  • Thread starter Thread starter gudenau
  • Start date Start date
  • Views Views 1,605
  • Replies Replies 4
gudenau

gudenau

Largely ignored
Member
Level 18
Joined
Jul 7, 2010
Messages
4,111
Reaction score
4,456
Trophies
2
Location
/dev/random
Website
www.gudenau.net
XP
7,779
Country
United States
Is there a public way to strip the SSL of all of the 3DS internet connections? I think it would be useful to strip the SSL layer and create a proxy on a PC to dump the internet traffic and re-add the SSL with the keys on the 3DS; this would make it look like a normal 3DS to Ninty and allow us to reverse the protocols at the same time.
 
SSL strip doesn't work because the server only responds to https requests, the best way to see the transparent content is by intercepting the traffic, you can use wireshark or burpsuite for this with a self-signed certificate, though, I'm not sure if the 3DS requires a valid certificate to connect, and either way, what you want to accomplish with this?...
 
It's definitely possible, but creating a modified SSL module with another cert injected into it is difficult to recover from if done incorrectly, and current CFWs don't have easy ways of restoring a proper copy in the event that you're locked out of launching apps from the menu.
 
Twilight Princess said:
SSL strip doesn't work because the server only responds to https requests, the best way to see the transparent content is by intercepting the traffic, you can use wireshark or burpsuite for this with a self-signed certificate, though, I'm not sure if the 3DS requires a valid certificate to connect, and either way, what you want to accomplish with this?...
Click to expand...

shinyquagsire23 said:
It's definitely possible, but creating a modified SSL module with another cert injected into it is difficult to recover from if done incorrectly, and current CFWs don't have easy ways of restoring a proper copy in the event that you're locked out of launching apps from the menu.
Click to expand...

Which is why I think we could dump the 3DS certs and add the SSL layer on the PC, so we do not need to change the certs on the 3DS.

--------------------- MERGED ---------------------------

Hrm, this could be usefull...
 
gudenaurock said:
Which is why I think we could dump the 3DS certs and add the SSL layer on the PC, so we do not need to change the certs on the 3DS.
Click to expand...

Dumping and decrypting the cert is already possible.

Hrm, this could be usefull...
Click to expand...

*useful

Nope. If you're removing the SSL layer, there won't be any CA in the first place anymore.

What it can do is add a trusted cert to one connection; so instead of removing SSL entirely, you could instead hijack DNS, redirect requests to your own server for which you have a valid CA and individual certs per-domain signed by the CA. Then you'd need to make the ssl module call do what AddTrustedRootCert does whenever it's accessing your hijacked domain/IP before trying to connect.

Alternative solution: Edit the exefs of the process/module you want to inspect and install that; pretty much everywhere, they're URLs in the form of https://addr/, where you can just replace https with http and the code usually figures out how to deal with it. Remember to add padding at the end of the string to keep offsets the same. Then you'll need a piece of code on your server that proxies the connection to the Nintendo servers, with ClCertA if needed.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Help on 3DS prices...

Homebrew app Emulator  [Release] 3DS-CLI - Run a real RISC-V Linux environment on the Nintendo 3DS

Hardware  2 Broken 3DSes, need help

Homebrew Homebrew app  [Release] GridLauncher Rosalina

Homebrew  My Secret World DS: is there a way to bypass the password lock?

please help, wont boot

Hardware  I Have 2 THQ Dev Kit 3DSes (Panda), Need Help On Preserving What’s Inside

Homebrew  reBadge - an open source Nintendo Badge Arcade and Theme Shop revival, done with ❤️