ROM Hack SSL Stripping?

[gudenau]

Is there a public way to strip the SSL of all of the 3DS internet connections? I think it would be useful to strip the SSL layer and create a proxy on a PC to dump the internet traffic and re-add the SSL with the keys on the 3DS; this would make it look like a normal 3DS to Ninty and allow us to reverse the protocols at the same time.

 

[Twilight Princess]

SSL strip doesn't work because the server only responds to https requests, the best way to see the transparent content is by intercepting the traffic, you can use wireshark or burpsuite for this with a self-signed certificate, though, I'm not sure if the 3DS requires a valid certificate to connect, and either way, what you want to accomplish with this?...

 

[shinyquagsire23]

It's definitely possible, but creating a modified SSL module with another cert injected into it is difficult to recover from if done incorrectly, and current CFWs don't have easy ways of restoring a proper copy in the event that you're locked out of launching apps from the menu.

 

[gudenau]

SSL strip doesn't work because the server only responds to https requests, the best way to see the transparent content is by intercepting the traffic, you can use wireshark or burpsuite for this with a self-signed certificate, though, I'm not sure if the 3DS requires a valid certificate to connect, and either way, what you want to accomplish with this?...

It's definitely possible, but creating a modified SSL module with another cert injected into it is difficult to recover from if done incorrectly, and current CFWs don't have easy ways of restoring a proper copy in the event that you're locked out of launching apps from the menu.

Which is why I think we could dump the 3DS certs and add the SSL layer on the PC, so we do not need to change the certs on the 3DS.

--------------------- MERGED ---------------------------

Hrm, this could be usefull...

 

[Suiginou]

Which is why I think we could dump the 3DS certs and add the SSL layer on the PC, so we do not need to change the certs on the 3DS.

Dumping and decrypting the cert is already possible.

Hrm, this could be usefull...

*useful

Nope. If you're removing the SSL layer, there won't be any CA in the first place anymore.

What it can do is add a trusted cert to one connection; so instead of removing SSL entirely, you could instead hijack DNS, redirect requests to your own server for which you have a valid CA and individual certs per-domain signed by the CA. Then you'd need to make the ssl module call do what AddTrustedRootCert does whenever it's accessing your hijacked domain/IP before trying to connect.

Alternative solution: Edit the exefs of the process/module you want to inspect and install that; pretty much everywhere, they're URLs in the form of https://addr/, where you can just replace https with http and the code usually figures out how to deal with it. Remember to add padding at the end of the string to keep offsets the same. Then you'll need a piece of code on your server that proxies the connection to the Nintendo servers, with ClCertA if needed.