Wii U TLS Keys

Discussion in 'Wii U - Hacking & Backup Loaders' started by gudenau, May 5, 2016.

  1. gudenau
    OP

    gudenau Largely ignored

    Member
    GBAtemp Patron
    gudenau is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    3,285
    1,252
    Jul 7, 2010
    United States
    /dev/random
    I would like to work on some networking stuff for the Wii U, but for my project I would need access to the TLS keys that the Wii U uses to connect to the Nintendo servers. Since the kernel is now out, I was wondering if anyone could aid me in getting them from either of my Wii Us.
     
    KiiWii likes this.
  2. PokeAcer

    PokeAcer Banned

    Banned
    1,430
    1,061
    May 28, 2015
    United Kingdom
    Wales
    dump then using DDD, or get them via JNUS
     
  3. gudenau
    OP

    gudenau Largely ignored

    Member
    GBAtemp Patron
    gudenau is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    3,285
    1,252
    Jul 7, 2010
    United States
    /dev/random
    IIRC, they are encrypted past that and DDD could not dump system titles.
     
  4. crediar

    crediar Possiblenator

    Member
    338
    1,309
    Mar 5, 2006
  5. gudenau
    OP

    gudenau Largely ignored

    Member
    GBAtemp Patron
    gudenau is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    3,285
    1,252
    Jul 7, 2010
    United States
    /dev/random

    Thanks, might not be the best idea to leave that link though.[/QUOTE]
     
  6. KiiWii

    KiiWii GBAtemp Psycho!

    Member
    3,864
    1,384
    Nov 17, 2008
    United Kingdom
    Trusty Crediar!

    Hope this works for the OP.

    Off topic:
    No idea if you will reply but: do you have anything in the works for wii u at all you could tantalize us with?
     
    Last edited by KiiWii, May 5, 2016
  7. alkar

    alkar GBAtemp Regular

    Member
    148
    26
    Apr 30, 2013
    United States
    Is there any way to inject custom cert to the Wii U so we can sniff trafic ?
     
  8. PokeAcer

    PokeAcer Banned

    Banned
    1,430
    1,061
    May 28, 2015
    United Kingdom
    Wales
    In some apps, yes. For the full thing, we'd need boot time IOSU.
     
  9. gudenau
    OP

    gudenau Largely ignored

    Member
    GBAtemp Patron
    gudenau is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    3,285
    1,252
    Jul 7, 2010
    United States
    /dev/random
    Here is my sullution, change everything to http and MITM it, then write a server that takes care of the SSL stuff.
     
  10. PokeAcer

    PokeAcer Banned

    Banned
    1,430
    1,061
    May 28, 2015
    United Kingdom
    Wales
    Like I said :P
     
  11. alkar

    alkar GBAtemp Regular

    Member
    148
    26
    Apr 30, 2013
    United States
    I'd like to sniff eShop but I don't see how to rename https to http without the eShop ELF/executable.

    Is there such a thing ? is the eShop app dumpable with ddd ?
     
  12. PokeAcer

    PokeAcer Banned

    Banned
    1,430
    1,061
    May 28, 2015
    United Kingdom
    Wales
    ..Yes!
     
  13. aracom

    aracom GBAtemp Fan

    Member
    476
    242
    Oct 1, 2015
    Gambia, The
    But that's not possible in many cases, since we can't replace RPX without losing online functionality, and that's what we want in the first place.

    Is there any solution to that problem already?
     
  14. gudenau
    OP

    gudenau Largely ignored

    Member
    GBAtemp Patron
    gudenau is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    3,285
    1,252
    Jul 7, 2010
    United States
    /dev/random
    Search RAM and change all https strings that could be used as a url to HTTP and insert a null at the end of the string for padding.
     
    fukseliten likes this.
  15. aracom

    aracom GBAtemp Fan

    Member
    476
    242
    Oct 1, 2015
    Gambia, The
    Oh, OK, I know that, but it's not an option for e.g. the server splatfest files are stored on, since it sends a request directly at boot time, so I'm not able to patch it like that.