3DS SSL mitm with Fiddler: Difference between revisions
From ihaveahax's Site
Jump to navigationJump to search
No edit summary |
No edit summary |
||
(5 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
#Set up {{code|Documents\Fiddler\ClientCertificate.cer}} (forgot how to make this) | #Set up {{code|Documents\Fiddler\ClientCertificate.cer}} (forgot how to make this) | ||
#Set up {{gh|SciresM/3DS-SSL-Patch}}. The patch works on 9.6 and 11.4 versions of the SSL module | #Set up {{gh|SciresM/3DS-SSL-Patch}}. <s>The patch works on 9.6 and 11.4 versions of the SSL module</s> There is an IPS version here: https://github.com/SciresM/3DS-SSL-Patch/pull/2 | ||
#Install {{code|ClCertA.p12}} from the repo to the Windows certificate store | #Install {{code|ClCertA.p12}} from the repo to the Windows certificate store | ||
#Enable "Allow remote computers to connect", "Capture HTTPS CONNECTs", "Decrypt HTTPS traffic", and "Ignore server certificate errors (unsafe)". | #Enable "Allow remote computers to connect", "Capture HTTPS CONNECTs", "Decrypt HTTPS traffic", and "Ignore server certificate errors (unsafe)". | ||
To allow the 3DS to still connect regardless of the internet state, set up a rule for AutoResponder with {{code|EXACT:http://conntest.nintendowifi.net/}} and any HTTP 200 for a response, such as [[: | To allow the 3DS to still connect regardless of the internet state, set up a rule for AutoResponder with {{code|EXACT:http://conntest.nintendowifi.net/}} and any HTTP 200 for a response, such as [[:Media:Nintendo conn test.dat|Nintendo conn test.dat]]. Don't forget to enable "Unmatched requests passthrough" if you don't want to prevent other connections from being blocked. | ||
I haven't had to re-set this up many times so I keep forgetting something, especially installing the client cert which causes things like the eShop to break. | I haven't had to re-set this up many times so I keep forgetting something, especially installing the client cert which causes things like the eShop to break. | ||
See also: {{ghi|nusserver}}, a custom Nintendo update server | |||
== OPTIONAL: For CustomRules.js == | |||
These are useful for filtering, tagging, and enabling breakpoints on requests. | |||
These are pretty old but might still work. | |||
=== "class Handlers" definition === | |||
<syntaxhighlight lang="javascript"> | |||
public static RulesOption("Hide Nintendo conntest", "Nintendo") | |||
BindPref("fiddlerscript.rules.HideNintendoConntest") | |||
var m_HideNintendoConntest: boolean = false; | |||
public static RulesOption("Hide Wii U", "Nintendo") | |||
BindPref("fiddlerscript.rules.HideWiiU") | |||
var m_HideWiiU: boolean = false; | |||
public static RulesOption("Breakpoint on NetUpdateSOAP Request", "Nintendo") | |||
BindPref("fiddlerscript.rules.BpNUSOAPReq") | |||
var m_BpNUSOAPReq: boolean = false; | |||
public static RulesOption("Breakpoint on NetUpdateSOAP Response", "Nintendo") | |||
BindPref("fiddlerscript.rules.BpNUSOAPResp") | |||
var m_BpNUSOAPResp: boolean = false; | |||
public static RulesOption("CTR: Hide eShop Images", "Nintendo") | |||
BindPref("fiddlerscript.rules.CTRHideEShopImages") | |||
var m_CTRHideEShopImages: boolean = false; | |||
public static RulesOption("CTR: Redirect CDN requests", "Nintendo") | |||
BindPref("fiddlerscript.rules.CTRRedirectNUS") | |||
var m_CTRRedirectNUS: boolean = false; | |||
</syntaxhighlight> | |||
=== OnBeforeRequest === | |||
<syntaxhighlight lang="javascript"> | |||
// Set the custom column to the current device. | |||
oSession["ui-customcolumn"] = ""; | |||
if (typeof oSession.m_clientIP !== "undefined") { | |||
if (oSession.m_clientIP.Contains("192.168.1.16")) oSession["ui-customcolumn"] += "Wii U"; | |||
else if (oSession.m_clientIP.Contains("192.168.1.24")) oSession["ui-customcolumn"] += "New 3DS XL"; | |||
else if (oSession.m_clientIP.Contains("192.168.1.29")) oSession["ui-customcolumn"] += "New 3DS"; | |||
else if (oSession.m_clientIP.Contains("192.168.1.23")) oSession["ui-customcolumn"] += "Blue 3DS"; | |||
else if (oSession.m_clientIP.Contains("192.168.1.31")) oSession["ui-customcolumn"] += "2DS"; | |||
} | |||
// Hide Wii U | |||
if (oSession["ui-customcolumn"] == "Wii U" && m_HideWiiU) oSession["ui-hide"] = true; | |||
// Breakpoint on NetUpdateSOAP Request | |||
if ((oSession.PathAndQuery.StartsWith("/nus/services/NetUpdateSOAP")) && (m_BpNUSOAPReq)) { | |||
oSession["x-breakrequest"] = true; | |||
} | |||
// Breakpoint on NetUpdateSOAP Response | |||
if ((oSession.PathAndQuery.StartsWith("/nus/services/NetUpdateSOAP")) && (m_BpNUSOAPResp)) { | |||
oSession["x-breakresponse"] = true; | |||
} | |||
// CTR: Hide eShop Images | |||
if ((oSession.fullUrl.Contains("kanzashi-ctr.cdn.nintendo.net/i/")) && (m_CTRHideEShopImages)) { | |||
oSession["ui-hide"] = "true"; | |||
} | |||
// Hide Nintendo conntest | |||
if ((oSession.HostnameIs("conntest.nintendowifi.net")) && (m_HideNintendoConntest)) { | |||
oSession["ui-hide"] = "true"; | |||
} | |||
// CTR: Redirect CDN requests | |||
// Your replacement CDN server must serve ALL the titles!!! NIM (which does the content downloading) does not support HTTP redirects here. | |||
if (m_CTRRedirectNUS) { | |||
if (oSession.fullUrl.Contains("http://nus.cdn.c.shop.nintendowifi.net/ccs/download/")) { | |||
FiddlerApplication.Log.LogFormat("NUS Redirected: {0}", oSession.fullUrl); | |||
// redirect to locally run web server | |||
oSession.fullUrl = oSession.fullUrl.Replace("http://nus.cdn.c.shop.nintendowifi.net/ccs/download/", "http://192.168.1.2/CDN/") | |||
oSession["ui-backcolor"] = "Lavender"; | |||
} else if (oSession.fullUrl.Contains("https://ccs.c.shop.nintendowifi.net/ccs/download/")) { | |||
var tid = oSession.fullUrl.Substring(49, 16); | |||
var IsSystemTitle = tid.Substring(0, 8) in L(["00040010", "0004001B", "00040030", "0004009B", "000400DB", "00040130", "00040138"]); | |||
if (IsSystemTitle) { | |||
FiddlerApplication.Log.LogFormat("NUS TMD Redirected: {0}", oSession.fullUrl); | |||
oSession.fullUrl = oSession.fullUrl.Replace("https://ccs.c.shop.nintendowifi.net/ccs/download/", "http://192.168.1.2/CDN/") | |||
oSession["ui-backcolor"] = "Lavender"; | |||
} | |||
} | |||
} | |||
</syntaxhighlight> | |||
[[Category:Nintendo 3DS]] | [[Category:Nintendo 3DS]] |
Latest revision as of 00:58, 14 July 2024
In order to use Fiddler to mitm connections on the 3DS:
- Set up
Documents\Fiddler\ClientCertificate.cer
(forgot how to make this) - Set up SciresM/3DS-SSL-Patch.
The patch works on 9.6 and 11.4 versions of the SSL moduleThere is an IPS version here: https://github.com/SciresM/3DS-SSL-Patch/pull/2 - Install
ClCertA.p12
from the repo to the Windows certificate store - Enable "Allow remote computers to connect", "Capture HTTPS CONNECTs", "Decrypt HTTPS traffic", and "Ignore server certificate errors (unsafe)".
To allow the 3DS to still connect regardless of the internet state, set up a rule for AutoResponder with EXACT:http://conntest.nintendowifi.net/
and any HTTP 200 for a response, such as Nintendo conn test.dat. Don't forget to enable "Unmatched requests passthrough" if you don't want to prevent other connections from being blocked.
I haven't had to re-set this up many times so I keep forgetting something, especially installing the client cert which causes things like the eShop to break.
See also: nusserver, a custom Nintendo update server
OPTIONAL: For CustomRules.js
These are useful for filtering, tagging, and enabling breakpoints on requests.
These are pretty old but might still work.
"class Handlers" definition
public static RulesOption("Hide Nintendo conntest", "Nintendo")
BindPref("fiddlerscript.rules.HideNintendoConntest")
var m_HideNintendoConntest: boolean = false;
public static RulesOption("Hide Wii U", "Nintendo")
BindPref("fiddlerscript.rules.HideWiiU")
var m_HideWiiU: boolean = false;
public static RulesOption("Breakpoint on NetUpdateSOAP Request", "Nintendo")
BindPref("fiddlerscript.rules.BpNUSOAPReq")
var m_BpNUSOAPReq: boolean = false;
public static RulesOption("Breakpoint on NetUpdateSOAP Response", "Nintendo")
BindPref("fiddlerscript.rules.BpNUSOAPResp")
var m_BpNUSOAPResp: boolean = false;
public static RulesOption("CTR: Hide eShop Images", "Nintendo")
BindPref("fiddlerscript.rules.CTRHideEShopImages")
var m_CTRHideEShopImages: boolean = false;
public static RulesOption("CTR: Redirect CDN requests", "Nintendo")
BindPref("fiddlerscript.rules.CTRRedirectNUS")
var m_CTRRedirectNUS: boolean = false;
OnBeforeRequest
// Set the custom column to the current device.
oSession["ui-customcolumn"] = "";
if (typeof oSession.m_clientIP !== "undefined") {
if (oSession.m_clientIP.Contains("192.168.1.16")) oSession["ui-customcolumn"] += "Wii U";
else if (oSession.m_clientIP.Contains("192.168.1.24")) oSession["ui-customcolumn"] += "New 3DS XL";
else if (oSession.m_clientIP.Contains("192.168.1.29")) oSession["ui-customcolumn"] += "New 3DS";
else if (oSession.m_clientIP.Contains("192.168.1.23")) oSession["ui-customcolumn"] += "Blue 3DS";
else if (oSession.m_clientIP.Contains("192.168.1.31")) oSession["ui-customcolumn"] += "2DS";
}
// Hide Wii U
if (oSession["ui-customcolumn"] == "Wii U" && m_HideWiiU) oSession["ui-hide"] = true;
// Breakpoint on NetUpdateSOAP Request
if ((oSession.PathAndQuery.StartsWith("/nus/services/NetUpdateSOAP")) && (m_BpNUSOAPReq)) {
oSession["x-breakrequest"] = true;
}
// Breakpoint on NetUpdateSOAP Response
if ((oSession.PathAndQuery.StartsWith("/nus/services/NetUpdateSOAP")) && (m_BpNUSOAPResp)) {
oSession["x-breakresponse"] = true;
}
// CTR: Hide eShop Images
if ((oSession.fullUrl.Contains("kanzashi-ctr.cdn.nintendo.net/i/")) && (m_CTRHideEShopImages)) {
oSession["ui-hide"] = "true";
}
// Hide Nintendo conntest
if ((oSession.HostnameIs("conntest.nintendowifi.net")) && (m_HideNintendoConntest)) {
oSession["ui-hide"] = "true";
}
// CTR: Redirect CDN requests
// Your replacement CDN server must serve ALL the titles!!! NIM (which does the content downloading) does not support HTTP redirects here.
if (m_CTRRedirectNUS) {
if (oSession.fullUrl.Contains("http://nus.cdn.c.shop.nintendowifi.net/ccs/download/")) {
FiddlerApplication.Log.LogFormat("NUS Redirected: {0}", oSession.fullUrl);
// redirect to locally run web server
oSession.fullUrl = oSession.fullUrl.Replace("http://nus.cdn.c.shop.nintendowifi.net/ccs/download/", "http://192.168.1.2/CDN/")
oSession["ui-backcolor"] = "Lavender";
} else if (oSession.fullUrl.Contains("https://ccs.c.shop.nintendowifi.net/ccs/download/")) {
var tid = oSession.fullUrl.Substring(49, 16);
var IsSystemTitle = tid.Substring(0, 8) in L(["00040010", "0004001B", "00040030", "0004009B", "000400DB", "00040130", "00040138"]);
if (IsSystemTitle) {
FiddlerApplication.Log.LogFormat("NUS TMD Redirected: {0}", oSession.fullUrl);
oSession.fullUrl = oSession.fullUrl.Replace("https://ccs.c.shop.nintendowifi.net/ccs/download/", "http://192.168.1.2/CDN/")
oSession["ui-backcolor"] = "Lavender";
}
}
}