3DS SSL mitm with Fiddler: Difference between revisions

From ihaveahax's Site
Jump to navigationJump to search
(use Media: for a direct download link)
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 6: Line 6:
#Enable "Allow remote computers to connect", "Capture HTTPS CONNECTs", "Decrypt HTTPS traffic", and "Ignore server certificate errors (unsafe)".
#Enable "Allow remote computers to connect", "Capture HTTPS CONNECTs", "Decrypt HTTPS traffic", and "Ignore server certificate errors (unsafe)".


To allow the 3DS to still connect regardless of the internet state, set up a rule for AutoResponder with {{code|EXACT:http://conntest.nintendowifi.net/}} and any HTTP 200 for a response, such as [[:Media:Nintendo conn test.dat|Nintendo conn test.dat]].
To allow the 3DS to still connect regardless of the internet state, set up a rule for AutoResponder with {{code|EXACT:http://conntest.nintendowifi.net/}} and any HTTP 200 for a response, such as [[:Media:Nintendo conn test.dat|Nintendo conn test.dat]]. Don't forget to enable "Unmatched requests passthrough" if you don't want to prevent other connections from being blocked.


I haven't had to re-set this up many times so I keep forgetting something, especially installing the client cert which causes things like the eShop to break.
I haven't had to re-set this up many times so I keep forgetting something, especially installing the client cert which causes things like the eShop to break.
See also: {{ghi|nusserver}}, a custom Nintendo update server
== For CustomRules.js ==
These are pretty old but might still work.
=== "class Handlers" definition ===
<syntaxhighlight lang="javascript">
public static RulesOption("Hide Nintendo conntest", "Nintendo")
BindPref("fiddlerscript.rules.HideNintendoConntest")
var m_HideNintendoConntest: boolean = false;
public static RulesOption("Hide Wii U", "Nintendo")
BindPref("fiddlerscript.rules.HideWiiU")
var m_HideWiiU: boolean = false;
public static RulesOption("Breakpoint on NetUpdateSOAP Request", "Nintendo")
BindPref("fiddlerscript.rules.BpNUSOAPReq")
var m_BpNUSOAPReq: boolean = false;
public static RulesOption("Breakpoint on NetUpdateSOAP Response", "Nintendo")
BindPref("fiddlerscript.rules.BpNUSOAPResp")
var m_BpNUSOAPResp: boolean = false;
public static RulesOption("CTR: Hide eShop Images", "Nintendo")
BindPref("fiddlerscript.rules.CTRHideEShopImages")
var m_CTRHideEShopImages: boolean = false;
public static RulesOption("CTR: Redirect CDN requests", "Nintendo")
BindPref("fiddlerscript.rules.CTRRedirectNUS")
var m_CTRRedirectNUS: boolean = false;
</syntaxhighlight>
=== OnBeforeRequest ===
<syntaxhighlight lang="javascript">
// Set the custom column to the current device.
oSession["ui-customcolumn"] = "";
if (typeof oSession.m_clientIP !== "undefined") {
if      (oSession.m_clientIP.Contains("192.168.1.16")) oSession["ui-customcolumn"] += "Wii U";
else if (oSession.m_clientIP.Contains("192.168.1.24")) oSession["ui-customcolumn"] += "New 3DS XL";
else if (oSession.m_clientIP.Contains("192.168.1.29")) oSession["ui-customcolumn"] += "New 3DS";
else if (oSession.m_clientIP.Contains("192.168.1.23")) oSession["ui-customcolumn"] += "Blue 3DS";
else if (oSession.m_clientIP.Contains("192.168.1.31")) oSession["ui-customcolumn"] += "2DS";
}
// Hide Wii U
if (oSession["ui-customcolumn"] == "Wii U" && m_HideWiiU) oSession["ui-hide"] = true;
// Breakpoint on NetUpdateSOAP Request
if ((oSession.PathAndQuery.StartsWith("/nus/services/NetUpdateSOAP")) && (m_BpNUSOAPReq)) {
oSession["x-breakrequest"] = true;
}
// Breakpoint on NetUpdateSOAP Response
if ((oSession.PathAndQuery.StartsWith("/nus/services/NetUpdateSOAP")) && (m_BpNUSOAPResp)) {
oSession["x-breakresponse"] = true;
}
// CTR: Hide eShop Images
if ((oSession.fullUrl.Contains("kanzashi-ctr.cdn.nintendo.net/i/")) && (m_CTRHideEShopImages)) {
oSession["ui-hide"] = "true";
}
// Hide Nintendo conntest
if ((oSession.HostnameIs("conntest.nintendowifi.net")) && (m_HideNintendoConntest)) {
oSession["ui-hide"] = "true";
}
// CTR: Redirect CDN requests
// Your replacement CDN server must serve ALL the titles!!! NIM (which does the content downloading) does not support HTTP redirects here.
if (m_CTRRedirectNUS) {
if (oSession.fullUrl.Contains("http://nus.cdn.c.shop.nintendowifi.net/ccs/download/")) {
FiddlerApplication.Log.LogFormat("NUS Redirected: {0}", oSession.fullUrl);
// redirect to locally run web server
oSession.fullUrl = oSession.fullUrl.Replace("http://nus.cdn.c.shop.nintendowifi.net/ccs/download/", "http://192.168.1.2/CDN/")
oSession["ui-backcolor"] = "Lavender";
} else if (oSession.fullUrl.Contains("https://ccs.c.shop.nintendowifi.net/ccs/download/")) {
var tid = oSession.fullUrl.Substring(49, 16);
var IsSystemTitle = tid.Substring(0, 8) in L(["00040010", "0004001B", "00040030", "0004009B", "000400DB", "00040130", "00040138"]);
if (IsSystemTitle) {
FiddlerApplication.Log.LogFormat("NUS TMD Redirected: {0}", oSession.fullUrl);
oSession.fullUrl = oSession.fullUrl.Replace("https://ccs.c.shop.nintendowifi.net/ccs/download/", "http://192.168.1.2/CDN/")
oSession["ui-backcolor"] = "Lavender";
}
}
}
</syntaxhighlight>


[[Category:Nintendo 3DS]]
[[Category:Nintendo 3DS]]

Latest revision as of 16:27, 13 May 2021

In order to use Fiddler to mitm connections on the 3DS:

  1. Set up Documents\Fiddler\ClientCertificate.cer (forgot how to make this)
  2. Set up SciresM/3DS-SSL-Patch. The patch works on 9.6 and 11.4 versions of the SSL module
  3. Install ClCertA.p12 from the repo to the Windows certificate store
  4. Enable "Allow remote computers to connect", "Capture HTTPS CONNECTs", "Decrypt HTTPS traffic", and "Ignore server certificate errors (unsafe)".

To allow the 3DS to still connect regardless of the internet state, set up a rule for AutoResponder with EXACT:http://conntest.nintendowifi.net/ and any HTTP 200 for a response, such as Nintendo conn test.dat. Don't forget to enable "Unmatched requests passthrough" if you don't want to prevent other connections from being blocked.

I haven't had to re-set this up many times so I keep forgetting something, especially installing the client cert which causes things like the eShop to break.

See also: nusserver, a custom Nintendo update server

For CustomRules.js

These are pretty old but might still work.

"class Handlers" definition

public static RulesOption("Hide Nintendo conntest", "Nintendo")
BindPref("fiddlerscript.rules.HideNintendoConntest")
var m_HideNintendoConntest: boolean = false;

public static RulesOption("Hide Wii U", "Nintendo")
BindPref("fiddlerscript.rules.HideWiiU")
var m_HideWiiU: boolean = false;

public static RulesOption("Breakpoint on NetUpdateSOAP Request", "Nintendo")
BindPref("fiddlerscript.rules.BpNUSOAPReq")
var m_BpNUSOAPReq: boolean = false;

public static RulesOption("Breakpoint on NetUpdateSOAP Response", "Nintendo")
BindPref("fiddlerscript.rules.BpNUSOAPResp")
var m_BpNUSOAPResp: boolean = false;

public static RulesOption("CTR: Hide eShop Images", "Nintendo")
BindPref("fiddlerscript.rules.CTRHideEShopImages")
var m_CTRHideEShopImages: boolean = false;

public static RulesOption("CTR: Redirect CDN requests", "Nintendo")
BindPref("fiddlerscript.rules.CTRRedirectNUS")
var m_CTRRedirectNUS: boolean = false;

OnBeforeRequest

// Set the custom column to the current device.
oSession["ui-customcolumn"] = "";
if (typeof oSession.m_clientIP !== "undefined") {
	if      (oSession.m_clientIP.Contains("192.168.1.16")) oSession["ui-customcolumn"] += "Wii U";
	else if (oSession.m_clientIP.Contains("192.168.1.24")) oSession["ui-customcolumn"] += "New 3DS XL";
	else if (oSession.m_clientIP.Contains("192.168.1.29")) oSession["ui-customcolumn"] += "New 3DS";
	else if (oSession.m_clientIP.Contains("192.168.1.23")) oSession["ui-customcolumn"] += "Blue 3DS";
	else if (oSession.m_clientIP.Contains("192.168.1.31")) oSession["ui-customcolumn"] += "2DS";
}

// Hide Wii U
if (oSession["ui-customcolumn"] == "Wii U" && m_HideWiiU) oSession["ui-hide"] = true;

// Breakpoint on NetUpdateSOAP Request
if ((oSession.PathAndQuery.StartsWith("/nus/services/NetUpdateSOAP")) && (m_BpNUSOAPReq)) {
	oSession["x-breakrequest"] = true;
}

// Breakpoint on NetUpdateSOAP Response
if ((oSession.PathAndQuery.StartsWith("/nus/services/NetUpdateSOAP")) && (m_BpNUSOAPResp)) {
	oSession["x-breakresponse"] = true;
}

// CTR: Hide eShop Images
if ((oSession.fullUrl.Contains("kanzashi-ctr.cdn.nintendo.net/i/")) && (m_CTRHideEShopImages)) {
	oSession["ui-hide"] = "true";
}

// Hide Nintendo conntest
if ((oSession.HostnameIs("conntest.nintendowifi.net")) && (m_HideNintendoConntest)) {
	oSession["ui-hide"] = "true";
}

// CTR: Redirect CDN requests
// Your replacement CDN server must serve ALL the titles!!! NIM (which does the content downloading) does not support HTTP redirects here.
if (m_CTRRedirectNUS) {
	if (oSession.fullUrl.Contains("http://nus.cdn.c.shop.nintendowifi.net/ccs/download/")) {
		FiddlerApplication.Log.LogFormat("NUS Redirected: {0}", oSession.fullUrl);
		// redirect to locally run web server
		oSession.fullUrl = oSession.fullUrl.Replace("http://nus.cdn.c.shop.nintendowifi.net/ccs/download/", "http://192.168.1.2/CDN/")
		oSession["ui-backcolor"] = "Lavender";
	} else if (oSession.fullUrl.Contains("https://ccs.c.shop.nintendowifi.net/ccs/download/")) {
		var tid = oSession.fullUrl.Substring(49, 16);
		var IsSystemTitle = tid.Substring(0, 8) in L(["00040010", "0004001B", "00040030", "0004009B", "000400DB", "00040130", "00040138"]);
		if (IsSystemTitle) {
			FiddlerApplication.Log.LogFormat("NUS TMD Redirected: {0}", oSession.fullUrl);
			oSession.fullUrl = oSession.fullUrl.Replace("https://ccs.c.shop.nintendowifi.net/ccs/download/", "http://192.168.1.2/CDN/")
			oSession["ui-backcolor"] = "Lavender";
		}
	}
}