Skip to content

Instantly share code, notes, and snippets.

@InternalLoss
Last active January 6, 2024 20:43
Show Gist options
  • Save InternalLoss/4788df4ca11852705da151e0e51bb2a3 to your computer and use it in GitHub Desktop.
Save InternalLoss/4788df4ca11852705da151e0e51bb2a3 to your computer and use it in GitHub Desktop.
3DS/WiiU TLS traffic guide

Dumping Nintendo TLS Traffic

This guide is for capturing encrypted web traffic between the Internet and a 3DS or Wii U. You will need a hacked console for this.

NOTE: This traffic is sensitive - it will likely contain sensitive data such as a hashed form of your NNID password, and the device's unique identifiers including their unique certificates - as such, please be careful who you share these dumps with! They should be stored safely.

TLS Traffic

Dumping TLS traffic requires a proxy - we suggest mitmproxy which is both FOSS and cross-platform. It also has a web view which is useful for saving the recorded data (though this can also be done via CLI, as explained later).

You will need to know your computer's local IP address - you can do this by typing ipconfig into Command Prompt (or PowerShell) on Windows, or ifconfig on macOS/Linux.

Setting up the proxy

If using Windows, you can simply launch mitmweb from the Start Menu - if using Linux or macOS, simply type mitmweb in your terminal and press enter.

You'll need to disable certificate validation by going to the Options tab and ticking "Don't verify server certificates". Then, press the "Edit Options" icon, and look for the option "client_certs". Here, you'll need to provide a full path to either the ctr-common-1.pem file if capturing 3DS, or WIIU_COMMON_1_CERT.pem if capturing WiiU - for example, on Windows "C:/Users/YOURNAME/Downloads/ctr-common-1.pem" or "~/Downloads/WIIU_COMMON_1_CERT.pem" on Linux - if you cant find the exact path on Windows, try holding shift and right clicking in the folder the certificate is inside, and press "Open PowerShell window here" (or "Open Command Prompt window here" if on an earlier version of Windows) - the full path will now be displayed.

Once this is done, press the X and move on to setting up your console.

If you'd like to instead set these parameters via command line, mitmweb --set client_certs=PATH/TO/CLIENTCERT.PEM would also work, and you can also add -w OUTFILENAME to automatically write to a file instead of having to save the data from the browser.

Nintendo 3DS

NOTE: The patch for this will be enabled as long as "Game Patching" is enabled in Luma3DS, which means your 3DS will ignore any and all certificate validation issues - this is not safe, and you should not connect to public WiFi networks (or any network other than your own, really) with this patch enabled.

Your console will need to be running the latest Luma3DS, and you will need to copy the 3DS-SSL-Patch code.ips file to your SD card, placing it at sd:/luma/titles/0004013000002F02/code.ips (you will need to create both the titles and 0004013000002F02 folders).

Once you've done this, hold SELECT at boot and ensure that Enable game patching shows (x) next to it - if it does not, use the D-PAD and A button to select the option and enable it, and press START to boot the 3DS.

Navigate to System Settings, then choose Internet Settings -> Connection Settings -> Connection # (whichever you use) -> Change Settings. Press the right arrow, then Proxy Settings. Select "Yes", then in Detailed Setup enter your computer's IP address under "Proxy Server" and port 8080.

Select OK, then Save - perform a connection test, and you should see a request to http://conntest.nintendowifi.net show up on mitmweb. Assuming you see this, you are now proxying traffic! When you are done, make sure you press mitmproxy->save and download the file it gives you - it is recommended to give this some sort of descriptive name (i.e. "eShop-BrowseTitles").

Wii U

NOTE: You will see certificate errors once the proxy is setup until the patcher has been ran - this is normal. You will also need to run the patcher every time the Wii U is booted, as it is temporary.

You will need to be able to run homebrew (via haxchi or web browser), and will need a copy of Pretendo's network installer.

On your Wii U, go to System Settings -> Internet -> Connect to the Internet -> Connection List -> Your connection, then "Change Settings".

Scroll to the right until you see "Proxy Settings", select Configure, pressing Continue when the internet browser is mentioned, and enter your computer's IP for Proxy Server with Port 8080. Press Confirm, then Don't Use for basic authentication. Save the settings, and go back to the main menu.

Launch the installer application via your homebrew method of choice, and select Patching menu->SSL Patch, then return to the main menu. You should now see some requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment