Skip to content

Instantly share code, notes, and snippets.

@MCMi460
Forked from jaames/3ds_packet_capture.md
Last active October 31, 2022 14:39
Show Gist options
  • Save MCMi460/4847d0b88cd1835f4b0811ff35d1649d to your computer and use it in GitHub Desktop.
Save MCMi460/4847d0b88cd1835f4b0811ff35d1649d to your computer and use it in GitHub Desktop.

Requirements

You will need a 3DS running Luma CFW, as well as a computer that is capable of creating an access point or running a proxy.

SSL Module Patch

It is necessary to disable Root CA Verification in order to capture all 3DS traffic. We recommend doing this with SciresM's 3DS-SSL-Patch.

For ease of use, you can download this premade code.ips patch and place it at /luma/titles/0004013000002F02/code.ips on your 3DS' SD card. Make sure that you've enabled Luma's game patching feature by holding down the select button while powering on your 3DS.

This patch will allow you to intercept 3DS traffic with something like Charles, Fiddler or Wireshark. However it doesn't work with webkit-based apps such as 3DS Browser, NNID Settings or Miiverse.

Capturing HTTP Traffic

With the SSL patch in place, it's now possible to capture HTTP and HTTPS traffic with Charles or Fiddler. This might suffice for simple applications like Colors! 3D or Swapdoodle.

Capturing NEX Traffic

The majority of online game features (matchmaking, peer-to-peer, etc) use NEX, which needs to be captured using Wireshark.

In order to capture PRUDP packets, you must be hosting an access point. It is impossible to capture UDP with a proxy. In this section, we are going to assume you are using your computer to host a WiFi network. If you do not know how to do so, it is easily possible on both macOS and Windows (You may need an Ethernet connection to do so on macOS, however). If you are on a Linux distro, figure it out yourself since you like it the hard way.

Please connect your console's internet connection with your computer's access point.

First, install Wireshark and download the repository nex-dissector to your computer. Follow the instructions in the README.md to install the plugin for Wireshark. This will now allow us to dissect the NEX protocols we inspect.


It is also necessary to dump your console's NEX keys in order to decrypt any requests and responses.

Getting NEX Keys

If you do make any NEX captures, please also note down your console's NEX keys so that they can be decrypted.

We recommend getting this information using the Get_PID_Passwrd homebrew app developed by Pretendo. This app will dump your NEX PID and NEX password (not your NNID password!) to a file called nex-keys.txt on your SD card root.


After installing the plugin, you must install the client certificate for your 3DS. You can install it by just double clicking and following the on-screen prompts. The password for the file will be 3ds whenever it asks.

It is now time to find your console's IP. You can use a homebrew application to do so, or you can look at your access point's configuration page to see what IP your 3DS is currently set to (i.e. the settings app on Windows).

If you are on macOS, that information is not displayed graphically, so to find your connected device's IP, open a terminal and enter cat /var/db/dhcpd_leases. The name will likely be Nintendo 3DS and will be displayed early on in the list.

Reload Wireshark to ensure the plugin is working, and then select either ap1 for macOS or Local Area Connection for Windows (don't double click or press enter just yet). Further up on the screen is a text field for capture filters. Type in the following:

host 192.168.X.X

Replace the IP with your console's IP, then press enter.

At the very top of your screen, there is a field for display filters. To only see NEX protocols, enter the word nex and press enter.

Finally, restart your 3DS and enjoy dissecting the NEX packets.

@MCMi460
Copy link
Author

MCMi460 commented Oct 23, 2022

If you need any help with doing this, feel free to send a message here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment