friends-server(nasc) about ctr-httpwn HOT 21 CLOSED

Yes, see README, configdoc.xml, and web/config.php.

from ctr-httpwn.

Okay,
I modified the user_config.xml

and added:

    <targeturl>
        <name>nasc</name>
        <caps>AddRequestHeader AddPostDataAscii</caps>
        <url>https://nasc.nintendowifi.net/ac</url>
        <new_url>https://my-server.tld/ac</new_url>
    </targeturl>

My server is using https, should I use http for that or how can I add a working root ca (I think thats the issue atm). My cert is issues by lets encrypt.

from ctr-httpwn.

That's the same rootCA used by yls8.mtheall.com so HTTPS should work fine for that.

from ctr-httpwn.

Thanks. It worked via http.
Are most of the value of the request encrypted? Can I decrypt them somehow?
I'm trying now to make the request to the nin server by myself with php+curl, does the request require some special ssl version configuration?

from ctr-httpwn.

Besides HTTPS no(unless you meant base64 which is not encryption).

"I'm trying now to make the request to the nin server by myself with php+curl, does the request require some special ssl version configuration?" <- Client-cert is (probably) required.

from ctr-httpwn.

Ah, I have not noticed the base64.
This means, I have to add something like you have done here:
https://github.com/yellows8/ctr-httpwn/blob/master/web/NetUpdateSOAP.php#L54-L62

How can I get the certificate for that?

from ctr-httpwn.

I'm not sure if there's any public tool(s) for easily obtaining it.

from ctr-httpwn.

Are these files stored on my 3ds somewhere?

from ctr-httpwn.

https://www.3dbrew.org/wiki/ClCertA And this was in my browser-history apparently: https://github.com/SciresM/ccrypt

from ctr-httpwn.

Thank you very much. I will try this out, when everything works I will close this issue.

from ctr-httpwn.

I dumped the encrypted cert files and compiled ccrypt, but I think the way of executing it is not working anymore. How would I run this on 11.2 with a9lh?

from ctr-httpwn.

dunno

from ctr-httpwn.

Okay, got it working by downgrading the emunand on my spare o3ds.
Now I have the files, but it is still not working:

* Hostname was NOT found in DNS cache
*   Trying 69.25.139.139...
* Connected to nasc.nintendowifi.net (69.25.139.139) port 443 (#0)
* unable to use client certificate (no key found or wrong pass phrase?)
* Closing connection 0

sha256sum:

80cc4c111e1366c8e006af8642cb2d286642dc55e0c48de704d6c4e965880be6  ctr-common-1-cert.dec
29919052fdd278e4e78dc16a2b976c1d37b9292f6a0fa93780b9645e461f544c  ctr-common-1-key.dec

These are the curl opts of my script:

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $hdrs);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fieldsString);
curl_setopt($ch, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($ch, CURLOPT_SSLCERT, 'ctr-common-1-cert.dec');
curl_setopt($ch, CURLOPT_SSLKEY, 'ctr-common-1-key.dec');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

I tried setting SSLCERTTYPE to DER, because https://www.3dbrew.org/wiki/ClCertA sais it is in DERformat, but it seems like this is wrong.

* Hostname was NOT found in DNS cache
*   Trying 69.25.139.139...
* Connected to nasc.nintendowifi.net (69.25.139.139) port 443 (#0)
* unable to set private key file: 'ctr-common-1-key.dec' type PEM
* Closing connection 0

from ctr-httpwn.

No, convert to PEM.

from ctr-httpwn.

@ThauEx see either this (PEM) or this (PFX)

from ctr-httpwn.

Thanks, I already converted them to pem and I'm able to get a login token. Now I have to figure out, how to use this token to get the friend list data.

from ctr-httpwn.

Hello again,
sorry for leaving this open that long...
I had finally time to work on this again.
Like I wrote above, my goal is to get the data of the friendlist. Afaik this data is comming from the nasc server. With your prevuois help, I was able to record the data, which was send to the login server. The request POST data was something like this:

    "gameid": "MDAxMkRDMDA*",
    "sdkver": "MDAwMDAw",
    "titleid": "MDAwNDAwMDAwMDE3QTQwMA**",
    "gamecd": "QkZXUA**",
    "gamever": "RkZGRg**",
    "mediatype": "MQ**",
    "makercd": "MDA*",
    "unitcd": "Mg**",
    "macadr": "#####",
    "bssid": "#####",
    "apinfo": "#####",
    "fcdcert": "#####",
    "devname": "VABoAGEAdQA*",
    "servertype": "TDE*",
    "fpdver": "MDAwOA**",
    "devtime": "MTcwMTA4MTg1NDU1",
    "lang": "MDM*",
    "region": "MDI*",
    "csnum": "WUVNMTAxNjQ0Njk*",
    "uidhmac": "YWFiMWVjNTc*",
    "userid": "MTM5NzI3ODcz",
    "action": "TE9HSU4*",
    "ingamesn": "",

And response:

    "locator":"NTIuMTk2LjI1My4xMjg6NDAwMDA*",
    "retry":"MA**",
    "returncd":"MDAx",
    "token":"#####",
    "datetime=MjAxNzA0MDQxNzExNDM*",

Where do I have to use this token and I can use it to get the data of my friendlist? If so, where?

When I should ask somewhere else, please tell me. Then I would close this issue.

Thank you very much

from ctr-httpwn.

dunno

from ctr-httpwn.

Hm... okay.
I have not figured out how to see all HTTP requests of the 3ds (including request and response), because of https. I installed mitm proxy on my computer and converted the root ca to der format and used it with ctr-httpwn. But it looks like, it's not beeing accepted. I got errors when I tried to open friendlist or eshop. Is there a know way to see these requests? Then I could figure out the friedlist stuff by myself...

from ctr-httpwn.

NIM rootCA has nothing to do with this. ctr-httpwn doesn't support adding your own rootCA for friends. You could use the new_url config option with plain http, but then the original URI would be missing.

from ctr-httpwn.

I already did this with:

    <targeturl>
        <name>nasc</name>
        <caps>AddRequestHeader AddPostDataAscii</caps>
        <url>https://nasc.nintendowifi.net/ac</url>
        <new_url>https://my-server.tld/ac</new_url>
    </targeturl>

This is how I figured out the login process, but I don't know which urls will be used next. Thats why I tried to use the mitm proxy.

from ctr-httpwn.