Tutorial  Updated

Add custom root certs to the Wii U's browser

NOTE: I am not responsible if you brick.

Hi there. This tutorial will allow you to use custom SSL certs in the Wii U's browser. This will not need signature patches to run, but it does require them to make the modification.

This has been tested with a 5.5.1U system with Haxchi enabled.

  1. Activate CFW or signature patches using Mocha, Haxchi, or CHBC.
  2. Go into FTPii Everywhere.
  3. On an FTP client, navigate to /storage_mlc/sys/title/00050030/10012x0a/content/browser where x is 0 for Japan, 1 for America, and 2 for Europe.
  4. Download the file rootCA.pem.
  5. Open this file in a text editor.
  6. Find some root certificates (in PEM format) to add to the file. If they aren't in PEM format, convert it using OpenSSL. Personally, I would recommend adding Fiddler's root cert, and the DST Root CA X3 root cert (which will make Let's Encrypt sites, such as GBATemp, work with the Wii U). PEM certificates can also be obtained (in Windows) by exporting them from the "Copy to File" dialog which comes up when you view a certificate's properties.
  7. Append the desired certificates to rootCA.pem and save it.
  8. Upload it back to the Wii U.
  9. Test it by opening the browser, and visiting a site that uses your certificates. If it worked, you should not be prompted to manually allow SSL connections to hosts that use those certificates.
I hope you found this tutorial useful! Feel free to reply with any questions!
 
Last edited by aplumafreak500,
  • Like
Reactions: Mr Objection, AboodXD, Brawl345 and 13 others
Click to expand...
ShadowOne333

ShadowOne333

QVID PRO QVO
Editorial Team
Level 37
Joined
Jan 17, 2013
Messages
12,227
Trophies
2
XP
34,537
Country
Mexico
THEELEMENTKH said:
Sweet! But what can we do with this? :unsure:
Click to expand...
Access certain websites which cannot be accessed through the normal Wii U's Browser due to new SSL certificates.
Some examples I can think of are Starmen.net's Forums and the other being Libretro.com and all of it's related links, including the buildbot.

@aplumafreak500 do you happen to know what exactly do I need to do to access those two sites specifically?
I've been wanting to do this for a long time, and now that's it possible I am greatly interested in reenable access to those two sites through my Wii U Browser.

Btw, I don't think posting links to the PEM files for the cetificates is against the rules, so here:
https://github.com/kivy/kivy-sdk-packager/blob/master/win/DST Root CA X3.pem

That's the one for DST Root CA X3 certificate in PEM format, I am only lacking the Fiddler's one.
 
Last edited by ShadowOne333,
aplumafreak500

aplumafreak500

Active Member
OP
Newcomer
Level 3
Joined
Dec 20, 2014
Messages
32
Trophies
0
Age
27
Location
Meyersdale, PA
Website
www.youtube.com
XP
234
Country
United States
@ShadowOne333 Basically, append the desired PEM certificates to rootCA.pem as described above. Analysis of those two sites show that they use a certificate chain with AddTrust External CA as its root. Idk if it's in the certificate store, but by following the steps above, they can be "trusted" by the Wii U browser.
 
  • Like
Reactions: ShadowOne333
ShadowOne333

ShadowOne333

QVID PRO QVO
Editorial Team
Level 37
Joined
Jan 17, 2013
Messages
12,227
Trophies
2
XP
34,537
Country
Mexico
aplumafreak500 said:
@ShadowOne333 Basically, append the desired PEM certificates to rootCA.pem as described above. Analysis of those two sites show that they use a certificate chain with AddTrust External CA as its root. Idk if it's in the certificate store, but by following the steps above, they can be "trusted" by the Wii U browser.
Click to expand...
How do you check the sites for the certificate?
It's these two in particular:
https://forum.starmen.net/
https://libretro.com/

They both throw:
Error Code: 112-1035
Could not display page.
Click to expand...

I talked to the main admins in both sites and error started occurring right when they updated their SSL certificates as mentioned here:
https://forum.starmen.net/forum/Fan...Wii-U-but-I-can-access-just-fine-on-my-laptop

Btw do you have a link to Fiddler's root cert?
I'm missing that one out of the two you mention in the OP.
 
Last edited by ShadowOne333,
D

Deleted User

Guest
ShadowOne333 said:
Btw do you have a link to Fiddler's root cert?
I'm missing that one out of the two you mention in the OP.
Click to expand...
StackOverflow said:
If you want the client computer to trust the Fiddler certificate, you will have to copy or download the Fiddler Root certificate to the client computer and manually install it into the Trusted Root Certification Authorities store. You can download the Fiddler Root certificate by visiting using the URL:

http://hostname.of.FiddlerMachine:8888/FiddlerRoot.cer
Click to expand...
 
aplumafreak500

aplumafreak500

Active Member
OP
Newcomer
Level 3
Joined
Dec 20, 2014
Messages
32
Trophies
0
Age
27
Location
Meyersdale, PA
Website
www.youtube.com
XP
234
Country
United States

We're dealing with the Wii U's stores, not those of a PC. However, obtaining Fiddler's certificate is the same. We download the cert by going to http://10.0.0.20:8888/FiddlerRoot.cer (replace 10.0.0.20:8888 with the host name and port of your Fiddler machine). It's in DER format though so we have to make it PEM format before importing it.

As for the error code, I assume it isn't related to the certificates, and it is instead an unsupported TLS protocol. I'll try it tonight and report back.
 
  • Like
Reactions: ShadowOne333
aplumafreak500

aplumafreak500

Active Member
OP
Newcomer
Level 3
Joined
Dec 20, 2014
Messages
32
Trophies
0
Age
27
Location
Meyersdale, PA
Website
www.youtube.com
XP
234
Country
United States
Sorry for double post. I found out that the server closes the connection due to an SSL handshake error, which occurs before the server even presents its certificate. It seems to be related to the cipher suite the browser presents, which seems to be incompatible with the remote server.

So, this means that this particular error is unrelated to the certificates.

TL;DR Ask the site's admins about changing its SSL cipher suite.
 
  • Like
Reactions: ShadowOne333
ShadowOne333

ShadowOne333

QVID PRO QVO
Editorial Team
Level 37
Joined
Jan 17, 2013
Messages
12,227
Trophies
2
XP
34,537
Country
Mexico
aplumafreak500 said:
Sorry for double post. I found out that the server closes the connection due to an SSL handshake error, which occurs before the server even presents its certificate. It seems to be related to the cipher suite the browser presents, which seems to be incompatible with the remote server.

So, this means that this particular error is unrelated to the certificates.

TL;DR Ask the site's admins about changing its SSL cipher suite.
Click to expand...
Thanks! That'll help to narrow it down for them :)
 
RedDucks

RedDucks

Well-Known Member
Newcomer
Level 5
Joined
Apr 28, 2017
Messages
95
Trophies
0
Age
25
XP
725
Country
United States
Does this affect only the web browser or the system as a whole? Myself and a few other people are looking in to making a custom SMM server, and have made a ROM mod that points to the custom server instead of the official ones. However things break down during connection, and we assume this is due to a certificate trust issue (the server uses Let's Encrypt)
 
piratesephiroth

piratesephiroth

I wish I could read
Member
Level 12
Joined
Sep 5, 2013
Messages
3,453
Trophies
2
Age
103
XP
3,234
Country
Brazil
RedDucks said:
Does this affect only the web browser or the system as a whole? Myself and a few other people are looking in to making a custom SMM server, and have made a ROM mod that points to the custom server instead of the official ones. However things break down during connection, and we assume this is due to a certificate trust issue (the server uses Let's Encrypt)
Click to expand...
we only edit the browser data so...
 
J

Johnny2071

Well-Known Member
Member
Level 4
Joined
Jul 7, 2014
Messages
178
Trophies
0
Age
33
XP
486
Country
United States
I need a real tutorial.

I don't have the first clue as to how to use FTPii Everywhere or a file client (FileZilla).

FTPii Everywhere gives me an IP address, but I don't know what to do on FileZilla. It would really help if there was a "how to" video on this.
 
Last edited by Johnny2071,
AxlSt00pid

AxlSt00pid

Well-Known Member
Member
Level 13
Joined
May 31, 2016
Messages
1,927
Trophies
1
Age
24
XP
3,535
Country
Spain
Johnny2071 said:
I need a real tutorial.

I don't have the first clue as to how to use FTP_Everywhere or a file client (FileZilla).

FTP_Everywhere gives me an IP address, but I don't know what to do on FileZilla. It would really help if there was a "how to" video on this.
Click to expand...
R...really?
To connect with filezilla you just need to put the IP address your Wii U is showing you (on your TV/Gamepad) on the IP address portion of Filezilla and click connect, since FTPiiU doesn't ask for an user and password
 
J

Johnny2071

Well-Known Member
Member
Level 4
Joined
Jul 7, 2014
Messages
178
Trophies
0
Age
33
XP
486
Country
United States
THEELEMENTKH said:
R...really?
To connect with filezilla you just need to put the IP address your Wii U is showing you (on your TV/Gamepad) on the IP address portion of Filezilla and click connect, since FTPiiU doesn't ask for an user and password
Click to expand...
IP address portion? That's "host" right?
 
AxlSt00pid

AxlSt00pid

Well-Known Member
Member
Level 13
Joined
May 31, 2016
Messages
1,927
Trophies
1
Age
24
XP
3,535
Country
Spain
Johnny2071 said:
Well I'm having trouble connecting.
Click to expand...
Are both your Wii U and your PC connected on the same network?
Have you connected using the quick connect option?
Does your Wii U IP address have a number after a semicolon? If so you also have to put that number and the semicolon (Like 192.168.1.59:20)
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  SDUSB - The modern way to play Wii U games from SD - at full speed

Unable to dump OTP.bin

Very annoying that Nintendo never fixed this bug

Pretendo not working with updated games?!

Hacking Homebrew Tutorial  How to get Nintendo TVii icon back without downgrading + extras

Hacking Emulation Homebrew  Could you explain to me why there are no standalone emulators on Wiiu using aroma?

Wii U (bricked) Mii Maker

Installing a dumped Disc Title as digital on Wii U?

General chit-chat
Help Users
  • Quincy @ Quincy:
    Usually when such a big title leaks the Temp will be the first to report about it (going off of historical reports here, Pokemon SV being the latest one I can recall seeing pop up here)
  • K3Nv2 @ K3Nv2:
    I still like how a freaking mp3 file hacks webos all that security defeated by text yet again
  • BigOnYa @ BigOnYa:
    They have simulators for everything nowdays, cray cray. How about a sim that shows you playing the Switch.
  • K3Nv2 @ K3Nv2:
    That's called yuzu
     +1
  • K3Nv2 @ K3Nv2:
    https://www.verizon.com/home/intern...0a82b82a&vendorid=CJM&PID=552179&AID=11365093 can I cancel and keep the switch lol
     +1
  • BigOnYa @ BigOnYa:
    I want a 120hz 4k tv but crazy how more expensive the 120hz over the 60hz are. Or even more crazy is the price of 8k's.
  • K3Nv2 @ K3Nv2:
    No real point since movies are 30fps
  • BigOnYa @ BigOnYa:
    Not a big movie buff, more of a gamer tbh. And Series X is 120hz 8k ready, but yea only 120hz 4k games out right now, but thinking of in the future.
  • K3Nv2 @ K3Nv2:
    Mostly why you never see TV manufacturers going post 60hz
  • BigOnYa @ BigOnYa:
    I only watch tv when i goto bed, it puts me to sleep, and I have a nas drive filled w my fav shows so i can watch them in order, commercial free. I usually watch Married w Children, or South Park
  • K3Nv2 @ K3Nv2:
    Stremio ruined my need for nas
  • BigOnYa @ BigOnYa:
    I stream from Nas to firestick, one on every tv, and use Kodi. I'm happy w it, plays everything. (I pirate/torrent shows/movies on pc, and put on nas)
  • K3Nv2 @ K3Nv2:
    Kodi repost are still pretty popular
  • BigOnYa @ BigOnYa:
    What the hell is Kodi reposts? what do you mean, or "Wut?" -xdqwerty
  • K3Nv2 @ K3Nv2:
    Google them basically web crawlers to movie sites
  • BigOnYa @ BigOnYa:
    oh you mean the 3rd party apps on Kodi, yea i know what you mean, yea there are still a few cool ones, in fact watched the new planet of the apes movie other night w wifey thru one, was good pic surprisingly, not a cam
  • K3Nv2 @ K3Nv2:
    https://www.aliexpress.us/item/3256...acdffdfd18f8a017742186da306980d9cf365d&gclid= lol ali
     +1
  • BigOnYa @ BigOnYa:
    Damn, only $2.06 and free shipping. Gotta cost more for them to ship than $2.06
     +1
  • BigOnYa @ BigOnYa:
    I got my Dad a firestick for Xmas and showed him those 3rd party sites on Kodi, he loves it, all he watches anymore. He said he has got 3 letters from AT&T already about pirating, but he says f them, let them shut my internet off (He wants out of his AT&T contract anyways)
  • K3Nv2 @ K3Nv2:
    That's where stremio comes to play never got a letter about it
  • BigOnYa @ BigOnYa:
    I just use a VPN, even give him my login and password so can use it also, and he refuses, he's funny.
  • BigOnYa @ BigOnYa:
    I had to find and get him an old style flip phone even without text, cause thats what he wanted. No text, no internet, only phone calls. Old, old school.
  • K3Nv2 @ K3Nv2:
    https://youtu.be/z9E_uv5IT-o?si=0qMdVEnRK8mmclzS
  • K3Nv2 @ K3Nv2:
    @BigOnYa, https://m.youtube.com/watch?v=qRJog...com/&source_ve_path=MjM4NTE&feature=emb_title
  • Psionic Roshambo @ Psionic Roshambo:
    @BigOnYa, Lol I bought a new USB card reader thing on AliExpress last month for I think like 87 cents. Free shipping from China... It arrived it works and honestly I don't understand how it was so cheap.
    Psionic Roshambo @ Psionic Roshambo: @BigOnYa, Lol I bought a new USB card reader thing on AliExpress last month for I think like 87...