Reply to thread
GBAtemp.net - The Independent Video Game Community
Search
Search titles only
By:
Search titles only
By:
Reply to thread
GBAtemp.net - The Independent Video Game Community
Home
Log in
Terms & Rules
Donate
Forums
New posts
Search forums
Groups
Public Events
New
New posts
New resources
New blog entries
New profile posts
New blog entry comments
New threadmarks
Latest activity
Cheats
Cheat Codes Add and Request group
The Legend of Zelda: Tears of the Kingdom cheat codes
Pokémon Legends: Arceus cheat codes
Xenoblade Chronicles 3 cheat codes
Fire Emblem Engage cheat codes
Request a cheat...
Tutorials
Nintendo Switch tutorials
Nintendo 3DS tutorials
Nintendo Wii U tutorials
Reviews
Overview
Official reviews
User reviews
Downloads
Latest reviews
Search resources
Blogs
New entries
New comments
Blog list
Search blogs
Chat
Top chatters
Search
Search titles only
By:
Search titles only
By:
Log in
Register
New posts
Search forums
Log in
Register
Home
Forums
PC, Console & Handheld Discussions
Nintendo Switch
Help trying to MITM a closed source NRO
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="7TxfsjLJH" data-source="post: 10364580" data-attributes="member: 693689"><p>There's a specific website only accessible from a closed source nro on the switch that I would like see the HTTPS traffic for. The goal is to recreate the web calls to have access from a PC. I've gotten most of the way there but I'm having some trouble. It has always been helpful for me to talk to people who have an idea what I'm talking about so I thought I'd post here. Also, I really do not want to reinvent the wheel if there's something out there that can help me. I know very little C that I studied 10+ years ago so I don't really understand that part of it.</p><p></p><p></p><p>First I started off with pointing the DNS for the site to my own webserver. I added both sites (theirs and mine) to the app and started to capture the packets. There doesn't seem to be anything special, no hardcoded well known url for xlm or anything it just hits the base page with some specific headers.</p><p></p><p>[SPOILER="HTTP headers"]</p><p>[CODE]GET / HTTP/1.1</p><p>Host: 10.0.0.22</p><p>Accept: */*</p><p>Accept-Encoding: deflate, gzip</p><p>Theme: 0000000000000000000000000000000000000000000000000000000000000000</p><p>UID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</p><p>Version: 17.0</p><p>Revision: 3</p><p>Language: en</p><p>Stream: 1</p><p>HAUTH: 77D2259784855C5B3B77DE499957B90A</p><p>UAUTH: C5E43066E5A7C1D8CE224CD70FA9F906</p><p>[/CODE]</p><p>[/SPOILER]</p><p></p><p>Confirmed by some documentation on the nro app website,</p><ul> <li data-xf-list-type="ul"><em>UID</em> is unique per switch</li> <li data-xf-list-type="ul"><em>HAUTH</em> is unique per domain</li> <li data-xf-list-type="ul"><em>UAUTH</em> is unique per path on that domain.</li> </ul><p></p><p>The goal is to see the HTTPS traffic so I can get Both the <em>HAUTH</em> and <em>UAUTH</em> for the website and recreate these calls in python. At first I was hopeful that the secret auth values would be the same for HTTP and HTTPS. However, they are not for my domain and I've assumed it's true for the other one. Meaning, I really do need to man in the middle. From here I only see two options.</p><p></p><p></p><p>I found misson20000's exefs_patches with some PRs for 'disable_ca_verification' and 'disable_browser_ca_verification' version 17.0.0. With these on my SD Card I setup Charles by following InternalLoss switch_tls_charles steps. This worked for the OS services but with a selfsigned SSL cert I get an untrusted ssl cert in the console of the app. I'm not sure if this is something I'm doing wrong or what but I've never seen an atmosphere nro_patches directory before. I'm booting from hekate, is there any special I need to do here?</p><p></p><p></p><p>The other option I can see is to get into homebrew, dust off the C book, and try and install my self signed SSL cert to the Switch trusted cert store. I cant link but I believe switchbrew has a section on SSL_services to import certs. To me, with my current knowledge, I dont understand what it's saying but I believe it's what I'm looking for. From here I'd use that private key on my webserver, proxy requests to the real site while capturing the requests there.</p><p></p><p>Truly, It would be nice if I could debug the NRO, step though the work it's doing so I can recreate the <em>HAUTH</em> and <em>UAUTH</em> generation in python but all the guides I'm finding are how to do similar on a PC. </p><p></p><p>The secrets for the http version of the site:</p><p>[CODE]</p><p>HAUTH: 2A3982D79A8D699A8E3758C0E42A21A0</p><p>UAUTH: 3A0523CAEEACF0B7EBA08ED2F24D0FC5</p><p>[/CODE]</p><p></p><p>Anyone have some thoughts or suggestions for me? I doubt I'm the only one looking to do this so maybe there's already something out there? I'm not going to stop going down this path and my next step is to get a dev environment setup for homebrew on the switch to try and install the ssl cert and proxy the requests though my webserver.</p></blockquote><p></p>
[QUOTE="7TxfsjLJH, post: 10364580, member: 693689"] There's a specific website only accessible from a closed source nro on the switch that I would like see the HTTPS traffic for. The goal is to recreate the web calls to have access from a PC. I've gotten most of the way there but I'm having some trouble. It has always been helpful for me to talk to people who have an idea what I'm talking about so I thought I'd post here. Also, I really do not want to reinvent the wheel if there's something out there that can help me. I know very little C that I studied 10+ years ago so I don't really understand that part of it. First I started off with pointing the DNS for the site to my own webserver. I added both sites (theirs and mine) to the app and started to capture the packets. There doesn't seem to be anything special, no hardcoded well known url for xlm or anything it just hits the base page with some specific headers. [SPOILER="HTTP headers"] [CODE]GET / HTTP/1.1 Host: 10.0.0.22 Accept: */* Accept-Encoding: deflate, gzip Theme: 0000000000000000000000000000000000000000000000000000000000000000 UID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Version: 17.0 Revision: 3 Language: en Stream: 1 HAUTH: 77D2259784855C5B3B77DE499957B90A UAUTH: C5E43066E5A7C1D8CE224CD70FA9F906 [/CODE] [/SPOILER] Confirmed by some documentation on the nro app website, [LIST] [*][I]UID[/I] is unique per switch [*][I]HAUTH[/I] is unique per domain [*][I]UAUTH[/I] is unique per path on that domain. [/LIST] The goal is to see the HTTPS traffic so I can get Both the [I]HAUTH[/I] and [I]UAUTH[/I] for the website and recreate these calls in python. At first I was hopeful that the secret auth values would be the same for HTTP and HTTPS. However, they are not for my domain and I've assumed it's true for the other one. Meaning, I really do need to man in the middle. From here I only see two options. [I][/I] I found misson20000's exefs_patches with some PRs for 'disable_ca_verification' and 'disable_browser_ca_verification' version 17.0.0. With these on my SD Card I setup Charles by following InternalLoss switch_tls_charles steps. This worked for the OS services but with a selfsigned SSL cert I get an untrusted ssl cert in the console of the app. I'm not sure if this is something I'm doing wrong or what but I've never seen an atmosphere nro_patches directory before. I'm booting from hekate, is there any special I need to do here? The other option I can see is to get into homebrew, dust off the C book, and try and install my self signed SSL cert to the Switch trusted cert store. I cant link but I believe switchbrew has a section on SSL_services to import certs. To me, with my current knowledge, I dont understand what it's saying but I believe it's what I'm looking for. From here I'd use that private key on my webserver, proxy requests to the real site while capturing the requests there. Truly, It would be nice if I could debug the NRO, step though the work it's doing so I can recreate the [I]HAUTH[/I] and [I]UAUTH[/I] generation in python but all the guides I'm finding are how to do similar on a PC. The secrets for the http version of the site: [CODE] HAUTH: 2A3982D79A8D699A8E3758C0E42A21A0 UAUTH: 3A0523CAEEACF0B7EBA08ED2F24D0FC5 [/CODE] Anyone have some thoughts or suggestions for me? I doubt I'm the only one looking to do this so maybe there's already something out there? I'm not going to stop going down this path and my next step is to get a dev environment setup for homebrew on the switch to try and install the ssl cert and proxy the requests though my webserver. [/QUOTE]
Insert quotes…
Verification
Post reply
Home
Forums
PC, Console & Handheld Discussions
Nintendo Switch
Help trying to MITM a closed source NRO
General chit-chat
Help
Users
Settings
Notifications
Miscellaneous
Inverse message direction
Display editor on top
Enable maximized mode
Display images as links
Hide bot messages
Hide statuses
Hide chatter list
Show messages from ignored users
Temporarily disable chat
Receive mention alerts
Sound notifications
Normal messages
Private messages
Whisper messages
Mention messages
Bot messages
Desktop notifications
Normal messages
Private messages
Whisper messages
Mention messages
Bot messages
Options
Options
View top chatters
No one is chatting at the moment.
@
BakerMan
:
yo guys the sonic x shadow generations trailer dropped today, and shadow just straight up decided, and i hate (love) to bring this dead meme up, but, it's morbin time
Today at 3:40 AM
@
BakerMan
:
also the game drops oct 25, so does call of duty black ops 6, i guess barbenheimer is happening again
Today at 3:41 AM
@
SylverReZ
:
@K3Nv2
, Dang it, Psi.
Today at 3:51 AM
@
K3Nv2
:
Shark tales
+1
Today at 3:52 AM
@
BakerMan
:
where else but florida?
Today at 3:52 AM
@
BakerMan
:
florida men just a different breed
+1
Today at 3:52 AM
@
SylverReZ
:
https://www.foxnews.com/us/man-sexual-assault-olaf-target
Today at 3:53 AM
@
BakerMan
:
are we talking the snowman from frozen? that olaf?
+1
Today at 3:54 AM
@
SylverReZ
:
Yes lol
Today at 3:54 AM
@
BakerMan
:
oh no bro
Today at 3:54 AM
@
SylverReZ
:
>Florida man violates an Olaf plush.
He couldn't let it go with that one.
Today at 3:54 AM
@
K3Nv2
:
Floridawoman is the only thing that can ruin Floridaman
+2
Today at 3:56 AM
@
BakerMan
:
Today at 5:03 AM
@
K3Nv2
:
https://youtube.com/shorts/rI5IRxpcwDk?si=g8PPkbkjsSuwpjZW
+1
Today at 6:06 AM
@
SylverReZ
:
@K3Nv2
, Very accurate.
Today at 8:02 AM
@
Psionic Roshambo
:
https://m.youtube.com/watch?v=SFpbR...vIExpdHRsZSB0aW1teSBnbHVlZCB0byBoaXMgY3JpdGNo
Today at 9:12 AM
@
Veho
:
https://imgur.com/gallery/P1hdZ8h
+1
Today at 9:39 AM
@
SylverReZ
:
@Veho
,
Today at 9:51 AM
@
SylverReZ
:
Grandma living in her 20s again.
Today at 9:51 AM
@
Veho
:
80s are the new 20s.
+2
Today at 9:54 AM
@
btei
:
meow meow meow meow
52 minutes ago
@
VXNlcm5hbWU
:
woof woof woof woof
51 minutes ago
@
btei
:
get this dog outta here
50 minutes ago
@
btei
:
why does blue flavour taste so yummay
50 minutes ago
@
SylverReZ
:
https://www.cbsnews.com/losangeles/...y-3000-boxes-of-stolen-lego-sets-at-his-home/
20 minutes ago
Submit
@
SylverReZ
:
https://www.cbsnews.com/losangeles/news/71-year-old-arrested-after-lapd-finds-nearly-3000-boxes-o...
20 minutes ago
Chat
0