Support Switch/PRUDPLite

[jonbarrow]

PR adds in support for PRUDPLite, which is used by Switch servers. It's implemented using a different connection class as the handling is pretty different, due to the lack of crypto. Currently the only format accepted is the BIN format that Charles produces, as it's the easiest way to get Switch traffic. PR does not aim to implement Switch/NEX 4.0+ support in the protocols, only the ability to read the connections. Protocol support should come gradually, just like with the older protocols

With the impending death of Nintendo Network, viewing early Switch game traffic will be our only way to still see how a NEX server operates. This will only be the later versions, but it's better than nothing

[DaniElectra]

Is it possible to convert those bin files into an HAR file? that could help for mitmproxy users (and we could consider supporting HPP)

[jonbarrow]

I'm sure there is, the BIN files are just the raw web socket messages, each one contains a single PRUDPLite packet in this case

Is there much need for that though? If you load a HAR with these into mitmproxy you're just going to see raw packet data, as opposed to here which decodes the packets into something consumable

[jonbarrow]

Update, I've also looked into trying to support other dump formats, since relying solely on Charles really isn't a great long-term plan. But I'm not positive there's a better way at the moment

The issue stems from the fact that the Switch uses a secure web socket. So all the data is encrypted, and we don't really have a way to decrypt it outside of Charles right now?

Even with Charles, if you take a dump that already has a decrypted connection and then try to export it again, and open the newly exported dump, it will shift to being encrypted once again and not decode properly. This is why .chlsj (Charles Summary) dumps aren't supported right now

I also attempted to export the Charles dump as a HAR directly, but it has the same result. I thought maybe this would work, as I assume mitmproxy also supports WSS proxying much like Charles, but if the data remains encrypted it's next to useless to us

So far the only way to get anything usable, that I've found, is by using Charles to both capture the traffic (so it gets decrypted), and then using it's "Save WebSocket Messages" tool to export all the packets as BIN files like what's already supported here

I don't have mitmproxy nor do I have my Switch set up to use a proxy server at all, so I can't test if mitmproxy even supports WSS proxying, let alone decrypting the traffic. If we can confirm that it does, and find a way to export to decrypted traffic (maybe using a custom addon?) then I'll gladly add support for it here

[DaniElectra]

I (want to) think that mitmproxy should support extracting the websocket data as decrypted, but I also don't have my Switch configured with a proxy nor I have any Switch mitmproxy dumps to check this.

As a note, exporting as HAR from mitmproxy was added recently this year

[jonbarrow]

Whiskers brought that to my attention a while ago, that's why I tried HAR in Charles (since I expected it to produce a HAR in the same way mitm would)

I'll see if I can talk @InternalLoss into getting us some dedicated mitmproxy dumps to test this

[DaniElectra]

I did some digging and I found the code where mitmproxy saves the websocket packets to HAR:

https://github.com/mitmproxy/mitmproxy/blob/ae00e82c3a0733f82db476a0496349a4969a86c0/mitmproxy/addons/savehar.py#L258-L277

[jonbarrow]

That looks really promising. All I need now tbh is just a usable HAR to test with. Since Charles can't export HARs with decrypted WebSocket traffic I can't test HARs without getting my Switch setup