search

kinnay / NintendoClients

Python package to communicate with Switch, Wii U and 3DS servers
MIT License
537 stars 63 forks source link

Man-in-the-middle test on switch #103

Open WhereIsOops opened 1 year ago

WhereIsOops commented 1 year ago

I extracted a switch client certificate and private key of an old version model, and wanted to use it to perform a man-in-the-middle test on my new version switch, but it failed.The old version of the certificate could not pass the certificate verification of the new version of the machine. Do you know if the built-in root certificate of the switch is issued by a different CA than the client certificate of the switch?

kinnay commented 1 year ago

I'm not sure if I understand you correctly. Are you trying to use the client certificate as a CA? That is definitely not going to work.

The Switch doesn't have a single built-in root certificate. Most certificates of Nintendo are issued by Nintendo CA - G3 or Nintendo Class 2 CA - G3, but Nintendo also has servers whose certificates are issued by Amazon or Google. The Switch accepts any of them.

It does not accept certificates that are issued by the client certificate though because:

  1. The client certificate does not have the CA flag set so it cannot act as a CA.
  2. The client certificate is issued by NintendoNXCA2Prod1, which is not one of the root certificates that are trusted by the Switch.

There is no way to do a man-in-the-middle without SSL patches, even if you own an old Switch.

WhereIsOops commented 1 year ago

Thanks a lot, that's exactly what I was looking for,It seems that the man-in-the-middle test can only be performed on the switch version with a chip vulnerability.

Yannik Marchand @.***> 于2023年4月16日周日 21:11写道:

I'm not sure if I understand you correctly. Are you trying to use the client certificate as a CA? That is definitely not going to work.

The Switch doesn't have a single built-in root certificate. Most certificates of Nintendo are issued by Nintendo CA - G3 or Nintendo Class 2 CA - G3, but Nintendo also has servers whose certificates are issued by Amazon or Google. The Switch accepts any of them.

It does not accept certificates that are issued by the client certificate though because:

  1. The client certificate does not have the CA flag set so it cannot act as a CA.
  2. The client certificate is issued by NintendoNXCA2Prod1, which is not one of the root certificates that are trusted by the Switch.

There is no way to do a man-in-the-middle without SSL patches https://github.com/misson20000/exefs_patches, even if you own an old Switch.

— Reply to this email directly, view it on GitHub https://github.com/kinnay/NintendoClients/issues/103#issuecomment-1510378079, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWVWM5NKUTEH4XHELJVLZMTXBPVX5ANCNFSM6AAAAAAXACBR4A . You are receiving this because you authored the thread.Message ID: @.***>