erew70
commented
2 months ago also i have everything setup and have my nx_tls_client_cert.pfx certificate and it does not work with the eshop :(
Closed erew70 closed 2 months ago
erew70
commented
2 months ago also i have everything setup and have my nx_tls_client_cert.pfx certificate and it does not work with the eshop :(
erew70
commented
2 months ago certificate name is: NintendoNXCA2Prod10
no clue how to dump can you please help? you guys dumped switch traffic before so you must know! 🙏
kinnay
commented
2 months ago There are two different certificates:
Here is a guide that explains how to dump the certificates: https://gist.github.com/InternalLoss/363356b26e3cb45d680d08ac99e8ff6d
The SwitchShop certificate is indeed stored in the LibAppletShop NSO. Try opening it in IDA. In the 18.1.0 version, you will find the certificate at 0x7100961C29. You can also try searching for the bytes 30 82 0A F1 in IDA to find it.
jonbarrow
commented
2 months ago Here is a guide that explains how to dump the certificates: gist.github.com/InternalLoss/363356b26e3cb45d680d08ac99e8ff6d
I'll contact Billy on Discord about this, but it should be noted that this guide is a bit outdated and the links to the lockpick repos are no longer available due to the DMCA takedowns a while ago. So this guide alone is not enough for what @erew70 wants to do
(also they did know about this guide already, they commented on it a week ago)
erew70
commented
2 months ago Here is a guide that explains how to dump the certificates: gist.github.com/InternalLoss/363356b26e3cb45d680d08ac99e8ff6d
I'll contact Billy on Discord about this, but it should be noted that this guide is a bit outdated and the links to the lockpick repos are no longer available due to the DMCA takedowns a while ago. So this guide alone is not enough for what @erew70 wants to do
(also they did know about this guide already, they commented on it a week ago)
thx alot this is like the last step for me to unban my switch bc i was working on making patches and stuff for it and the eshop wasnt proxying. Thanks a lot dude! 🙏
erew70
commented
2 months ago There are two different certificates:
- The SwitchShop certificate, which is used for https://bugyo.hac.lp1.eshop.nintendo.net
- The device certificate, which is used for other servers.
Here is a guide that explains how to dump the certificates: https://gist.github.com/InternalLoss/363356b26e3cb45d680d08ac99e8ff6d
The SwitchShop certificate is indeed stored in the LibAppletShop NSO. Try opening it in IDA. In the 18.1.0 version, you will find the certificate at
0x7100961C29. You can also try searching for the bytes30 82 0A F1in IDA to find it.
Thx. Is there another way? I dont have ida im not gonna pay for it sry
erew70
commented
2 months ago Certificate name is: NXCA2Prod10 i think, also how to dump libappshop nso????
erew70
commented
2 months ago There are two different certificates:
- The SwitchShop certificate, which is used for https://bugyo.hac.lp1.eshop.nintendo.net
- The device certificate, which is used for other servers.
Here is a guide that explains how to dump the certificates: https://gist.github.com/InternalLoss/363356b26e3cb45d680d08ac99e8ff6d
The SwitchShop certificate is indeed stored in the LibAppletShop NSO. Try opening it in IDA. In the 18.1.0 version, you will find the certificate at
0x7100961C29. You can also try searching for the bytes30 82 0A F1in IDA to find it.
How to dump Libappshop nso? Also i dont have ida and i don't have license to use it sooo....
kinnay
commented
2 months ago You can use Ghidra if you don't want to use IDA.
Not sure what's the easiest way to dump the applet. Personally, I'm using the example script from this repo to download a system update, and hactool to unpack it.
And NXCA2Prod10 is not the name of the SwitchShop certificate. NXCA2Prod10 sounds more like the device certificate.
Also, proxying the eshop will not help you with unbanning your Switch in any way...
erew70
commented
2 months ago You can use Ghidra if you don't want to use IDA.
Not sure what's the easiest way to dump the applet. Personally, I'm using the example script from this repo to download a system update, and hactool to unpack it.
And NXCA2Prod10 is not the name of the SwitchShop certificate. NXCA2Prod10 sounds more like the device certificate.
Also, proxying the eshop will not help you with unbanning your Switch in any way...
Nxca2prod10 isnt device certificate. Nx prod 1 is also im aware certificate isnt the only thing. Is ghidra free?
kinnay
commented
2 months ago Yes, Ghidra is free. You can download it here: https://ghidra-sre.org/. You will also have to find a plugin for it for loading NSO files.
Alternatively, if you just want to extract the certificate, you could try looking up the NSO file format on switchbrew, and decompress the sections manually.
Where did you hear about NintendoNXCA2Prod10? The device certificate is issued by NintendoNXCA2Prod1. The SwitchShop certificate has nothing to do with that though. SwitchShop is issued by Nintendo CA - G3.
erew70
commented
2 months ago Yes, Ghidra is free. You can download it here: https://ghidra-sre.org/. You will also have to find a plugin for it for loading NSO files.
Alternatively, if you just want to extract the certificate, you could try looking up the NSO file format on switchbrew, and decompress the sections manually.
Where did you hear about NintendoNXCA2Prod10? The device certificate is issued by NintendoNXCA2Prod1. The SwitchShop certificate has nothing to do with that though. SwitchShop is issued by Nintendo CA - G3.
Look at prodinfo.bin you will see it. Also how do i dump that one too then? (NintendoNXCA2Prod10) Or is it the same as NX Prod 1
erew70
commented
2 months ago Yes, Ghidra is free. You can download it here: https://ghidra-sre.org/. You will also have to find a plugin for it for loading NSO files.
Alternatively, if you just want to extract the certificate, you could try looking up the NSO file format on switchbrew, and decompress the sections manually.
Where did you hear about NintendoNXCA2Prod10? The device certificate is issued by NintendoNXCA2Prod1. The SwitchShop certificate has nothing to do with that though. SwitchShop is issued by Nintendo CA - G3.
I can dump fw with tegraexplorer. Is nca same thing? Thats the format used for fw
erew70
commented
2 months ago Yes, Ghidra is free. You can download it here: https://ghidra-sre.org/. You will also have to find a plugin for it for loading NSO files.
Alternatively, if you just want to extract the certificate, you could try looking up the NSO file format on switchbrew, and decompress the sections manually.
Where did you hear about NintendoNXCA2Prod10? The device certificate is issued by NintendoNXCA2Prod1. The SwitchShop certificate has nothing to do with that though. SwitchShop is issued by Nintendo CA - G3.
Reference: (My prodinfo)
XAW40011448705
NintendoNXCA1Prod1 NX6365A166C75C1413
207D8ED7CDF454D001802CDD5BCE784128C2E650201B210F7E3F5E83A826C3273FB7D265C3B2AE9F26B9FE72C269CDBBED05DC50C24C625FFE0C499EF817269D189A2E6268F6B309D53AE0CA5788A7C14674AE3CFED32D7250BD8A31AD0AB313F5CE966A9D6446BE96DAA15B9FFE2827BDFF90EBC1B3C8EE7E543B70B64565E0796FD35DCBB7DC7EE5DA29C82FB51A49260AB8CFCEED83A3EB86D9BD5D7FAAFAD67C9CACFED15FB4EF52A0F404ADC7B5556CC2B708E8DA63C1AA815CCC4691C351EC1DA8A026D9C7F0DDC9768F6B3C535F22B2A2DE14196B3952FDA0D58401A9981EBC23A22ACE3CA84B045288C768853BD5C50C27BFDB735D823C36B776C8240
hello, i am trying to proxy traffic with charles and was wondering how do you obtain the certificate? i heard you need to extract it from libappshop NSO but idk can someone help me please? Thank you