Current pkvldtprod SSL bypass is not 100% effective (error 13275 is back)

mm201 / pkmn-classic-framework

Pokémon application logic for Generation IV and V, including servers

http://pkmnclassic.net/

Other

219 stars 43 forks source link

Current pkvldtprod SSL bypass is not 100% effective (error 13275 is back) #67

Closed mm201 closed 2 years ago

mm201 commented 5 years ago

Offer a Pokémon on the GTS
Wait for the trade to complete
Power cycle your game
Connect to GTS and receive your Pokémon
Offer another Pokémon
Observe error 13275
Reconnect and offer it again
Observe that it now works.

kamisama6866 commented 3 years ago

After repairing the rom, there is no problem with gen4, but 13275 will appear in gen5, which is a pity.

InternalLoss commented 3 years ago

After repairing the rom, there is no problem with gen4, but 13275 will appear in gen5, which is a pity.

Assuming you meant patching the ROM for NoSSL, this could be because Kaeru doesn't proxy plaintext for the certain servers?

Anyway, the easiest (but improbable) fix would be for us to get a copy of a client certificate issued by the same CA that signed Pokémon's other domains (or check what other CAs Pokémon allows to verify those domains by reverse engineering that specific request - hopefully we find there's another CA that it supports?), otherwise we're looking at finding yet another SSL bug since the fact we can re-use a wildcard certificate is still better than nothing, ofc

kamisama6866 commented 3 years ago

After repairing the rom, there is no problem with gen4, but 13275 will appear in gen5, which is a pity.

Assuming you meant patching the ROM for NoSSL, this could be because Kaeru doesn't proxy plaintext for the certain servers?

Anyway, the easiest (but improbable) fix would be for us to get a copy of a client certificate issued by the same CA that signed Pokémon's other domains (or check what other CAs Pokémon allows to verify those domains by reverse engineering that specific request - hopefully we find there's another CA that it supports?), otherwise we're looking at finding yet another SSL bug since the fact we can re-use a wildcard certificate is still better than nothing, ofc

Yes, I use wfcpatcher to point the nwfc URL to wiimmfi.de. There is a problem with my network,maybe changing the network can solve the problem. xd Anyway, I will look forward to your good news.

mm201 commented 3 years ago

The Wiimmfi patcher doesn't know about pkvldtprod.nintendo.co.jp. You should use a noSSL patcher instead.

kamisama6866 commented 3 years ago

The Wiimmfi patcher doesn't know about pkvldtprod.nintendo.co.jp. You should use a noSSL patcher instead.

Thank you for your advice, I use nossl patch will appear error code 20100, I think it should be my network problems, because my friends run very well.

kamisama6866 commented 3 years ago

I changed the network and was able to connect to the GTS without any patches and complete the trade. nice!!

mm201 commented 2 years ago

Increasing the session expiry on the mitm proxy seems to have resolved this in 99% of cases and nothing short of a whole new exploit will improve it so I'm closing this.