My avatar
flewkey Level 10 Computer Mage

nds-constrain't

Published on 2020-07-12 by flewkey

Once upon a time, shutterbug2000 discovered nds-constrain't: a bug in Nintendo's NTR SSL library that allowed it's connections to be easily intercepted. This made it possible to connect to alternative online services without ROM patching.

The bug itself is simple: the NDS SSL library does not care whether or not a certificate is authorized to act as a certificate authority. This means that — with any valid certificate — we can sign whatever we want, even a certificate under a false hostname.

A guide to using this bug for fun and profit is now available on the official page, which is much better written than mine. However, you are free to keep reading this one.


Getting the Wii client certificate

As explained in the official page for nds-constrain't, the Wii client certificate is signed by Nintendo and considered valid. Therefore, we can use it's key to sign whatever we want. You could grab it from a Wii, but it is much easier to download it from Larsenv's page. You will want to use the link labelled "Wii NWC Prod 1", by the way.

Converting it to a useable format

The file is a PKCS12, and we can't do anything useful with it until we extract the certificate and the private key. Thankfully, this is pretty simple.

openssl pkcs12 -in WII_NWC_1_CERT.p12 -passin pass:alpine -passout pass:alpine -out keys.txt

That command will export the X.509 certificate and private key from the archive, and store the output in keys.txt. They can then be copied into their appropriate files, which I will name NWC.crt and NWC.key.

Signing your certificate

Instructions for this are listed on the official GitHub page, but I have copied them for reference. If I remember correctly, the DS can only handle the SHA-1 and MD5 hash formats, so pay attention to the -sha1 flag.

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA NWC.crt -CAkey NWC.key -CAcreateserial -out server.crt -days 3650 -sha1

Your webserver probably wants the certificate chain as well, so let's generate that as well.

cat server.crt NWC.crt > server-chain.crt

We are ready to rock and roll!

Using your phony certificate

Once the SSL certificate is installed, you may run into issues connecting with your DS. This because your NDS only knows how to use SSLv3, with the SHA-1 or MD5 cipher sets. Enabling SSLv3 and SHA-1 isn't always possible with webservers, so I recommend using NGINX as a reverse-proxy. To enable DS compatibility for NGINX, add the following lines to your NGINX configuration.

ssl_protocols SSLv3;
ssl_ciphers ECDHE-RSA-AES128-SHA;

Most services on Nintendo consoles make liberal use of headers. Because of this, some extra options need to be enabled.

underscores_in_headers on;
proxy_pass_request_headers on;

Because we have enabled insecure SSL settings on NGINX, you probably don't want to use it for any mission-critical web applications. If you continue having issues with NDS connectivity, please contact me.

Having fun

The possibilities are infinite. Want to run services through a debugging proxy? Implement WFC protocols? Make a Flipnote Studio server? All of this is possible without ROM patches!


Update

After receiving some e-mails, I have learned that the NDS-supported ciphers have been disabled in OpenSSL versions past 1.0.2g, unless configured with "enable-weak-ssl-ciphers". This means that you may have to re-build NGINX (or mod_ssl for Apache) to get it working.

If you have the means, I suggest taking Wireshark captures to find the cause of any SSL issues. Enabling debug logging in NGINX can also help you pinpoint handshake errors. If all else fails, you can find my e-mail on the about page.


Articles from blogs that I like

Embrace, extend, and finally extinguish - Microsoft plays their hand

GitHub took a note out of the Microsoft “EEE” playbook when designing their git services. They embraced git, and then rather than building an interface on top of email — the collaboration mechanism that git was designed to use, and which is still used for Li…

From Blogs on Drew DeVault's blog
Published on August 27, 2020

C# is a complete piece of shit.

So today I attempted to use C#, my opinion of it has converged with my previous opinion all those years ago. C# is a complete piece of shit that sucks all the life out of coding. Doing anything in this … Continue reading →

From DeadFish Shitware
Published on August 25, 2020

The Many Faces of an Undying Programming Language

This is a post I've been meaning to write for a while now: one anecdotally comparing programming languages in the Lisp family. I consider myself to be a Lisp hacker. Perhaps that much was obvious from the letter λ adorning my website's header, a refe…

From Jakob's Personal Webpage
Published on January 1, 0001

Generated with the spectacular power of openring