4.7 KiB
template: post title: nds-constrain't author: flewkey timestamp: 1594525504 license: CC-BY
Once upon a time, shutterbug2000 discovered nds-constrain't: a bug in Nintendo's NTR SSL library that allowed it's connections to be easily intercepted. This made it possible to connect to alternative online services without ROM patching.
The bug itself is simple: the NDS SSL library does not care whether or not a certificate is authorized to act as a certificate authority. This means that — with any valid certificate — we can sign whatever we want, including a certificate under a false hostname.
A guide to using this bug for fun and profit is now available on the official page, which is much better written than mine. However, you are free to keep reading this one.
Update (2020-12-31): I have corrected some mistakes in this post. There is also information at the bottom of this post regarding OpenSSL which is important to setting up nds-constrain't properly.
Getting the Wii client certificate
As explained in the official page for nds-constrain't, the Wii client certificate is signed by Nintendo and considered valid. Therefore, we can use it's key to sign whatever we want. You could grab it from a Wii, but it is much easier to download it from Larsenv's page. Choose the "Wii NWC Prod 1" key pair.
Converting it to a useable format
The file is a PKCS12, and we can't do anything useful with it until we extract the certificate and the private key. Thankfully, this is pretty simple.
openssl pkcs12 -in WII_NWC_1_CERT.p12 -passin pass:alpine -passout pass:alpine -out keys.txt
That command will export the X.509 certificate and private key from the archive, and store the output in keys.txt. They can then be copied into their appropriate files, which I will name NWC.crt and NWC.key.
Signing your certificate
Instructions for this are listed on the official guide. I have copied them for reference.
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA NWC.crt -CAkey NWC.key -CAcreateserial -out server.crt -days 3650 -sha1
NGINX users need to create a file for the certificate chain as well.
cat server.crt NWC.crt > server-chain.crt
We are now ready to rock and roll!
Using your phony certificate
Once the SSL certificate is installed, you may run into issues connecting with your DS. This because your NDS only knows how to use SSLv3, with either the RC4-SHA or RC4-MD5 cipher set. To enable DS compatibility for NGINX, add the following lines to your NGINX configuration.
ssl_protocols SSLv3;
ssl_ciphers RC4-SHA:RC4-MD5:@SECLEVEL=0;
The config settings are nearly identical in Apache.
SSLProtocol SSLv3
SSLCipherSuite RC4-SHA:RC4-MD5:@SECLEVEL=0
Most services for Nintendo consoles make liberal use of headers. Unfortunately,
some headers (e.g. http_x_gamecd) contain underscores, which
shouldn't be in the header field.
Allowing this in NGINX is simple.
underscores_in_headers on;
proxy_pass_request_headers on;
Working around this in Apache is a bit more difficult. For information about working around invalid headers in Apache, see this example. If you continue having issues with NDS connectivity, please contact me.
Having fun
The possibilities are infinite. Want to run services through a debugging proxy? Implement WFC protocols? Make a Flipnote Studio server? All of this is possible without ROM patches!
Update
Modern versions of OpenSSL have SSLv3 and the RC4 ciphers disabled by default, which means that you will need to compile OpenSSL yourself. For information on doing this, see the INSTALL.md from the OpenSSL repository, or the Compilation and Installation page from their wiki.
When configuring OpenSSL, be sure to specify the "enable-ssl3", "enable-ssl3-method" and "enable-weak-ciphers" flags like so:
./config enable-ssl3 enable-ssl3-method enable-weak-ciphers
It will install in /usr/local and /usr/local/ssl by default, so it shouldn't interfere with the version currently installed on your system.
Gentoo users can add the "sslv3" and "weak-ciphers" USE flags to OpenSSL
and rebuild it. Since there is no weak-ciphers USE flag at the time of writing,
you might want to add my
flewkey-overlay and unmask
dev-libs/openssl::flewkey-overlay.