I am looking at the theory behind MITM attacks in order to see some unencrypted
ID: 657842 • Letter: I
Question
I am looking at the theory behind MITM attacks in order to see some unencrypted packets from the 3DS. From research here is what I understand so far:
3DS > Proxy > Nintendo server
I am going to try and force the 3DS to use a forged certificate. The 3DS will then communicate with the proxy and the proxy will decrypt the packets, see whats there, re-encrypt them and then send it out to the Nintendo server. I see an issue though, the Nintendo server is expecting to see the original 3DS public certificate from the proxy server but it wont as I do not have it. Is it possible for me to get the original certificate from the 3DS before giving it the forged one?
Here is my idea:
1. start send packets from 3ds, original cert is sent from 3ds to proxy, which is stored
2. insert forged cert to 3ds
3. connection is reset
1. using forged cert, start communication, fake cert speaks with proxy server
2. proxy decrypts packets from 3ds, logs them, re-encrypts them
3. uses the old certificate to communicate with the Nintendo server then forward packets
Is this feasible. Is there an easier way? I know some of them are hard (insert forged cert to 3DS). Which tools can help me accomplish this?
Explanation / Answer
This may or may not even be possible depending on what checks Nintendo does. If Nintendo only trusts their own certificate, signed by them, then you will be unable to make a key pair for the proxy that your DS will trust.
Normal SSL/TLS MITM proxies require that the client trust the certificate used by the proxy as a root cert, that way the proxy can make "valid" certificates on the fly. If you can't push that trust and the client actually checks trust, then your proxy will fail to be accepted as the server and the communication will not occur.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.