Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Man-in-the-Middle on Vanilla Switch? #119

Open
MontyMole98 opened this issue Dec 2, 2023 · 5 comments
Open

Man-in-the-Middle on Vanilla Switch? #119

MontyMole98 opened this issue Dec 2, 2023 · 5 comments
Labels
question

Comments

@MontyMole98
Copy link

Hi, I was just curious if you could retrieve the user ID and password from a vanilla switch using mitm. Dumb question, I know, but I can't find a better place to ask.
@kinnay
Copy link
Owner

kinnay commented Dec 2, 2023
edited
Loading

MITM is only possible on a hacked Switch. The reason is that the Switch uses TLS for all requests. To do a MITM, you first have to disable CA verification on your Switch.

I'm not sure what you mean by 'vanilla switch', but there is no way to retrieve the user id and password without atmosphere or hekate.

@K4CZP3R
Copy link

K4CZP3R commented Dec 8, 2023

How can I retrieve user id and password using atmosphere or hekate? @kinnay

@kinnay
Copy link
Owner

kinnay commented Dec 8, 2023

Unfortunately that requires some experience. I can explain the basics below. If you get stuck, I would advise you to check out the ReSwitched discord server.

Basically, there are two ways to obtain your user id and password for baas.

Using a man-in-the-middle

  1. Make sure that you know how to run Atmosphere on your Switch. There are tutorials for this.
  2. Copy the disable_ca_verification patch to your SD card.
  3. With Atmosphere running, start a proxy such as Charles. Enable SSL proxying for https://e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com/.
  4. In the system settings on your Switch, configure the proxy such that the traffic goes through Charles.
  5. Go online on your Switch and extract the user id and password from Charles.

Dumping your system save data

  1. Run hekate on your Switch.
  2. Dump the relavant data. If I remember correctly, all sava data, including system save data, is stored in the USER partition.
  3. Unpack the system save data from your dump. You'll need hactool for this, and maybe NxNandManager as well (I'm not sure anymore).
  4. Extract the user id and password from the system save data. The example scripts in the NintendoClients repository tell you where to look.

There may be other ways to dump your system save data. I think that JKSV is able to do it as well, but I've never tried it that way.

I hope this helps.

@K4CZP3R
Copy link

K4CZP3R commented Dec 10, 2023

Yup, this helps. First option is not possible for me because of banned switch. Will def. try the "system save data"one!

@nicholasyoannou
Copy link

Is it possible to enable SSL proxying for all of Nintendo's URLs? I'm interested to see what happens behind the scenes, but I'm unsure about enabling it especially for Switch Online.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kinnay @K4CZP3R @nicholasyoannou @MontyMole98