sahwar · April 11, 2022 12:03 · Feb 20, 2021 · Feb 17, 2021 · Feb 17, 2021 · Feb 17, 2021
diff --git a/tls_guide.md b/tls_guide.md
@@ -21,7 +21,7 @@ Once this is done, press the X and move on to setting up your console.
 If you'd like to instead set these parameters via command line, `mitmweb --set client_certs=PATH/TO/CLIENTCERT.PEM` would also work, and you can also add `-w OUTFILENAME` to automatically write to a file instead of having to save the data from the browser.
 
 
-## 3DS
+## Nintendo 3DS
 
 **NOTE: The patch for this will be enabled as long as "Game Patching" is enabled in Luma3DS, which means your 3DS will ignore any and all certificate validation issues - this is not safe, and you should not connect to public WiFi networks (or any network other than your own, really) with this patch enabled.**
 

diff --git a/tls_guide.md b/tls_guide.md
@@ -18,7 +18,8 @@ You'll need to disable certificate validation by going to the Options tab and ti
 
 Once this is done, press the X and move on to setting up your console.
 
-If you'd like to 
+If you'd like to instead set these parameters via command line, `mitmweb --set client_certs=PATH/TO/CLIENTCERT.PEM` would also work, and you can also add `-w OUTFILENAME` to automatically write to a file instead of having to save the data from the browser.
+
 
 ## 3DS
 

diff --git a/tls_guide.md b/tls_guide.md
@@ -0,0 +1,46 @@
+# Dumping Nintendo TLS Traffic
+
+This guide is for capturing encrypted web traffic between the Internet and a 3DS or Wii U. **You will need a hacked console for this.**
+
+NOTE: This traffic **is sensitive** - it will likely contain sensitive data such as a hashed form of your NNID password, and the device's unique identifiers including their unique certificates - as such, please be careful who you share these dumps with! They should be stored safely.
+
+# TLS Traffic
+
+Dumping TLS traffic requires a proxy - we suggest [mitmproxy](https://mitmproxy.org) which is both FOSS and cross-platform. It also has a web view which is useful for saving the recorded data (though this can also be done via CLI, as explained later).
+
+You will need to know your computer's local IP address - you can do this by typing `ipconfig` into Command Prompt (or PowerShell) on Windows, or `ifconfig` on macOS/Linux.
+
+## Setting up the proxy
+
+If using Windows, you can simply launch mitmweb from the Start Menu - if using Linux or macOS, simply type `mitmweb` in your terminal and press enter.
+
+You'll need to disable certificate validation by going to the Options tab and ticking "Don't verify server certificates". Then, press the "Edit Options" icon, and look for the option "client_certs". Here, you'll need to provide a full path to either the [ctr-common-1.pem](https://github.com/larsenv/NintendoCerts/raw/master/pem/ctr-common-1.pem) file if capturing 3DS, or [WIIU_COMMON_1_CERT.pem](https://github.com/larsenv/NintendoCerts/raw/master/pem/WIIU_COMMON_1_CERT.pem) if capturing WiiU - for example, on Windows "C:/Users/YOURNAME/Downloads/ctr-common-1.pem" or "~/Downloads/WIIU_COMMON_1_CERT.pem" on Linux - if you cant find the exact path on Windows, try holding shift and right clicking in the folder the certificate is inside, and press "Open PowerShell window here" (or "Open Command Prompt window here" if on an earlier version of Windows) - the full path will now be displayed.
+
+Once this is done, press the X and move on to setting up your console.
+
+If you'd like to 
+
+## 3DS
+
+**NOTE: The patch for this will be enabled as long as "Game Patching" is enabled in Luma3DS, which means your 3DS will ignore any and all certificate validation issues - this is not safe, and you should not connect to public WiFi networks (or any network other than your own, really) with this patch enabled.**
+
+Your console will need to be running the latest Luma3DS, and you will need to copy the [3DS-SSL-Patch code.ips file](https://github.com/InternalLoss/3DS-SSL-Patch/blob/master/code.ips) to your SD card, placing it at `sd:/luma/titles/0004013000002F02/code.ips` (you will need to create both the titles and 0004013000002F02 folders).
+
+Once you've done this, hold SELECT at boot and ensure that `Enable game patching` shows `(x)` next to it - if it does not, use the D-PAD and A button to select the option and enable it, and press START to boot the 3DS.
+
+Navigate to System Settings, then choose Internet Settings -> Connection Settings -> Connection # (whichever you use) -> Change Settings. Press the right arrow, then Proxy Settings. Select "Yes", then in Detailed Setup enter your computer's IP address under "Proxy Server" and port 8080.
+
+Select OK, then Save - perform a connection test, and you should see a request to http://conntest.nintendowifi.net show up on mitmweb. Assuming you see this, you are now proxying traffic! When you are done, *make sure you press mitmproxy->save* and download the file it gives you - it is recommended to give this some sort of descriptive name (i.e. "eShop-BrowseTitles").
+
+
+## Wii U
+
+**NOTE: You will see certificate errors once the proxy is setup until the patcher has been ran - this is normal. You will also need to run the patcher every time the Wii U is booted, as it is temporary.**
+
+You will need to be able to run homebrew (via haxchi or web browser), and will need a copy of [Pretendo's network installer](https://github.com/PretendoNetwork/network-installer/releases/latest).
+
+On your Wii U, go to System Settings -> Internet -> Connect to the Internet -> Connection List -> Your connection, then "Change Settings".
+
+Scroll to the right until you see "Proxy Settings", select Configure, pressing Continue when the internet browser is mentioned, and enter your computer's IP for Proxy Server with Port 8080. Press Confirm, then Don't Use for basic authentication. Save the settings, and go back to the main menu.
+
+Launch the installer application via your homebrew method of choice, and select Patching menu->SSL Patch, then return to the main menu. You should now see some requests.