This is a mitmproxy script for safecerthax. You can use it to spoof official 3DS NUS servers and exploit safecerthax only on O3DS/2DS SAFE_FIRM to run SafeB9SInstaller.
For more information on safecerthax, please visit the safecerthax website.
Note: this repository only contains the python script for mitmproxy, please check out the safecerthax repository for the actual exploit code.
To start the proxy server, run the following command:
mitmproxy -s safecerthax.py \
-s tls_whitelist.py \
--certs c.shop.nintendowifi.net=<*.c.shop.nintendowifi.net_fake_certificate> \
--certs cdn.nintendo.net=<*.cdn.nintendo.net_fake_certificate> \
--set client_certs=<client_certificate> \
--ssl-insecure \
--set relax_http_form_validation \
--set certhax_payload=<safecerthax_binary> \
--set arm9_payload=<kernelhaxcode_3ds_binary> \
--set tls_version_client_min=TLS1
With:
fake_certificate
: the path to your fake certificate (in PEM format) created with SSLoth that mimics the certificate for*.c.shop.nintendowifi.net
and*.cdn.nintendo.net
domains.client_certificate
: the path to the ClCertActr-common-1-cert
(in PEM format).safecerthax_binary
: the path to thesafecerthax.bin
binary file.kernelhaxcode_3ds_binary
: the path to thekernelhaxcode_3ds.bin
binary file.
This will start the safecerthax proxy on port 8080.
Follow these steps:
- Put the
SafeB9SInstaller.bin
at the root of your SD card. - In the system settings, edit your network configuration to add the proxy server (IP of your computer + port 8080).
- Reboot in recovery mode (press L+R+Up+A at startup).
- Confirm you want to update.
- An error message should pop up. Close it.
- The exploit should run and launch SafeB9SInstaller.