| :::::I don't think you understand what "SSL client certificate authentication" is, you should google it etc. A fake server would require the SSL server private-key from the real server, which you can't obtain of course. The AES engine has *nothing* to do with this besides being used to decrypt those two files in that CFA RomFS. This CFA is a system title so it's obviously stored in NAND, but of course you can't change any NCCH data due to RSA signing of course(modifying ClCertA is pointless anyway). There's not much point changing the SSL client cert/private-key, each 3DS prior to that update would be using the old ClCertA, and system updates require that SSL client auth for SOAP(besides SOAP that stuff isn't really interesting tbh). SSL module is the only process which uses ClCertA. "... write/read which section of memory" I have no use for that. --[[User:Yellows8|Yellows8]] 17:30, 4 July 2013 (CEST) | | :::::I don't think you understand what "SSL client certificate authentication" is, you should google it etc. A fake server would require the SSL server private-key from the real server, which you can't obtain of course. The AES engine has *nothing* to do with this besides being used to decrypt those two files in that CFA RomFS. This CFA is a system title so it's obviously stored in NAND, but of course you can't change any NCCH data due to RSA signing of course(modifying ClCertA is pointless anyway). There's not much point changing the SSL client cert/private-key, each 3DS prior to that update would be using the old ClCertA, and system updates require that SSL client auth for SOAP(besides SOAP that stuff isn't really interesting tbh). SSL module is the only process which uses ClCertA. "... write/read which section of memory" I have no use for that. --[[User:Yellows8|Yellows8]] 17:30, 4 July 2013 (CEST) |
| ::::::oh well thanks. So only SSL module then. Without the ability to modify the original data, even a tunnel proxy would not work properly..(what annoying the rsa signature is - maybe as me to you. i means, 3ds with replaced, child cert and key of a self-signed, connects to a proxy with self-signed cert and key; the proxy takes the original cert and key that of 3ds client, to connects to ninty CDN. the two connections are all connecting with proper key and cert, that client signed by server; but 3ds's original cert and key must be replaced by one signed by our proxy's server cert and key, as what ninty does with 3ds. cause inability to change the content, it is nothing now.)(maybe better quick head to learning disasm and someday to have a try) BTW haven't seen Jl12 for long, seeing someone impeach him for just taking $ away lol. (even i don't think about that before. oh no this is your page and i should not be short to you) --[[User:Syphurith|Syphurith]] 02:16, 5 July 2013 (CEST) | | ::::::oh well thanks. So only SSL module then. Without the ability to modify the original data, even a tunnel proxy would not work properly..(what annoying the rsa signature is - maybe as me to you. i means, 3ds with replaced, child cert and key of a self-signed, connects to a proxy with self-signed cert and key; the proxy takes the original cert and key that of 3ds client, to connects to ninty CDN. the two connections are all connecting with proper key and cert, that client signed by server; but 3ds's original cert and key must be replaced by one signed by our proxy's server cert and key, as what ninty does with 3ds. cause inability to change the content, it is nothing now.)(maybe better quick head to learning disasm and someday to have a try) BTW haven't seen Jl12 for long, seeing someone impeach him for just taking $ away lol. (even i don't think about that before. oh no this is your page and i should not be short to you) --[[User:Syphurith|Syphurith]] 02:16, 5 July 2013 (CEST) |