Skip to content

Commit

Permalink
Document SSSL connection steps and disable by default
Browse files Browse the repository at this point in the history 
The main issue with enabling SSSL by default is that it reqires the manual step of dumping the Nintendo CA G3 first.
  • Loading branch information
@MatthewL246
MatthewL246 committed Jun 6, 2024
1 parent c8f4c70 commit bdf4d5f
Show file tree
Hide file tree
Showing 4 changed files with 128 additions and 97 deletions.
78 changes: 40 additions & 38 deletions compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,44 +16,46 @@ services:
command: mitmweb --web-host 0.0.0.0
tty: true

nginx-sssl:
# This forwards all requests to the primary Nginx
build: ./repos/SSSL-DNS/nginx
restart: always
ports:
# HTTPS
- 443:443
volumes:
- type: bind
source: ./config/nginx-sssl.conf
target: /opt/nginx/conf/nginx.conf
read_only: true
- type: bind
source: ./console-files/cert-chain.pem
target: /opt/nginx/ssl/ca.pem
read_only: true
- type: bind
source: ./console-files/ssl-cert-private-key.pem
target: /opt/nginx/ssl/private.key
read_only: true

coredns-public:
# This responds to DNS queries from client consoles, redirecting Nintendo requests to the local server
image: coredns/coredns:latest
restart: always
ports:
# DNS
- 53:53/udp
volumes:
- type: bind
source: ./config/public.Corefile
target: /etc/coredns/Corefile
read_only: true
networks:
default:
command: -conf /etc/coredns/Corefile
env_file:
- ./.env
# Uncomment everything below to enable SSSL connections with DNS redirection
#
# nginx-sssl:
# # This forwards all requests to the primary Nginx
# build: ./repos/SSSL-DNS/nginx
# restart: always
# ports:
# # HTTPS
# - 443:443
# volumes:
# - type: bind
# source: ./config/nginx-sssl.conf
# target: /opt/nginx/conf/nginx.conf
# read_only: true
# - type: bind
# source: ./console-files/cert-chain.pem
# target: /opt/nginx/ssl/ca.pem
# read_only: true
# - type: bind
# source: ./console-files/ssl-cert-private-key.pem
# target: /opt/nginx/ssl/private.key
# read_only: true
#
# coredns-public:
# # This responds to DNS queries from client consoles, redirecting Nintendo requests to the local server
# image: coredns/coredns:latest
# restart: always
# ports:
# # DNS
# - 53:53/udp
# volumes:
# - type: bind
# source: ./config/public.Corefile
# target: /etc/coredns/Corefile
# read_only: true
# networks:
# default:
# command: -conf /etc/coredns/Corefile
# env_file:
# - ./.env

coredns-internal:
# This responds to DNS queries from the internal network of containers, redirecting Pretendo to the Nginx container
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/setup/connecting/cemu.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ This guide will show you how to access your server from the Cemu emulator.

<Tabs>
<TabItem value="wiiu" label="With a Wii U" default>
1. Follow the [Wii U connecting guide](./wiiu.md) first.
1. Follow the [Wii U connecting guide](./wiiu.mdx) first.
2. Follow the [official Pretendo Network Cemu installation guide](https://pretendo.network/docs/install/cemu).
- If you are using multiple accounts, make sure to disable the `Merge Account To Default Cemu User` setting in
Dumpling.
Expand Down
58 changes: 0 additions & 58 deletions docs/docs/setup/connecting/wiiu.md
View file

This file was deleted.

87 changes: 87 additions & 0 deletions docs/docs/setup/connecting/wiiu.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
---
sidebar_position: 2
pagination_prev: setup/connecting/index
pagination_next: setup/next-steps
---

import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";

# Wii U

This guide will show you how to access your server from a Wii U console.

:::note[Optional: dumping BOSS keys]

You may now dump the BOSS keys from your console for use in the BOSS (SpotPass) server. These keys are **only required
if you want to create new Wii U SpotPass content**.

_These steps are based on the
[guide from the boss-crypto repository](https://github.com/PretendoNetwork/boss-crypto/#dumping-crypto-keys)._

1. Download [Full Key Dumper](https://github.com/EpicUsername12/Full_Key_Dumper/releases) and run the ELF from the
Tiramisu environment (this program does not support Aroma). Then, copy the file `SD:/boss_keys.bin` from your SD card
to the `console-files` directory in this repo.
2. Run `./scripts/get-boss-keys.sh` to validate the dumped keys. It will show you if the keys are missing or incorrect.
3. If it reports that the Wii U BOSS keys are valid, run `./scripts/setup-environment.sh` to reconfigure the servers
with the BOSS keys.

:::

## Connecting

<Tabs groupId="methods">
<TabItem value="inkay" label="Inkay (homebrew)" default>
1. Follow the [official Pretendo Network Wii U installation guide](https://pretendo.network/docs/install/wiiu#inkay)
to install the Inkay patches. **Do not create a new PNID yet.** At this point, you should be connected to the
official Pretendo server.
2. Open
`System Settings => Internet => Connect to the Internet => Connections => (Your current internet connection) => Change Settings`.
3. Go to `Proxy Settings => Set => OK`. Set the proxy server to your server's IP address and the port to 8080. Then,
tap `Confirm => Don't Use Authentication`.
4. Save the settings and go back to the Home Menu. Check your mitmproxy logs at
[127.0.0.1:8081](http://127.0.0.1:8081) to verify that the console is sending HTTP requests through your proxy.
5. Start an FTP server on your console. Then, run `./scripts/compile-custom-inkay.sh` to compile a custom version of
the Inkay patches that uses your own mitmproxy certificate, which is required to connect.
6. Reboot your console.
7. Create a new PNID on your console from the users page.
</TabItem>

<TabItem value="sssl" label="SSSL (hackless)">
1. Copy the file `/storage_mlc/sys/title/0005001b/10054000/content/scerts/CACERT_NINTENDO_CA_G3.der` to the
`console-files` directory in this repo.
2. Run `./scripts/patch-sssl-certificate.sh` to create a patched Nintendo CA G3 SSL certificate for SSSL.
3. Open `compose.yml` and uncomment the `nginx-sssl` and `coredns-public` services.
4. Follow the [official Pretendo Network Wii U SSSL guide](https://pretendo.network/docs/install/wiiu#sssl), but **use
your local server's IP address** as the `Primary DNS` server.
5. Create a new PNID on your console from the users page.
</TabItem>
</Tabs>

:::warning

Make sure that the license agreement page has the custom text "Welcome to your self-hosted Pretendo Network server!". If
it does not, your proxy settings did not apply correctly and you are still connected to the official Pretendo Network
servers.

:::

## Changing which server you are connected to

<Tabs groupId="methods">
<TabItem value="inkay" label="Inkay (homebrew)">
| | Inkay build | Inkay patching | Proxy settings |
| ------------------------------- | ------------------------------------------------------------ | -------------- | ------------------------------------------ |
| **Self-hosted Pretendo server** | Custom (run `./scripts/compile-custom-inkay.sh`) | Enabled | Enabled, set to the server IP, port `8080` |
| **Official Pretendo server** | Unmodified (run `./scripts/compile-custom-inkay.sh --reset`) | Enabled | Disabled |
| **Nintendo server** | N/A | Disabled | Disabled |
</TabItem>

<TabItem value="sssl" label="SSSL (hackless)">
| | Primary DNS server |
| ------------------------------- | ----------------------------------------------------------------------------- |
| **Self-hosted Pretendo server** | Your server's IP address |
| **Official Pretendo server** | Pretendo's [SSSL DNS server](https://pretendo.network/docs/install/wiiu#sssl) |
| **Nintendo server** | (Set to Auto-obtian) |
</TabItem>
</Tabs>

0 comments on commit bdf4d5f

Please sign in to comment.