Disable SSL Verification on the 3DS
This post is part of the series Reverse Engineering Pokemon Mystery Gifts.
If you wish to intercept packets and hack around with 3DS networking you may need to disable SSL verification so that you can snoop inside SSL requests and responses. SciresM on GitHub had thankfully already figured out which bytes to patch in order to do this system wide.
However, a lot of the instructions attached are a bit out of date for the state of Homebrew in 2023. Luma has changed a bit since this patch was written and now allows for patching of system titles without rebuilding Luma!
- Download or acquire the SSL system‑module (0004013000002F02) and extract its contents to get its
code.bin
. See Downloading 3DS System Modules and Extracting Their Contents for more in depth details. - Clone SciresM’s repo.
- Build armips and place it in the repo directory.
- Place extracted
code.bin
in the repo directory. - Build patched binary by running
make
. - Take the newly generated
code_patched.bin
and place it on your SD card atluma/titles/0004013000002F02/code.bin
- Within Luma settings (accessed by turning on 3DS with Select pressed) enable both “Enable loading external FIRMs and modules” and “Enable game patching”
And that’s it! If all worked correctly your 3DS is now not validating any SSL certs and you can proceed to MITM.