_This is not a guide. It's just the frustration I went through. I may write an actual guide later._
Edit: [I did write it!](https://blog.northwestw.in/p/2024/12/28/splatnet-3-token-mitmproxy-guide)
The Nintendo Switch Online (NSO) app got an update a few weeks back, and it broke a lot of stuff, especially things for Splatoon 3. I think most people are unaware of this, so let me give you a very brief explanation of what happened.
On November 24th, 2024, the NSO app received an update to v2.12.0. This update introduced a more secure way to authenticate users. On the other side, there are programs that are abusing the old authentication system, but now that method doesn't work anymore. As a result, these programs with auto-authentication had a breakdown, and they still haven't recovered, although I'm pretty sure there are a bunch of people working to crack it right now.
One of these programs is the [stat.ink](https://stat.ink) uploader: [s3s](https://github.com/frozenpandaman/s3s). For those who are not aware, stat.ink is a website for tracking player battles in Splatoon 3. It is also the backbone of my [Brella Counter](https://brella.northwestw.in), so the fact that it's broken is also bad news for me.
While automated token generation is broken, users can still grab the token on their own by running the NSO app through MITMProxy. MITMProxy stands for "man-in-the-middle proxy". Man-in-the-middle is a technique to spy on network traffic made by Internet users. You've probably heard of "man-in-the-middle attacks". Attackers trick users to route network traffic through them, and steal their information from the traffic.
For a while, I already knew about MITMProxy. After installation and running it on my desktop, I immediately tried to set my mobile phone's proxy to my PC. It said "no Internet connection". I did some research on that, and it turns out you have to install a CA certificate to the system. Then I found the official [System CA installation guide](https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/) from MITMProxy. It uses an emulator the comes with Android Studio. Worth a shot.
To summarize, there are 2 ways to install the certificate into the system. First, you can use "Magisk", a way to root your device and install a module from MITMProxy. The other way is to directly push it in with "adb", an Android debugging program.
I first tried the Magisk method. The guide told me to use [MagiskOnEmulator](https://github.com/shakalaca/MagiskOnEmulator), which didn't work. I went on to search for why and fast-forward a few hours, it turns out the README of that repository has been wrong for a while and the owner didn't accept any pull requests for README improvement. So I ended up finding someone's rewritten guide [as an issue of the repository](https://github.com/shakalaca/MagiskOnEmulator/issues/71), and that worked out quite well.
I tested the certificate with the proxy and it seemed to be working. Then I installed the NSO app from Play Store, and when I tried to log in, error code 2817-0583. I tried again because of my programmer instinct, still the same. I looked it up. Turns out it has something to do with the NSO app knowing that your phone is rooted.
Bruh.
I proceeded to spend a few days trying to look for ways to solve it. I found an article about hiding Magisk and stuff from banking app. It didn't work. I was very frustrated so I took a day break and went to draw stuff.
In the meantime, there is [an issue/thread going on at the s3s repository](https://github.com/frozenpandaman/s3s/issues/198). People had been discussing using MITMProxy to obtain the token, and some users ran into the same problems as me.
The next day, I took a look at the thread. Some people have successfully obtained their own token. So I tried to do it with the adb method. Using this method, I didn't have to root the device. However, in order to use this method, I have to run the command `adb root` and this command doesn't work for production builds of the emulator. Production builds just mean the system images that has Google Play Store installed. I had to search the web for the NSO app APK and you already know all those shady APK download websites have them. Anyway, I tried doing the adb method with a Google APIs system image. It worked until I actually tested the network. Chrome says the certificate is not secure. I tried NSO app anyway. Error code 2817-0583 again. Then I tried the same with different versions. Same error. THEN I tried swapping the procedure, where I log into the NSO app first, before I install the certificate. This time, I managed to log in, but SplatNet 3 for some reason kept saying there's an error.
At this point, I was very frustrated, and I wanted to give up. So I quit trying it in disappointment. Meanwhile, the s3s thread is still brewing...
Until TODAY! I checked back on the thread. Someone had figured it out AND wrote a guide describing precisely what you need to achieve this. Thank you very much for documenting your findings, although there's is a pretty slim chance you will ever read this blog post. To be precise, it was [this comment](https://github.com/frozenpandaman/s3s/issues/198#issuecomment-2561475617).
By reading it, I have summarized what have gone wrong for me: |Android version has to be recent.| I have only been using API versions ≤ 30, but it works for version 33. Combining a newer version with the adb method. It worked. FIRST TRY. I'm so happy right now cuz I get to upload all my battles again and keep the Brella counter working!