Tutorial Blocking WiiU Update Domains With OpenDNS

[AboodXD]

until now, everybody was safe with just these 5 urls, so it should be enough.
checking the accessed urls (with a proxy or packet sniffer) could help.

Just if I can reverse the update...

 

[YugamiSekai]

How do I get in standby mode?

 

[Cyan]

First, you need to be in 5.3.2.
The standby mode in in the preferences, power settings
- auto shutdown
- standby
- if standby is enabled : quick boot

 

[BullyWiiPlaza]

Which domains do I need to block for just updates of the system, eShop, spotpass but not playing online? It seems like it blocks online access too which is stupid. I'm by the way using a router url blacklist method.

 

[Cyan]

Which domains do I need to block for just updates of the system, eShop, spotpass but not playing online?
It seems like it blocks online access too which is stupid. I'm by the way using a router url blacklist method.

The filter responsible for blocking all access is : nus.wup.shop.nintendo.net
It's the first "ping" to check if eshop is available.

ATTENTION:
Before using the console with different filters, be sure no updates are downloaded (check your logs, or sniff packets).

I don't have online games, but I guess instead of blocking the first ping, you can block updates themselves :
tagaya.wup.shop.nintendo.net; // check for available updates
nus.cdn.c.shop.nintendowifi.net; // download updates
nus.cdn.shop.wii.com; // download updates
nus.cdn.wup.shop.nintendo.net; // download updates

I don't know if tagaya is used for other purpose than checking new updates.


There are a lot of subdomains for .wup.shop.nintendo.net:
Maybe blocking these ones could be safe too, I don't know if it blocks online play. try to block them and enable one by one if needed. never allow ecs.

nus.wup.shop.nintendo.net; // ping access to see if eshop and network is available
ninja.wup.shop.nintendo.net; // if blocked, it will close eshop loading at the jackpot mini-game screen.
tagaya.wup.shop.nintendo.net; // check/load available updates list (can be triggered in the download center->check update)
ecs.wup.shop.nintendo.net; // check download environment (can be triggered in the download center->check downloads)
ias.wup.shop.nintendo.net;
ccs.wup.shop.nintendo.net;




You should be sure your router is blocking the GET and POST requests too; not only the CONNECT.
If it doesn't block GET, then you might end with update files downloaded.
If it blocks them (returns a real 403 error) then it's fine. If it redirects to a fake webpage content "this page is filtered, blabla" then the console will download these fake page instead of the expected files from NUS.
The console will then attempt at installing them, fails, reboot and delete them. (I did it 4 times without brick nor updating when I was still on 4.1.0)



Anyway, to play online, doesn't it require you to be on latest system version?
you should choose, hack or online, not both.

 

[BullyWiiPlaza]

@Cyan
Unfortunately I'm already on the latest version. Just trying to make sure my setup will work properly next time. At least the filter works now since all connections to the Internet on the Wii U now fail. I will do some experimenting to get rid of unneeded side effect like blocking Nintendo network online play or if that won't succeed I will keep it like that. The weird thing is that I could play online with 5.3.2 even though 5.4.0 was out already for days.

My router has an option to allow HTTPS requests but I have it disabled. It doesn't say anything about POST and GET requests, just an url blacklist.

 

[Cyan]

if you are already on 5.4, you should take that occasion to check all the URLs with a proxy.

then boot the console, see what URLs are accessed.
Launch a game and see which one are accessed, etc.
report the accessed URLs when launching a game (there will be one to check if you have online, one to check if there's a new update, one to check if there are game updates).

As long as nintendo doesn't release a new update, you are fine without filters.
Look on wiimpersonator to check if there's a new release (will probably not happen before another 6 months)


edit:
someone know what is "pushmore" ?
pushmore.wup.shop.nintendo.net/pushmore/r/{sha1here?}
it's a small file downloaded when booting the console.

 

[BullyWiiPlaza]

@Cyan
I get that you can use Wireshark to capture network traffic but it doesn't seem to pick up anything interesting from the Wii U. I'm using promiscuous mode and capture on all interfaces.

Spoiler

What's the trick? Do I need to connect to the Wii U to the internet via my PC as a proxy or can it stay connected to the router directly? There's also an option about remote interfaces in Wireshark. Does that help?

Spoiler

I can get the Wii U's local IP address using Advanced IP Scanner or something but I don't know the port then.

 

[Cyan]

I'm not sure if promiscuous works on windows.
You can use your PC as proxy with internet sharing connection (ICS) if you have an internal Wifi on your computer working as AP. use your computer's IP as gateway and analyze the wifi card's data.

But, using a proxy without sniffing packets is enough.
just follow the CCproxy tutorial, it will log the URLs.

 

[BullyWiiPlaza]

Just follow the CCproxy tutorial, it will log the URLs.

The images in this tutorial are slightly outdated. The CCProxy graphical interface has changed since then. If you're so kind to update the images it would be great though I don't need it to follow it, lol.

 

[Cyan]

common, that's not that hard, The menus are still the same and at the same place.
"option" is still "option"
"account" is still "account"
etc.
they changed only the design, not the interface.

the only place which is different is the settings > advanced > network (they split a tab in two). click on the tabs, and read the available option. all the program is self explanatory, tutorial shouldn't even be needed.
You create an account, based on IP (or mac), you set filter list. that's all.

Only one thing I didn't explain, is to open the log : double click on the main graphic window.
you can see if a URL is filtered, it displays the filter name and the reason.

 

[OuahOuah]

Might be strange but I'm with 5.4.0 and with the Open DNS trick, I can't connect anymore to multiplayer from AC3...

 

[Cyan]

you blocked the 6 urls?

nus.cdn.c.shop.nintendowifi.net
nus.cdn.shop.wii.com
nus.cdn.wup.shop.nintendo.net
nus.wup.shop.nintendo.net
nus.c.shop.nintendowifi.net
c.shop.nintendowifi.net <-- try removing this one, it's not "Nintendo Update Server"

maybe the game tries to connect to c.shop to check if there is any game update for multiplayer?
or it's trying to access one of the other filtered urls. if you use a proxy you could check which URLs are requested.

 

[OuahOuah]

Will check the blocked URL...
I'm not using a proxy just the OpenDNS settings on the Wii U.

 

[Cyan]

yes, I mean you could see the requested url by using one.
not necessarily by following CCProxy guide, but any proxy or packet sniffer program. using your PC as proxy is easier if your console is connected directly to the router instead of trying to sniff packets in promiscuous mode (which works only on linux).

well, that's only if you want to verify the URL in case removing c.shop.nintendowifi.net is not enough.

 

[OuahOuah]

Here are the URL I'm currently blocking on OpenDNS website :

nus.c.shop.nintendowifi.net
nus.cdn.c.shop.nintendowifi.net
nus.cdn.shop.wii.com
nus.cdn.wup.shop.nintendo.net
nus.wup.shop.nintendo.net

Anyway, was a false report : AC3 multi launched successfully now.
Maybe a bug.

AC games are always buggy, even their multiplayer servers

Thx for your help, GBATemp god

 

[neilymax]

hey guys, I have been using opendns to block updates for a while and has been working fine. However what I am currently using has stopped working and I have just been updated to 5.5.0 :-(. Here's my settings:

Always block:
c.shop.nintendowifi.net
nus.c.shop.nintendowifi.net
nus.cdn.c.shop.nintendowifi.net
nus.cdn.shop.wii.com
nus.cdn.wup.shop.nintendo.net
nus.wup.shop.nintendo.net

I can now go to the E shop with the above. Have Nintendo possibly added a new domain for updates? Thanks

 

[OuahOuah]

I use this config and still with 5.4.0

 

[neilymax]

I use this config and still with 5.4.0 [/QUOT

--------------------- MERGED ---------------------------

Figured it out. Lost power to my modem/router the other day and gave me a new IP when it powered up so wasn't going through opendns any more. Strange that Wii u was still able to route through to internet with DNS entries....bummer :-(

 

[OuahOuah]

Also have a dynamic IP, so I use a free soft to update my opendns account with my current IP !