Hacking DNS to block the updates of the switch!

zero80472

Active Member
Newcomer
Joined
Mar 14, 2009
Messages
43
Trophies
1
Website
www.scotscraftmc.com
XP
222
Country
i have blocked using the DNS methoid but my zelda wont start (i dont want to update to latest version ) due to the fact that i need arrows any ideas

(could it because of my safe files ? ) i was on the update but i uninstalled it (delete the software delete's the patch i think)
 

DocAmes1980

Well-Known Member
Member
Joined
Oct 31, 2016
Messages
873
Trophies
0
Age
43
XP
975
Country
United States
Just opened Eshop and i'm getting a system update prompt even with fiddler, whats the new address's to block?

I'm not getting the nag. I'm blocking:

Code:
sun.hac.lp1.d4c.nintendo.net
beach.hac.lp1.eshop.nintendo.net

I'm not using Fiddler though. I'm blocking them by using a DNS emulator.
 

OfficialFBomb

Well-Known Member
Member
Joined
Aug 24, 2015
Messages
598
Trophies
0
Age
32
XP
591
Country
United States
So for all you that don't know how to use ping and want an equally easy non destructive way of testing to see if your router is blocking the update server you can just enter this url into any browser behind your router:

https://sun.hac.lp1.d4c.nintendo.net/

If it is being blocked you will get this:

404.png



If it is NOT being blocked you will get this:

image.png



If you get this it means you are accessing the http page, the Switch uses https. Some routers do not block https.

blocked.png


--------------------- MERGED ---------------------------



Have you tried updating your router's firmware?
Unfortunately it seems your router does not support blocking https sites. New firmware might change this.

Capture.png


You can try entering sun.hac.lp1.d4c.nintendo.net into the KEYWORD filter, but it may not work.


You can use:

Fiddler proxy - http://www.telerik.com/fiddler
SimpleDNS - http://simpledns.com/
MaraDNS - http://maradns.samiam.org/

These need to be run on a computer anytime you want internet access for the switch. (This is the method I use, way more advanced control than my routers.)


Also, your router is the one with the cable modem built in. It doesn't support custom firmware such as Tomato or DD-WRT which have more advanced options than the consumer version of Asus-WRT.

You can also bridge your router to basically turn it into just a modem, then buy a more advanced router.

The problem with just blocking an IP address is that it can change at any time.

Remember me, lol my router does keyword blocking, I was updating the key word list when I noticed this post ^ I took two screen shots just to make sure this was right..
 

Attachments

  • Screenshot_20170418-005749.png
    Screenshot_20170418-005749.png
    17 KB · Views: 301
  • Screenshot_20170418-005548.png
    Screenshot_20170418-005548.png
    11.7 KB · Views: 231

Mr. Wizard

Ending the spread of bullshit one thread at a time
Member
Joined
Mar 20, 2015
Messages
1,814
Trophies
0
Location
E8 lattice
XP
1,532
Country
Canada
Remember me, lol my router does keyword blocking, I was updating the key word list when I noticed this post ^ I took two screen shots just to make sure this was right..
It's not being blocked on either test.

What you are looking for is the ERR_EMPTY_RESPONSE which mean the packet has been dropped (blocked). ERR_CONNECTION_RESET means you connected to something but it could not handshake and didn't understand you so it reset the connection. This happened because by using http (unsecured) and pointing to port :443 (secured), your browser was still able to connect but it was talking gibberish to the server so the connection was reset. You entered an invalid address, you either need to omit the :443 or add HTTPS. The only one you should really be concerned with is the HTTPS because the switch uses encryption.

If entering https://sun.hac.lp1.d4c.nintendo.net gets you ERR_EMPTY_RESPONSE your router is fully blocking.

The problem is most routers don't seem to be able to block HTTPS, only HTTP. Then again some routers say the don't block HTTPS yet they do.

You just have to test it and in your case your router doesn't seem to be blocking HTTPS or you have entered the wrong information in the site block settings.
 
Last edited by Mr. Wizard,

naddel81

Well-Known Member
Member
Joined
Dec 14, 2009
Messages
2,548
Trophies
1
XP
3,772
Country
United States
why not use "
TitleDNS "The Netherlands" (81.4.127.20) :
ok_button.png
(20 ms) Website Charge (Apache2) :
ok_button.png

TitleDNS "Los Angeles" (168.235.92.108) :
ok_button.png
(202 ms)"

?
 

Dimensional

Well-Known Member
Member
Joined
Dec 7, 2008
Messages
1,008
Trophies
1
Age
34
Location
Texas
XP
2,756
Country
United States
I'm using a router with TomatoUSB, and the only way I know of blocking connections is through the Access Restriction function in the firmware. However, blocking all TCP/UDP connections on port 443 to sun and beach blocks eShop. I've also disabled Auto-Update Software in my Switch settings, under System at the bottom. Right now, I'm unsure if I got it working right, but I've edited my firmware's settings to block all TCP/UDP connections attempts on port 443 that use the Layer 7 DNS connections.

Edit: My attempt to block it using this configuration failed. I'm attempting other methods.

Edit 2: It took me a while, but I managed to configure my router to both block the two domains, redirecting to 0.0.0.0, but also configured the firewall to also redirect the servers IPs to 0.0.0.0. So far I haven't seen any update nags, and I'm connected to eShop.
 
Last edited by Dimensional,

DocAmes1980

Well-Known Member
Member
Joined
Oct 31, 2016
Messages
873
Trophies
0
Age
43
XP
975
Country
United States
oh, I thought they would block ninty servers. therefore they work flawlessly on 3DS, too.

They should be updated to block Switch updates. Maybe they will. It's still better to block updates via your own means. Public DNSes will eventually go down.
 

naddel81

Well-Known Member
Member
Joined
Dec 14, 2009
Messages
2,548
Trophies
1
XP
3,772
Country
United States
They should be updated to block Switch updates. Maybe they will. It's still better to block updates via your own means. Public DNSes will eventually go down.

once you leave wifi on and accidentally connect to a free wifi you are out of luck anyway. the switch will grab an update in no time.
 

Mr. Wizard

Ending the spread of bullshit one thread at a time
Member
Joined
Mar 20, 2015
Messages
1,814
Trophies
0
Location
E8 lattice
XP
1,532
Country
Canada
once you leave wifi on and accidentally connect to a free wifi you are out of luck anyway. the switch will grab an update in no time.
Actually no it won't, not on 2.0 anyway. It will inform you of an update but you still have to tell it to update. Rebooting clears the nag.
 
  • Like
Reactions: naddel81

OfficialFBomb

Well-Known Member
Member
Joined
Aug 24, 2015
Messages
598
Trophies
0
Age
32
XP
591
Country
United States
Well trying on my pc to ping https://sun.hac.lp1.d4c.nintendo.net/ i get a privacy error first, i have to tell it to connect to the site and then i get access denied cc problem, so it seems im going to have tot just turn off wifi permanently until i buy a new router

Also this is what i have in my keyword blocker
autm.hac.lp1.d4c.nintendo.net
sun. .net
beach. .eshop .net
superfly. .net
With of course all the filled in text like the first one
 
Last edited by OfficialFBomb,

Mr. Wizard

Ending the spread of bullshit one thread at a time
Member
Joined
Mar 20, 2015
Messages
1,814
Trophies
0
Location
E8 lattice
XP
1,532
Country
Canada
Well trying on my pc to ping https://sun.hac.lp1.d4c.nintendo.net/ i get a privacy error first, i have to tell it to connect to the site and then i get access denied cc problem, so it seems im going to have tot just turn off wifi permanently until i buy a new router

Also this is what i have in my keyword blocker
autm.hac.lp1.d4c.nintendo.net
sun. .net
beach. .eshop .net
superfly. .net
With of course all the filled in text like the first one
You cannot ping https://sun.hac.lp1.d4c.nintendo.net. You can ping sun.hac.lp1.d4c.nintendo.net but that will only tell you if your router is blocking the name for http traffic which it should be capable of. I made the suggestion of using ping before I realized people were having problems with blocking https.

The correct way to test would be to enter https://sun.hac.lp1.d4c.nintendo.net in your browser and see if the packet gets dropped or by using the switch itself since updates are not forced by any means yet, I do not like to recommend using the switch though since some people will blame me for their own stupid actions of selecting "Update Now".

I digress, your autm.hac.lp1.d4c.nintendo.net address is spelled wrong so I'm curious if others are as well. It would be more useful to actually state the full addresses you are using, by copying and pasting from the router interface.
 

OfficialFBomb

Well-Known Member
Member
Joined
Aug 24, 2015
Messages
598
Trophies
0
Age
32
XP
591
Country
United States
I misspelled typing here, in the router it's atum. I was trying to copy paste but the router won't let me copy (weird right)

atum.hac.lp1.d4c.nintendo.net
sun.hac.lp1.d4c.nintendo.net
beach.hac.lp1.eshop.nintendo.net
superfly.hac.lp1.d4c.nintendo.net

Also when entering https://sun.hac.lp1.d4c.nintendo.net into a new chrome tab results in Access Denied CC Problem
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.