Hacking DNS to block the updates of the switch!

fokouethan · Mar 28, 2017

Hello, here is the dns to block the updates of the switch. Sorry if I said ca too late because the firmware 2.1.0 is out. Well ... Here's the dns: 205.166.76.187 primary and secondary.

Edit from Cyan (again)
another DNS here:
https://reswitched.tech/info/faq

Edit from Cyan :
check post#9 to get a list of URLs and their purpose !

Risingdawn · Mar 28, 2017

fokouethan said:
Hello, here is the dns to block the updates of the switch. Sorry if I said ca too late because the firmware 2.1.0 is out. Well ... Here's the dns: 205.166.76.187 primary and secondary.

Why have the same primary and secondary dns?

fokouethan · Mar 28, 2017

Risingdawn said:
Why have the same primary and secondary dns?

I was given this as. Do not worry, he walks.

Cyan · Mar 28, 2017

the secondary DNS address is used in case the first one can't be reached. I guess some device even alternate it? but I'm not sure.
you can use 0.0.0.0 instead if you want to block internet completely if the first DNS fails.
edit: 0.0.0.0 is not accepted by the switch...

Sonic Angel Knight · Mar 28, 2017

I'm not entirely educated how this works or what DNS does besides inserting a number like IP address, so i mean i guess i dunno what to do with this info.

gnmmarechal · Mar 28, 2017

Sonic Angel Knight said:
I'm not entirely educated how this works or what DNS does besides inserting a number like IP address, so i mean i guess i dunno what to do with this info.

https://www.lifewire.com/what-is-a-dns-server-817513
https://www.howtogeek.com/122845/htg-explains-what-is-dns/

Cyan · Mar 28, 2017

for people who don't like reading too much text and technical data :
(well, I wrote too much too, sorry

)

all connected devices on internet have an IP address, but it would be too hard to remember them all when you want to connect to a server.
So, you use URLs instead.
DNS server provides servers IP based on server's URL.

example, you type : "nintendo.com", your browser ask the DNS server "what is the IP of nintendo.com?" and he gets "nintendo.com IP is 199.227.51.26"
then your browser can connect to server's IP http://199.227.51.26 and display it's content to you, without you knowing it did something in the background.

What happens when you use a DNS to block nintendo's updates on your console?
when the console checks if there's a new update it uses nintendo's URL (instead of fixed IP hardcoded in the firmware, in case they change their server's IP), the DNS server reply a different IP than the real one for all Nintendo's update server's URL.

"please give me nintendo's update server" .... nah, you'll get a bad IP instead so you can't connect !
usually it replies "127.0.0.1" which is a loopback IP (the device itself, it's like "connect to yourself!")
sometime, it's giving a different IP, like how tubehax DNS sent youtube request to another website with a homebrew app.

Your ISP could use the same trick to restrict internet usage, blocking torrents, p2p, etc., using a different DNS unlock these websites.

Garou · Mar 29, 2017

Can anyone just provide the url list to be blocked? Or is it the same with Wii U?
My ISP doesn't allow changing DNS so I have to block it manually on my router

Mr. Wizard · Mar 29, 2017

Garou said:
Can anyone just provide the url list to be blocked? Or is it the same with Wii U?
My ISP doesn't allow changing DNS so I have to block it manually on my router

Cyan · Mar 29, 2017

oh, they are still using tagaya's name?
that's probably the one which has a list of latest version of every titles and determines if you need to update or not.

anyone sniffed that address to get the full URL and filename that the console is downloading?
that would be interesting to see how the internal titles are managed. Wii, 3DS and WiiU uses TitleID High/low

URL on wiiu :
tagaya.wup.shop.nintendo.net/tagaya/versionlist/<REGION3>/<LANG2>/latest_version
tagaya.wup.shop.nintendo.net/tagaya/versionlist/<REGION3>/<LANG2>/list/<version>.versionlist

fwrudiger · Mar 29, 2017

I done this on y one and its blocked the update. Online was working before the new update came out too but not now.

Garou · Mar 29, 2017

Mr. Wizard said:
If you want to block everything then here:

http://aqua.hac.lp1.d4c.nintendo.net:443
http://sun.hac.lp1.d4c.nintendo.net:443
http://receive-lp1.dg.srv.nintendo.net:443
http://bcat-data-lp1.cdn.nintendo.net:443
http://bcat-list-lp1.cdn.nintendo.net:443
http://tagaya.hac.lp1.eshop.nintendo.net:443
http://dauth-lp1.ndas.srv.nintendo.net:443

If you want to just block the nag screen and update server use this one:

http://sun.hac.lp1.d4c.nintendo.net:443

Disclaimer: URLs are subject to change, I will not be held responsible if nintendo suddenly starts using, for eg. deathstar.hac.lp1.d4c.nintendo.net for updates. Also some of those addresses seem region specific cdn.nintendo.net. Your mileage may vary.

nice, thanks
will try adding these to my router later on the weekend and report back

Mr. Wizard · Mar 29, 2017

fwrudiger said:
I done this on y one and its blocked the update. Online was working before the new update came out too but not now.

Ya but you have no access to eshop now...

Only blocking http://sun.hac.lp1.d4c.nintendo.net:443 stops the update and update nag but doesn't break anything else. At least, it does for me.

Cyan · Mar 29, 2017

blocking tagaya (at least on WiiU) is enough to prevent the console from wanting to update, as it doesn't know there's a new version available. (as long as you blocked it before the update release)
it's also preventing games from knowing that a new update is available (I played Xenoblade X online without issue on an old version, while an update was on eShop, but the game never knew that, and never asked me to update)
the console is making a list of latest version of everything, if it can't get that list it acts as if it was up to date.

I don't know how the switch is working, I don't have one yet.

OfficialFBomb · Mar 29, 2017

Wouldnt you just set this dns in the switch not the router to block the update?

Mr. Wizard · Mar 30, 2017

OfficialFBomb said:
Wouldnt you just set this dns in the switch not the router to block the update?

Depends on your setup. If you want to use the Dev DNS then yea you should probably only change it on the Switch. That will block everything.

In my case, I use a proxy on my lan that filters the DNS so I can just set a single address for redirection. That only blocks the update server, not eshop, etc.

If your router has a URL blocker you can also set it there. Mine has this option but I find I have a lot more control using a proxy.

If you have an actual DNS server running on your lan you can also block it with that.

I guess my point is there are many ways you can do it.

DocAmes1980 · Mar 30, 2017

Cyan said:
blocking tagaya (at least on WiiU) is enough to prevent the console from wanting to update, as it doesn't know there's a new version available. (as long as you blocked it before the update release)
it's also preventing games from knowing that a new update is available (I played Xenoblade X online without issue on an old version, while an update was on eShop, but the game never knew that, and never asked me to update)
the console is making a list of latest version of everything, if it can't get that list it acts as if it was up to date.

I don't know how the switch is working, I don't have one yet.

I'm not sure that's how it works on the Switch. I've been using a DNS emulator to resolve "sun.hac.lp1.d4c.nintendo.net" to NXDOMAIN for about a week now. I've also been blocking "receive-lp1.dg.srv.nintendo.net" and "receive-lp1.er.srv.nintendo.net" as they appear to be for telemetry and error reporting respectively. I'm not blocking "tagaya.hac.lp1.eshop.nintendo.net". Manually checking for updates fails as well as automatic updates. I'm still on 2.0.0 and have seen no nag screen. Also, game updates work as expected. There is a curiosity though. I didn't pay close attention to traffic before the 2.1.0 update went live but I noticed the Switch checked for updates (attempted to connect to sun.hac.lp1.d4c.nintendo.net) somewhat infrequently. A day after the 2.1.0 update came out I checked traffic and noticed it was attempting to contact "sun.hac.lp1.d4c.nintendo.net" every minute. I wonder if after it fails to contact the update server after X number of days it starts to check every minute. If the Switch was aware of a newer version I'd think I would be presented with the nag screen.

OfficialFBomb · Mar 30, 2017

Mr. Wizard said:
Depends on your setup. If you want to use the Dev DNS then yea you should probably only change it on the Switch. That will block everything.

In my case, I use a proxy on my lan that filters the DNS so I can just set a single address for redirection. That only blocks the update server, not eshop, etc.

If your router has a URL blocker you can also set it there. Mine has this option but I find I have a lot more control using a proxy.

If you have an actual DNS server running on your lan you can also block it with that.

I guess my point is there are many ways you can do it.

Mine does do site blocking but the address with the http does not work for me at least, idk why.. So I set this dns in the switch.. And don't mind the block, I haven't used e shop and won't for quite a while.. Until I can figure out how to just block sys updates with my router

DocAmes1980 · Mar 30, 2017

OfficialFBomb said:
Mine does do site blocking but the address with the http does not work for me at least, idk why.. So I set this dns in the switch.. And don't mind the block, I haven't used e shop and won't for quite a while.. Until I can figure out how to just block sys updates with my router

I also have a router that has URL blocking, but doesn't work for blocking Wii U/Switch updates. In my case my router can't block HTTPS sites. You might have the same issue. Nintendo's servers use port 443 (HTTPS).

Try blocking an HTTPS site like "https://www.facebook.com". Also block an HTTP site like "http://www.speedtest.net". See if the router blocks both of them.

Mr. Wizard · Mar 30, 2017

OfficialFBomb said:
Mine does do site blocking but the address with the http does not work for me at least, idk why.. So I set this dns in the switch.. And don't mind the block, I haven't used e shop and won't for quite a while.. Until I can figure out how to just block sys updates with my router

Site blocking usually only accepts wildcards not the actual url.

Here is a blurb from TomatoUSB that explains it better than I can.

The blocklist uses regex sub-string matching to decide which sites to block as follows:

Regular words on their own are blocked if they occur anywhere in the site URL, so for example, having the word facebook in there will block sites such as: http://facebook.com, http://www.facebook.com, http://facebook.com.au, anything.facebook.anything-else
Words with a dollar sign at the end of them will block domains ending with what you’ve specified, that is, putting: .com$ would block ALL sites ending with .com, so putting slashdot.org$ would block slashdot.org, linux.slashdot.org, games.slashdot.org, hardware.slashdot.org etc. etc.
Words starting with a caret (^) block all domains starting with what you’ve specied, that is, putting: ^chat will block sites like http://chatworld.com, http://chat.parachat.com but not http://www.chatworld.com or http://www.parachat.com
Words starting with a caret and ending with a dollar sign blocks that exact address, i.e. ^www.r3dux.org$ would block http://www.r3dux.org, but not http://r3dux.org or http://www.r3dux.org?p=1407 (i.e.this page)

Hacking DNS to block the updates of the switch!

New Member

Tempallica

New Member

GBATemp's lurking knight

Well-Known Member

Well-Known Member

GBATemp's lurking knight

Well-Known Member

Ending the spread of bullshit one thread at a time

GBATemp's lurking knight

Member

Well-Known Member

Ending the spread of bullshit one thread at a time

GBATemp's lurking knight

Well-Known Member

Ending the spread of bullshit one thread at a time

Well-Known Member

Well-Known Member

Well-Known Member

Ending the spread of bullshit one thread at a time

Similar threads

Popular threads in this forum