Hello from Germany,

Because I don't want that this post gets lost in a thread I put it in it's own thread!

I'm fairly new to the whole switch scene (just since three weeks), and because it is very interesting I started to read many things!

I downloaded a complete "finished" pack and hacked my switch with it, but I also started to "deconstruct" that pack to find out how anything works!

I investigated many time into dns, bans and security to help others and myself to avoid getting banned!

I really don't like 90dns!
The idea is good, don't get me wrong, but I don't like to waste the DNS settings for a service that isn't on my device!
And the next thing is: how secure is it if you change networks or the 90dns service is down?

Atmosphere brings anything we need, to protect our switch (locally) no matter whitch network!

I started to look into the settings of atmosphere and many other files, and now I would really appreciate it if you could take a look into all the files I put together and give me feedback please!
Tell me if it's good, if it's bad and, most importantly, if I missed something to make it better!

I think it would help many others to protect their device from being banned (I really hope it), and I also hope we can work together to make it even better! (FEEDBACK!!!)

OK! What is it doing?

1. Activated many things in system_settings.ini (atmosphere/config/)

2. Exosphere.ini (sd root)

3. override_settings.ini (atmosphere/config/ (set to R-Button))
(I just brought it back because on a new release it has to be set again)

4. "good" hosts file (atmosphere/hosts/ (default.txt and emummc.txt (both contain the same))

Hosts is what I would call "extreme" blocking thanks to the possible usage of "*" !
Example:

127.0.0.1 switch.*
127.0.0.1 switch*.*
127.0.0.1 *switch.*
127.0.0.1 *switch*.*

Same with nintendo! (but take a look yourself)

Made a exception for the HB-AppStore because the url is switchbru(dot) com and is BLOCKED because of the setup I made (see the example above) !
Now the appstore can be opened and used!

BLOCKED also some game servers for online gaming (just in case)

BLOCKED Google tracking and analytics

BLOCKED many YouTube ads servers! (if you use the patched YouTube app in CFW (emuMMC)
"This is still under testing and development)

As I said I'm not a fan of 90dns and now (with dns_mitm) I was able to set both DNS to cloudflare (1.1.1.1 and 1.0.0.1) because I am also no fan of fu... Google!
(what files are all related to 90dns? Would like to get completly rid of it? 90dns tester is deleted in switch folder, but it's there more?)

Well! That's it!

If you want to use it just copy all files out of the zip into the root of your SD and overwrite everything!
Do a reboot and it's set!
If you want to see if it's working just go to sd:/atmosphere/logs/ and open the log file in there!
(you can do that with many explorers from appstore in HBL)

If you want to help! You are welcome!

 

[The Real Jdbye]

Well you can setup exosphere so that even in sysNAND CFW the serial is blanked.

blank_prodinfo_sysmmc=1
blank_prodinfo_emummc=1

Now just make sure that in sysnand you dont install any nsps/xci etc and you're fine.
I usually use two different themes.

If you boot stock OFW you won't be in Atmosphere so it won't apply.
But I am not sure if blanking on sysNAND is a good idea because the blanked serial could be logged somewhere and be an indication to Nintendo that the console is hacked later on when the logs are uploaded the next time you go online in stock OFW.
Best to only boot stock OFW normally IMO that way you can't mess anything up.

 

[BeckysFootSlave]

That's the reason I set Prodinfo on sys to 0!

blank_prodinfo_sysmmc=0
blank_prodinfo_emummc=1

Because I read the same that it's not a good idea to blank it!

The "ads" part is still in progress and very hard because, like you said, it's changing!
The DNS service mentioned on first site (nextdns) is very nice!

If you block Google video completly you can't see videos, that's right!
But if you block specific ones with Google video it blocks ads!
But the list is getting very, very long!

 

[Deleted member 527055]

switch hacking sure is complicated

 

[fragged]

switch hacking sure is complicated

Yes, avoiding a ban when using an emummc along with a clean sysnand for online is a lot more work in the beginning to setup, but once you have the prodinfo blanking & dns-mitm setup that's the majority of what you have to do to keep it offline and safe.

I never had to think about these things with my single V1 Switch that I only used for CFW, but now with an OLED I took a good couple of days reading up on everything & making sure it was all setup correctly. But now I shouldn't have to worry about it anymore, I only have Hekate launch icons for emummc and stock OFW so I don't really see how anything could go wrong going forward.

 

[Zap2000]

can some explan if i get this zip file and overright my files it will keep me safer is dns-mitm setup in the zip?

as i just used the https://rentry.org/ExosphereDNSMITM#dns-mitm guide

also what is the 90 dns people use now i set mine years ago and havent been online if someone can point me to the best 90 dns to use also?

 

[HalfScoper]

can some explan if i get this zip file and overright my files it will keep me safer is dns-mitm setup in the zip?

as i just used the https://rentry.org/ExosphereDNSMITM#dns-mitm guide

also what is the 90 dns people use now i set mine years ago and havent been online if someone can point me to the best 90 dns to use also?

if you configured exosphere and dns_mitm blocking properly with that link, no need for that zip.

 

[Zap2000]

if you configured exosphere and dns_mitm blocking properly with that link, no need for that zip.

how do i test its working?

do people do just For EmuNAND: or both For SysNAND: also? if both is it two files in root?





should i add 90 dns for another layer?

 

[BeckysFootSlave]

You don't need 90dns anymore!
In my zip is exosphere and a emummc.txt (in hosts) that blocks more than needed!

If you want to test if (any) dns_mitm works, goto sd:/atmosphere/logs/ be look into the log file created there!
In that file you can see what is blocked (redirected)

 

[Kitocco]

this is some really dumb logic. I use nextdns on ALL my devices to block ads and other shit. I also use it on my switch for both sysnand and emunand. on sysnand its used to block tracking servers (both nintendo tracking servers and ingame tracking servers for online always game) , remove update nagging, as well as remove ads in the few apps that have them. on emunand its also used to block nintendo servers. unlike 90dns I also have full control over what it blocks. if you can't access the dns then you can't even access the internet at all so your complaints are asinine

Oh hey, this is my first time hearing about NextDNS, it sounds cool! I'd like to try it out for blocking servers in addition to DNS MITM/hosts file + exosphere so I can stop using 90DNS & stream my PC to my living room, since I haven't had the best of luck with Moonlight on Wii U (couldn't get it to start streaming).
Though if I may ask, do you block any sites/domains other than those in the Atmosphere hosts file listed in the ReEntry guide?

Also, any general recommendations for blocking in general, like for ads & tracking, that aren't done so by default? I think this would make good to use on mu Oculus Quest, now that I think of it...

 

[deathblade200]

Though if I may ask, do you block any sites/domains other than those in the Atmosphere hosts file listed in the ReEntry guide?

I use the same one on all my devices so yes. if you mean switch specific servers many games have telemetry I manually block which is for sysnand blocking of course. nextdns has filter lists you can add to block most ads and trackers

 

[HalfScoper]

how do i test its working?

do people do just For EmuNAND: or both For SysNAND: also? if both is it two files in root?





should i add 90 dns for another layer?

exosphere: blank serial number for console in settings (XAW0000000000000)
dns_mitm: there's a 90DNS test NRO which tests connections to servers that should be blocked. So in any case you should just make sure that you configured it correctly (according to the rentry guide you posted), because well as I said while testing you'd connect to those servers in some kind of form.

People usually just block stuff on emuNAND with the intention to use sysNAND as they did before: to play legit games and to be able to use Nintendo Online, so blocking on sysNAND would forfeit this reason and if you already install "game backups" or do something similar on sysNAND, there is no real point in blocking unless you restore a NAND backup (and even then it's not guaranteed to avoid a ban).

90DNS is essentially useless if you (as said numerous times now) configured both exosphere and dns_mitm properly (or use Incognito if you don't have a Mariko but an Erista).

You don't need 90dns anymore!
In my zip is exosphere and a emummc.txt (in hosts) that blocks more than needed!

If he already posted a proper guide with config you could please not force people into using your stuff, it honestly gets annoying, the guide covers everything he needs.

 

[BeckysFootSlave]

WTF?
I didn't force anyone!

 

[fragged]

WTF?
I didn't force anyone!

I think people are trying to get across that using features already built-in to Atmosphere & 90dns/DNS-mitm already out there and are working fine.
Most people, including me would rather set all this stuff up manually, mostly to learn how to do it & how it actually works rather than just drop a .zip onto their SD cards

 

[BeckysFootSlave]

I think people are trying to get across that using features already built-in to Atmosphere & 90dns/DNS-mitm already out there and are working fine.
Most people, including me would rather set all this stuff up manually, mostly to learn how to do it & how it actually works rather than just drop a .zip onto their SD cards

That is fine and good to hear!
That is what I did!

 

[Slluxx]

I really don't like 90dns!
The idea is good, don't get me wrong, but I don't like to waste the DNS settings for a service that isn't on my device!
And the next thing is: how secure is it if you change networks or the 90dns service is down?

90DNS has its host entries in a public repository for anyone to look at. you can set up your own dns and add these entries wherever and however you wish. For example you can integrate it into your pihole together with other analytic and ad blocking stuff in a matter of minutes.

If the 90DNS service is down, you wont get a connection to the internet at all. It is safe.
If you change your network, obviously you wont have the dns settings on that one. Its on you to not be stupid and just connect to any network, just like you shouldnt in reallife. If you really need to, you can always create a manual connection, enter SSID, password and dns settings and you are good to go. Its not hard.

The reason some of the AiO creators dont put the dns_mitm hostfile in their pack is because:

• Some users use cfw while staying legit. There is no reason to be afraid of a ban for just installing a theme for example. Those users wouldnt be able to play online anymore by default and always would have to remove the hostfile again to do so. (yes different configs for sys & emunand exists but this point is invalid (for example) for all people with an IPatched unit, see prodinfo section below).
• Most users have no idea that this exists or how it works. This is a major problem if nintendo adds or changes tracking urls via an update because now every single user that is relying on a host file needs to update theirs. Even if it was included in an AiO pack and they update theirs instantly, some users wont update the pack for a while. This is a major risk for anyone not familiar with how it works. 90DNS on the other hand is instantly applied to anyone using it. Why dont they teach people about updating it? Because reading how to prevent a ban using simple settings gets more attention than reading about what a hostfile is, how it works, how to update & where to look for it as well as to keeping that in mind every time you update your firmware.

In your zip file, you have this setting blank_prodinfo_emummc=1 , with which you would block online for all people that must use emunand. IPatched units with or under firmware 4.1 are stuck on that version and have to use emunand to be able to have their system hackable while playing on the latest version online. Also, you can have multiple emunands and you'd just block that feature on all of them.

And now the most important question: Since you made this pack, are you ready to make sure that it is supported for years to come? If you arent testing firmware updates for new and changed urls and thus keep your pack outdated, you become the reason people get banned. Of course you could also steal the work from 90dns because they are and will supporting it in the future, aswell as testing each and every FW release. But why would anyone use your hostfile then if you just steal what 90dns already does.

Im sorry but this seems to be the case of people not thinking hard enough about what damage and harm their "releases" can bring in the future, the amount of work it takes to support and maintain something and simply a case of "i want to be known in the scene".



PS:

Usually i am glad someone joins the scene and i am sure you had the best intentions. But this is not the way to go for a newcomer to make a name or help. If you really want to help then create a service, build a homebrew, write a tutorial or guide about something, chat with a developer about your homebrew idea or help people that have questions on gba temp. That is how you help to grow a community and make it a better place. And while doing so, you will make a name for yourself.

Weird username btw.

 

[fennectech]

this is some really dumb logic. I use nextdns on ALL my devices to block ads and other shit. I also use it on my switch for both sysnand and emunand. on sysnand its used to block tracking servers (both nintendo tracking servers and ingame tracking servers for online always game) , remove update nagging, as well as remove ads in the few apps that have them. on emunand its also used to block nintendo servers. unlike 90dns I also have full control over what it blocks. if you can't access the dns then you can't even access the internet at all so your complaints are asinine

if 90dns fails it fails closed dns resolution will fail and youll fail to connect to the internet

 

[YamiZee]

90dns is playing with fire, and always has been. Use exosphere with the proper hosts blocked, and maybe tinfoils incognito mode for extra protection.

 

[Chaosta]

90dns is playing with fire, and always has been. Use exosphere with the proper hosts blocked, and maybe tinfoils incognito mode for extra protection.

aside from 90dns's subpar potential reliablity. exosphere or incognito doesnt throttle your connection. unlike 90dns

 

[Slluxx]

aside from 90dns's subpar potential reliablity. exosphere or incognito doesnt throttle your connection. unlike 90dns

such bullshit. do you even know what a DNS does? it resolves a hostname (mydomain.com) to an ip adress (132.89.230.32).
After this tiny little request is done, 90dns doesnt do anything anymore. the traffic isnt flowing through them at all. one could argue that the initial lookup, which usually takes just a ms to complete, is slower than if you have this setting turned off but i think you are not aware that your ISP does the exact same thing. Also, they have US and EU servers to choose from, which means that even that tiny little name resolving request is done faster than you can even think.

TLDR; no, it does not throttle your connection - please dont repeat bullshit you have heard other dumb people say

PS: subpar potential reliability?
if 90dns fails for some reason (which it never did), you wont get a connection to the internet at all. there is no "subpar potential reliability" because even if the service fails, you are still protected.

Blawar (incognito creator) and their fanboys spread missinformation about 90dns to boost incognito, which btw is responsible for a huge amount of people fucking up their system forever because people using incognito lost their PRODINFO backups and effectively banned themselves forever with no return (unless they were smart and had a nandbackup).

 

[Chaosta]

such bullshit. do you even know what a DNS does? it resolves a hostname (mydomain.com) to an ip adress (132.89.230.32).
After this tiny little request is done, 90dns doesnt do anything anymore. the traffic isnt flowing through them at all. one could argue that the initial lookup, which usually takes just a ms to complete, is slower than if you have this setting turned off but i think you are not aware that your ISP does the exact same thing. Also, they have US and EU servers to choose from, which means that even that tiny little name resolving request is done faster than you can even think.

TLDR; no, it does not throttle your connection - please dont repeat bullshit you have heard other dumb people say

PS: subpar potential reliability?
if 90dns fails for some reason (which it never did), you wont get no connection to the internet at all. there is no "subpar potential reliability" because even if the service fails, you are still protected.

Blawar (incognito creator) and their fanboys spread missinformation about 90dns to boost incognito, which btw is responsible for a huge amount of people fucking up their system forever because people using incognito lost their PRODINFO backups and effectively banned themselves forever with no return (unless they were smart and had a nandbackup).

what's bullshit is your response. the claim to know how it works yet say it can't slow down connection? LMAO, google and cloudflare pass header info that identifies the geolocation of the person using it for routing, while 90dns doesn't. 90dns absolutely can lower speeds, sometimes significantly, but its a person to person thing. Some people go from 15mb/s down to 1, some are unaffected. How about you do some research into WHY so many people say it throttles connections instead of basing your opinion on your own mileage..

as for incognito. user error doesnt make it bad. its not incognito's fault someone loses there prodinfo backup, or uses on sysnand instead of being smart and using on a emunand. exosphere and incognito are better than 90dns if only for the fact you dont have to configure shit on every new connection...