Hello from Germany,

Because I don't want that this post gets lost in a thread I put it in it's own thread!

I'm fairly new to the whole switch scene (just since three weeks), and because it is very interesting I started to read many things!

I downloaded a complete "finished" pack and hacked my switch with it, but I also started to "deconstruct" that pack to find out how anything works!

I investigated many time into dns, bans and security to help others and myself to avoid getting banned!

I really don't like 90dns!
The idea is good, don't get me wrong, but I don't like to waste the DNS settings for a service that isn't on my device!
And the next thing is: how secure is it if you change networks or the 90dns service is down?

Atmosphere brings anything we need, to protect our switch (locally) no matter whitch network!

I started to look into the settings of atmosphere and many other files, and now I would really appreciate it if you could take a look into all the files I put together and give me feedback please!
Tell me if it's good, if it's bad and, most importantly, if I missed something to make it better!

I think it would help many others to protect their device from being banned (I really hope it), and I also hope we can work together to make it even better! (FEEDBACK!!!)

OK! What is it doing?

1. Activated many things in system_settings.ini (atmosphere/config/)

2. Exosphere.ini (sd root)

3. override_settings.ini (atmosphere/config/ (set to R-Button))
(I just brought it back because on a new release it has to be set again)

4. "good" hosts file (atmosphere/hosts/ (default.txt and emummc.txt (both contain the same))

Hosts is what I would call "extreme" blocking thanks to the possible usage of "*" !
Example:

127.0.0.1 switch.*
127.0.0.1 switch*.*
127.0.0.1 *switch.*
127.0.0.1 *switch*.*

Same with nintendo! (but take a look yourself)

Made a exception for the HB-AppStore because the url is switchbru(dot) com and is BLOCKED because of the setup I made (see the example above) !
Now the appstore can be opened and used!

BLOCKED also some game servers for online gaming (just in case)

BLOCKED Google tracking and analytics

BLOCKED many YouTube ads servers! (if you use the patched YouTube app in CFW (emuMMC)
"This is still under testing and development)

As I said I'm not a fan of 90dns and now (with dns_mitm) I was able to set both DNS to cloudflare (1.1.1.1 and 1.0.0.1) because I am also no fan of fu... Google!
(what files are all related to 90dns? Would like to get completly rid of it? 90dns tester is deleted in switch folder, but it's there more?)

Well! That's it!

If you want to use it just copy all files out of the zip into the root of your SD and overwrite everything!
Do a reboot and it's set!
If you want to see if it's working just go to sd:/atmosphere/logs/ and open the log file in there!
(you can do that with many explorers from appstore in HBL)

If you want to help! You are welcome!

 

[sley]

Yeah I also think that exosphere is more than enough, I just have the 90DNS ontop of that active incase that exosphere for some reason doesn't work. It's fine as a second layer of protection

edit: What "complete pack" did you download? It's generally recommended to just use the SD Setup site for bulk downloading apps, otherwise you only need atmosphere and a payload for cfw.

 

[HalfScoper]

90DNS isn't fine as layer of protection, because you rely on a service to block DNS for you.
Do yourself a favor and use a proper hosts block txt file found here (optionally use the back button at the bottom to browse this useful collection of info): https://rentry.org/ExosphereDNSMITM

 

[sley]

Like I said second layer of protection, I know that it's unlikely that exosphere fails but it's homebrew in the end bugs can happen.

Still thanks for the link, I realised that I've only been blanking my prodinfo with exosphere and didn't create an hosts file yet.

 

[BeckysFootSlave]

90DNS isn't fine as layer of protection, because you rely on a service to block DNS for you.
Do yourself a favor and use a proper hosts block txt file found here (optionally use the back button at the bottom to browse this useful collection of info): https://rentry.org/ExosphereDNSMITM

What?
You didn't looked into my zip, didn't you!
Otherwise you wouldn't tell me to use a proper hosts file!

Please take a look!

 

[deathblade200]

I really don't like 90dns!
The idea is good, don't get me wrong, but I don't like to waste the DNS settings for a service that isn't on my device!
And the next thing is: how secure is it if you change networks or the 90dns service is down?

this is some really dumb logic. I use nextdns on ALL my devices to block ads and other shit. I also use it on my switch for both sysnand and emunand. on sysnand its used to block tracking servers (both nintendo tracking servers and ingame tracking servers for online always game) , remove update nagging, as well as remove ads in the few apps that have them. on emunand its also used to block nintendo servers. unlike 90dns I also have full control over what it blocks. if you can't access the dns then you can't even access the internet at all so your complaints are asinine

 

[HalfScoper]

4. "good" hosts file (atmosphere/hosts/ (default.txt and emummc.txt (both contain the same))

Hosts is what I would call "extreme" blocking thanks to the possible usage of "*" !
Example:

127.0.0.1 switch.*
127.0.0.1 switch*.*
127.0.0.1 *switch.*
127.0.0.1 *switch*.*

What?
You didn't looked into my zip, didn't you!
Otherwise you wouldn't tell me to use a proper hosts file!

Please take a look!

Yeah I didn't download that shady zip because I can read. If you compare the link I posted in response to the other guy and what you told, you don't block anything (of importance) in the end.

 

[BeckysFootSlave]

this is some really dumb logic. I use nextdns on ALL my devices to block ads and other shit. I also use it on my switch for both sysnand and emunand. on sysnand its used to block tracking servers (both nintendo tracking servers and ingame tracking servers for online always game) , remove update nagging, as well as remove ads in the few apps that have them. on emunand its also used to block nintendo servers. unlike 90dns I also have full control over what it blocks. if you can't access the dns then you can't even access the internet at all so your complaints are asinine

Sorry, didn't completly understand what you meant!
What is nextdns and how did you set it up on a device (your switch)? Really interesting!
I just want to get better!

@HalfScoper
It's not a shady zip! You can push it thru any detector out there!
Didn't even turn on compression AFAIK!
Just would like to hear and learn what others say and how it could work better if they are willing to look in the files!

I don't say: take it as it is and put everything on your SD.
And I read that site (just once) on the way creating that zip!

 

[deathblade200]

Sorry, didn't completly understand what you meant!
What is nextdns and how did you set it up on a device (your switch)? Really interesting!
I just want to get better!

@HalfScoper
It's not a shady zip! You can push it thru any detector out there!
Didn't even turn on compression AFAIK!
Just would like to hear and learn what others say and how it could work better if they are willing to look in the files!

I don't say: take it as it is and put everything on your SD.
And I read that site (just once) on the way creating that zip!

www.nextdns.io

 

[BeckysFootSlave]

@deathblade200 Noice! And that is free?
Really good and it opens in German for me!

And on the switch you use "linked ip", is that right?
And blocking anything from nintendo with "blacklist" and allow with "whitelist"?

 

[deathblade200]

@deathblade200 Noice! And that is free?
Really good and it opens in German for me!

And on the switch you use "linked ip", is that right?
And blocking anything from nintendo with "blacklist" and allow with "whitelist"?

linked ip is your devices ip you have to use the DNS Servers and its free for 300,000 queries a month which is extremely hard to hit. and yes I block/unblock with the blacklist/whitelist

 

[MasterJ360]

Thats why Incognito exists. The results work the same way as 90dns, but not involving internet settings. Its just causes the console serial ID to go blank meaning you'll never connect to Nintendo Server without a serial ID.

 

[MrGrinch]

has anyone been banned while running a correct exosphere config?

 

[The Real Jdbye]

has anyone been banned while running a correct exosphere config?

You can still get banned running a correct exosphere config if you do something stupid. Such as booting into sysNAND CFW, not realizing and installing some nsps or running some homebrew that messes with files on NAND or save editing in online games. If you keep all your homebrew and CFW activities to emuNAND, they stay on emuNAND, a correct config prevents the console from going online and calling back to Nintendo, and your sysNAND stays clean so there is no concern about going online there. Meaning there is basically no way you could get banned. But if you do something to make your sysNAND unclean, the console can still call home in OFW and get you banned that way.

emuNAND is essentially completely isolated from sysNAND. Anything you do in emuNAND can't affect your sysNAND, as long as the console isn't allowed to call home.

 

[impeeza]

googlevideo.com, is part of analytics?

 

[BeckysFootSlave]

No!
Youtube ads!

 

[deathblade200]

No!
Youtube ads!

well no not exactly. if you blocked that you would just block all youtube videos but ads are also served from it and they constantly change the links

 

[fragged]

Thats why Incognito exists. The results work the same way as 90dns, but not involving internet settings. Its just causes the console serial ID to go blank meaning you'll never connect to Nintendo Server without a serial ID.

No version of that works on any Mariko / OLED Switch.
I had to start using the prodinfo blanking using the Exosphere.ini config file on the root of your SD card.

I did like how Incognito 2.0 through Tinfoil was permanent, and backs itself up. But having a chipped OLED now rather than a dedicated Switch just for CFW I have to use emummc & the Exosphere prodinfo blanking. I guess the only thing I don't like about that is if were to swap SD cards around I'd have to make 100% sure that it's on the root of my SD card.

 

[Akumara]

You can still get banned running a correct exosphere config if you do something stupid. Such as booting into sysNAND CFW, not realizing and installing some nsps or running some homebrew that messes with files on NAND or save editing in online games. If you keep all your homebrew and CFW activities to emuNAND, they stay on emuNAND, a correct config prevents the console from going online and calling back to Nintendo, and your sysNAND stays clean so there is no concern about going online there. Meaning there is basically no way you could get banned. But if you do something to make your sysNAND unclean, the console can still call home in OFW and get you banned that way.

emuNAND is essentially completely isolated from sysNAND. Anything you do in emuNAND can't affect your sysNAND, as long as the console isn't allowed to call home.

Well you can setup exosphere so that even in sysNAND CFW the serial is blanked.

blank_prodinfo_sysmmc=1
blank_prodinfo_emummc=1

Now just make sure that in sysnand you dont install any nsps/xci etc and you're fine.
I usually use two different themes.

 

[fragged]

Well you can setup exosphere so that even in sysNAND CFW the serial is blanked.

blank_prodinfo_sysmmc=1
blank_prodinfo_emummc=1

Now just make sure that in sysnand you dont install any nsps/xci etc and you're fine.
I usually use two different themes.

I sold both of my V1 Switch's (one for online, second for CFW) to get my OLED chipped so I want to use emummc for CFW & don't want anything to even touch the sysnand so I can use it online. I know it should be safe to boot syscfw if you only do certain things, but I'd rather not even take the chance.
It probably shouldn't be a problem as I'm using a 1TB Micro SD card so I'm not likely to be changing anything on it as far as it's setup any time soon.
I will be installing a theme on my emummc though.