Blocking 3DS updates via firewall

Discussion in '3DS - Flashcards & Custom Firmwares' started by SweetieBelle, Oct 12, 2012.

Oct 12, 2012
  1. SweetieBelle
    OP

    Newcomer SweetieBelle Advanced Member

    Joined:
    Aug 20, 2012
    Messages:
    61
    Country:
    Antarctica
    Hi there, Search didn't prove fruitful so I thought I would ask..

    Does anyone have the update server addresses so that we can add them to a firewall block list and has anyone done this, and had it work?

    I would like to play games via the net and the latest versions all now auto update, I do not have a DS lite to repatch of it goes wrong >.>

    Any help is appreciated, thanks.
    ~SweetieBelle
     


  2. rondoh70

    Member rondoh70 GBAtemp Fan

    Joined:
    Sep 1, 2011
    Messages:
    331
    Location:
    new york
    Country:
    United States
    The idea I have to just put the nintendo server name or ip address into your firewall and it should block all incoming connections from the website.
     
  3. SweetieBelle
    OP

    Newcomer SweetieBelle Advanced Member

    Joined:
    Aug 20, 2012
    Messages:
    61
    Country:
    Antarctica
    It will from the website yes, however I suspect the server is elsewhere online and is likely a direct connection to an IP address as opposed to connecting to something.nintendo.com, otherwise I could just block *nintendo*.
     
  4. shoyrumaster11

    Member shoyrumaster11 GBAtemp Regular

    Joined:
    Dec 12, 2011
    Messages:
    296
    Location:
    With the Thunderjuggling Cugglecats!
    Country:
    Australia
    But wait, we don't know the IP for the Nintendo 3DS/DSi/WII/WII-U update service or the Nintendo Eshops and DSiWare shops. I just think IP blocking for services like these require you to actually block the reversed IP address!
     
  5. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,736
    Location:
    Gaming Grotto
    Country:
    Poland
    Does your router support traffic status checks?

    Before your 3DS requests an update, (I'm guessing here) it pings the regional or global update server to cross-check version numbers of the firmware. The adress should pop-up in your router's log then, assigned to your 3DS's MAC and/or ID, even before you Accept/Decline.

    On the Wii it was actually NUS.shop.wii.com (209.67.106.201) as far as I remember - how do you thing NUS Downloader works? ;)
     
  6. shoyrumaster11

    Member shoyrumaster11 GBAtemp Regular

    Joined:
    Dec 12, 2011
    Messages:
    296
    Location:
    With the Thunderjuggling Cugglecats!
    Country:
    Australia
    Tried going to NUS with my computer. Got a blank page!
     
  7. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,736
    Location:
    Gaming Grotto
    Country:
    Poland
    Of course you got a blank page - it's a computer, not a Wii. It runs a check on the browser. ;)

    It used to work normally on certain browsers - in fact, you could even access the shop, but it was later patched. Now you need direct URL's to access files.

    http://gbatemp.net/t...ocess-analyzed/

    Here's more 3DS-specific update info that could be useful.

    In any case, according to Cyan's findings, the servers are:

    conntest.nintendowifi.net - used for testing the connection
    nus.cdn.c.shop.nintendowifi.net - stores actual updates (EUR region? Not sure if global or not)

    The connection test itself appears to be accessible on the PC as well by entering this adress: http://conntest.nint...i.net/test.html
     
  8. shoyrumaster11

    Member shoyrumaster11 GBAtemp Regular

    Joined:
    Dec 12, 2011
    Messages:
    296
    Location:
    With the Thunderjuggling Cugglecats!
    Country:
    Australia
    Guess that Nintendo patched it knowing that hackers could crack easier like this!
     
  9. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,736
    Location:
    Gaming Grotto
    Country:
    Poland
    They didn't do a very good job - all they did was using a check whether the browser is the same version of Opera as on the Wii - you could fool it with relative ease. :P Later they added another fix based on some kind of an authentication protocol, so the shop is no longer accessible. That said, the NUS server still is AFAIK.

    http://wiibrew.org/w...Channel_From_PC
     
  10. shoyrumaster11

    Member shoyrumaster11 GBAtemp Regular

    Joined:
    Dec 12, 2011
    Messages:
    296
    Location:
    With the Thunderjuggling Cugglecats!
    Country:
    Australia
    All I get now is a 403 error on all "working" pages!
     
  11. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,736
    Location:
    Gaming Grotto
    Country:
    Poland
    403 - Access Forbidden. ;)

    Oh, and just before you all get excited that you can block the updates server - this does not mean that you will be able to access the eShop with an outdated 3DS firmware - all that's going to pop up is an error message of some sort. No mirracles are going to happen, this is just a less cumbersome way of avoiding online updates without clicking Decline. :P

    Remember that you're still vulnerable as far as cartridge-based updates are concerned.
     
  12. shoyrumaster11

    Member shoyrumaster11 GBAtemp Regular

    Joined:
    Dec 12, 2011
    Messages:
    296
    Location:
    With the Thunderjuggling Cugglecats!
    Country:
    Australia
    Ok. Makes sense. I just don't know how exactly warez groups make pirated copies of downloadable games and apps now. I mean. Doesen't companies like Nintendo block Warez group IPs? If you know how this works, a PM would be accepted by me!
     
  13. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,736
    Location:
    Gaming Grotto
    Country:
    Poland
    No need for a PM, really. The Wii is pretty much wide-open at this point, they just download the unsigned content from the shop and pack it into a .WAD - at this point, the Wii doesn't even mind what it installs when it's softmodded.
     
  14. shoyrumaster11

    Member shoyrumaster11 GBAtemp Regular

    Joined:
    Dec 12, 2011
    Messages:
    296
    Location:
    With the Thunderjuggling Cugglecats!
    Country:
    Australia
    I was just thinking of a PM just because I wanted somewhat in depth and technical info. Plus, don't warez groups decrypt signed content and release an unsigned copy of it or something like that.

    PS: My interest in the warez scene came from my interest in the "demoscene"
     
  15. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,736
    Location:
    Gaming Grotto
    Country:
    Poland
    AFAIK, the content bought in the shop is signed on the console itself - knowing the ins and outs of the protocol, you can just conveniently forget to sign it. It's a normal purchase with a normal download ticket. ;)

    That said, I may be wrong, so get a second opinion. ;)
     
  16. shoyrumaster11

    Member shoyrumaster11 GBAtemp Regular

    Joined:
    Dec 12, 2011
    Messages:
    296
    Location:
    With the Thunderjuggling Cugglecats!
    Country:
    Australia
    Well, I trust what you are saying, I mean. I guess it can explain part of the reason that downloading from the 3DS Eshop is slow. The 3DS is probably encrypting downloaded data and uploading user info.
     
  17. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,736
    Location:
    Gaming Grotto
    Country:
    Poland
    It would make sense to me. Otherwise, they'd have to send the key used for signing for a particular system as a part of the ticket, and that would pretty much focus the eyes of the entire hacking world on the ticket mechanism. :P
     
  18. justinkb

    Member justinkb GBAtemp Advanced Fan

    Joined:
    Oct 7, 2012
    Messages:
    619
    Country:
    Netherlands
    i doubt the 3ds signs the package itself, that would be a huge hole... and neimod would have already been able to abuse this if that were the case. he'd just breakpoint before the signing starts, dump the raw data, then overwrite some memory containing the signing key with some other 3ds's key and sign it for another 3ds. there's nothing to stop this, unless the signing procedure is a black box hardware chip, instead of software based.

    for the record, in this case, they wouldn't have to send the actual encryption key, since it is most likely assymmetric crypto. they'd send some sort of unique identifier (could be the corresponding public key or something else entirely), and nintendo would know which private key to sign the package with.

    still, obviously, all proper eshop traffic in the world is encrypted in the first place, so this isn't really interesting.
     
  19. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,736
    Location:
    Gaming Grotto
    Country:
    Poland
    The encryption key is never available in memory in a "plain" form - it's not easily "dumped" as you think it is - it's always randomly scattered, as it should on most properly secured systems. I'm pretty sure the 3DS signs its files on the spot - creating an infrastructure which signs the downloads for each and every corresponding unit on-the-fly would be at the very least cumbersome to use and prone to attack.

    EDIT: It would appear that I was right, at least as far as the Wii is concerned, according this release: http://lse.epita.fr/...eek/wii_sec.pdf



    ...which would suggest that the Wii encrypts things all by itself. Now, with the Wii, they made a mistake. The encryption coprocessor temporarily stored the key in Main RAM - it did not have direct access to the OTP chip where the key was stored. I would assume that Nintendo corrected that with the 3DS, so that the encryption and decryption takes place outside of main memory and within the dedicated hardware. If that's the case, then the private key is never in RAM at all. The 3DS would merely have to call for an encryption/decryption and forward an address.

    //Totally off-topic, I'll be good now though. ;)
     
  20. justinkb

    Member justinkb GBAtemp Advanced Fan

    Joined:
    Oct 7, 2012
    Messages:
    619
    Country:
    Netherlands
    very interesting. what a dumb oversight with the wii ;-) still, this gives us the possibility of a modchip based on neimod's hardware, to:

    a) get unsigned packages from eshop, directly from memory, before they are encrypted ("ripping")

    and then later (on another 3ds, also "chipped")

    b) inject them into ram, overwriting another (random) package about to be signed (say, a free demo you are downloading)

    of course, this would only be interesting for pirating, not homebrew.
     

Share This Page