Hacking Create your own DNS Server to Block Nintendo Updates

  • Thread starter Thread starter Ninja_Carver
  • Start date Start date
  • Views Views 14,644
  • Replies Replies 53
  • Likes Likes 11

Ninja_Carver

Well-Known Member
Member
Joined
Dec 27, 2012
Messages
364
Reaction score
381
Trophies
0
Age
41
XP
672
Country
United States
I had previously tried to create a server that the community could use for this purpose, however it became apparent promptly afterwards that the server was being abused and leveraged in DDoS attacks. I have put together a short HOWTO on how to create your own BIND server that can accomplish the same thing within your own secure network. If you're like me, and don't have a router that can block hosts, then you will find this advantageous.

  1. Download BIND 9.9.7 (Stable, ESV) from ftp://ftp.isc.org/isc/bind9/9.9.7/BIND9.9.7.x86.zip
  2. Extract files to a temporary location
  3. Run BINDInstall.exe from aforementioned temporary location.a. Create a Service Account Password
  4. After Installation, you will receive a dialog box stating the installation was successful, click OK, then Exit.
  5. Open your favorite Text Editor, for Windows my recommendation is Notepad++ (it's Freeeeee!)
  6. Dump the following contents in a new file, and save as: C:\Program Files (x86)\ISC BIND 9\etc\named.conf
MAKE SURE THE FILE NAME EXTENSION IS ONLY ".CONF", not ".CONF.TXT" OR ANYTHING LIKE THAT
MAKE SURE YOU CHANGE THE "ROUTER_OR_GATEWAY_IP" FIELD IN THE THIRD LINE TO REFLECT YOURS

Code:
options {
        directory "C:/Program Files (x86)/ISC BIND 9";
        forwarders { ROUTER_OR_GATEWAY_IP; };
        notify no;
};
 
zone "localhost" in {
      type master;
      file "db.localhost.txt";
};
 
zone "0.0.127.in-addr.arpa" in {
        type master;
        file "db.127.0.0.txt";
};
 
zone "." in {
        type hint;
        file "root.hint.txt";
};
 
zone "nus.c.shop.nintendowifi.net" {
    type master;
    file "db.nus.c.shop.nintendowifi.net.txt";
};
 
zone "nus.cdn.c.shop.nintendowifi.net" {
    type master;
    file "db.nus.cdn.c.shop.nintendowifi.net.txt";
};
 
zone "nus.cdn.shop.wii.com" {
    type master;
    file "db.nus.cdn.shop.wii.com.txt";
};
 
zone "nus.cdn.wup.shop.nintendo.net" {
    type master;
    file "db.nus.cdn.wup.shop.nintendo.net.txt";
};
 
zone "nus.wup.shop.nintendo.net" {
    type master;
    file "db.nus.wup.shop.nintendo.net.txt";
};


7. Download the attached archive, containing all the blocking zone files, and Extract to "C:\Program Files (x86)\ISC BIND 9"​
8. Open an Elevated Command Prompt (Right click command prompt, run as administrator).​
9. Enter the following command "net start named"​
10. If the service starts successfully, you can test as follows in the command prompt:​

Code:
nslookup www.google.com 127.0.0.1 <-- WORKS? Good.
nslookup nus.cdn.shop.wii.com 127.0.0.1 <-- FAILS? Good.

11. If all of the tests go according to plan, you can now point your WiiU to the IP of the machine you're running the BIND server on. To find out the IP of your machine, run IPCONFIG from the command prompt. The IP address should be within the output, and so should the gateway (or router) IP.​

If the service fails to start for whatever reason, check your Application Event Log in Event viewer and report here... I'll do my best to help you.
 

Attachments

Nice :)
I'd suggest that someone could make a sticky about all kinds of update blocking and webkit exploit execution without a valid internet connection (like Mr. Mysterio has recently shown to me). At least as soon as the kernel exploit is out. Update blocking or running a local server would be the first step for everyone
 
Please remember to either add a rule in Windoww Firewall for inbound/outbound UDP port 53 or disable Windows Firewall entirely. Just tested this. Seems to work well. Let me know how it goes.
 
Please remember to either add a rule in Windoww Firewall for inbound/outbound UDP port 53 or disable Windows Firewall entirely. Just tested this. Seems to work well. Let me know how it goes.




I would recommend egress filtering and blocking off UDP port 53 outside of your LAN.
 
  • Like
Reactions: WiiuGold
I got the service running, but I'm not sure how it's supposed to look like when that nus IP fails. A picture or a quote would have been nice.

Also, any suggestions how I point the Wii U to the server machine? What am I to look for in my router settings?
 
It says the connection was successful, but can't access to any webpage from Wii U...
I set the my Bind server IP, and it ask for manual DNS, I put the same I got in my PC connection?

cmd: ipconfig shows a blank space on DNS...
 
I got the service running, but I'm not sure how it's supposed to look like when that nus IP fails. A picture or a quote would have been nice.

Also, any suggestions how I point the Wii U to the server machine? What am I to look for in my router settings?

I apologize, you're right, that probably would have been helpful...

From the command prompt, you can use nslookup to test blocking....

if you do an 'nslookup www.google.com' that should return a bunch of IP addresses for google.

However, if you attempt an 'nslookup nus.c.shop.nintendowifi.net' or any other 'zones' that we're blocking you should return nothing, or even return an error. That behavior will vary between different computers.

IPCONFIG shows blank for DNS? You didn't change the DNS settings on your PC right? The only place you're changing the DNS settings is on your WiiU. You manually set the IP of your PC in the WiiU.
 
  • Like
Reactions: TeamScriptKiddies
Here's what it looks like from my workstation. Keep in mind your mileage may vary because I'm on Windows 2008 R2.

Code:
C:\Windows\system32>nslookup www.google.com 127.0.0.1
Server:  UnKnown
Address:  127.0.0.1
 
Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4002:c01::93
          173.194.219.99
          173.194.219.105
          173.194.219.104
          173.194.219.103
          173.194.219.147
          173.194.219.106
 
 
C:\Windows\system32>nslookup nus.c.shop.nintendowifi.net 127.0.0.1
Server:  UnKnown
Address:  127.0.0.1
 
Name:    nus.c.shop.nintendowifi.net
 
 
C:\Windows\system32>
 
Are you behind a router? They shouldn't be blocking you from having a DNS server on your own LAN.
Well, they did. The ISP blocked port 53 last year because of DDoS attacks. When I tried to open up port 53 in Windows Firewall the router (which unfortunately is also the modem) said "nope" and shut down internet.
 
Well, they did. The ISP blocked port 53 last year because of DDoS attacks. When I tried to open up port 53 in Windows Firewall the router (which unfortunately is also the modem) said "nope" and shut down internet.
I don't think there is any connection at all between Windows Firewall and your router... That would be a first time for me ... Try completely disabling Windows Firewall.... Does your router still shut down?
What if you were running Linux and you didn't have Windows Firewall? lol
 
Ninja_Carver said:
IPCONFIG shows blank for DNS? You didn't change the DNS settings on your PC right? The only place you're changing the DNS settings is on your WiiU. You manually set the IP of your PC in the WiiU.
Yeah, I have a manual set DNS, had to do that way because I keep my PC ip static.
Weird thing is Wii U notify the test connection as succesful
 
Well, they did. The ISP blocked port 53 last year because of DDoS attacks. When I tried to open up port 53 in Windows Firewall the router (which unfortunately is also the modem) said "nope" and shut down internet.


Your own machine uses udp 53 to talk to your ISP DNS. They cannot block your DNS server and still allow you outbound since your internal LAN has the same external facing IP. It all looks the same. The only issue that might arise is that your DNS server would use TCP to connect to their DNS server. They might not want you doing zone transfers.
 
Does the eShop shop open? It should not...

You should be able to visit websites in the browser still, though.
I can't access to any online service from Wii U, including the browser, I get a couldn't find the server error :c

PC side I think I got everything right, www.google.com shows a bunch of adresses, nus.eshop doesn't bring anything. Should test with another url? Or google one is enough?
 

Site & Scene News

Popular threads in this forum