Hacking Create your own DNS Server to Block Nintendo Updates

Ninja_Carver

Well-Known Member
OP
Member
Joined
Dec 27, 2012
Messages
364
Trophies
0
Age
38
XP
642
Country
United States
I had previously tried to create a server that the community could use for this purpose, however it became apparent promptly afterwards that the server was being abused and leveraged in DDoS attacks. I have put together a short HOWTO on how to create your own BIND server that can accomplish the same thing within your own secure network. If you're like me, and don't have a router that can block hosts, then you will find this advantageous.

  1. Download BIND 9.9.7 (Stable, ESV) from ftp://ftp.isc.org/isc/bind9/9.9.7/BIND9.9.7.x86.zip
  2. Extract files to a temporary location
  3. Run BINDInstall.exe from aforementioned temporary location.a. Create a Service Account Password
  4. After Installation, you will receive a dialog box stating the installation was successful, click OK, then Exit.
  5. Open your favorite Text Editor, for Windows my recommendation is Notepad++ (it's Freeeeee!)
  6. Dump the following contents in a new file, and save as: C:\Program Files (x86)\ISC BIND 9\etc\named.conf
MAKE SURE THE FILE NAME EXTENSION IS ONLY ".CONF", not ".CONF.TXT" OR ANYTHING LIKE THAT
MAKE SURE YOU CHANGE THE "ROUTER_OR_GATEWAY_IP" FIELD IN THE THIRD LINE TO REFLECT YOURS

Code:
options {
        directory "C:/Program Files (x86)/ISC BIND 9";
        forwarders { ROUTER_OR_GATEWAY_IP; };
        notify no;
};
 
zone "localhost" in {
      type master;
      file "db.localhost.txt";
};
 
zone "0.0.127.in-addr.arpa" in {
        type master;
        file "db.127.0.0.txt";
};
 
zone "." in {
        type hint;
        file "root.hint.txt";
};
 
zone "nus.c.shop.nintendowifi.net" {
    type master;
    file "db.nus.c.shop.nintendowifi.net.txt";
};
 
zone "nus.cdn.c.shop.nintendowifi.net" {
    type master;
    file "db.nus.cdn.c.shop.nintendowifi.net.txt";
};
 
zone "nus.cdn.shop.wii.com" {
    type master;
    file "db.nus.cdn.shop.wii.com.txt";
};
 
zone "nus.cdn.wup.shop.nintendo.net" {
    type master;
    file "db.nus.cdn.wup.shop.nintendo.net.txt";
};
 
zone "nus.wup.shop.nintendo.net" {
    type master;
    file "db.nus.wup.shop.nintendo.net.txt";
};


7. Download the attached archive, containing all the blocking zone files, and Extract to "C:\Program Files (x86)\ISC BIND 9"​
8. Open an Elevated Command Prompt (Right click command prompt, run as administrator).​
9. Enter the following command "net start named"​
10. If the service starts successfully, you can test as follows in the command prompt:​

Code:
nslookup www.google.com 127.0.0.1 <-- WORKS? Good.
nslookup nus.cdn.shop.wii.com 127.0.0.1 <-- FAILS? Good.

11. If all of the tests go according to plan, you can now point your WiiU to the IP of the machine you're running the BIND server on. To find out the IP of your machine, run IPCONFIG from the command prompt. The IP address should be within the output, and so should the gateway (or router) IP.​

If the service fails to start for whatever reason, check your Application Event Log in Event viewer and report here... I'll do my best to help you.
 

Attachments

  • ninty_zone_files.zip
    3.5 KB · Views: 667

CosmoCortney

i snack raw pasta and chew lollipops
Member
Joined
Apr 18, 2013
Messages
1,767
Trophies
1
Location
on the cool side of the pillow
Website
follow-the-white-rabbit.wtf
XP
2,957
Country
Germany
Nice :)
I'd suggest that someone could make a sticky about all kinds of update blocking and webkit exploit execution without a valid internet connection (like Mr. Mysterio has recently shown to me). At least as soon as the kernel exploit is out. Update blocking or running a local server would be the first step for everyone
 

Ninja_Carver

Well-Known Member
OP
Member
Joined
Dec 27, 2012
Messages
364
Trophies
0
Age
38
XP
642
Country
United States
Please remember to either add a rule in Windoww Firewall for inbound/outbound UDP port 53 or disable Windows Firewall entirely. Just tested this. Seems to work well. Let me know how it goes.
 

Relys

^(Software | Hardware) Exploit? Development.$
Member
Joined
Jan 5, 2007
Messages
878
Trophies
0
XP
1,218
Country
United States
Please remember to either add a rule in Windoww Firewall for inbound/outbound UDP port 53 or disable Windows Firewall entirely. Just tested this. Seems to work well. Let me know how it goes.




I would recommend egress filtering and blocking off UDP port 53 outside of your LAN.
 
  • Like
Reactions: WiiuGold

starerik

Well-Known Member
Newcomer
Joined
Feb 23, 2007
Messages
59
Trophies
0
XP
251
Country
I got the service running, but I'm not sure how it's supposed to look like when that nus IP fails. A picture or a quote would have been nice.

Also, any suggestions how I point the Wii U to the server machine? What am I to look for in my router settings?
 

OriginalHamster

UStealthy
Member
Joined
Nov 2, 2008
Messages
3,380
Trophies
0
Age
42
XP
1,326
Country
Cote d'Ivoire
It says the connection was successful, but can't access to any webpage from Wii U...
I set the my Bind server IP, and it ask for manual DNS, I put the same I got in my PC connection?

cmd: ipconfig shows a blank space on DNS...
 

Ninja_Carver

Well-Known Member
OP
Member
Joined
Dec 27, 2012
Messages
364
Trophies
0
Age
38
XP
642
Country
United States
I got the service running, but I'm not sure how it's supposed to look like when that nus IP fails. A picture or a quote would have been nice.

Also, any suggestions how I point the Wii U to the server machine? What am I to look for in my router settings?

I apologize, you're right, that probably would have been helpful...

From the command prompt, you can use nslookup to test blocking....

if you do an 'nslookup www.google.com' that should return a bunch of IP addresses for google.

However, if you attempt an 'nslookup nus.c.shop.nintendowifi.net' or any other 'zones' that we're blocking you should return nothing, or even return an error. That behavior will vary between different computers.

IPCONFIG shows blank for DNS? You didn't change the DNS settings on your PC right? The only place you're changing the DNS settings is on your WiiU. You manually set the IP of your PC in the WiiU.
 
  • Like
Reactions: TeamScriptKiddies

Ninja_Carver

Well-Known Member
OP
Member
Joined
Dec 27, 2012
Messages
364
Trophies
0
Age
38
XP
642
Country
United States
Here's what it looks like from my workstation. Keep in mind your mileage may vary because I'm on Windows 2008 R2.

Code:
C:\Windows\system32>nslookup www.google.com 127.0.0.1
Server:  UnKnown
Address:  127.0.0.1
 
Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4002:c01::93
          173.194.219.99
          173.194.219.105
          173.194.219.104
          173.194.219.103
          173.194.219.147
          173.194.219.106
 
 
C:\Windows\system32>nslookup nus.c.shop.nintendowifi.net 127.0.0.1
Server:  UnKnown
Address:  127.0.0.1
 
Name:    nus.c.shop.nintendowifi.net
 
 
C:\Windows\system32>
 

starerik

Well-Known Member
Newcomer
Joined
Feb 23, 2007
Messages
59
Trophies
0
XP
251
Country
Are you behind a router? They shouldn't be blocking you from having a DNS server on your own LAN.
Well, they did. The ISP blocked port 53 last year because of DDoS attacks. When I tried to open up port 53 in Windows Firewall the router (which unfortunately is also the modem) said "nope" and shut down internet.
 

Ninja_Carver

Well-Known Member
OP
Member
Joined
Dec 27, 2012
Messages
364
Trophies
0
Age
38
XP
642
Country
United States
Well, they did. The ISP blocked port 53 last year because of DDoS attacks. When I tried to open up port 53 in Windows Firewall the router (which unfortunately is also the modem) said "nope" and shut down internet.
I don't think there is any connection at all between Windows Firewall and your router... That would be a first time for me ... Try completely disabling Windows Firewall.... Does your router still shut down?
What if you were running Linux and you didn't have Windows Firewall? lol
 

OriginalHamster

UStealthy
Member
Joined
Nov 2, 2008
Messages
3,380
Trophies
0
Age
42
XP
1,326
Country
Cote d'Ivoire
Ninja_Carver said:
IPCONFIG shows blank for DNS? You didn't change the DNS settings on your PC right? The only place you're changing the DNS settings is on your WiiU. You manually set the IP of your PC in the WiiU.
Yeah, I have a manual set DNS, had to do that way because I keep my PC ip static.
Weird thing is Wii U notify the test connection as succesful
 

Onion_Knight

Well-Known Member
Member
Joined
Feb 6, 2014
Messages
878
Trophies
0
Age
43
XP
977
Country
Well, they did. The ISP blocked port 53 last year because of DDoS attacks. When I tried to open up port 53 in Windows Firewall the router (which unfortunately is also the modem) said "nope" and shut down internet.


Your own machine uses udp 53 to talk to your ISP DNS. They cannot block your DNS server and still allow you outbound since your internal LAN has the same external facing IP. It all looks the same. The only issue that might arise is that your DNS server would use TCP to connect to their DNS server. They might not want you doing zone transfers.
 

OriginalHamster

UStealthy
Member
Joined
Nov 2, 2008
Messages
3,380
Trophies
0
Age
42
XP
1,326
Country
Cote d'Ivoire
Does the eShop shop open? It should not...

You should be able to visit websites in the browser still, though.
I can't access to any online service from Wii U, including the browser, I get a couldn't find the server error :c

PC side I think I got everything right, www.google.com shows a bunch of adresses, nus.eshop doesn't bring anything. Should test with another url? Or google one is enough?
 

You may also like...

General chit-chat
Help Users
  • No one is chatting at the moment.
  • UnpredictableEnigma @ UnpredictableEnigma:
    soon to be capslock initiated
  • K3N1 @ K3N1:
    Ohnoes the capslocks
  • UnpredictableEnigma @ UnpredictableEnigma:
    sound like how you scream at a computer monitor if someone says something that pisses you off
  • K3N1 @ K3N1:
    They have therapy for that
  • UnpredictableEnigma @ UnpredictableEnigma:
    well go get a referral
  • K3N1 @ K3N1:
    I'm cool
  • K3N1 @ K3N1:
    I was already kicked out of several therapy offices
  • UnpredictableEnigma @ UnpredictableEnigma:
    damn put you on drugs took your money, then kick you out when they got tired, you sure that wasn't a pimp not a therapist?
  • K3N1 @ K3N1:
    Could be pimps are cool
    +1
  • UnpredictableEnigma @ UnpredictableEnigma:
    guess that made you the hoe
  • K3N1 @ K3N1:
    I am a pretty filthy hoe
  • Sonic Angel Knight @ Sonic Angel Knight:
    Who wants to make pizza? :P
    +1
  • M4x1mumReZ @ M4x1mumReZ:
    Me, I love pizza
  • K3N1 @ K3N1:
    Is cheese bread sticks still pizza
  • Sonic Angel Knight @ Sonic Angel Knight:
    Sure, just add tomato sauce and then get complaints from italians that say is not pizza. :P
    +1
  • K3N1 @ K3N1:
    You could just dip in marinara
  • K3N1 @ K3N1:
    Or better yet pineapple salsa to intensify the situation
  • BigOnYa @ BigOnYa:
    I like turtles...
    +2
  • Sonic Angel Knight @ Sonic Angel Knight:
    Turtle soup? :blink:
  • ZeroT21 @ ZeroT21:
    try turtle burger
  • K3N1 @ K3N1:
    Taco bell for horse meat
  • BigOnYa @ BigOnYa:
    It's spelled and pronounced "Toxic Hell"
  • K3N1 @ K3N1:
    Toxic smell also works
    +1
    K3N1 @ K3N1: https://youtu.be/lod_LUp3ggc +1