Hacking emuMMC only with local WLAN

[JoeSurfer68]

Hi there,

there is a lot of discussion about using 90DNS when internet access is needed in Atmosphere, but a lot of people recommend to disable the internet access completely (by enabling the flight mode) to be absolutely safe when using the emuMMC.
However, if I use the latter, I am not able to use homebrew like Moonlight and ftpd pro in my local network. I would also like to use Chiaki, but here, the Sony servers might be involved... The HB App Store would also be nice - if some exceptions were possible...

Therefore, is possible (or could it be added as feature) to add a whitelist for local IP adress ranges and block everything else (or redirect it to 127.0.0.1)?
I haven´t found a hint concerning this yet - just either online with 90DNS or offline.

With kind regards

 

[Draxzelex]

Hi there,

there is a lot of discussion about using 90DNS when internet access is needed in Atmosphere, but a lot of people recommend to disable the internet access completely (by enabling the flight mode) to be absolutely safe when using the emuMMC.
However, if I use the latter, I am not able to use homebrew like Moonlight and ftpd pro in my local network. I would also like to use Chiaki, but here, the Sony servers might be involved... The HB App Store would also be nice - if some exceptions were possible...

Therefore, is possible (or could it be added as feature) to add a whitelist for local IP adress ranges and block everything else (or redirect it to 127.0.0.1)?
I haven´t found a hint concerning this yet - just either online with 90DNS or offline.

With kind regards

Yes you can just use a whitelist but there is also nothing wrong with using 90DNS.

 

[Windi]

You could take a look at DNS_mitm von Athmosphere : https://github.com/Atmosphere-NX/Atmosphere/blob/master/docs/features/dns_mitm.md
I didn´t use it yet, but that might help you with your problem.

 

[impeeza]

sumary: use a combination of 90DNS y Atmosphere dns mitm

 

[faithvoid]

Hi there,

there is a lot of discussion about using 90DNS when internet access is needed in Atmosphere, but a lot of people recommend to disable the internet access completely (by enabling the flight mode) to be absolutely safe when using the emuMMC.
However, if I use the latter, I am not able to use homebrew like Moonlight and ftpd pro in my local network. I would also like to use Chiaki, but here, the Sony servers might be involved... The HB App Store would also be nice - if some exceptions were possible...

Therefore, is possible (or could it be added as feature) to add a whitelist for local IP adress ranges and block everything else (or redirect it to 127.0.0.1)?
I haven´t found a hint concerning this yet - just either online with 90DNS or offline.

With kind regards

I'm an outlier here, so don't take my word as gospel, but using Incognito (or similar tool to backup + erase your PRODINFO) + dns-mitm (which is enabled in Atmosphere by default) on emuNAND may been good enough, at least on current firmwares / for the time being. I've been using only those for over a year and my sysNAND is still perfectly clean, and on emuNAND I can't connect to any Nintendo servers and can use things like ftpd and other network-based homebrew. Again, I'm not saying you SHOULD (I just do it because I don't play NSO games very often so I'm not super worried), but it's possible.

Alternatively, you could use the self-hosting guide from 90DNS to make the modifications you're looking for.

https://gitlab.com/a/90dns/-/blob/master/SELFHOST.md

 

[JoeSurfer68]

Thanks a lot for your answers. I currently use the emummc.txt with dns.mitm from the NH Switch Guide and the following exosphere.ini:

[exosphere]
debugmode=1
debugmode_user=0
disable_user_exception_handlers=0
enable_user_pmu_access=0
blank_prodinfo_sysmmc=0
blank_prodinfo_emummc=1
allow_writing_to_cal_sysmmc=0
log_port=0
log_baud_rate=115200
log_inverted=0

But how would a modified emummc.txt look like? Something like

# Route the IPs in the following range correctly
192.168.* 192.168.*

# Block everything else
{<paste all TLDs for HOSTS file from Pastebin 63hfPx8M >}

I don´t think that the second line is correct because the second parameter must be a DNS...

Or is this dns.mitm just about blocking DNS requests which does not affect Moonlight etc. in your home network, bacause you only need the IP adress, not a DNS?

And what if with one of the next firmwares they switch from DNS requests to update servers to direct IP adresses?

 

[The Real Jdbye]

Thanks a lot for your answers. I currently use the emummc.txt with dns.mitm from the NH Switch Guide and the following exosphere.ini:


But how would a modified emummc.txt look like? Something like


I don´t think that the second line is correct because the second parameter must be a DNS...

Or is this dns.mitm just about blocking DNS requests which does not affect Moonlight etc. in your home network, bacause you only need the IP adress, not a DNS?

And what if with one of the next firmwares they switch from DNS requests to update servers to direct IP adresses?

If that happens you're still safe because you have PRODINFO blanking enabled.

 

[laz305]

So I just realized this exosphere.ini file. So I want to be able to go online with my sysNand so that should be on 0 right? Cuz right now it’s on 1 I guess by default cuz I’ve never messed with it before.

 

[Draxzelex]

So I just realized this exosphere.ini file. So I want to be able to go online with my sysNand so that should be on 0 right? Cuz right now it’s on 1 I guess by default cuz I’ve never messed with it before.

Yes.