[GUIDE] How to block FW updates via Windows 7/8/8.1 virtual hotspot

Discussion in '3DS - Tutorials' started by d0k3, Apr 7, 2015.

  1. d0k3

    d0k3 3DS Homebrew Legend

    Dec 3, 2004
    In this guide, I will show you how to set up a virtual hotspot on any Windows 7/8/8.1 computer and how to block 3DS FW updates on this hotspot. It's pretty easy, you most likely already have all the hardware you need and you won't have to install any additional software.

    What you will need:
    • a computer running Windows 7/8/8.1
    • administritative rights on that computer
    • a WiFi adapter installed in this computer (if you can surf the net via WiFi, you already have this)
    • preferably, but not needed, internet access via ethernet
    That's all! You may read more on the safety of this at the bottom of this post, but first, about setting up...

    [1] Blocking 3DS updates via the hosts file

    Search for notepad in your startmenu, right click -> run as administrator. Navigate to your hosts file (typically located at C:\Windows\system32\drivers\etc\hosts) and open that in Notepad (you may need to enable 'all files' at lower right first to make it visible). Add the following lines to your hosts file and save it. Don't touch any of the already existing text in your hosts file.
    # hosts file block entries to stop 3DS update by d0k3
    # explanations:
    # NUS -> Nintendo Update Server or Net Update SOAP
    # CDN -> Content Delivery Network
    # ECS -> ECommerce SOAP
    # IAS -> Identity Authification SOAP
    # CAS -> CAtaloging SOAP
    # SOAP -> Simple Object Access protocol, http://en.wikipedia.org/wiki/SOAP
    # NintendoWifi.net -> Nintendos dedicated 3DS domain
    # these domains check and host the update (important!)  nus.c.shop.nintendowifi.net  nus.cdn.c.shop.nintendowifi.net
    # this is a connection test (uncomment to make the connection test fail)
    #  http://conntest.nintendowifi.net/
    # eShop specific stuff (might as well get rid of that too!)
    #  ecs.c.shop.nintendowifi.net
    #  cp3s-auth.c.shop.nintendowifi.net
    # what follows is the overkill list, this might disable stuff you actually
    # wanted to keep using. Uncomment if you're feeling adventurous.
    #  cas.c.shop.nintendowifi.net
    #  ccs.c.shop.nintendowifi.net
    #  ccs.cdn.c.shop.nintendowifi.net
    #  ias.c.shop.nintendowifi.net
    #  pls.c.shop.nintendowifi.net
    #  npul.c.app.nintendowifi.net
    #  cp3s.cdn.nintendowifi.net
    #  eou.cdn.nintendowifi.net
    #  npdl.cdn.nintendowifi.net
    I also attached the text above in a text file to this post. If you take a closer look, you see that only two entries (the Nintendo Update Server ones) are actually blocked, everything else is in #comments. Feel free to test removing the comment #signs on the other entries if you are tech savy enough.

    More detailed instructions on editing the hosts file are found here.

    [2] Setting up the virtual WiFi network

    Download the attached file 'start_wifi.txt', open it in notepad and change wifiname and password (in the second line of the file) to something of your liking. The content of 'start_wifi.txt' is shown below.
    :: (at)echo off
    netsh wlan set hostednetwork mode=allow ssid=wifiname key=password
    netsh wlan start hostednetwork
    netsh wlan stop hostednetwork
    Once you're done, save your changes, close notepad and rename 'start_wifi.txt' to 'start_wifi.bat'. Right click 'start_wifi.bat' -> run as administrator. Minimize the window that comes up. Your virtual WiFi network is running now, but it has no internet access. To enable it, the following steps must be done only once, afterwards you may start your internet enabled virtual WiFi hotspot via the bat file only.

    [​IMG] [​IMG]
    Go to Control Panel -> Network and Internet -> Network and Sharing Center. Click on 'Change adapter settings'. In there, make a mental note of the name of virtual WiFi network ('Wirelss Network Connection 2' in the screenshot above, it also always has 'Microsoft Virtual WiFi...' in the last line). Select your working internet connection (might be ethernet or WiFi). Right click -> Properties -> Sharing. Enable the first option on top (see the screenshot above) and select your virtual WiFi network. Click the 'OK' button and you're done.

    More detailed instructions an setting up the virtual WiFi are found here. This page also provided the screenshots, thank you!

    [3] Connecting your 3DS to the virtual WiFi network and testing your connection

    Connect your 3DS to the virtual WiFi network as usual. Use the automatic setup and leave everything on auto, especially the DNS. Try the 3DS web browser and test if you can access Google. If yes, the virtual WiFi and the internet access work. Now, try to access the eShop, which will try to connect to the Nintendo Update Server. If you get an error message right at the beginning, the blocking also works.

    [Q1] What works, what doesn't?

    What doesn't work:
    • Updating the 3DS FW (you wouldn't have guessed...)
    • eShop, as that won't start unless it could check for an update first
    • System Data Transfer, for the same reasons
    • Anything that requires access to the update servers.
    What works:
    • Browsing the internet
    • Playing online (get informed about public vs private headers first!)
    • etc....
    Basically, everything that is not in the 'doesn't work' list will work.

    [Q2] Can I homepass with that?

    Just skip steps [2] and [3] (yup, that means only step [1] for you) and use duke_srg's superb homepass script with your update blocking hosts file. You just need to make sure that:
    • No virtual WiFi router is running on your computer (duke_srg's script handles that)
    • There's only one WiFi adapter in your computer and the internet is provided by a wired connection
    • Your 3DS is not connected to any other network and WiFi is on
    For more instructions check out duke_srg's guide!

    [Q3] So, how safe is this?

    I personally tested accessing eShop and System Data Transfer with this. As expected, both failed to connect to the update server and didn't start up. I also left my 3DS connected and in standby for an extended period of time to try and see if the update will be downloaded via Spotpass. It didn't. User solveig also succesfully tested my method. So, all in all, sounds pretty safe to me.

    There's still one thing that we both understandably (we are on SysNAND) are too scared about and haven't tested yet: actually initializing the update via System Settings. I need a tester for this. If you are on EmuNAND and also have a recent backup of your EmuNAND, could you try (from your EmuNAND of course) and write about how it worked out?

    Attached Files:

  2. d0k3

    d0k3 3DS Homebrew Legend

    Dec 3, 2004
    Just a small update, added a paragraph about homepass via duke_srg's script.

    BTW: blocking the update server via hosts file should work on (basically all) other OS as well, but I can't help with setting up a virtual router anywhere but on Windows 7/8/8.1. Maybe someone wants to test and give some feedback?
    Margen67 likes this.
  3. Scytheri0n

    Scytheri0n Advanced Member

    Mar 5, 2015

    This is going to come in very useful! :D XZone doesn't support this yet (because the way XZone works, it doesn't respect OS X's hosts file :glare:) but it will eventually! (It's on the roadmap at least! :P)
  4. solveig

    solveig Member

    Oct 4, 2014
    Serbia, Republic of
    gee, so many people eager to test, it's amazing.
    well, I tried to update from settings being on emunand and again, error happened. meaning, it's safe. goodbye nintendo update.
    Margen67 and Scytheri0n like this.
  5. felipejfc

    felipejfc GBAtemp Regular

    Mar 21, 2015
    Just for you guys to know, there is a much better and simple way of doing that, block these entries directly in your router or modem!
    I've used parental control of my modem to block


    I also tested with contest and as expected, test failed.
    SMOKE and Scytheri0n like this.
  6. d0k3

    d0k3 3DS Homebrew Legend

    Dec 3, 2004
    Of course it doesn't matter at which point you block access to the update domains. However, many of us are on a shared internet connection and / or don't have access to the router. In my case, I'm even on a MAC-whitelisted network, so my method doubles as giving my 3DS an actual connection to the net, which I otherwise wouldn't have.
  7. jengablock15

    jengablock15 Member

    Dec 7, 2016
    United Kingdom
    somewhere near my school
    Every time I try step 2 on a Windows 10 laptop the bat file gives me an error: "The hosted network couldn't be started. The group or resource is not in the correct state to perform the requested operation."

    And yes I did run it as administrator...