A few weeks back we saw his PS4 Ghosts RTE Mod Tool, and now @Modded Warfare is back with a guide on how to block PS4 updates on any PlayStation 4 Firmware from his YouTube Channel. 
Those seeking a similar block list that covers more host names can also check HERE, and to quote from the video's caption: How to Block PS4 Updates On Any Firmware
How to simply block PS4 updates from being downloaded to your PS4 when you launch games or connect to the Internet.
DNS Addresses:
If these addresses don't work please follow from 13:28 on the video. If your PlayStation 4 updates are blocked you'll receive a SU-30696-4 PS4 error code.
Download: Wireshark
Additional Sony servers to block are also posted HERE covering more host names and regions, or see here if you're looking to Update to a Specific PS4 Firmware but not Sony's latest PlayStation 4 OFW.
How to manually BLOCK any system firmware update PERMANENTLY on your modded PS4
On PS4, blacklist http://crepo.ww.dl.playstation.net using proxy/DNS. This is the crash reporter.
So I feel like I need to address this specifically because there is an incredible amount of incorrect info being passed around, especially here.
DNS
My Internet isn't working using the DNS, is the DNS your host down?
No, the DNS server are both up and running. Request forwarding is currently disabled, due to it being abused. Connection tests will pass and will allow access to the exploit host that's running on the same server. You can also access resources directly by IP address.
When will forwarding work again?
I'm not sure. I'm working on a solution, but there are hundreds of thousands of IPs abusing it that aren't all in the same blocks so it's hard to squash it without blocking real users who are using it for it's intended purposes.
Will my console update if I'm using a DNS and it's down?
No, domain names simply won't resolve. You'll essentially be unable to visit any website via a named domain (Vs a raw IP).
The DNS isn't working. Updates come through, the user's manual is the official one, etc. what gives?
If you are sure you have the IP addresses set correctly, then your ISP is hijacking your DNS requests before it reaches the desired DNS server and is redirected to servers your ISP control. There are multiple reasons they do this: Trying to make your name resolution faster, censorship, spying, etc. You can call and ask them to stop, believe it or not some do so on request. If that doesn't work you will have to self host. You can try the following commands on a computer on the same network to confirm your ISP is hijacking requests:
Why use the DNS?
Lots of reasons:
Self hosting is by far the best option even if it's less convenient that just putting in a few numbers on your PlayStation. You can host on an ESP device, RaspberryPi, PC, etc. The best solution for 9.00 is an SBC (Like ESP) that supports USB-OTG so it can emulate a flash drive for the exploit to remove the need to plug/unplug a device manually. You can easily host on your PC using one of these methods as well, Docker is better, Python if you have to, and between the two you should have all the information you need to make a custom solution:
Updates
What about other update blocking methods?
There is way more than one way to block updates... All of them have pros and cons and there isn't a "one size fits all. You should likely use more than one method.
Do you just have a list of domains I should block?
Kinda, you can see a file with a list of domains that I use to generate the real list here. You need to have some sort of wildcard blocking to block entire domains, while allowing other to be redirected/pass through. Not all routers/systems allow this. Currently I use Bind and it can be configured to function 100% as desired. I’ll work on adding options for the list compiler script to make configuration files for other applications like PiHole (Temporary, 99% working PiHole config here).
Why not just wildcard block everything?
If you were going to wildcard block everything you may as well just stay offline. The purpose of selectively blocking/hijacking is to allow the most usability while blocking only what’s necessary.
I used an old blocklist (or a blocklist someone else posted) am I still good to go?
No, a majority of the published blocklists do not block certain domains by wildcard, yet do not list every domain individually. Like literally not one is actually correct. Depending on region/language they don’t even block updates properly. Add to this they block CDNs that may break streaming apps or online features that may otherwise work, or domains that aren’t even actually contacted as they are part of a chain. Even after giving feedback every time I see them posted the same people keep re-posting them. THEY ARE WRONG, please fix them or at least stop linking them.
Changelog
Those seeking a similar block list that covers more host names can also check HERE, and to quote from the video's caption: How to Block PS4 Updates On Any Firmware
How to simply block PS4 updates from being downloaded to your PS4 when you launch games or connect to the Internet.
DNS Addresses:
- fuk01.ps4.update.playstation.net
- duk01.ps4.update.playstation.net
- fus01.ps4.update.playstation.net
- al02.cdn.update.playstation.net
- a01.cdn.update.playstation.org.edgesuite.net
- playstation.sony.akadns.net
- a192.d.akamai.net
- Al Azif's PS4 Exploit Host Block List:
Code:
{
"Debug": false,
"Root_Check": true,
"Public": false,
"DNS": true,
"HTTP": true,
"DNS_Interface_IP": "",
"DNS_Port": 53,
"HTTP_Interface_IP": "",
"HTTP_Port": 80,
"Compression_Level": 0,
"UA_Check": false,
"Theme": "Default",
"Auto_Payload": "",
"Payload_Timeout": 60,
"DNS_Rules": {
"Redirect_IP": "",
"Redirect": [
"^the\\.gate",
"^www\\.playstation\\.com",
"^(manuals|update)\\.playstation\\.net",
"^(get|post|ena|update)\\.net\\.playstation\\.net",
"^(d|f|h)[a-z]{2}01\\.(ps4|ps5|psp2|psv)\\.update\\.playstation\\.net",
"^ctest\\.cdn\\.nintendo\\.net",
"^conntest\\.nintendowifi\\.net"
],
"Block": [
"^(.*\\.)?playstation\\.(com|net|org)",
"^(.*\\.)?scea\\.com",
"^(.*\\.)?sonyentertainmentnetwork\\.com",
"^(.*\\.)?nintendo\\.(net|at|be|ch|co\\.jp|co\\.kr|co\\.nz|co\\.uk|co\\.za|com|com\\.au|com\\.hk|cz|de|dk|es|fi|fr|gr|hu|it|jp|nl|no|pt|ru|se|tw)",
"^(.*\\.)?nintendo-europe\\.com",
"^(.*\\.)?nintendoswitch.(cn|com|com\\.cn)"
],
"Pass_Through_IP": []
},
"Valid_UA": [],
"Update": {
"PS4_No_Update": 1.76,
"Vita_No_Update": 0.00
},
"Languages": {
"English": "en"
}
}Download: Wireshark
Additional Sony servers to block are also posted HERE covering more host names and regions, or see here if you're looking to Update to a Specific PS4 Firmware but not Sony's latest PlayStation 4 OFW.
How to manually BLOCK any system firmware update PERMANENTLY on your modded PS4
On PS4, blacklist http://crepo.ww.dl.playstation.net using proxy/DNS. This is the crash reporter.
Code:
# Title: ps4_dns_block/phoanglong
#
# This hosts file is a merged collection of hosts from depressive_monk
# to disable any update from ps4. I'm just creating GitHub Raw Hosts data so everyone can use
# This work is by depressive_monk, please give all the credit to him
# https://www.reddit.com/user/depressive_monk/
# Date: 26 May 2021
#
# ===============================================================
0.0.0.0 dau01.ps4.update.playstation.net
0.0.0.0 dbr01.ps4.update.playstation.net
0.0.0.0 dcn01.ps4.update.playstation.net
0.0.0.0 deu01.ps4.update.playstation.net
0.0.0.0 dhk01.ps4.update.playstation.net
0.0.0.0 djp01.ps4.update.playstation.net
0.0.0.0 dkr01.ps4.update.playstation.net
0.0.0.0 dmx01.ps4.update.playstation.net
0.0.0.0 dru01.ps4.update.playstation.net
0.0.0.0 dsa01.ps4.update.playstation.net
0.0.0.0 dtw01.ps4.update.playstation.net
0.0.0.0 duk01.ps4.update.playstation.net
0.0.0.0 dus01.ps4.update.playstation.net
0.0.0.0 fau01.ps4.update.playstation.net
0.0.0.0 fbr01.ps4.update.playstation.net
0.0.0.0 fcn01.ps4.update.playstation.net
0.0.0.0 feu01.ps4.update.playstation.net
0.0.0.0 fhk01.ps4.update.playstation.net
0.0.0.0 fjp01.ps4.update.playstation.net
0.0.0.0 fkr01.ps4.update.playstation.net
0.0.0.0 fmx01.ps4.update.playstation.net
0.0.0.0 fru01.ps4.update.playstation.net
0.0.0.0 fsa01.ps4.update.playstation.net
0.0.0.0 ftw01.ps4.update.playstation.net
0.0.0.0 fuk01.ps4.update.playstation.net
0.0.0.0 fus01.ps4.update.playstation.net
0.0.0.0 hau01.ps4.update.playstation.net
0.0.0.0 hbr01.ps4.update.playstation.net
0.0.0.0 hcn01.ps4.update.playstation.net
0.0.0.0 heu01.ps4.update.playstation.net
0.0.0.0 hhk01.ps4.update.playstation.net
0.0.0.0 hjp01.ps4.update.playstation.net
0.0.0.0 hkr01.ps4.update.playstation.net
0.0.0.0 hmx01.ps4.update.playstation.net
0.0.0.0 hru01.ps4.update.playstation.net
0.0.0.0 hsa01.ps4.update.playstation.net
0.0.0.0 htw01.ps4.update.playstation.net
0.0.0.0 huk01.ps4.update.playstation.net
0.0.0.0 hus01.ps4.update.playstation.net
0.0.0.0 a01.cdn.update.playstation.org.edgesuite.net
0.0.0.0 a192.d.akamai.net
0.0.0.0 al02.cdn.update.playstation.net
0.0.0.0 apicdn-p014.ribob01.net
0.0.0.0 api-p014.ribob01.net
0.0.0.0 artcdnsecure.ribob01.net
0.0.0.0 asm.np.community.playstation.net
0.0.0.0 get.net.playstation.net
0.0.0.0 playstation.sony.akadns.net
0.0.0.0 post.net.playstation.net
0.0.0.0 ps4-eb.ww.np.dl.playstation.net
0.0.0.0 ps4updptl.eu.np.community.playstation.net
0.0.0.0 ps4updptl.jp.sp-int.community.playstation.net
0.0.0.0 ps4.updptl.sp-int.community.playstation.net
0.0.0.0 sf.api.np.km.playstation.net
0.0.0.0 themis.dl.playstation.net
0.0.0.0 tmdb.np.dl.playstation.net
0.0.0.0 t-prof.np.community.playstation.netDNS
My Internet isn't working using the DNS, is the DNS your host down?
No, the DNS server are both up and running. Request forwarding is currently disabled, due to it being abused. Connection tests will pass and will allow access to the exploit host that's running on the same server. You can also access resources directly by IP address.
When will forwarding work again?
I'm not sure. I'm working on a solution, but there are hundreds of thousands of IPs abusing it that aren't all in the same blocks so it's hard to squash it without blocking real users who are using it for it's intended purposes.
Will my console update if I'm using a DNS and it's down?
No, domain names simply won't resolve. You'll essentially be unable to visit any website via a named domain (Vs a raw IP).
The DNS isn't working. Updates come through, the user's manual is the official one, etc. what gives?
If you are sure you have the IP addresses set correctly, then your ISP is hijacking your DNS requests before it reaches the desired DNS server and is redirected to servers your ISP control. There are multiple reasons they do this: Trying to make your name resolution faster, censorship, spying, etc. You can call and ask them to stop, believe it or not some do so on request. If that doesn't work you will have to self host. You can try the following commands on a computer on the same network to confirm your ISP is hijacking requests:
- Windows: nslookup manuals.playstation.net 165.227.83.145
- Linux/OSX: dig manuals.playstation.net @165.227.83.145 +short
Why use the DNS?
Lots of reasons:
- The internet appears to function normally for connection tests.
- It blocks updates, both games and system updates.
- Blocks telemetry, revoking licenses, syncing data, etc.
- You can still use the console to browse the internet, stream, etc.
Self hosting is by far the best option even if it's less convenient that just putting in a few numbers on your PlayStation. You can host on an ESP device, RaspberryPi, PC, etc. The best solution for 9.00 is an SBC (Like ESP) that supports USB-OTG so it can emulate a flash drive for the exploit to remove the need to plug/unplug a device manually. You can easily host on your PC using one of these methods as well, Docker is better, Python if you have to, and between the two you should have all the information you need to make a custom solution:
Updates
What about other update blocking methods?
There is way more than one way to block updates... All of them have pros and cons and there isn't a "one size fits all. You should likely use more than one method.
- "Broken BD Drive" If you’re Blu-ray Disc Drive is broken the console will refuse to update to any firmware greater than 4.74. While this is annoying for some people it can be used as an update blocker itself. Your console cannot update if you unhook the BD drive, you can’t even restore from safemode with a broken BD drive. It literally requires an exploit with a purpose built payload to update from a console with a broken BD drive. Obviously you don’t want this if you have disc based games you still use and you need to open your console to do it. This also doesn’t stop game updates, which will break FPKGs as you’re installing a retail patch PKG on a FPKG.
- Stay offline completely. If you cannot connect to the internet you cannot update... That simple. However if you do connect it will automatically start doing stuff. You also can't use the internet for anything else, you'll have to connect at least once to cache an exploit. Within this category is using a SBC (ESP/RPi/etc) as a stand alone access point (No bridging).
- Block WAN access from an individual device (Your PS) on your router. Again no internet, but you can access your local IPs for hosting and can still FTP to the device from another local device.
- Selfhost, on a PC/SBC connected to the same network or using it as a bridge. This is basically the same as using the DNS, but you don’t have to worry about your ISP hijacking it and you’re in complete control of it. Using a SBC as a bridge you’ll likely run into an issue with upload/download speed unless you’re using something more beefy like a RPi.
- Using a DNS. Good, as long as your ISP isn’t hijacking your requests. Should allow you to use the device as normal while blocking updates, includes game updates (But you can still use PatchInstaller now). You should use in conjunction with at least one other method in case your ISP decides to be crappy one day as that’s out of your control. If you’re not selfhosting the DNS you’re at the mercy of whoever hosts it. Hosting an DNS service that’s open to the public can become a full time job to prevent abuse so don’t be surprised if they don’t last.
- Update blocker payload (Also applied every time GoldHEN runs). Prior to the 6.72 exploit this was a great option as it prevented the console from even downloading the update in the first place to the point some safe mode options wouldn’t even let you install PUPs. Now the console will delete the dummy files (After a KP, periodically, etc). Because you’re not actually looking at these dummy files constantly, you won’t know when they are gone. Doesn’t block game updates.
- Disabling updates in the official settings. This does not stop updates from downloading or nagging you to install said update after the download is complete. There is no reason not to disable updates from the official settings, but it honestly doesn’t do a lot. Doesn’t block game updates.
- Setting the environment to “sp-int” will “block” updates. The console has some sort of trigger that will set this back to “np” if this happens you’re console will try to update again. There are also other behind the scene issues you may run into periodically if you change this setting, for example game saves... It seems like a good option but honestly it’s not.
Do you just have a list of domains I should block?
Kinda, you can see a file with a list of domains that I use to generate the real list here. You need to have some sort of wildcard blocking to block entire domains, while allowing other to be redirected/pass through. Not all routers/systems allow this. Currently I use Bind and it can be configured to function 100% as desired. I’ll work on adding options for the list compiler script to make configuration files for other applications like PiHole (Temporary, 99% working PiHole config here).
Why not just wildcard block everything?
If you were going to wildcard block everything you may as well just stay offline. The purpose of selectively blocking/hijacking is to allow the most usability while blocking only what’s necessary.
I used an old blocklist (or a blocklist someone else posted) am I still good to go?
No, a majority of the published blocklists do not block certain domains by wildcard, yet do not list every domain individually. Like literally not one is actually correct. Depending on region/language they don’t even block updates properly. Add to this they block CDNs that may break streaming apps or online features that may otherwise work, or domains that aren’t even actually contacted as they are part of a chain. Even after giving feedback every time I see them posted the same people keep re-posting them. THEY ARE WRONG, please fix them or at least stop linking them.
Changelog
- 2023-12-03: First Draft
