I tried to use my netgear firewall and I do not feel confident that those are working; i only know that it is blocking the amzdigitaldownloads.edgesuite.net site, the other two shows as unavailable not as blocked and montoya-ota can be searched at google. Opendns is not available thanks to my provider.
I tried to use sideloaded firewalls and blockers but those look for a com.android.vpndialogs.apk that is not present in the AFSTV. Can it be added to make those apps usable?
My 360 antivirus says that the AFSTV has a mms vulnerability. Is that vulnerability update related?
Thanks for your replies: good:
i used the built in netgear firewall to block them when i was setting up my fire tv box and when it tried to dl the updates it wasnt able to so you should be fine
@Bellmig said:
I tried to use my netgear firewall and I do not feel confident that those are working; i only know that it is blocking the amzdigitaldownloads.edgesuite.net site, the other two shows as unavailable not as blocked and montoya-ota can be searched at google. Opendns is not available thanks to my provider.
I tried to use sideloaded firewalls and blockers but those look for a com.android.vpndialogs.apk that is not present in the AFSTV. Can it be added to make those apps usable?
My 360 antivirus says that the AFSTV has a mms vulnerability. Is that vulnerability update related?
Thanks for your replies: good:
Click to expand...
Click to collapse
It's fairly common for routers to be unable to block updates.amazon.com and softwareupdates.amazon.com because the Fire TV does not use HTTP to communicate with those domains and many routers can only block HTTP communication.
I wouldn't worry about it too much as long as you are sure amzdigitaldownloads.edgesuite.net is blocked. Blocking only that domain is sufficient. The other two domains and the keyword block are just backups incase Amazon changes the update files to come from a domain other than amzdigitaldownloads.edgesuite.net.
Try to download one of the update files from AFTVnews.com/software and if it gets blocked, then you know your amzdigitaldownloads.edgesuite.net block is working.
Sideloaded/software firewalls are not reliable since they usually won't detect/block the update file if it comes from one of Amazon's CDN servers, which is often the case.
I find my asus router does block updates but you only know it when testing by trying the direct download links.
AFTVnews.com said:
It's fairly common for routers to be unable to block updates.amazon.com and softwareupdates.amazon.com because the Fire TV does not use HTTP to communicate with those domains and many routers can only block HTTP communication.
I wouldn't worry about it too much as long as you are sure amzdigitaldownloads.edgesuite.net is blocked. Blocking only that domain is sufficient. The other two domains and the keyword block are just backups incase Amazon changes the update files to come from a domain other than amzdigitaldownloads.edgesuite.net.
Try to download one of the update files from AFTVnews.com/software and if it gets blocked, then you know your amzdigitaldownloads.edgesuite.net block is working.
Sideloaded/software firewalls are not reliable since they usually won't detect/block the update file if it comes from one of Amazon's CDN servers, which is often the case.
Click to expand...
Click to collapse
If I block all three sites/domains suggested on your site through openDNS netflix will not work, it opens with a error message. I might try blocking just amzdigitaldownloads.edgesuite.net but given that I am not rooted at the moment and on the most recent firmware I'm not sure it is worth doing.
My stick unfortunately shipped with the 54.1.0.1_user_101016220 update already installed. I blocked further Amazon updates through my router but then I stupidly hooked the stick up at my parent's house where the block is not in place. The stick downloaded the update and now it keeps telling me it will update when not in use. I pulled the power and left it. Is there a way to delete what it downloaded or to prevent the update from installing at this point?
Related
Hi
I seem to have hit a bit of bad luck.
I have ATT Uverse with their 3800HGV-B Gateway, and a Netgear WNDR4300 behind it. As Uverse gateway wouldn't block the amzdigitaldownloads.edgesuite.net, softwareupdates.amazon.com domains, I "blocked" them on the Netgear router, and AFTV is connected via Ethernet to the Netgear box.
I ordered AFTV from Staples and was lucky to get a rootable version (v620), the above blocking was not effective and v820 got downloaded but didn't autoinstall. I went ahead and Rooted it using AFTV Utility, and made a mistake!! of not disabling OTA updates on AFTV. I was make a mistake and clicked in the OTA menu and lost all root
I tried another AFTV box, and this installed OTA and went straight to v520. I have used AFTV Utlity to block further updates hoping it might be easier to get Root on this version than v820.
My "blocking" on Netgear router is clearly not working.
I MAY give this another try w/ a new AFTV order but need to know how to block the sites using Uverse Router. I would really like to get a Rootable AFTV, as I want to have XBMC assessable via the home page, pair my Wii Remotes, etc.
Is there anyway to determine the stock FW version based on AFTV DSN Number.
Any guidance would be most appreciated.
I really want the Root
Umm, ~200 views and no replies. I hope soem guru chimes in
First off, you should ask questions in the q&a forum. You get better results. But hold on, let me find my spoon...I don't use a netgear router so I can't tell u exactly what to do but you can probably Google it. On the router, you would need to look for parental controls or firewall areas. Use key word blocking or url blocking and block the required sites. They are listed around this forum somewhere. Then before you even power up your firetv, use your computer and try and download the software updates from Amazon. If you have your router set up correctly it should give you an error and not let you get them.
Edit: quick Google search turned up this: http://forum.xda-developers.com/showthread.php?t=2760884
Thanks for taking the time to post a reply. The issue I have is wrt the interaction of UVerse Gateway and the 2nd Netgear Router behind it. As DNS is still handled by Uverse, (I think) Netgear router is not able to block it. I have that part configured. I will try and block the additional URL in the thread. Thanks again.
Legolas2 said:
Thanks for taking the time to post a reply. The issue I have is wrt the interaction of UVerse Gateway and the 2nd Netgear Router behind it. As DNS is still handled by Uverse, (I think) Netgear router is not able to block it. I have that part configured. I will try and block the additional URL in the thread. Thanks again.
Click to expand...
Click to collapse
I don't use UVerse but I have a similar setup with a router behind a gateway. Can't you disable DNS on the gateway and configure the router to handle DNS?
I can't offer specifics on UVerse as I don't use it but on mine I just turn off DNS on the gateway and let my router handle it.
The easy way to do it is to open a free account on opendns.com and block from there. After root, follow this guide: http://www.aftvnews.com/how-to-block-ota-update-for-amazon-fire-tv-and-keep-root-access/
Do you have DD-WRT installed on your Netgear? If so, I have the same setup (except I have a Time Warner cable in place of Uverse). Using the the DNSMasq on my Netgear does prevent DNS lookups. I can confirm that with my setup. The Netgear does not need to pass through the DNS look-up further upstream if you properly set up your Masq options in DD-WRT. I have used 2 routers with DD-WRT setup and both have worked as intended.
The reason I can say that it works is that my updates were blocked, but more importantly, any pings to the the blocked addresses from my laptop (hooked to the same Netgear router) results in the bogus IP I put (127.0.0.1). One thing you want to make sure to test your setup is to make sure that you ping it on a computer and make sure that you don't have any static DNS entries for your network adapter on your machine that you are testing with.
If you have DD-WRT installed or plan to install it, please update the thread and I can post some pictures of my setup.
jmerrilljr2 said:
The easy way to do it is to open a free account on opendns.com and block from there. After root, follow this guide: http://www.aftvnews.com/how-to-block-ota-update-for-amazon-fire-tv-and-keep-root-access/
Click to expand...
Click to collapse
Bingo. I had to do this when my router blocks were not working. Before I even plugged in my FTV, I tested the update web addresses in my browser. If I hadn't of done that, then I would've thought that my router block was working and lost root as soon as I plugged it in. Instead, I saw that my router blocks were eff'd, and signed up for OpenDNS. Confirmed the blocks in my browser...THEN, I plugged in the FTV for the first time.
Anytime you only get one shot at something, you really want to make sure that you get it right and don't miss.
Now that Staples has AFTV down to $84, I will try my luck again and use OpenDNS setup. Hopefully I can get a "rootable" FW version out of the box.
BTW, Uverse Gateway sucks
Legolas2 said:
Now that Staples has AFTV down to $84, I will try my luck again and use OpenDNS setup. Hopefully I can get a "rootable" FW version out of the box.
BTW, Uverse Gateway sucks
Click to expand...
Click to collapse
I took a look at a pdf of your 3800HGV-B Gateway modem and it apparently does bridge mode.
Bridge mode will make it act like a modem only, and let your router take care of DNS & all the other settings. It's how I have my home set up (I have comcast though, different hardware), as in my experience the modem/routers you get from your ISP usually sucks.
Might want to take a look into that.
nyder said:
I took a look at a pdf of your 3800HGV-B Gateway modem and it apparently does bridge mode.
Bridge mode will make it act like a modem only, and let your router take care of DNS & all the other settings. It's how I have my home set up (I have comcast though, different hardware), as in my experience the modem/routers you get from your ISP usually sucks.
Might want to take a look into that.
Click to expand...
Click to collapse
Thanks Nyder. I managed to get 3800HGV into bridge mode and was able to block the Amazon sites from my computer. Will get to installing the new Fire TV (hopefully, it is rootable).
I wish AT&T had made this easy, it was PITA to get it working, w/ multiple factory resets needed to get it done right.
I recently got a UK Fire TV so I can't root it, but I still want to block updates just in case.
I'm running a TP-Link WDR3600 with DD-WRT and I have set it to block the three URLs* using the devices static IP and MAC address.
However, when I go to the "check for system update" option it still lists the last check as 'today'.
I did additional tests using firefox on the device itself and it can block URLs (for this test Google) but I'm not sure whether the updates are blocked.
For now I've disconnected it just in case and OpenDNS isn't an option for me as I have a shared IP address.
*:
firs-ta-g7g.amazon.com
softwareupdates.amazon.com
amzdigitaldownloads.edgesuite.net
from what i read blocking the update URLs is useless, you might as well let it update and wait for a new root procedure.
DEREKTROTTER said:
from what i read blocking the update URLs is useless, you might as well let it update and wait for a new root procedure.
Click to expand...
Click to collapse
Not true. Just go to the URL in your browser and see if your router stops you. Mine didn't, so I setup an OpenDNS account. That worked.
OpenDNS also worked great for me as well.
Using a VPN kills the OpenDNS block on the Amazon updates, so make sure you do the internal block if you plan on using a VPN.
retroben said:
OpenDNS also worked great for me as well.
Click to expand...
Click to collapse
Thanks for the responses, unfortunately OpenDNS isn't really an option since I live in a flat where we share a connection/IP address.
So I guess I'm just going to have to risk it then or maybe look up alternatives.
In case I do try something, what is the way to tell? Does it just pop up with an error message?
tech3475 said:
Thanks for the responses, unfortunately OpenDNS isn't really an option since I live in a flat where we share a connection/IP address.
So I guess I'm just going to have to risk it then or maybe look up alternatives.
In case I do try something, what is the way to tell? Does it just pop up with an error message?
Click to expand...
Click to collapse
If you give the fire tv a static ip address, you have to manually fill in the dns servers.
rbox said:
If you give the fire tv a static ip address, you have to manually fill in the dns servers.
Click to expand...
Click to collapse
The problem is not how I'd set it up but that it could cause other issues, for example, if someone else uses opendns to block something which I want.
tech3475 said:
The problem is not how I'd set it up but that it could cause other issues, for example, if someone else uses opendns to block something which I want.
Click to expand...
Click to collapse
Can you guys not talk to each other to figure out a plan that works for all?
spyder3 said:
Can you guys not talk to each other to figure out a plan that works for all?
Click to expand...
Click to collapse
No, it would be impractical if not impossible where I am.
In the end I decided to give it a shot anyway, just have to hope I'm the only one using opendns.
So far so good.
DEREKTROTTER said:
from what i read blocking the update URLs is useless, you might as well let it update and wait for a new root procedure.
Click to expand...
Click to collapse
I did a lot of tests to day (UK fire tv)
you get different IP for that URL depending on what DNS you use unblockus,google,isp etc etc
so im not sure I think its all in the lap of the gods
I am so poised on smashing this thing up :¬) I will enjoy it
tech3475 said:
I recently got a UK Fire TV so I can't root it, but I still want to block updates just in case.
I'm running a TP-Link WDR3600 with DD-WRT and I have set it to block the three URLs* using the devices static IP and MAC address.
However, when I go to the "check for system update" option it still lists the last check as 'today'.
I did additional tests using firefox on the device itself and it can block URLs (for this test Google) but I'm not sure whether the updates are blocked.
For now I've disconnected it just in case and OpenDNS isn't an option for me as I have a shared IP address.
*:
firs-ta-g7g.amazon.com
softwareupdates.amazon.com
amzdigitaldownloads.edgesuite.net
Click to expand...
Click to collapse
All settings on DD-WRT:
Go to Settings. Under that make sure your tab is again "Settings".
Under the subsection DNSMasq, put these options.
DNSMasq: Enable
Local DNS: Disable
No DNS Rebind: Enable
Additional DNSMasq Options: Copy these 4 lines and paste into that textbox.
#block amazon firetv update
address=/amzdigitaldownloads.edgesuite.net/127.0.0.1
address=/softwareupdates.amazon.com/127.0.0.1
strict-order
Also, refer to the PDF file. Look at the section "Network Setup". Within that look at "Router IP" and "DHCP". Change your private subnet to whatever you wish to use, mine is 192.168.5.0/24.
Once you have the setup, reboot your router. Next, reboot your computer and ping one of the above DNS address. You should get a reply back from "127.0.0.1". Next reboot your FTV and verify.
I have the same setup and works for me.
NOTE: MY TIME WARNER MODEM/ROUTER IS IN BRIDGED MODE. Meaning, it is a simple pass through and all router related functionality is disabled. Works solely as a dumb modem.
NOTE: Simple URL blocking is not sufficient. That ONLY blocks HTTP access, not HTTPS.
Thanks, that seems to have done the trick.
Wi-fi vs Ethernet (IP Addresses)
Hi All,
I recently notice that when I switched the Amazon Fire TV from Ethernet connection to wi fi, the ip address changed. Once the IP address is assigned to each connection it remains the same for that connection I am sure most of you knew this but in case someone didn't.
For now have I blocked OTP on both ip address using adb. My question if i switched connection between wi-fi and Ethernet, do i have to block the amazon updates each time i switched the connection?.
Also what is the adb command to verify if amazon updates are blocked? I know how to block the updates but is there another command to just check to ensure amazon updates are blocked?
Thank you
ashsha7877 said:
Hi All,
I recently notice that when I switched the Amazon Fire TV from Ethernet connection to wi fi, the ip address changed. Once the IP address is assigned to each connection it remains the same for that connection I am sure most of you knew this but in case someone didn't.
For now have I blocked OTP on both ip address using adb. My question if i switched connection between wi-fi and Ethernet, do i have to block the amazon updates each time i switched the connection?.
Also what is the adb command to verify if amazon updates are blocked? I know how to block the updates but is there another command to just check to ensure amazon updates are blocked?
Thank you
Click to expand...
Click to collapse
It doesn't remain the same unless you created a static ip. So even if you remain on the same Ethernet connection you will be assigned a new one from time to time. Not usually a big deal unless you're using that device as a server OR you're frequently sideloading apks or pushing zips to that device (you might want static for aftv)
It sounds like you already disabled updates through adb shell? If so once you entered it the terminal/command prompt will return new state "disabled", no need to try and verfify further but you can just disable them again.
Fyi--you might benefit by going to aftvnews and reading the starters guide. There's lots of other info as well.
Solved
KLit75 said:
It doesn't remain the same unless you created a static ip. So even if you remain on the same Ethernet connection you will be assigned a new one from time to time. Not usually a big deal unless you're using that device as a server OR you're frequently sideloading apks or pushing zips to that device (you might want static for aftv)
It sounds like you already disabled updates through adb shell? If so once you entered it the terminal/command prompt will return new state "disabled", no need to try and verfify further but you can just disable them again.
Fyi--you might benefit by going to aftvnews and reading the starters guide. There's lots of other info as well.
Click to expand...
Click to collapse
I have tested this, once you block the OTA updates on the amazon fire tv using adb command pm disable com.amazon.dcp and You should see the message: “Package com.amazon.dcp new state: disabled”, the fire TV will not get updates regardless of the IP address.
However, it is always safer to block OTA updates with your router and thru adb when IP address does changes.
Thankyou
ashsha7877 said:
I have tested this, once you block the OTA updates on the amazon fire tv using adb command pm disable com.amazon.dcp and You should see the message: “Package com.amazon.dcp new state: disabled”, the fire TV will not get updates regardless of the IP address.
However, it is always safer to block OTA updates with your router and thru adb when IP address does changes.
Thankyou
Click to expand...
Click to collapse
Yes. Sorry. Once you disable them you're done with that box--no need to pm disable again. That applies to any network you connect to, doesn't matter. You could go to your friends house in another state, hookup aftv and they are still disabled.
This is different than blocking from the router. If you do that and don't pm disable then you WILL receive updates if connecting to a new network. Plus you could still get updates if Amazon uses a different domain. I only block updates on the router if I'm trying to root a new box then when it's rooted with cwm installed and updates disabled, I stop blocking them on the router. I find its not necessary, but some people keep them blocked.
In my first reply I was mainly trying to clear up any confusion related to ip addresses and the difference between static and dhcp. But good to hear you seemed to have figured it out.
Finally gained access to my isp's router to add urls for blocking updates to the AFTV. The router is asking for port #s too, not just urls.
By default it puts in 80. When I tried to access those urls the two notification urls seem to be blocked, but the critical one
amzdigitaldownloads.edgesuite.net is responding when I tested it. Giving me a too busy to answer message.
I am assuming that it is not actually blocked. Does anyone know what the port # is?
dropcheck said:
Finally gained access to my isp's router to add urls for blocking updates to the AFTV. The router is asking for port #s too, not just urls.
By default it puts in 80. When I tried to access those urls the two notification urls seem to be blocked, but the critical one
amzdigitaldownloads.edgesuite.net is responding when I tested it. Giving me a too busy to answer message.
I am assuming that it is not actually blocked. Does anyone know what the port # is?
Click to expand...
Click to collapse
Not too sure why your router's UI is asking for port numbers. The HTTP protocol works over 80 and HTTPS works over 443. You should block both (as I am not sure if update checking and downloading works over HTTP or HTTPS).
There is one other thing that might be of concern to you, thought it might not be an immediate concern (somebody can look at the source code to see if Amazon is upto something). But, if I were Amazon, I would dynamically push a port (or plural) down to FTV (maybe during initial connection for credentials verification) and do the update song and dance over a non-standard port(s). If they do something like that, you will be SOL with particular port(s) blocking. But I have not read that it happening....
Again, this is the first time I have heard that URL blocking needing a port number... Make sure you are in the right menu on your router as a CYA.
What isp and router are you using?
It's a local telco. The rtr is a Comtrend CT-5374.
Maybe try opening a free account at opendns.com.
I following this article on AFTVnews to block url string "montoya-ota" on my router, but my FireTVstick still found and installed the latest update 54.1.1.0 .......... and yes, I have verified with other url string that this blocking method does work on my router.
So now I have the latest FireTVstick firmware installed, not really a big deal but just wonder if other blocking methods still works, if so, let me know which as I'd still like to have control on if I want an update from Amazon or not
I used this part of that same guide
"If your router is capable of blocking access to specific domains, set it to block the following 3 domains:
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com"
And that blocks updates to my Fire TV Stick and Fire TV.
forty0z310 said:
I used this part of that same guide
"If your router is capable of blocking access to specific domains, set it to block the following 3 domains:
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com"
And that blocks updates to my Fire TV Stick and Fire TV.
Click to expand...
Click to collapse
Thanks, I will configure my router to block those 3 URL's
Are there any side-effect with blocking those ? Like any problems with upgrading Apps and/or playing Amazon Prime movies, etc ?
lowbee said:
Thanks, I will configure my router to block those 3 URL's
Are there any side-effect with blocking those ? Like any problems with upgrading Apps and/or playing Amazon Prime movies, etc ?
Click to expand...
Click to collapse
I haven't ran into any problems.
lowbee said:
I following this article on AFTVnews to block url string "montoya-ota" on my router, but my FireTVstick still found and installed the latest update 54.1.1.0
Click to expand...
Click to collapse
Sorry guys, false alarm. I figured out what was wrong.
My router was blocking URL string "montoya-ota" for non-VPN traffic OK; however, I just realized that the router isn't blocking VPN traffic for the FireTV stick where all its data is passing thru a VPN tunnel. Duh :silly: Good thing I used pm disable com.amazon.dcp on my other FireTV boxes.