# [UPDATE] Goldleaf 0.7 released



## x65943 (Aug 2, 2019)

Consistently impressed by xortroll's work ethic and progress


----------



## Kubas_inko (Aug 2, 2019)

Well done. Nice improvements. All I need now is the qlaunch replacement with folders which xortroll teased some time ago. Can't wait for that.


----------



## bodefuceta (Aug 2, 2019)

Goldtree is still hot garbage and for obsolete systems. I don't dislike goldleaf but ancient tinfoil 0.2.1 is still the best for usb installs.


----------



## SexiestManAlive (Aug 2, 2019)

honestly i think it should be like sx, where you can just connect a hard drive to the dock


----------



## bodefuceta (Aug 2, 2019)

SexiestManAlive said:


> honestly i think it should be like sx, where you can just connect a hard drive to the dock





RattletraPM said:


> Since USB drives' support (fsp-usb service in Atmosphere) is still being worked on, you can use this system with drives inserted in your PC in order to browse or install files from there.


----------



## gnmmarechal (Aug 2, 2019)

Nice to see!


----------



## JonJaded (Aug 2, 2019)

It's only right to expect we get the full release of Project Home tomorrow.


----------



## Nerdtendo (Aug 2, 2019)

Xortroll is consistently working for others in this community instead of his own glory. That can't be said about everyone and I commend you for that sir


----------



## leon315 (Aug 2, 2019)

Aluminium supports Multi-NSP usb install ages ago, don't know if this is the case of Goldleaf...........


----------



## LucasM3 (Aug 2, 2019)

Always good to see good work.


----------



## Jayro (Aug 2, 2019)

x65943 said:


> Consistently impressed by xortroll's work ethic and progress


I'm impressed that he's stuck with a project this long, without abandoning it like he did with his promising media players.


----------



## lemonadess (Aug 2, 2019)

After copying the new goldleaf.nro to my switch, the USB installation option didn't appear anymore. Am I missing anything?


----------



## waytoodeep03 (Aug 3, 2019)

Yea dont like the usb installation option was moved. 

This decreases usability and user experience. You should add it back to the main menu so people can just click one time to usb install or connect to the pc. Dont hide it in a folder.


----------



## weatMod (Aug 3, 2019)

"you can use this system with drives inserted in your PC in order to browse or install files from there."
 why not just say install files from  your PC over FTP it would make it a lot less confusing


----------



## uyjulian (Aug 3, 2019)

weatMod said:


> why not just say install files from  your PC over FTP it would make it a lot less confusing


because wireless is slower than wired


----------



## gizmomelb (Aug 3, 2019)

uyjulian said:


> because wireless is slower than wired



seriosuly?  what the fuck?  you know you can FTP over wireless as well right?  comms don't make a difference to applications if it's wired or wireless..  that really was a stupid and ignorant comment to make.

the only stupid and more confusing comment is Goldleaf talking about USB installs - when most people are going to be thinking you can plug in a USB stick or HDD and install from that, just like you can with SX OS.

Installing from a PC via a USB cable should more accurately be referred to as USB server install.


----------



## toxic9 (Aug 3, 2019)

So, do we still need Goldtree?


----------



## Ev1l0rd (Aug 3, 2019)

gizmomelb said:


> Installing from a PC via a USB cable should more accurately be referred to as USB server install.


I mean. Not really? That mangles the word server to mean something else entirely.


----------



## toxic9 (Aug 3, 2019)

what's the default setting for Ignore Required FW version?
Thanks


----------



## Clapmaster (Aug 3, 2019)

I'm getting install errors with some nsps saying that sigpatches are missing or my firmware is too low. These nsps installed with no problems with Goldleaf 0.5. I'm on firmware 8.1.0


----------



## weatMod (Aug 3, 2019)

gizmomelb said:


> seriosuly?  what the fuck?  you know you can FTP over wireless as well right?  comms don't make a difference to applications if it's wired or wireless..  that really was a stupid and ignorant comment to make.
> 
> the only stupid and more confusing comment is Goldleaf talking about USB installs - when most people are going to be thinking you can plug in a USB stick or HDD and install from that, just like you can with SX OS.
> 
> Installing from a PC via a USB cable should more accurately be referred to as USB server install.



"the only stupid and more confusing comment is Goldleaf talking about USB installs - when most people are going to be thinking you can plug in a USB stick or HDD and install from that, just like you can with SX OS."

yes that was exactly my point

"Installing from a PC via a USB cable should more accurately be referred to as USB server install"

wait is that what it means? you mean  this new goldleaf can do that , i though tit was just wireless transfer from a PC  where the  USB drive was plugged into the PC , you are saying  you  plug the PC into the USB  port on the switch and install from your PC not wirelessly?
 this whole thing is just really poorly explained


----------



## gizmomelb (Aug 3, 2019)

Ev1l0rd said:


> I mean. Not really? That mangles the word server to mean something else entirely.



not at all.. a device or application which serves files or applications to client devices or applications via a network is called a server.

pretty much the dictionary definition.

--------------------- MERGED ---------------------------



weatMod said:


> "the only stupid and more confusing comment is Goldleaf talking about USB installs - when most people are going to be thinking you can plug in a USB stick or HDD and install from that, just like you can with SX OS."
> 
> yes that was exactly my point



ok my apologies for misunderstanding what you were trying to convey.




weatMod said:


> "Installing from a PC via a USB cable should more accurately be referred to as USB server install"
> 
> wait is that what it means? you mean  this new goldleaf can do that , i though tit was just wireless transfer from a PC  where the  USB drive was plugged into the PC , you are saying  you  plug the PC into the USB  port on the switch and install from your PC not wirelessly?



installing NSP / XCI files stored on a PC (whether the files are on the main HDD or on external USB storage connected to the PC) to the switch via a USB cable has been around for quite a while now.

Even Goldleaf has been able to install from a PC with USB C cable with the GOLDTREE.EXE on the PC - see this video which is a month old - 


There are other USB host or server programs for PC, *nix and Mac (NUT and NS-USBLOADER being the main ones) and other Switch based NSP installers which all support installing direct over USB.

Now something which doesn't appear to have been explained is WHY would you want to install from USB on your PC?  Well your SD card can be FAT32 formatted and you can still install files larger than 4GB from the PC hard drive!  You install DIRECT to the Switch, it's not COPYING the file then installing (two step process) - it's just install direct from the PC as a 1 step process.

eg:  




weatMod said:


> this whole thing is just really poorly explained



that is absolutely correct.


----------



## SOLSTAR (Aug 3, 2019)

it just crashes here, pvrevious version worked flawlessly


----------



## goncalodoom (Aug 3, 2019)

Clapmaster said:


> I'm getting install errors with some nsps saying that sigpatches are missing or my firmware is too low. These nsps installed with no problems with Goldleaf 0.5. I'm on firmware 8.1.0


Same issue here.


----------



## blawar (Aug 3, 2019)

-snip-

Yeah I didn't understand that one either.  I think they are just trying to encourage him not to abandon it despite all of the issues by puffing him up with empty platitudes.

edit:  on some level, I get it.  how many active switch homebrew developers are there besides me?  So I can understand lying to him to try to encourage him to write more stuff.  I personally believe his work is more harmful to the scene than helpful, and wish I could pay him to not write software.

edi2:  just to clarify before anyone gives me shit.  Goldleaf 0.6 is a security nightmare, and now the nintendo switch is officially a malware vector to infect your PC due to extremely poor decision decisions (yet again) by xortroll.  Not only that, it is literally a backdoor for third parties to gain unauthorized access to your computer, even if your drives are encrypted.  Really only an idiot would run this  software.


----------



## wurstpistole (Aug 3, 2019)

blawar said:


> Not only that, it is literally a backdoor for third parties to gain unauthorized access to your computer, even if your drives are encrypted.  Really only an idiot would run this  software.


Please elaborate how this works


----------



## blawar (Aug 3, 2019)

wurstpistole said:


> Please elaborate how this works



Say I know you are running goldtree,I could craft a application that scans / steals your bitcoin wallet, I could write a malicious payload to inject malware into your boot-up config so it runs when you reboot your PC, I could steal unencrypted passwords, browser history, dick pics, pretty much steal anything on your PC that the user has access to.  Could do ransom ware where it encrypts your personal files then demands payment for the decryption key.

A malicious user does not even need physical access to the computer:  they could simply put the payload in a homebrew app, then when the user runs the homebrew app it steals or infects the PC when it is ran (assuming USB cable is connected).

Law enforcement could have near full access to your machine, even if your drives are encrypted.

The possibilities of exploits are near limitless.


----------



## The Real Jdbye (Aug 3, 2019)

Yess, finally Goldleaf is competitive with Tinfoil. I have been waiting for the USB installation to be improved, having to physically be present to manually install multiple games over USB is just not very useful. I hope this also fixes all the constant crashing related to the USB feature.


----------



## blawar (Aug 3, 2019)

-snip-

you miss the glaring difference: what can malicious software do on your switch? nothing.  what can it to do your pc? everything.  tinfoil doesn’t have access to your entire pc, only the nsp directory, and it is read only.  the other difference is that gold tree doesn’t expose you to hat malicious homebrew, it exposes your entire pc to malcom iou’s attacker’s even without connecting a switch.

--------------------- MERGED ---------------------------



The Real Jdbye said:


> Yess, finally Goldleaf is competitive with Tinfoil. I have been waiting for the USB installation to be improved, having to physically be present to manually install multiple games over USB is just not very useful. I hope this also fixes all the constant crashing related to the USB feature.



goldleaf is not competitive with tinfoil, but this release is a good start  he realized what i had been saying all along, having to select files on the pc app is cancer.  he is beginning to emulate more tinfoil concepts


----------



## Ev1l0rd (Aug 3, 2019)

blawar said:


> Say I know you are running goldtree,I could craft a application that scans / steals your bitcoin wallet, I could write a malicious payload to inject malware into your boot-up config so it runs when you reboot your PC, I could steal unencrypted passwords, browser history, dick pics, pretty much steal anything on your PC that the user has access to. Could do ransom ware where it encrypts your personal files then demands payment for the decryption key.


And guess whose tools are closed source and I now hold another reason not to use.

Here's a hint; if you're gonna describe methods to fuck over users, maybe just MAYBE it's not smart to do that if your biggest thing you're known for is closed source and as a result could do anything since nobody can verify you're not pulling scummy shit on it.


----------



## blawar (Aug 3, 2019)

Ev1l0rd said:


> And guess whose tools are closed source and I now hold another reason not to use.
> 
> Here's a hint; if you're gonna describe methods to fuck over users, maybe just MAYBE it's not smart to do that if your biggest thing you're known for is closed source and as a result could do anything since nobody can verify you're not pulling scummy shit on it.



I am not sure if you are intentionally conflating these two things:  it is impossible for tinfoil (runs on switch) to exploit your PC, goldtree is a walk in the park to exploit your PC.  Nut is open source, go read what it does.  Exploiting your PC is a huge deal.


----------



## Ev1l0rd (Aug 3, 2019)

blawar said:


> I am not sure if you are intentionally conflating these two things: it is impossible for tinfoil (runs on switch) to exploit your PC, goldtree is a walk in the park to exploit your PC. Nut is open source, go read what it does. Exploiting your PC is a huge deal.


The method you just described just needs Goldtree genius. It doesn't need Goldleaf (in fact what you just described would be in its own homebrew program).

The point I'm making is that you're damaging your own trust since nobody knows what the fuck Tinfoils code is (since guess what: it aint FOSS) so we can't be assured that any future versions might not contain this very method you just described to (as you say for example) steal bitcoin wallets if someone happens to connect their Switch to a PC running Goldleaf while having your tool open.


----------



## FMCore (Aug 3, 2019)

blawar said:


> you miss the glaring difference: what can malicious software do on your switch? nothing.



It can brick your switch, so there's that.


----------



## blawar (Aug 3, 2019)

Ev1l0rd said:


> The method you just described just needs Goldtree genius. It doesn't need Goldleaf (in fact what you just described would be in its own homebrew program).
> 
> The point I'm making is that you're damaging your own trust since nobody knows what the fuck Tinfoils code is (since guess what: it aint FOSS) so we can't be assured that any future versions might not contain this very method you just described to (as you say for example) steal bitcoin wallets if someone happens to connect their Switch to a PC running Goldleaf while having your tool open.



The method I describe cannot be performed by tinfoil, because tinfoil does not have  read/write access to your PC.  Outside of goldtree, the worst a homebrew app can really do is brick you.  And there have been zero reports of tinfoil bricking anyone.  Goldtree exposing your PC to malicious actors is a whole new ballgame, some real serious damage can be caused by this.

I think you know the difference here, and are intentionally trying to spread  fud to confuse users who do not understand just hwo fucked up what goldleaf / goldtree is doing.

Succinctly put: tinfoil is not a security threat to your PC, goldleaf is.


----------



## toxic9 (Aug 3, 2019)

tinfoil is closed source... most of software we use on our pc's are closed sorce... and people just don't care. So don't complain about that. Blawar never wanted to brick anyone. His apps are always a step ahead over the others. We should be happy there are people on the scene making apps for us to try.
I just don't like to see pushing down other people's apps. One thing for sure, goldleaf's releases are always full of bugs. They should be more tested before (not so) stable releases.


----------



## Phenj (Aug 3, 2019)

*Error-code 2168-0001 (0x2a8)*
When running the latest Goldleaf version, using latest atmosphere


----------



## Ev1l0rd (Aug 3, 2019)

blawar said:


> The method I describe cannot be performed by tinfoil, because tinfoil does not have  read/write access to your PC.  Outside of goldtree, the worst a homebrew app can really do is brick you.  And there have been zero reports of tinfoil bricking anyone.  Goldtree exposing your PC to malicious actors is a whole new ballgame, some real serious damage can be caused by this.
> 
> I think you know the difference here, and are intentionally trying to spread  fud to confuse users who do not understand just hwo fucked up what goldleaf / goldtree is doing.
> 
> Succinctly put: tinfoil is not a security threat to your PC, goldleaf is.


You really dont get how this shit works and what you just described did you?

*Goldtree* is a PC tool that allows browsing the filesystem, correct. What you described is that if a tool that isn't *Goldleaf* (the intended tool to use this for) would interact using the Goldtree API with the PC and the risk/damage it could do to it.

I don't give a crud about whether it's an actual safety risk or not (could entirely be, although I'd like to point out that you'd have to explicitly connect your Switch to your computer to do anything dangerous to it since if I'm correct Goldtree handles USB installs), but the matter of fact is that you are describing a method of attacking/damaging a computer, whilst also operating a closed tool program that's been known to fuck with software just because you couldn't agree with the authors.



toxic9 said:


> tinfoil is closed source... most of software we use on our pc's are closed sorce... and people just don't care. So don't complain about that. Blawar never wanted to brick anyone. His apps are always a step ahead over the others. We should be happy there are people on the scene making apps for us to try.
> I just don't like to see pushing down other people's apps. One thing for sure, goldleaf's releases are always full of bugs. They should be more tested before (not so) stable releases.


I can't speak for everyone, but I use Arch Linux and am using Mozilla Firefox to send this message, so for all intents and purposes "most apps" I use are FOSS.

Even so "everyone does it" is not an argument. If a lot of people would decide that lighting themselves on fire is a smart idea, well guess we should light ourselves on fire since everyone does it.

In addition, especially when tampering with the security of a system (which anything involving Homebrew does and something that installs tickets/titles _certainly_ does), I prefer to be aware of exactly what I'm running and installing and will actively discourage the use of anything that is not open source (also fueled by a long _long_ history of homebrew devs who go closed source behaving like whiny crybabies or pulling dumb shit.)


----------



## blawar (Aug 3, 2019)

Ev1l0rd said:


> You really dont get how this shit works and what you just described did you?
> 
> *Goldtree* is a PC tool that allows browsing the filesystem, correct. What you described is that if a tool that isn't *Goldleaf* (the intended tool to use this for) would interact using the Goldtree API with the PC and the risk/damage it could do to it.
> 
> I don't give a crud about whether it's an actual safety risk or not (could entirely be, although I'd like to point out that you'd have to explicitly connect your Switch to your computer to do anything dangerous to it since if I'm correct Goldtree handles USB installs), but the matter of fact is that you are describing a method of attacking/damaging a computer, whilst also operating a closed tool program that's been known to fuck with software just because you couldn't agree with the authors.



You are incorrect, you do not need to connect your switch to the PC to exploit this.  This is why it is such a huge vulnerability.  You may not care about the huge security vulnerability in goldleaf/goldtree, but I am sure a significant portion of the user base does.


----------



## Ev1l0rd (Aug 3, 2019)

blawar said:


> You are incorrect, you do not need to connect your switch to the PC to exploit this. This is why it is such a huge vulnerability. You may not care about the huge security vulnerability in goldleaf/goldtree, but I am sure a significant portion of the user base does.


Do explain. As far as I can see, Goldtree is a tool purely designed for connecting your Switch over USB to browse files on your PC. It does not prove network installations. Ergo, the only possible attack point is over USB (not a network) and the most likely place to find a user who runs Goldtree is a user who has a Switch, since it would be dumb otherwise.


----------



## ochentay4 (Aug 4, 2019)

Clapmaster said:


> I'm getting install errors with some nsps saying that sigpatches are missing or my firmware is too low. These nsps installed with no problems with Goldleaf 0.5. I'm on firmware 8.1.0


The same error. Goldleaf 0.5 USB install work fine using Kosmos 13.1 and Sigpatches.


----------



## toxic9 (Aug 4, 2019)

Nintendo Switch Horizon is also closed source... I wonder if it could have any time bomb to trigger a repair... we never know.
Let's speculate...!


----------



## RandomUser (Aug 4, 2019)

gizmomelb said:


> seriosuly?  what the fuck?  you know you can FTP over wireless as well right?  comms don't make a difference to applications if it's wired or wireless..  that really was a stupid and ignorant comment to make.


Technically @uyjulian is correct that "wireless is slower than wired".
See this:




That there is a 40Gbps NIC card, far more faster then wireless 4.6Gbps or maybe 7Gbps. That is a far cry from 40Gbps.

What really comes in play is what type of Ethernet or WiFi module a console uses and most likely the slower variant of the WiFi module that doesn't support 802.11ac. USB 4 theoretical speed is around 40Gbps. Or the so called "SuperSpeed USB 20Gbps" aka USB 3.2 Gen 2x2. However I highly doubt the switch uses the latest gen or even the previous gen USB 3 protocol so either way the speed will be limited by the hardware either by PC or the console.


----------



## uyjulian (Aug 4, 2019)

RandomUser said:


> Technically @uyjulian is correct that "wireless is slower than wired".
> See this:
> 
> 
> ...



Nintendo Switch supports USB 3 if the appropriate option is enabled in atmosphere settings. It is disabled by default.

In most cases, wired is faster since negotiation is faster and there is no interference to worry about.


----------



## RandomUser (Aug 4, 2019)

uyjulian said:


> Nintendo Switch supports USB 3 if the appropriate option is enabled in atmosphere settings. It is disabled by default.
> 
> In most cases, wired is faster since negotiation is faster and there is no interference to worry about.


True, I supposed I should mentioned that as well. I thought I could defend you as I agree that wired is faster for the most part.


----------



## tabzer (Aug 4, 2019)

Ev1l0rd said:


> Do explain. As far as I can see, Goldtree is a tool purely designed for connecting your Switch over USB to browse files on your PC. It does not prove network installations. Ergo, the only possible attack point is over USB (not a network) and the most likely place to find a user who runs Goldtree is a user who has a Switch, since it would be dumb otherwise.






blawar said:


> I could write a malicious payload to inject malware into your boot-up config so it runs when you reboot your PC



Sounds like when Goldtree processes whatever payloads it loads, and can give it access to the rest of the PC system.  I wonder how TegraRcmGui is different in that regard.  I don't know too much about the internal workings of the code.


----------



## blawar (Aug 4, 2019)

tabzer said:


> Sounds like when Goldtree processes whatever payloads it loads, and can give it access to the rest of the PC system.  I wonder how TegraRcmGui is different in that regard.  I don't know too much about the internal workings of the code.



tegrarcm does not give any access to your pc, it is purely one way pc to switch.

you are correct, goldtree processes whatever requests it receives, whether it’s from a switch or not.  which is why a switch is not required to exploit goldtree.  the protocol is publicly documented / open source.


----------



## satel (Aug 4, 2019)

excellent update,browsing the PC feature is great.


----------



## bluem6 (Aug 4, 2019)

Same here, pretty cool with the browser but it can't install any nsp...same error as other reported on here.  Anyone know if there is a fix, work around or something?


----------



## bluem6 (Aug 4, 2019)

Look like it's working now....update Kosmos to the newest release as of today and the Kosmos sig patches..


----------



## DaFixer (Aug 4, 2019)

Great, gui makeover looks great.
Still need to find out how install true USB works.


----------



## Yeabuddy (Aug 5, 2019)

Anyone know how to fix this?


----------



## Essasetic (Aug 5, 2019)

Yeabuddy said:


> Anyone know how to fix this?
> 
> View attachment 175262


"Requested resource not found"

You sure you have a good USB A to C cable?


----------



## HideoKojima (Aug 5, 2019)

That's nice


----------



## Yeabuddy (Aug 5, 2019)

Essasetic said:


> "Requested resource not found"
> 
> You sure you have a good USB A to C cable?



Turns out I needed to update Zadig to v2.4.721 and it worked.


----------



## Chocola (Aug 5, 2019)

blawar said:


> You are incorrect, you do not need to connect your switch to the PC to exploit this.  This is why it is such a huge vulnerability.  You may not care about the huge security vulnerability in goldleaf/goldtree, but I am sure a significant portion of the user base does.



For exploit this you need Goldtree running, this is the first thing.

You need a USB device to send and recive data through Goldtree interface, and yes, you can exploit it without USB device, emulating or listening to USB handlers with a external program, but wait, why the fuck I gona complicate the process if I can access to filesystem directly with the program? 

Yes... "A very huge exploit to your PC"...  Im sure that new malware variants gona implement listeners to Goldtree USB interface and exploit it xD

Same as @Ev1l0rd, I trust more on this open source "huge sploit" than closed source software that.... oh wait... uses network connection too .

Please don't try to difamate the competitors with stupid things when you didn't relase the source code of your tools.

Your tinfoil apps have more that we can talk, starting with the stolen name of the app and ending with piracy where you are reciving money, that it's the true reason because you develop the "NUT" support.

I don't waste time for now analyzing your stuff, but I'm sure that can show to you easy that it's a real huge sploits, on your NUT daemon and on your Tinfoil apps... network are always more unsafe that physical ways, so please think a bit before write without sense.

P.D: Please note that "texts" are ironic...


----------



## tabzer (Aug 5, 2019)

Chocola said:


> For exploit this you need Goldtree running, this is the first thing.
> 
> You need a USB device to send and recive data through Goldtree interface, and yes, you can exploit it without USB device, emulating or listening to USB handlers with a external program, but wait, why the fuck I gona complicate the process if I can access to filesystem directly with the program?
> 
> ...



You've done nothing to address what was actually said.  Both @blawar and @XorTroll make open-source pc applications.  Goldtree allows write permission that can be exploited.  Nut does not.  @blawar argues that his closed source switch application could possibly affect the switch, but not the PC.  It'd be nice if @Ev1l0rd could stop by and admit that they had a misunderstanding and is wrong.


----------



## uyjulian (Aug 5, 2019)

If you are doing console hacking, security is the last thing you should be thinking about. Put your banking, crypto, pii, email, business, etc on one computer, and put the rest on another computer. If there is a security problem in a widely used software, there will be a CVE for it and it will be widely publicized, while if it is a rarely used software (like Nut or Goldtree), it won't be, and the person behind it would probably be gone, since in console hacking, old software is abandoned whenever the new console or tool comes out.


----------



## Ev1l0rd (Aug 5, 2019)

tabzer said:


> It'd be nice if @Ev1l0rd could stop by and admit that they had a misunderstanding and is wrong.


Except I'm... not in the wrong?

Look, Goldtree listens for stuff on the USB port and responds to it accordingly. The only possible way this is an exploit is if you start plugging in random USB devices. The only reasonable thing to have plugged in while you have Goldtree running on your Nintendo Switch. I appreciate the supposed concern, but this entire attack vector is already realistically reduced to only Nintendo Switch devices since they're the only thing someone would have plugged in while Goldtree is running, meaning that this is only a security issue if you are a dumbass user who randomly plugs in devices or runs software they can't be assured is safe.

The reason I'm saying blawar is shooting himself in the foot by pointing this out is because he has a history of being... a fucking dickweed to developers because he doesn't like them and his main thing (DZ) has been affected before by this kind of behavior (the entire Kosmos bullshit) which comes hand in hand with this program not being open source, meaning nobody can safely verify if he's not doing this stuff or is planning to do so in the future.

Just about the only possible way for him to regain trust from me at this point is if he would FOSS DZ (not that he ever would) and anyone could examine the code to verify he didn't do something like this. Not that he ever would, because if several people are to be believed, he'd also be drowning in licensing violations from hactool and the original tinfoil.

Also, blawar responded whilst I was asleep, but when he's talking about "payload", he doesn't mean the thing you transfer to your Switch to make it boot. He's talking about a potential malicious program that could be executed to misuse Goldtree.


----------



## blawar (Aug 5, 2019)

Ev1l0rd said:


> Except I'm... not in the wrong?
> 
> Look, Goldtree listens for stuff on the USB port and responds to it accordingly. The only possible way this is an exploit is if you start plugging in random USB devices. The only reasonable thing to have plugged in while you have Goldtree running on your Nintendo Switch. I appreciate the supposed concern, but this entire attack vector is already realistically reduced to only Nintendo Switch devices since they're the only thing someone would have plugged in while Goldtree is running, meaning that this is only a security issue if you are a dumbass user who randomly plugs in devices or runs software they can't be assured is safe.
> 
> ...



The main issue is not a user plugging in a random device into the USB port (though that is still a security problem), the issue is any 3rd party could do it to gain near full unauthorized access to your system: think law enforcement, a nosey girlfriend, roomate or someone trying to steal data off of your machine and they know you run goldtree.

The other issue is that a nintendo switch is not a random device, and is the device most likely to be connected via USB.  If I wanted to exploit this, I would write a program that replaces the goldleaf binary with a modified version with a malicious payload, then the next time they ran goldleaf while connected to PC, it would infect/attack  their PC.


----------



## altorn (Aug 5, 2019)

Whenever I try to make a USB connection with GoldTree, I am able to go to C:\, then down to directories, for example Downloads folder then GoldLeaf hangs. Then GoldTree is stuck with its regular logs, and I can't kill the process and have to wait for 15minutes. I have a new SSD which works great, and my Switch microSD is pretty fast too. Using Atmosphere 0.9.2 emuMMC 8.1.0. I would assume my USB cable has an issue but I tried Tinfoil+NUT and I am able to install NSP's via USB no problem except some crashes once in a while. I REALLY want to use GoldLeaf but this is the only thing stopping me. Any tips?


----------



## uyjulian (Aug 5, 2019)

altorn said:


> Whenever I try to make a USB connection with GoldTree, I am able to go to C:\, then down to directories, for example Downloads folder then GoldLeaf hangs. Then GoldTree is stuck with its regular logs, and I can't kill the process and have to wait for 15minutes. I have a new SSD which works great, and my Switch microSD is pretty fast too. Using Atmosphere 0.9.2 emuMMC 8.1.0. I would assume my USB cable has an issue but I tried Tinfoil+NUT and I am able to install NSP's via USB no problem except some crashes once in a while. I REALLY want to use GoldLeaf but this is the only thing stopping me. Any tips?


Check for non-ASCII filenames, and limit the number of files


----------



## altorn (Aug 5, 2019)

uyjulian said:


> Check for non-ASCII filenames, and limit the number of files



There is a "Desktop" shortcut in GoldLeaf's filebrowser. Maybe I should move all my NSP's onto there so GoldLeaf and GoldTree don't try to read a lot of crap? Ok I will give it a try when I get home. Thanks for the tip!


----------



## tabzer (Aug 6, 2019)

Ev1l0rd said:


> Except I'm... not in the wrong?



Totally wrong.  You keep talking about something that nobody else is.  And then calling those imaginary points invalid.  You want the argument to be about something that you can potentially discredit instead of trying to understand what's written.




Ev1l0rd said:


> Also, blawar responded whilst I was asleep



Yeah, for two days.  Depression does that I guess.


----------



## altorn (Aug 6, 2019)

you guys talk shit and point at goldtree like it's the worst. what blawar is describing can be TRUE FOR ANY APPLICATION. i swear i've heard his lectures in one of my networking/security classes back in university. and he's making it sound much worse than any other app/framework/platform.
if you can exploit goldtree via network, USB, etc. any other app running on the user's system is just as exploitable. it's just a matter of time. sure your tinfoil never exposes as many attack vectors at the moment, but who knows what will happen in the future? as long as you're connected to the internet, you're vulnerable. the malicious person just has to try harder.

what you should be doing is creating a thread or a post that makes users aware and protect themselves from potential attacks, not only against Goldtree. Tell them to use a VPN, virus/malware scanners, run things in a VM, do regular backups, whatever makes their system a little bit more secure. a lot of your users are kids who know nothing better, yet you're protesting like those vegans in front of a steakhouse.


----------



## tabzer (Aug 6, 2019)

I have nothing against goldtree.  I'm more curious about how it can be exploited as @blawar suggested as opposed to being angry about it.

Can the code to exploit it be implemented in a rogue nsp or bin file that triggers goldtree when loaded by it?  Programs often serve specific functions, but if they become too much like an OS, then they could have more power than what is reasonable for their function.

Of course we are taking risks by installing anything really, but it would be foolish to ignore the points someone makes only because you don't like them.


----------



## blawar (Aug 6, 2019)

altorn said:


> you guys talk shit and point at goldtree like it's the worst. what blawar is describing can be TRUE FOR ANY APPLICATION. i swear i've heard his lectures in one of my networking/security classes back in university. and he's making it sound much worse than any other app/framework/platform.
> if you can exploit goldtree via network, USB, etc. any other app running on the user's system is just as exploitable. it's just a matter of time. sure your tinfoil never exposes as many attack vectors at the moment, but who knows what will happen in the future? as long as you're connected to the internet, you're vulnerable. the malicious person just has to try harder.
> 
> what you should be doing is creating a thread or a post that makes users aware and protect themselves from potential attacks, not only against Goldtree. Tell them to use a VPN, virus/malware scanners, run things in a VM, do regular backups, whatever makes their system a little bit more secure. a lot of your users are kids who know nothing better, yet you're protesting like those vegans in front of a steakhouse.



With all due respect, you do not understand anything that is being said.  I'm actually in awe that these thoughts actually passed through your brain AND you thought it a good idea to post them for everyone to see.  Goldtree isnt being exploited, its doing exactly what ti was designed to do, and in the process exposing your PC to unauthorized access and exploitation.  No other program I can think of makes this mistake (other than malware intentionallyy doing it).  Goldtree is an unlocked backdoor into your PC.


----------



## altorn (Aug 6, 2019)

blawar said:


> With all due respect, you do not understand anything that is being said.  I'm actually in awe that these thoughts actually passed through your brain AND you thought it a good idea to post them for everyone to see.  Goldtree isnt being exploited, its doing exactly what ti was designed to do, and in the process exposing your PC to unauthorized access and exploitation.  No other program I can think of makes this mistake (other than malware intentionallyy doing it).  Goldtree is an unlocked backdoor into your PC.



And that's exactly the lecture I'm talking about.

I totally agree that Goldtree could not be intentionally performing an exploit but can have vulnerabilities that could give attackers exploits. But like I said, this can be true for every other app. Look at OwnCloud's client app, that lets you host and share your home network drive contents through the cloud. They had a vulnerability that let you do remote code execution. They fixed it, but it was a mistake like Goldtree has done. How about Windows' own RDP? Ransomware hackers were able to exploit it. Apps like this have dozens of vulnerabilities ranging from low to high risks. Who's to say none of these vulnerabilities can potentially let you have access to the physical hardware of the end user?

If you want to help, don't half-ass it and suggest ways for us end users to protect ourselves when dealing with junk coming from the internet.


----------



## blawar (Aug 6, 2019)

altorn said:


> And that's exactly the lecture I'm talking about.
> 
> I totally agree that Goldtree could not be intentionally performing an exploit but can have vulnerabilities that could give attackers exploits. But like I said, this can be true for every other app. Look at OwnCloud's client app, that lets you host and share your home network drive contents through the cloud. They had a vulnerability that let you do remote code execution. They fixed it, but it was a mistake like Goldtree has done. How about Windows' own RDP? Ransomware hackers were able to exploit it. Apps like this have dozens of vulnerabilities ranging from low to high risks. Who's to say none of these vulnerabilities can potentially let you have access to the physical hardware of the end user?
> 
> If you want to help, don't half-ass it and suggest ways for us end users to protect ourselves when dealing with junk coming from the internet.



I have already told @XorTroll how to fix it many times.  At the very least, he needs to sandbox / whitelist directories, and I would highly recommend removing write access completely.  However he is selling the "read and write everything" as a feature, when its really not, its an exploit waiting to happen.

I do not get the impression he really cares if goldleaf users get hacked due to his software.


----------



## Ev1l0rd (Aug 6, 2019)

tabzer said:


> Totally wrong.  You keep talking about something that nobody else is.  And then calling those imaginary points invalid.  You want the argument to be about something that you can potentially discredit instead of trying to understand what's written.
> 
> 
> 
> ...


Ever heard of timezones kiddo?

Contrary to what the lot of you might think, I have other priorities than dealing with idiots on GBATemp.

And I'm directly refuting his points, he just keeps up tossing the same bs about oversizing a problem that isn't really there because it relies on the user acting like a fucking moron whilst at the same time not addressing the point I've made before about this only hurting his trustworthiness.

But sure, enjoy living in your little bubble where blawar is the god of the Switch scene. If you're ever interested in leaving it, go ahead. Because he's the polar opposite.


----------



## blawar (Aug 6, 2019)

Ev1l0rd said:


> Ever heard of timezones kiddo?
> 
> Contrary to what the lot of you might think, I have other priorities than dealing with idiots on GBATemp.
> 
> ...



You are deflecting the argument, my trustworthiness has nothing to do with goldtree's security issues.



Ev1l0rd said:


> relies on the user acting like a fucking moron



If you did not notice, for betetr or for worse this is the majority of the scene.  Most people in the scene are not programmers, hackers, etc, they are normal people who do not know anything about security or the risks involved.

Goldleaf relying on the user to have knowledge of computer security that goldleaf's author himself does not posses is not realistic.


----------



## Ev1l0rd (Aug 6, 2019)

blawar said:


> If you did not notice, for betetr or for worse this is the majority of the scene. Most people in the scene are not programmers, hackers, etc, they are normal people who do not know anything about security or the risks involved.


I think the majority of people realize that if you start plugging in random devices or running random software, you're bound to shoot yourself in the foot.


----------



## altorn (Aug 6, 2019)

Ev1l0rd said:


> I think the majority of people realize that if you start plugging in random devices or running random software, you're bound to shoot yourself in the foot.


as a developer, you're expected to assume every user is either an idiot or malicious.


----------



## blawar (Aug 6, 2019)

Ev1l0rd said:


> I think the majority of people realize that if you start plugging in random devices or running random software, you're bound to shoot yourself in the foot.



You completely missed my argument.  I am not saying the user will plug a random USB device into their PC, I am saying a malicious third party could do it, or hijack a homebrew app to do it for them since users are expected to connect their switch to it.


----------



## tabzer (Aug 6, 2019)

Ev1l0rd said:


> Ever heard of timezones kiddo?
> 
> Contrary to what the lot of you might think, I have other priorities than dealing with idiots on GBATemp.



Don't be condescending with me.  It's been a couple good days since you made a request to @blawar and he delivered for you.  You didn't follow up so it seemed like you wised up.  My bad.  You are doubling down on being daft.



Ev1l0rd said:


> And I'm directly refuting his points



Like when?  Like when you say his points are invalid because he works on proprietary software? 

Or that one time where you wanted to pretend that tinfoil does the same thing as goldleaf?

Nut is tinfoil's gateway to a PC.  Does Nut have write access?

Goldtree is Goldleaf's gateway to a PC.  Does it have write access?

He literally spells it out for you, and you can't seem to decide which angle to take.   Code isn't as emotional as your "argument" tends to be.


----------



## uyjulian (Aug 6, 2019)

Anyone can write a homebrew app that emulates a keyboard, mouse, and MSD to automatically execute an executable on the connected computer.

You don't want random people plugging in stuff like USB killers into your computer? Time to get the epoxy out.


----------



## tabzer (Aug 6, 2019)

Ev1l0rd said:


> I think the majority of people realize that if you start plugging in random devices or running random software, you're bound to shoot yourself in the foot.



Yep, yet somehow there's still stories, mass warnings, and outrage about it when it happens anyway.


----------



## chaxelos (Aug 9, 2019)

selecting USB doesnt do anything it just stuck on that screen and freeze. im on reinx 8.0 any fix?


----------



## Halo69 (Aug 9, 2019)

Can someone explain to me what is the Goldleaf.nsp is??? 
(I know about the .nro and .exe but not the .nsp)


----------



## Halo69 (Aug 9, 2019)

Halo69 said:


> Can someone explain to me what is the Goldleaf.nsp is???
> (I know about the .nro and .exe but not the .nsp)


Update: nevermind i know what it is now


----------



## toxic9 (Aug 9, 2019)

Goldleaf is marking tikets from installed titles as unused... SO be aware!


----------



## mo_v (Aug 10, 2019)

bodefuceta said:


> Goldtree is still hot garbage and for obsolete systems. I don't dislike goldleaf but ancient tinfoil 0.2.1 is still the best for usb installs.


I disagree, goldtree works very well. Tinfoil sucks, it messes up your system.

--------------------- MERGED ---------------------------



toxic9 said:


> Goldleaf is marking tikets from installed titles as unused... SO be aware!


What does that mean?


----------



## toxic9 (Aug 10, 2019)

I don't kniw why, but old goldleaf thinks most of tickets are unused. This version is much better. But it says I have this ticket unused: 0100FFFFFFFFF000
I never installed such title, so I don't know why goldleaf complains about it


----------



## werker (Aug 10, 2019)

DELETED


----------



## th3joker (Aug 11, 2019)

can someone explain how to install multilple nsp from pc via usb? like all the dlc nsp in 1 folder?


----------



## Keioty (Aug 11, 2019)

th3joker said:


> can someone explain how to install multilple nsp from pc via usb? like all the dlc nsp in 1 folder?


I have this same question. I see this elusive "bulk install" feature mentioned, but no idea how to use it.


----------



## Halo69 (Aug 11, 2019)

Keioty said:


> I have this same question. I see this elusive "bulk install" feature mentioned, but no idea how to use it.


I also having the same question, i see no option for bulk installs, i tried to long press to see if it gets highlighted to choose more files but no success.


----------



## Keioty (Aug 11, 2019)

Halo69 said:


> I also having the same question, i see no option for bulk installs, i tried to long press to see if it gets highlighted to choose more files but no success.


I found out you can press “y” while having a folder highlighted and then “more options” where you can find “install all NSPs”.

Still have to manually select your SD card and agree to each installation inbetween NSPs, but it works well.


----------



## Ashura66 (Sep 5, 2019)

So where is this goldleaf.ini file supposed to be? I'm not seeing it on my sd card


----------



## pOOB73 (Sep 6, 2019)

Similar question here i guess. Where can I set the "ignore required firmware version" feature? Is there an .ini or .config file somewhere? I couldn't find any.


----------



## linuxares (Sep 6, 2019)

@RattletraPM 0.7 have gotten released. Nothing massive more than a ton of bugfixes and EoL improvements but maybe edit this title and add the changelog?


----------



## RattletraPM (Sep 6, 2019)

linuxares said:


> @RattletraPM 0.7 have gotten released. Nothing massive more than a ton of bugfixes and EoL improvements but maybe edit this title and add the changelog?


I thought everybody forgot about this news thread, especially considering how old it is 

Still yeah, I didn't write a new one either because, as you said, 0.7 is mostly fixes/QoL improvements and just a couple of additions, but then I guess silently adding a small footer note to the OP here makes sense in case anybody reads it. I hope that doesn't count as a necrobump tho


----------



## Cory (Sep 15, 2019)

goldleaf gives me error installing nsp files on version 9.0.0


----------



## evans05 (Sep 15, 2019)

i have no option for usb install in goldleaf on 9.0.0


----------



## MonsterHunterJay (Sep 15, 2019)

I also have problems!


----------



## Bravestarr (Dec 30, 2019)

Does anybody know how to install multiple NPS files at once? The feature request regarding this topic is closed but there is not documentation anywhere to be found.


----------



## JonJaded (Dec 30, 2019)

Bravestarr said:


> Does anybody know how to install multiple NPS files at once? The feature request regarding this topic is closed but there is not documentation anywhere to be found.



They have to all be in one folder, press y on the folder then more and then select multiple install. (Something like that.)


----------

