Hacking Sigpatches for Atmosphere (Hekate, fss0, fusee & package3)

[mrdude]

I'm all ears on this. Knowing exactly where the cause of this is in the code would be helpful. Watching VirusTotal show a BPS patch get extracted from a random zip file and then running the creator from that patch makes one weary.

btw, this is the virustotal results: https://www.virustotal.com/gui/file/2f58189eb58fdee3118ee4872e944b6095e55ad4aaa14d3290229af1ec762966

Dude, the source code is on github, read the source code and you'll see there's nothing dodgy going on. If you are unable to understand what the code is doing and don't want to use it, fine - the patches are also linked in the OP - just use them instead and you won't need to run any software - or just make your own patching software from scratch and report back later when you are done.

https://github.com/mrdude2478/IPS_Patch_Creator

You might have a virus on your computer already from something else you installed and when this program uses some windows api, you are might be triggering something, It's not from this program though - you can run in a windows sandbox if you have issues.

 

[Dimensional]

Dude, the source code is on github, read the source code and you'll see there's nothing dodgy going on. If you are unable to understand what the code is doing and don't want to use it, fine - the patches are also linked in the OP - just use them instead and you won't need to run any software - or just make your own patching software from scratch and report back later when you are done.

https://github.com/mrdude2478/IPS_Patch_Creator

You might have a virus on your computer already from something else you installed and when this program uses some windows api, you are might be triggering something, It's not from this program though - you can run in a windows sandbox if you have issues.

Sadly no. I tested again with a Windows VM. It directly got flagged. Not to mention VirusTotal also gave lots of information, and you can't claim VirusTotal is infected. I understand you're feeling attacked, but claiming someone has a virus on their computer is a weak dodge at best.

If you're certain it's not your program, can you give us plausible explanations for these positives besides claiming user's are infected?

 

[mrdude]

Sadly no. I tested again with a Windows VM. It directly got flagged. Not to mention VirusTotal also gave lots of information, and you can't claim VirusTotal is infected. I understand you're feeling attacked, but claiming someone has a virus on their computer is a weak dodge at best.

If you're certain it's not your program, can you give us plausible explanations for these positives besides claiming user's are infected?

No, It's already been disgussed in previous posts and I can't be bothered repeating the same old things over and over. Wny don't you look at the source code that is posted and point out where you think the "offending code" is?

 

[Dimensional]

No, It's already been disgussed in previous posts and I can't be bothered repeating the same old things over and over. Wny don't you look at the source code that is posted and point out where you think the "offending code" is?

I did search a search in this thread for malware and virus, and 1 post was ignored, another post had someone simply say "False Positive", but with no explanation. Anyone can claim something is a False Positive, but the question is Why? So yes, please repeat it, and ask that the OP pin a link to your post so that others can be educated without having to sift through hundreds of posts.

 

[ShadowOne333]

I did search a search in this thread for malware and virus, and 1 post was ignored, another post had someone simply say "False Positive", but with no explanation. Anyone can claim something is a False Positive, but the question is Why? So yes, please repeat it, and ask that the OP pin a link to your post so that others can be educated without having to sift through hundreds of posts.

To be fair, sometimes certain programs that tend to do some iffy stuff (like cracks and hacking tools) also get flagged by anti viruses, but I assume this is because some people upload them as malware out of sprite or something to the virus' databases.

As mrdude said, there's no better way to check for malware than to go through the freely available open source code of the project and check it up yourself. If he wanted to hide something, the source code wouldn't even be open source to begin with (as it has happened before).
All in all, if you're really afraid of malware, then do everything through a Virtual Machine as then you're 100% safe.

 

[mrdude]

I did search a search in this thread for malware and virus, and 1 post was ignored, another post had someone simply say "False Positive", but with no explanation. Anyone can claim something is a False Positive, but the question is Why? So yes, please repeat it, and ask that the OP pin a link to your post so that others can be educated without having to sift through hundreds of posts.

Dude I've already told you there's no virus code in the app, The source is posted on github and I've told you to look at the code and see if you can find anything that would trigger you AV software - the facts are you can't because it doesn't exist. That's all there is to it. I won't respond any further to you because you have been responded to already, you've been told to use in a sandbox, or just download pre-made sigpatches. All the bases are covered. With the thousands of people that use this sofware and are able to read through the code, no-one can find anything that is a virus, quite simply because you can't find something if it doesn't exist in the first place.

Also you said that this app is making some random zip file - the only zip file this app deals with is downloading wco database and you need to manually go to the database/wildcards folder and then click on a button to download it - that's the only code that downloads a zip file or deals with anything zip related. So as I said, you probably already have a virus on your computer if you are having issues with it.

 

[binkinator]

To be fair, sometimes certain programs that tend to do some iffy stuff (like cracks and hacking tools) also get flagged by anti viruses, but I assume this is because some people upload them as malware out of sprite or something to the virus' databases.

As mrdude said, there's no better way to check for malware than to go through the freely available open source code of the project and check it up yourself. If he wanted to hide something, the source code wouldn't even be open source to begin with (as it has happened before).
All in all, if you're really afraid of malware, then do everything through a Virtual Machine as then you're 100% safe.

Ayup…that was my point earlier…we’re hacking things here…that’s going to look fishy to a virus scanner. It is in fact not normal behavior. Use it….or don’t. :-)

 

[Dimensional]

Dude I've already told you there's no virus code in the app, The source is posted on github and I've told you to look at the code and see if you can find anything that would trigger you AV software - the facts are you can't because it doens't exist. That's all there is to it. I won't respond any further to you because you have been responded to already, you've been told to use in a sandbox, or just download pre-made sigpatches. All the bases are covered. With the thousands of people that use this sofware and are able to read through the code, no-one can find anything that is a virus, quite simply becuase you can't find something if it doesn't exist in the first place.

Also you said that this app is making some random zip file - the only zip file this app deals with is downloading wco database and you need to manually go to the database/wildcards folder and then click on a button to download it - that's the only code that donwloads a zip file or deals with anything zip related. So as I said, you probably already have a visus on your computer if you are having issues with it.

That's what I'm planning on doing, to be safe. I forgot to set a checkpoint in my VM, so redoing it. I'm sorry for sounding accusing or trying to cause fear. Paranoia isn't always a good thing, and I'm sorry for letting it get to me.

 

[Ahito]

hello I updated my nintendo switch Atmosphère 1.5.1 but I can't start any games,I think I need a new sigpatches?what is sig patches for Atmosphère 1.5.1, i tried downloading https://github.com/mrdude2478/IPS_Patch_Creator but my laptop said virus that why I didn't continue it,

 

[binkinator]

hello I updated my nintendo switch Atmosphère 1.5.1 but I can't start any games,I think I need a new sigpatches?what is sig patches for Atmosphère 1.5.1, i tried downloading https://github.com/mrdude2478/IPS_Patch_Creator but my laptop said virus that why I didn't continue it,

Download and unzip the zip file attached to the first post to the top of your SDCard.

You are downloading a hacking tool that does “unusual things” to create Sigpatches. This is the process required to make them. There is nothing that can be done to prevent false alarms. The code is open source, many people have inspected the code and it can be inspected and compiled by you. It will still raise alarms. You will have to make your own decision but there are many folks (including myself) that are comfortable knowing this is a false alert.

 

[Chaoticus]

i have this problem with my switch when after successfully installed xci/nsp game when i go to the dashboard it appears a spinning loading icon only... can this sigpatches resolve my issue? thanks in advance.

When this happens I usually just reboot the system and they appear like regular icons and play no problem afterwards (with the correct sig patches.)

 

[speedysms]

Hello.
Any idea why even with latest firmware 16 and this sigpatch the game Figment 2 still doesnt start ?
It gives the same error as all the games when sigpatch is not applied "Could not start the game" .
Thank you.

 

[binkinator]

Hello.
Any idea why even with latest firmware 16 and this sigpatch the game Figment 2 still doesnt start ?
It gives the same error as all the games when sigpatch is not applied "Could not start the game" .
Thank you.

How did you deploy the Sigpatches?

Did you reboot afterwards?

 

[speedysms]

How did you deploy the Sigpatches?

Did you reboot afterwards?

I downloaded the zip from first post and replaced/put the files in their respective folders (atmosphere/bootloader).
Yes I rebooted as the operation was done on the microsd directly plugged into the pc.
All the other games started working after but not Figment 2. I tried reinstalling it also but still no luck.

 

[impeeza]

reinstall it but first get the nsp from other source.

 

[speedysms]

reinstall it but first get the nsp from other source.

I have tried but unfortunately there is only 2 sources and they all have same files:
*snip*

 

[kidkat210]

That's what I'm planning on doing, to be safe. I forgot to set a checkpoint in my VM, so redoing it. I'm sorry for sounding accusing or trying to cause fear. Paranoia isn't always a good thing, and I'm sorry for letting it get to me.

hello I updated my nintendo switch Atmosphère 1.5.1 but I can't start any games,I think I need a new sigpatches?what is sig patches for Atmosphère 1.5.1, i tried downloading https://github.com/mrdude2478/IPS_Patch_Creator but my laptop said virus that why I didn't continue it,

i will just throw this out there to think bout,
most "hacking" programs can give false positives. one application for map editing of gba Pokémon games used to always get triggered by the AV, even though it wasn't doing anything malicious to the system. it was just picked up by the AV just because how it was doing its job. there used to be other programs/apps (no longer maintained/ updated to work) that threw false positives.

my general consensus when it comes to these things, if the general community says its safe, good enough for me.
yes there are assholes in every community, but most dont want to see your stuff get messed up, and if it does. most will try to help (big big shout out to @binkinator who i always see helping ppl)

 

[impeeza]

You should also note what most antivirus have a type of malware which is no malware per-se, they are "unwanted" programs, because it's supposed an average person do not need hacking tools, or advanced programs.

At work a dumb "security" manager activate a block for using remote administration programs and protocols, on surface this avoid the normal people to get tricked on run harmful code, but the real effect was no one of the IT group can made any administration task effectively blocking us to do any work. Stupid people are everywhere. And if you think: go locally on each server and do the task, no no, the new administration tools for Microsoft Windows always works making remote connections even if you are local on a server.

 

[mrdude]

You should also note what most antivirus have a type of malware which is no malware per-se, they are "unwanted" programs, because it's supposed an average person do not need hacking tools, or advanced programs.

At work a dumb "security" manager activate a block for using remote administration programs and protocols, on surface this avoid the normal people to get tricked on run harmful code, but the real effect was no one of the IT group can made any administration task effectively blocking us to do any work. Stupid people are everywhere. And if you think: go locally on each server and do the task, no no, the new administration tools for Microsoft Windows always works making remote connections even if you are local on a server.

Most programs need signed certificates that you need to pay $$$ every year for to not be flagged by most AV's. Google chrome doesn't like zip files that contain exe files either. At the end of the day unless you are willing to fork out $$$ to keep some rich people ever richer and you make an app and put it on the net, they are going to flag your app as a virus. I have programs I make myself and sometimes windows defender deletes them without my permission, I end up having to set AV rules to stop it from deleting them. The joys of AV's and large companies trying to fleece you by forcing you to pay for security certs is just part of modern life and it will only get worse as time goes on.

 

[impeeza]

Most programs need signed certificates that you need to pay $$$ every year for to not be flagged by most AV's. Google chrome doesn't like zip files that contain exe files either. At the end of the day unless you are willing to fork out $$$ to keep some rich people ever richer and you make an app and put it on the net, they are going to flag your app as a virus. I have programs I make myself and sometimes windows defender deletes them without my permission, I end up having to set AV rules to stop it from deleting them. The joys of AV's and large companies trying to fleece you by forcing you to pay for security certs is just part of modern life and it will only get worse as time goes on.

That's the deal with the TPM chip and windows 11 soon windows will not let you run unsigned programs at all, like the drivers today