Hacking [PSA]Verify ALL .nsp and .xci files regardless of where they come from, even homebrew

[sj33]

It seems that this needs to be emphasised now more than ever. The current .nsp installers do NOT verify if what you are installing contains malicious code. Hopefully they will eventually, but at this point people have to take it into their own hands.

Some people see it at a simple matter of common sense, but it is not that simple. It doesn't matter if it is a pirated game or homebrew, a reliable source or a shady site - installing an .nsp file without verifying it is folly, regardless of who made it. Brickers are designed to look legitimate to the untrained eye, otherwise they would not be effective.

People MUST do the following.

1. Verify any .nsp file they install using Hactool https://gbatemp.net/threads/release-hactoolgui-a-very-simple-gui-for-hactool.499526/

2. Make a backup of your CURRENT firmware using hekate. You only need to back up the boot0/1 and SYS partitions and you should be able to compress this to around 1GB or so. Store it on your computer and a cloud service such as Google Drive just in case.

 

[Tripa]

How can Hactool verify malicious code?
Idk if that's possible...
Backups however are an absolute must.
And people must be triple aware when Smash launches bc the internet will be flooded with malwares.
Anyways, LGP malware could be easily fixed with a backup.
But without, it's a hard brick.

 

[sj33]

It’s not that hactool will detect malicious code, it will simply show more details about the file to give a better idea of its origin. It’s not a foolproof way, make s bsckup too.

 

[proffk]

This would be a good idea. But for now its best grabbing a scene release. Check MD5 matches to source file & who the uploader is.

 

[Frexxos]

... But for now its best grabbing a scene release. Check MD5 matches to source file & who the uploader is.

That wat some jerks did... they named the game like a official scene release, the game was also the right size (not md5 checked) only in windows shown. Of course everyone thought "hey a nice leak" and boom - bricked!

Never go for first release/leak/link to something. Wait if someone can confirm. Check who is the uploader? How many uploads does he have? someone with only 1-2 posts is probably a faker.

 

[Arras]

For homebrew, is checking even effective? Someone could just take an open source homebrew, add brick code to it, recompile and it would be indistinguishable from a real one.

 

[NoSmokingBandit]

Yeah, but if you are downloading homebrew compiled by someone other than the creator you are kind of asking for it.

 

[Ashura66]

As a warning, the current "leak" of Super smash Bros Ultimate is brickware

 

[fixingmytoys]

I wish the “backup” was dumped on the USB hard drive that would make it so much easer then have to clear and setup a big enough SD CARD

 

[IHOP]

As a warning, the current "leak" of Super smash Bros Ultimate is brickware

Obviously any game "leaked" a month before release is going to be brickware. Use common sense, if you think you're the first one to find a leaked copy of a game on some fourm, chances are if it was real everyone would be talking about it/ be playing it.

 

[noahc3]

How can Hactool verify malicious code?
Idk if that's possible...
Backups however are an absolute must.
And people must be triple aware when Smash launches bc the internet will be flooded with malwares.
Anyways, LGP malware could be easily fixed with a backup.
But without, it's a hard brick.

It checks if the NCA's are signed correctly. If they are signed correctly, then they are official from Nintendo. Otherwise, they have been modified.

Even XCI's converted to NSP's and visa-versa should verify correctly with hactool afaik, but will fail if any of the NCA's are modified and resigned with an unofficial key.

 

[Ashura66]

Obviously any game "leaked" a month before release is going to be brickware. Use common sense, if you think you're the first one to find a leaked copy of a game on some fourm, chances are if it was real everyone would be talking about it/ be playing it.

That's not always the case, early leaks DO happen, at least for PC games. Not with so much time in advance granted but they still happen. And the only reason i mentioned it is because i know some people lack common sense so might as well warn them. Also this particular brickware, i have NO idea why it was made, other than just for kicks. The Pikachu one had a specific purpose

 

[sj33]

Yeah, but if you are downloading homebrew compiled by someone other than the creator you are kind of asking for it.

I don't just mean you specifically, but the idea that anybody is 'asking for it' is toxic and contributes to the problem.

 

[NoSmokingBandit]

Bro its like finding a sandwhich on the bathroom floor, eating it, then thinking you did nothing wrong when you die of dehydration via cholera. I'm not trying to victim-blame here, but at a certain point you have to be responsible for the risks you take, and if one of those risks is downloading 'modified' homebrew by some script kiddie named "xXxDarkLordSatanxXx" off discord you probably need to learn a lesson the hard way.

 

[GTRagnarok]

I followed a guide when I got started a few months ago and dumped these files. It comes to 2.62 GB in total and the two boot files are 4MB each. Is this a sufficient backup or do I need the whole rawnand.bin?

 

[Erol]

Or always use xci.

 

[Ashura66]

Or always use xci.

.XCI can also be infected with malicious code. It's not going to save you

 

[jeverden]

Do you use the -y option? I'm getting Invalid NCA Header! Are keys correct? Grabbing some from torrents and want to make sure they are clean. Is their a risk if I install NSP files to an SD card only?

 

[jeverden]

Is there a list of checksums for NSP files that can be compared? I can't get hactool to work for the life of me. I know I've dumped keys correctly but I presume from this error it's related to keys dumped. As far as I can tell CDN downloader doesn't work anymore or I would risk a ban using my own keys? I could probably live with a ban if it wasn't 100% guaranteed if I just grabbed a few files.

 

[Ian095]

I'd just recommend to anyone attempting to install Smash Bros in two weeks... Backup first. I don't know how I've always managed to avoid brick code guess I can count myself lucky but as said somewhere above there's going to be absolutely tons of fake Smash Bros NSPs no doubt.