As if yesterday's emuiibo update was not enough, @XorTroll has also released a new version of his popular Nintendo Switch multi-tool and title installer! Goldleaf 0.6's biggest feature highlight is, without any doubt, a complete refactor of its USB install functionality: the old and limited one has been replaced with a fully-featured PC file browser. Instead of just sending a single NSP file over USB to your console, you will now be able to see a list of all the storage devices found on the computer running Goldtree - both internal (HDDs, SSDs, etc.) and external (microSDs, USB drives, ...). From there, you will be able to browse anywhere you like and choose whichever files you want to install!

Speaking of browsing, the file manager has also received two noteworthy quality of life improvements: you can now set a folder's archive bit easily (useful if your console's microSD has been formatted as FAT32 to make the Switch's OS treat its contents as a single file) as well as bulk install all NSPs found in a directory. Both options work globally so, yes, thanks to the previously mentioned PC browsing feature, bulk USB installs are now available!

Last, but not least, amiibo dumping is here too. It uses the same format introduced with emuiibo 0.3, making it a breeze to "virtualize" your real figures to use them in games without having to carry them around!

There have also been other smaller changes, like slightly faster NSP install times, skipping a title's required FW by default unless specifically changed in the config, automatically disabling sleep mode to prevent accidental interruptions and a built-in updater. If you want to know everything included in 0.6, you can read the changelog below:

(My god, it's been 4 months!)

• NSP installs:
  • As Goldleaf's internal filesystem handling has been completely remade, installs have been internally remade. This apparently results in slightly faster installs, at least in my case.
    
    
  • Now the user won't be asked to ignore required firmware version or not, as that can be configured on the config.
    
    
  • Sleep-mode is disabled now in order to avoid to interrupt installs.
    
    
  • Now all the NSPs inside a directory can be installed in a row (see below).
• USB installs:
  • USB installs have been improved into a new feature: remote PC browser!
    
    
  • Now you can directly browse your PC, plus any drives connected to it, as a regular filesystem, same as SD card or console memory.
    
    
  • It is also worth to mention that the new USB command system seems to be way, WAY more stable than any previous USB system in Goldleaf!
    
    
  • Anyway, always keep in mind that it might freeze or cause bugs with folders with tons of files.
• File systems:
  • Presenting the new, remade USB system: remote PC browsing!
    • Instead of a simple connection, it's a whole filesystem implementation over USB.
      
      
    • Browse your PC (Windows-only with Goldtree) directly from Goldleaf! Any extra drive inserted browsable by the PC will be browsable here.
      
      
    • Since USB drives' support (fsp-usb service in Atmosphere) is still being worked on, you can use this system with drives inserted in your PC in order to browse or install files from there.
  • Two simple, QoL features have been added to filesystems (to directories in this case): the option to install all NSPs within the directory, and the option to set the archive bit on it.
• UI
  • For now on, Goldleaf main color will continue to be golden, but the "secondary" color along with gold is going to be blue.
    
    
  • Therefore, both the icon and the main themes have been changed.
• Goldleaf auto-updating:
  • Now Goldleaf supports updating itself, since https was supported on dkP. (this means direct access to GitHub for version checking and asset downloading)
    
    
  • Nevertheless, now Goldleaf's NSP is a forwarder, what means that just by updating the NRO you will target Goldleaf from HOME menu as always.
    
    
  • You can even upgrade the installed version if you want to!
    
    
  • As you may suppose, this requires internet connection
• Amiibo dumping support
  • A new option has been added to the main menu, which adds support to dump real amiibos to be used with emuiibo.
    
    
  • Obviously, emuiibo 0.3 format is used. Please ensure you're also using the latest emuiibo version!

I know, it's been a while! Go grab it while it's hot!

EDIT: A bug has been found which affects USB NSP installs with a file size of 4 GB or higher. @XorTroll will work on a fix in 0.6.1 but he's unable to work on it now. As such, users with FAT32 cards are advised to keep using the old version until the fix is released.

EDIT 2: Goldleaf 0.6.1 has been released, which fixes the aforementioned bug as well as a few other minor issues and crashes.

EDIT 3: Goldleaf 0.7 has been released and it focuses on improvements and bug fixes over the previous versions. A few new features have also been included, like local account unlinking.

Source
GBAtemp thread

 

[ochentay4]

I'm getting install errors with some nsps saying that sigpatches are missing or my firmware is too low. These nsps installed with no problems with Goldleaf 0.5. I'm on firmware 8.1.0

The same error. Goldleaf 0.5 USB install work fine using Kosmos 13.1 and Sigpatches.

 

[toxic9]

Nintendo Switch Horizon is also closed source... I wonder if it could have any time bomb to trigger a repair... we never know.
Let's speculate...!

 

[RandomUser]

seriosuly? what the fuck? you know you can FTP over wireless as well right? comms don't make a difference to applications if it's wired or wireless.. that really was a stupid and ignorant comment to make.

Technically @uyjulian is correct that "wireless is slower than wired".
See this:

That there is a 40Gbps NIC card, far more faster then wireless 4.6Gbps or maybe 7Gbps. That is a far cry from 40Gbps.

What really comes in play is what type of Ethernet or WiFi module a console uses and most likely the slower variant of the WiFi module that doesn't support 802.11ac. USB 4 theoretical speed is around 40Gbps. Or the so called "SuperSpeed USB 20Gbps" aka USB 3.2 Gen 2x2. However I highly doubt the switch uses the latest gen or even the previous gen USB 3 protocol so either way the speed will be limited by the hardware either by PC or the console.

 

[uyjulian]

Technically @uyjulian is correct that "wireless is slower than wired".
See this:

That there is a 40Gbps NIC card, far more faster then wireless 4.6Gbps or maybe 7Gbps. That is a far cry from 40Gbps.

What really comes in play is what type of Ethernet or WiFi module a console uses and most likely the slower variant of the WiFi module that doesn't support 802.11ac. USB 4 theoretical speed is around 40Gbps. Or the so called "SuperSpeed USB 20Gbps" aka USB 3.2 Gen 2x2. However I highly doubt the switch uses the latest gen or even the previous gen USB 3 protocol so either way the speed will be limited by the hardware either by PC or the console.

Nintendo Switch supports USB 3 if the appropriate option is enabled in atmosphere settings. It is disabled by default.

In most cases, wired is faster since negotiation is faster and there is no interference to worry about.

 

[RandomUser]

Nintendo Switch supports USB 3 if the appropriate option is enabled in atmosphere settings. It is disabled by default.

In most cases, wired is faster since negotiation is faster and there is no interference to worry about.

True, I supposed I should mentioned that as well. I thought I could defend you as I agree that wired is faster for the most part.

 

[tabzer]

Do explain. As far as I can see, Goldtree is a tool purely designed for connecting your Switch over USB to browse files on your PC. It does not prove network installations. Ergo, the only possible attack point is over USB (not a network) and the most likely place to find a user who runs Goldtree is a user who has a Switch, since it would be dumb otherwise.

I could write a malicious payload to inject malware into your boot-up config so it runs when you reboot your PC

Sounds like when Goldtree processes whatever payloads it loads, and can give it access to the rest of the PC system. I wonder how TegraRcmGui is different in that regard. I don't know too much about the internal workings of the code.

 

[blawar]

Sounds like when Goldtree processes whatever payloads it loads, and can give it access to the rest of the PC system. I wonder how TegraRcmGui is different in that regard. I don't know too much about the internal workings of the code.

tegrarcm does not give any access to your pc, it is purely one way pc to switch.

you are correct, goldtree processes whatever requests it receives, whether it’s from a switch or not. which is why a switch is not required to exploit goldtree. the protocol is publicly documented / open source.

 

[satel]

excellent update,browsing the PC feature is great.

 

[bluem6]

Same here, pretty cool with the browser but it can't install any nsp...same error as other reported on here. Anyone know if there is a fix, work around or something?

 

[bluem6]

Look like it's working now....update Kosmos to the newest release as of today and the Kosmos sig patches..

 

[DaFixer]

Great, gui makeover looks great.
Still need to find out how install true USB works.

 

[Yeabuddy]

Anyone know how to fix this?

 

[Essasetic]

Anyone know how to fix this?

View attachment 175262

"Requested resource not found"

You sure you have a good USB A to C cable?

 

[HideoKojima]

That's nice

 

[Yeabuddy]

"Requested resource not found"

You sure you have a good USB A to C cable?

Turns out I needed to update Zadig to v2.4.721 and it worked.

 

[Chocola]

You are incorrect, you do not need to connect your switch to the PC to exploit this. This is why it is such a huge vulnerability. You may not care about the huge security vulnerability in goldleaf/goldtree, but I am sure a significant portion of the user base does.

For exploit this you need Goldtree running, this is the first thing.

You need a USB device to send and recive data through Goldtree interface, and yes, you can exploit it without USB device, emulating or listening to USB handlers with a external program, but wait, why the fuck I gona complicate the process if I can access to filesystem directly with the program?

Yes... "A very huge exploit to your PC"... Im sure that new malware variants gona implement listeners to Goldtree USB interface and exploit it xD

Same as @Ev1l0rd, I trust more on this open source "huge sploit" than closed source software that.... oh wait... uses network connection too .

Please don't try to difamate the competitors with stupid things when you didn't relase the source code of your tools.

Your tinfoil apps have more that we can talk, starting with the stolen name of the app and ending with piracy where you are reciving money, that it's the true reason because you develop the "NUT" support.

I don't waste time for now analyzing your stuff, but I'm sure that can show to you easy that it's a real huge sploits, on your NUT daemon and on your Tinfoil apps... network are always more unsafe that physical ways, so please think a bit before write without sense.

P.D: Please note that "texts" are ironic...

 

[tabzer]

For exploit this you need Goldtree running, this is the first thing.

You need a USB device to send and recive data through Goldtree interface, and yes, you can exploit it without USB device, emulating or listening to USB handlers with a external program, but wait, why the fuck I gona complicate the process if I can access to filesystem directly with the program?

Yes... "A very huge exploit to your PC"... Im sure that new malware variants gona implement listeners to Goldtree USB interface and exploit it xD

Same as @Ev1l0rd, I trust more on this open source "huge sploit" than closed source software that.... oh wait... uses network connection too .

Please don't try to difamate the competitors with stupid things when you didn't relase the source code of your tools.

Your tinfoil apps have more that we can talk, starting with the stolen name of the app and ending with piracy where you are reciving money, that it's the true reason because you develop the "NUT" support.

I don't waste time for now analyzing your stuff, but I'm sure that can show to you easy that it's a real huge sploits, on your NUT daemon and on your Tinfoil apps... network are always more unsafe that physical ways, so please think a bit before write without sense.

P.D: Please note that "texts" are ironic...

You've done nothing to address what was actually said. Both @blawar and @XorTroll make open-source pc applications. Goldtree allows write permission that can be exploited. Nut does not. @blawar argues that his closed source switch application could possibly affect the switch, but not the PC. It'd be nice if @Ev1l0rd could stop by and admit that they had a misunderstanding and is wrong.

 

[uyjulian]

If you are doing console hacking, security is the last thing you should be thinking about. Put your banking, crypto, pii, email, business, etc on one computer, and put the rest on another computer. If there is a security problem in a widely used software, there will be a CVE for it and it will be widely publicized, while if it is a rarely used software (like Nut or Goldtree), it won't be, and the person behind it would probably be gone, since in console hacking, old software is abandoned whenever the new console or tool comes out.

 

[Ev1l0rd]

It'd be nice if @Ev1l0rd could stop by and admit that they had a misunderstanding and is wrong.

Except I'm... not in the wrong?

Look, Goldtree listens for stuff on the USB port and responds to it accordingly. The only possible way this is an exploit is if you start plugging in random USB devices. The only reasonable thing to have plugged in while you have Goldtree running on your Nintendo Switch. I appreciate the supposed concern, but this entire attack vector is already realistically reduced to only Nintendo Switch devices since they're the only thing someone would have plugged in while Goldtree is running, meaning that this is only a security issue if you are a dumbass user who randomly plugs in devices or runs software they can't be assured is safe.

The reason I'm saying blawar is shooting himself in the foot by pointing this out is because he has a history of being... a fucking dickweed to developers because he doesn't like them and his main thing (DZ) has been affected before by this kind of behavior (the entire Kosmos bullshit) which comes hand in hand with this program not being open source, meaning nobody can safely verify if he's not doing this stuff or is planning to do so in the future.

Just about the only possible way for him to regain trust from me at this point is if he would FOSS DZ (not that he ever would) and anyone could examine the code to verify he didn't do something like this. Not that he ever would, because if several people are to be believed, he'd also be drowning in licensing violations from hactool and the original tinfoil.

Also, blawar responded whilst I was asleep, but when he's talking about "payload", he doesn't mean the thing you transfer to your Switch to make it boot. He's talking about a potential malicious program that could be executed to misuse Goldtree.

 

[blawar]

Except I'm... not in the wrong?

Look, Goldtree listens for stuff on the USB port and responds to it accordingly. The only possible way this is an exploit is if you start plugging in random USB devices. The only reasonable thing to have plugged in while you have Goldtree running on your Nintendo Switch. I appreciate the supposed concern, but this entire attack vector is already realistically reduced to only Nintendo Switch devices since they're the only thing someone would have plugged in while Goldtree is running, meaning that this is only a security issue if you are a dumbass user who randomly plugs in devices or runs software they can't be assured is safe.

The reason I'm saying blawar is shooting himself in the foot by pointing this out is because he has a history of being... a fucking dickweed to developers because he doesn't like them and his main thing (DZ) has been affected before by this kind of behavior (the entire Kosmos bullshit) which comes hand in hand with this program not being open source, meaning nobody can safely verify if he's not doing this stuff or is planning to do so in the future.

Just about the only possible way for him to regain trust from me at this point is if he would FOSS DZ (not that he ever would) and anyone could examine the code to verify he didn't do something like this. Not that he ever would, because if several people are to be believed, he'd also be drowning in licensing violations from hactool and the original tinfoil.

Also, blawar responded whilst I was asleep, but when he's talking about "payload", he doesn't mean the thing you transfer to your Switch to make it boot. He's talking about a potential malicious program that could be executed to misuse Goldtree.

The main issue is not a user plugging in a random device into the USB port (though that is still a security problem), the issue is any 3rd party could do it to gain near full unauthorized access to your system: think law enforcement, a nosey girlfriend, roomate or someone trying to steal data off of your machine and they know you run goldtree.

The other issue is that a nintendo switch is not a random device, and is the device most likely to be connected via USB. If I wanted to exploit this, I would write a program that replaces the goldleaf binary with a modified version with a malicious payload, then the next time they ran goldleaf while connected to PC, it would infect/attack their PC.