As if yesterday's emuiibo update was not enough, @XorTroll has also released a new version of his popular Nintendo Switch multi-tool and title installer! Goldleaf 0.6's biggest feature highlight is, without any doubt, a complete refactor of its USB install functionality: the old and limited one has been replaced with a fully-featured PC file browser. Instead of just sending a single NSP file over USB to your console, you will now be able to see a list of all the storage devices found on the computer running Goldtree - both internal (HDDs, SSDs, etc.) and external (microSDs, USB drives, ...). From there, you will be able to browse anywhere you like and choose whichever files you want to install!

Speaking of browsing, the file manager has also received two noteworthy quality of life improvements: you can now set a folder's archive bit easily (useful if your console's microSD has been formatted as FAT32 to make the Switch's OS treat its contents as a single file) as well as bulk install all NSPs found in a directory. Both options work globally so, yes, thanks to the previously mentioned PC browsing feature, bulk USB installs are now available!

Last, but not least, amiibo dumping is here too. It uses the same format introduced with emuiibo 0.3, making it a breeze to "virtualize" your real figures to use them in games without having to carry them around!

There have also been other smaller changes, like slightly faster NSP install times, skipping a title's required FW by default unless specifically changed in the config, automatically disabling sleep mode to prevent accidental interruptions and a built-in updater. If you want to know everything included in 0.6, you can read the changelog below:

(My god, it's been 4 months!)

• NSP installs:
  • As Goldleaf's internal filesystem handling has been completely remade, installs have been internally remade. This apparently results in slightly faster installs, at least in my case.
    
    
  • Now the user won't be asked to ignore required firmware version or not, as that can be configured on the config.
    
    
  • Sleep-mode is disabled now in order to avoid to interrupt installs.
    
    
  • Now all the NSPs inside a directory can be installed in a row (see below).
• USB installs:
  • USB installs have been improved into a new feature: remote PC browser!
    
    
  • Now you can directly browse your PC, plus any drives connected to it, as a regular filesystem, same as SD card or console memory.
    
    
  • It is also worth to mention that the new USB command system seems to be way, WAY more stable than any previous USB system in Goldleaf!
    
    
  • Anyway, always keep in mind that it might freeze or cause bugs with folders with tons of files.
• File systems:
  • Presenting the new, remade USB system: remote PC browsing!
    • Instead of a simple connection, it's a whole filesystem implementation over USB.
      
      
    • Browse your PC (Windows-only with Goldtree) directly from Goldleaf! Any extra drive inserted browsable by the PC will be browsable here.
      
      
    • Since USB drives' support (fsp-usb service in Atmosphere) is still being worked on, you can use this system with drives inserted in your PC in order to browse or install files from there.
  • Two simple, QoL features have been added to filesystems (to directories in this case): the option to install all NSPs within the directory, and the option to set the archive bit on it.
• UI
  • For now on, Goldleaf main color will continue to be golden, but the "secondary" color along with gold is going to be blue.
    
    
  • Therefore, both the icon and the main themes have been changed.
• Goldleaf auto-updating:
  • Now Goldleaf supports updating itself, since https was supported on dkP. (this means direct access to GitHub for version checking and asset downloading)
    
    
  • Nevertheless, now Goldleaf's NSP is a forwarder, what means that just by updating the NRO you will target Goldleaf from HOME menu as always.
    
    
  • You can even upgrade the installed version if you want to!
    
    
  • As you may suppose, this requires internet connection
• Amiibo dumping support
  • A new option has been added to the main menu, which adds support to dump real amiibos to be used with emuiibo.
    
    
  • Obviously, emuiibo 0.3 format is used. Please ensure you're also using the latest emuiibo version!

I know, it's been a while! Go grab it while it's hot!

EDIT: A bug has been found which affects USB NSP installs with a file size of 4 GB or higher. @XorTroll will work on a fix in 0.6.1 but he's unable to work on it now. As such, users with FAT32 cards are advised to keep using the old version until the fix is released.

EDIT 2: Goldleaf 0.6.1 has been released, which fixes the aforementioned bug as well as a few other minor issues and crashes.

EDIT 3: Goldleaf 0.7 has been released and it focuses on improvements and bug fixes over the previous versions. A few new features have also been included, like local account unlinking.

Source
GBAtemp thread

 

[altorn]

Whenever I try to make a USB connection with GoldTree, I am able to go to C:\, then down to directories, for example Downloads folder then GoldLeaf hangs. Then GoldTree is stuck with its regular logs, and I can't kill the process and have to wait for 15minutes. I have a new SSD which works great, and my Switch microSD is pretty fast too. Using Atmosphere 0.9.2 emuMMC 8.1.0. I would assume my USB cable has an issue but I tried Tinfoil+NUT and I am able to install NSP's via USB no problem except some crashes once in a while. I REALLY want to use GoldLeaf but this is the only thing stopping me. Any tips?

 

[uyjulian]

Whenever I try to make a USB connection with GoldTree, I am able to go to C:\, then down to directories, for example Downloads folder then GoldLeaf hangs. Then GoldTree is stuck with its regular logs, and I can't kill the process and have to wait for 15minutes. I have a new SSD which works great, and my Switch microSD is pretty fast too. Using Atmosphere 0.9.2 emuMMC 8.1.0. I would assume my USB cable has an issue but I tried Tinfoil+NUT and I am able to install NSP's via USB no problem except some crashes once in a while. I REALLY want to use GoldLeaf but this is the only thing stopping me. Any tips?

Check for non-ASCII filenames, and limit the number of files

 

[altorn]

Check for non-ASCII filenames, and limit the number of files

There is a "Desktop" shortcut in GoldLeaf's filebrowser. Maybe I should move all my NSP's onto there so GoldLeaf and GoldTree don't try to read a lot of crap? Ok I will give it a try when I get home. Thanks for the tip!

 

[tabzer]

Except I'm... not in the wrong?

Totally wrong. You keep talking about something that nobody else is. And then calling those imaginary points invalid. You want the argument to be about something that you can potentially discredit instead of trying to understand what's written.

Also, blawar responded whilst I was asleep

Yeah, for two days. Depression does that I guess.

 

[altorn]

you guys talk shit and point at goldtree like it's the worst. what blawar is describing can be TRUE FOR ANY APPLICATION. i swear i've heard his lectures in one of my networking/security classes back in university. and he's making it sound much worse than any other app/framework/platform.
if you can exploit goldtree via network, USB, etc. any other app running on the user's system is just as exploitable. it's just a matter of time. sure your tinfoil never exposes as many attack vectors at the moment, but who knows what will happen in the future? as long as you're connected to the internet, you're vulnerable. the malicious person just has to try harder.

what you should be doing is creating a thread or a post that makes users aware and protect themselves from potential attacks, not only against Goldtree. Tell them to use a VPN, virus/malware scanners, run things in a VM, do regular backups, whatever makes their system a little bit more secure. a lot of your users are kids who know nothing better, yet you're protesting like those vegans in front of a steakhouse.

 

[tabzer]

I have nothing against goldtree. I'm more curious about how it can be exploited as @blawar suggested as opposed to being angry about it.

Can the code to exploit it be implemented in a rogue nsp or bin file that triggers goldtree when loaded by it? Programs often serve specific functions, but if they become too much like an OS, then they could have more power than what is reasonable for their function.

Of course we are taking risks by installing anything really, but it would be foolish to ignore the points someone makes only because you don't like them.

 

[blawar]

you guys talk shit and point at goldtree like it's the worst. what blawar is describing can be TRUE FOR ANY APPLICATION. i swear i've heard his lectures in one of my networking/security classes back in university. and he's making it sound much worse than any other app/framework/platform.
if you can exploit goldtree via network, USB, etc. any other app running on the user's system is just as exploitable. it's just a matter of time. sure your tinfoil never exposes as many attack vectors at the moment, but who knows what will happen in the future? as long as you're connected to the internet, you're vulnerable. the malicious person just has to try harder.

what you should be doing is creating a thread or a post that makes users aware and protect themselves from potential attacks, not only against Goldtree. Tell them to use a VPN, virus/malware scanners, run things in a VM, do regular backups, whatever makes their system a little bit more secure. a lot of your users are kids who know nothing better, yet you're protesting like those vegans in front of a steakhouse.

With all due respect, you do not understand anything that is being said. I'm actually in awe that these thoughts actually passed through your brain AND you thought it a good idea to post them for everyone to see. Goldtree isnt being exploited, its doing exactly what ti was designed to do, and in the process exposing your PC to unauthorized access and exploitation. No other program I can think of makes this mistake (other than malware intentionallyy doing it). Goldtree is an unlocked backdoor into your PC.

 

[altorn]

With all due respect, you do not understand anything that is being said. I'm actually in awe that these thoughts actually passed through your brain AND you thought it a good idea to post them for everyone to see. Goldtree isnt being exploited, its doing exactly what ti was designed to do, and in the process exposing your PC to unauthorized access and exploitation. No other program I can think of makes this mistake (other than malware intentionallyy doing it). Goldtree is an unlocked backdoor into your PC.

And that's exactly the lecture I'm talking about.

I totally agree that Goldtree could not be intentionally performing an exploit but can have vulnerabilities that could give attackers exploits. But like I said, this can be true for every other app. Look at OwnCloud's client app, that lets you host and share your home network drive contents through the cloud. They had a vulnerability that let you do remote code execution. They fixed it, but it was a mistake like Goldtree has done. How about Windows' own RDP? Ransomware hackers were able to exploit it. Apps like this have dozens of vulnerabilities ranging from low to high risks. Who's to say none of these vulnerabilities can potentially let you have access to the physical hardware of the end user?

If you want to help, don't half-ass it and suggest ways for us end users to protect ourselves when dealing with junk coming from the internet.

 

[blawar]

And that's exactly the lecture I'm talking about.

I totally agree that Goldtree could not be intentionally performing an exploit but can have vulnerabilities that could give attackers exploits. But like I said, this can be true for every other app. Look at OwnCloud's client app, that lets you host and share your home network drive contents through the cloud. They had a vulnerability that let you do remote code execution. They fixed it, but it was a mistake like Goldtree has done. How about Windows' own RDP? Ransomware hackers were able to exploit it. Apps like this have dozens of vulnerabilities ranging from low to high risks. Who's to say none of these vulnerabilities can potentially let you have access to the physical hardware of the end user?

If you want to help, don't half-ass it and suggest ways for us end users to protect ourselves when dealing with junk coming from the internet.

I have already told @XorTroll how to fix it many times. At the very least, he needs to sandbox / whitelist directories, and I would highly recommend removing write access completely. However he is selling the "read and write everything" as a feature, when its really not, its an exploit waiting to happen.

I do not get the impression he really cares if goldleaf users get hacked due to his software.

 

[Ev1l0rd]

Totally wrong. You keep talking about something that nobody else is. And then calling those imaginary points invalid. You want the argument to be about something that you can potentially discredit instead of trying to understand what's written.




Yeah, for two days. Depression does that I guess.

Ever heard of timezones kiddo?

Contrary to what the lot of you might think, I have other priorities than dealing with idiots on GBATemp.

And I'm directly refuting his points, he just keeps up tossing the same bs about oversizing a problem that isn't really there because it relies on the user acting like a fucking moron whilst at the same time not addressing the point I've made before about this only hurting his trustworthiness.

But sure, enjoy living in your little bubble where blawar is the god of the Switch scene. If you're ever interested in leaving it, go ahead. Because he's the polar opposite.

 

[blawar]

Ever heard of timezones kiddo?

Contrary to what the lot of you might think, I have other priorities than dealing with idiots on GBATemp.

And I'm directly refuting his points, he just keeps up tossing the same bs about oversizing a problem that isn't really there because it relies on the user acting like a fucking moron whilst at the same time not addressing the point I've made before about this only hurting his trustworthiness.

But sure, enjoy living in your little bubble where blawar is the god of the Switch scene. If you're ever interested in leaving it, go ahead. Because he's the polar opposite.

You are deflecting the argument, my trustworthiness has nothing to do with goldtree's security issues.

relies on the user acting like a fucking moron

If you did not notice, for betetr or for worse this is the majority of the scene. Most people in the scene are not programmers, hackers, etc, they are normal people who do not know anything about security or the risks involved.

Goldleaf relying on the user to have knowledge of computer security that goldleaf's author himself does not posses is not realistic.

 

[Ev1l0rd]

If you did not notice, for betetr or for worse this is the majority of the scene. Most people in the scene are not programmers, hackers, etc, they are normal people who do not know anything about security or the risks involved.

I think the majority of people realize that if you start plugging in random devices or running random software, you're bound to shoot yourself in the foot.

 

[altorn]

I think the majority of people realize that if you start plugging in random devices or running random software, you're bound to shoot yourself in the foot.

as a developer, you're expected to assume every user is either an idiot or malicious.

 

[blawar]

I think the majority of people realize that if you start plugging in random devices or running random software, you're bound to shoot yourself in the foot.

You completely missed my argument. I am not saying the user will plug a random USB device into their PC, I am saying a malicious third party could do it, or hijack a homebrew app to do it for them since users are expected to connect their switch to it.

 

[tabzer]

Ever heard of timezones kiddo?

Contrary to what the lot of you might think, I have other priorities than dealing with idiots on GBATemp.

Don't be condescending with me. It's been a couple good days since you made a request to @blawar and he delivered for you. You didn't follow up so it seemed like you wised up. My bad. You are doubling down on being daft.

And I'm directly refuting his points

Like when? Like when you say his points are invalid because he works on proprietary software?

Or that one time where you wanted to pretend that tinfoil does the same thing as goldleaf?

Nut is tinfoil's gateway to a PC. Does Nut have write access?

Goldtree is Goldleaf's gateway to a PC. Does it have write access?

He literally spells it out for you, and you can't seem to decide which angle to take. Code isn't as emotional as your "argument" tends to be.

 

[uyjulian]

Anyone can write a homebrew app that emulates a keyboard, mouse, and MSD to automatically execute an executable on the connected computer.

You don't want random people plugging in stuff like USB killers into your computer? Time to get the epoxy out.

 

[tabzer]

I think the majority of people realize that if you start plugging in random devices or running random software, you're bound to shoot yourself in the foot.

Yep, yet somehow there's still stories, mass warnings, and outrage about it when it happens anyway.

 

[chaxelos]

selecting USB doesnt do anything it just stuck on that screen and freeze. im on reinx 8.0 any fix?

 

[Halo69]

Can someone explain to me what is the Goldleaf.nsp is???
(I know about the .nro and .exe but not the .nsp)

 

[Halo69]

Can someone explain to me what is the Goldleaf.nsp is???
(I know about the .nro and .exe but not the .nsp)

Update: nevermind i know what it is now