ROM Hack Discussion [ACNH] BCAT forging ?

Alree

Well-Known Member
OP
Member
Joined
Feb 18, 2019
Messages
264
Trophies
0
Age
54
XP
1,545
Country
France
ACNH 1.11.0a BCAT (31 Oct.) - Trigger Halloween 2021 (This BCAT is enabled when installed)


ACNH 1.10.0a BCAT (1st June) - Trigger June Bride 2021 (This BCAT is enabled when installed)


ACNH 1.9.0a BCAT (1st April) - Trigger Trees with Easter Egg and pre-Easter scipts


ACNH 1.9.0b BCAT (4th April)- Trigger Bunny Day


As usual 1.8.0a BCAT (1st March to trigger)






Well in fact BCAT are really easy to make.
Here what we have, and how you can create a BCAT.

First BCAT was like this:

Code:
{
"mFlagVer": 1,
"mRegion": "JP,AU,KHT,CN"
"mFlagId": 0,
"mFlagName": "BCAT_EventFlag_000",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

This was the first ever version of BCAT for ACNH, and this one is "region locked". So you will find 3 BCAT for Easter Event on for Oceania/Japan, another for USA, and finally one for Europe
What changed after that is mostly the version of BCAT.

MayDay was like this:
Code:
{
"mFlagVer": 2,
"mFlagId": 1,
"mFlagName": "BCAT_EventFlag_001",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

AS you see, "mFlagVer" increased to "2" and "mFlagId" to "1".
mFlagVer 2 doesn't need a "region to be specified so go on, we have a pattern

Museum Day, only change was "mFlagId" increased to 2 and BCAT name changed
Code:
{
"mFlagVer": 2,
"mFlagId": 2,
"mFlagName": "BCAT_EventFlag_002",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

Wedding ? change was "mFlagId" increased to 3 and BCAT name changed
Code:
{
"mFlagVer": 2,
"mFlagId": 3,
"mFlagName": "BCAT_EventFlag_003",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

So next step is, how does Switch could validate this files ? ... files.meta
This file is simple in fact, as already showed:

upload_2020-5-7_11-19-58-png.208092


So what we need to add at the end of this file is information from BACT files..
FileName .. not really difficult.
A random key, but it's in fact unused. so whatever you want and you'll see that "forged" BCAT didn't have same number here.
File Size here always 159 bytes
And the MD5 Hash of file "BCAT_EventFlag_00x" generated. who is Truncated and reverted..

Now, how I know there is a 1.2.1D and a 4th BCAT ?

well every BCAT supported by actual version is in "romfs/Bcsv/EventFlagsLandParam.bcsv"
when you open it... we have this BCAT 004 mentionned.. and this one trigger the 1.2.1D

View attachment 210874


--------------------- MERGED ---------------------------

just adding some information to make sure you didnt miss anything:

i noticed on museum day, everyone used a bcat to get them to 1.2.0b, but when i installed the bcat here, i had 1.2.0c. and museum day worked as expected. i did not time travel to the next event though.

https://github.com/agronomru/ACNH-BCATs/releases

i believe that is a dump from official but i could be wrong.

so in ur other post, you shared 1.2.0c and 1.2.0d that u forged (but i havent had a chance to compare the 1.2.0c from that github with your 1.2.0c).

hopefully this info will hopefully help with testing and theory crafting for future bcats.

Only real difference is the "Random Key" as I say, this is unused in fact.
So this is another forged wedding BCAT included in Museum BCAT that's why you have 1.2.1.C
So we just increased it, but we do not start with the same. That's the difference.
And this is the only spot where our BCAT could differ from those provided by Nintendo. Cause we don't know what the number is before official BCAT release.

View attachment 210873

We already know that:
BCAT_EventFlag_000 = Easter Egg Event
BCAT_EventFlag_001 = 1st May ( May Day Tour)
BCAT_EventFlag_002 = International Museum Day
BCAT_EventFlag_003 = June Wedding Opening Event
BCAT_EventFlag_004 = Weeding Seasons
BCAT_EventFlag_005 =
Christmas Preparation End
BCAT_EventFlag_006 = Christmas Eve

Lastest Forged BCAT Download (1.11.0a)
http://www.filedropper.com/acnhbcat111a

Every help accepted =)
 

Attachments

  • upload_2020-5-7_11-19-58.png
    upload_2020-5-7_11-19-58.png
    27.7 KB · Views: 2,326
  • 1.10.0A.zip
    6.1 KB · Views: 197
Last edited by Alree,

Alree

Well-Known Member
OP
Member
Joined
Feb 18, 2019
Messages
264
Trophies
0
Age
54
XP
1,545
Country
France
I saw that and even replied
But it doesn't say if it bypasses the BCAT test or if it creates the BCAT manually.
Assuming that it bypass TEST (what i call the Not User Friendly solution)
I already bypassed some check to leak MayDay maze but it's a pain to keep this way open at every patch.
I look for another way which will allow why not the creation of homebrew and share knowledge.
 

Mahesh

Well-Known Member
Member
Joined
May 1, 2020
Messages
130
Trophies
0
Age
43
XP
592
Country
United States
can you just update via local? it's one of the update versions to match, if the hacked is on d, maybe the legit one goes to it
 

Alree

Well-Known Member
OP
Member
Joined
Feb 18, 2019
Messages
264
Trophies
0
Age
54
XP
1,545
Country
France
no.. game version work this way, not BCAT.
Those flag need at least a faked connection to Nintendo Servers. That's why we inject them on banned switch
 

silvershadow

Well-Known Member
Member
Joined
May 16, 2006
Messages
433
Trophies
1
XP
2,458
Country
Canada
just adding some information to make sure you didnt miss anything:

i noticed on museum day, everyone used a bcat to get them to 1.2.0b, but when i installed the bcat here, i had 1.2.0c. and museum day worked as expected. i did not time travel to the next event though.

https://github.com/agronomru/ACNH-BCATs/releases

i believe that is a dump from official but i could be wrong.

so in ur other post, you shared 1.2.0c and 1.2.0d that u forged (but i havent had a chance to compare the 1.2.0c from that github with your 1.2.0c).

hopefully this info will hopefully help with testing and theory crafting for future bcats.
 

purechaos996

Well-Known Member
Member
Joined
Nov 5, 2008
Messages
797
Trophies
1
Age
30
Location
Connecticut
XP
2,311
Country
United States
Actually I'm able to create and inject fully functional Forged BCAT.
Now, I wonder how can we "spoof" Nintendo service trough DNS to inject them on a "non hacked" switch. Any idea ?

EY9g3p_XQAMI5KV


Have already do the whole upcoming event,
https://twitter.com/iAlree/status/1265240009587687424

but want to "enable" it event on Legit switch for testing purpose

Interesting. Have you documented the process on what you edited/forged. I'm surprised to see the items for all the events are in the game already, I would have guessed Nintendo would be locking those behind updates as well.
 

Alree

Well-Known Member
OP
Member
Joined
Feb 18, 2019
Messages
264
Trophies
0
Age
54
XP
1,545
Country
France
Well in fact BCAT are really easy to make.
Here what we have, and how you can create a BCAT.

First BCAT was like this:

Code:
{
"mFlagVer": 1,
"mRegion": "JP,AU,KHT,CN"
"mFlagId": 0,
"mFlagName": "BCAT_EventFlag_000",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

This was the first ever version of BCAT for ACNH, and this one is "region locked". So you will find 3 BCAT for Easter Event on for Oceania/Japan, another for USA, and finally one for Europe
What changed after that is mostly the version of BCAT.

MayDay was like this:
Code:
{
"mFlagVer": 2,
"mFlagId": 1,
"mFlagName": "BCAT_EventFlag_001",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

AS you see, "mFlagVer" increased to "2" and "mFlagId" to "1".
mFlagVer 2 doesn't need a "region to be specified so go on, we have a pattern

Museum Day, only change was "mFlagId" increased to 2 and BCAT name changed
Code:
{
"mFlagVer": 2,
"mFlagId": 2,
"mFlagName": "BCAT_EventFlag_002",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

Wedding ? change was "mFlagId" increased to 3 and BCAT name changed
Code:
{
"mFlagVer": 2,
"mFlagId": 3,
"mFlagName": "BCAT_EventFlag_003",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

So next step is, how does Switch could validate this files ? ... files.meta
This file is simple in fact, as already showed:

upload_2020-5-7_11-19-58-png.208092


So what we need to add at the end of this file is information from BACT files..
FileName .. not really difficult.
A random key, but it's in fact unused. so whatever you want and you'll see that "forged" BCAT didn't have same number here.
File Size here always 159 bytes
And the MD5 Hash of file "BCAT_EventFlag_00x" generated. who is Truncated and reverted..

Now, how I know there is a 1.2.1D and a 4th BCAT ?

well every BCAT supported by actual version is in "romfs/Bcsv/EventFlagsLandParam.bcsv"
when you open it... we have this BCAT 004 mentionned.. and this one trigger the 1.2.1D

upload_2020-5-27_21-24-23.png



--------------------- MERGED ---------------------------

just adding some information to make sure you didnt miss anything:

i noticed on museum day, everyone used a bcat to get them to 1.2.0b, but when i installed the bcat here, i had 1.2.0c. and museum day worked as expected. i did not time travel to the next event though.

https://github.com/agronomru/ACNH-BCATs/releases

i believe that is a dump from official but i could be wrong.

so in ur other post, you shared 1.2.0c and 1.2.0d that u forged (but i havent had a chance to compare the 1.2.0c from that github with your 1.2.0c).

hopefully this info will hopefully help with testing and theory crafting for future bcats.

Only real difference is the "Random Key" as I say, this is unused in fact.
So this is another forged wedding BCAT included in Museum BCAT that's why you have 1.2.1.C
So we just increased it, but we do not start with the same. That's the difference.
And this is the only spot where our BCAT could differ from those provided by Nintendo. Cause we don't know what the number is before official BCAT release.

upload_2020-5-27_21-17-50.png
 
Last edited by Alree,

purechaos996

Well-Known Member
Member
Joined
Nov 5, 2008
Messages
797
Trophies
1
Age
30
Location
Connecticut
XP
2,311
Country
United States
Well in fact BCAT are really easy to make.
Here what we have, and how you can create a BCAT.

First BCAT was like this:

Code:
{
"mFlagVer": 1,
"mRegion": "JP,AU,KHT,CN"
"mFlagId": 0,
"mFlagName": "BCAT_EventFlag_000",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

This was the first ever version of BCAT for ACNH, and this one is "region locked". So you will find 3 BCAT for Easter Event on for Oceania/Japan, another for USA, and finally one for Europe
What changed after that is mostly the version of BCAT.

MayDay was like this:
Code:
{
"mFlagVer": 2,
"mFlagId": 1,
"mFlagName": "BCAT_EventFlag_001",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

AS you see, "mFlagVer" increased to "2" and "mFlagId" to "1".
mFlagVer 2 doesn't need a "region to be specified so go on, we have a pattern

Museum Day, only change was "mFlagId" increased to 2 and BCAT name changed
Code:
{
"mFlagVer": 2,
"mFlagId": 2,
"mFlagName": "BCAT_EventFlag_002",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

Wedding ? change was "mFlagId" increased to 3 and BCAT name changed
Code:
{
"mFlagVer": 2,
"mFlagId": 3,
"mFlagName": "BCAT_EventFlag_003",
"mStartDateTime": "1999-12-31T00:00:00",
"mEndDateTime": "2061-01-01T23:59:59",
"mIsUseNetworkTime": false,
"mIsUseNetworkTimeZone": false
}

So next step is, how does Switch could validate this files ? ... files.meta
This file is simple in fact, as already showed:

upload_2020-5-7_11-19-58-png.208092


So what we need to add at the end of this file is information from BACT files..
FileName .. not really difficult.
A random key, but it's in fact unused. so whatever you want and you'll see that "forged" BCAT didn't have same number here.
File Size here always 159 bytes
And the MD5 Hash of file "BCAT_EventFlag_00x" generated. who is Truncated and reverted..

Now, how I know there is a 1.2.1D and a 4th BCAT ?

well every BCAT supported by actual version is in "romfs/Bcsv/EventFlagsLandParam.bcsv"
when you open it... we have this BCAT 004 mentionned.. and this one trigger the 1.2.1D

View attachment 210874


--------------------- MERGED ---------------------------



Only real difference is the "Random Key" as I say, this is unused in fact.
So this is another forged wedding BCAT included in Museum BCAT that's why you have 1.2.1.C
So we just increased it, but we do not start with the same. That's the difference.
And this is the only spot where our BCAT could differ from those provided by Nintendo. Cause we don't know what the number is before official BCAT release.

View attachment 210873
Great explanation, I'm assuming Nintendo is going to update the BCSV file in a future patch for more events. Glad I understand how this all works and where to look in the future. Thanks.
 

Dayfid

Well-Known Member
Member
Joined
Apr 19, 2014
Messages
222
Trophies
0
Age
28
XP
607
Country
Canada
Great explanation, I'm assuming Nintendo is going to update the BCSV file in a future patch for more events. Glad I understand how this all works and where to look in the future. Thanks.
I assume they'll also update and actually make use of the "random ID" within the files to verify legit bcat files. So that'll mean either ending forged bcat files for ACNH or they'll be harder to make. : - )
 

Alree

Well-Known Member
OP
Member
Joined
Feb 18, 2019
Messages
264
Trophies
0
Age
54
XP
1,545
Country
France
I assume they'll also update and actually make use of the "random ID" within the files to verify legit bcat files. So that'll mean either ending forged bcat files for ACNH or they'll be harder to make. : - )
If they do this, they will be be stuck in another problem.
ANCH is not the only one game who use BCAT flag and BCAT are console wide.
So this will be part of Fw update.. and I'm still in 9.1.. They cannot force anyone to update console fw

Btw is still possible to "bypass" integrity check with IPS patch or EDIZON Code.
And this way should not be blocked. At the end Hacking scene always win

Nintendo should Know that everything is studied. but they change nothing: https://switchbrew.org/wiki/BCAT_services
 
Last edited by Alree,
  • Like
Reactions: Dayfid

Dayfid

Well-Known Member
Member
Joined
Apr 19, 2014
Messages
222
Trophies
0
Age
28
XP
607
Country
Canada
If they do this, they will be be stuck in another problem.
ANCH is not the only one game who use BCAT flag and BCAT are console wide.
So this will be part of Fw update.. and I'm still in 9.1.. They cannot force anyone to update console fw

Btw is still possible to "bypass" integrity check with IPS patch or EDIZON Code.
And this way should not be blocked. At the end Hacking scene always win

Nintendo should Know that everything is studied. but they change nothing: https://switchbrew.org/wiki/BCAT_services

Okay, that's good to know and I was hoping there would be a way around it with patches. Wait so the random ID isn't used in ANY game? I thought they were just being stupid and not using it with ACNH.
 

Alree

Well-Known Member
OP
Member
Joined
Feb 18, 2019
Messages
264
Trophies
0
Age
54
XP
1,545
Country
France
Okay, that's good to know and I was hoping there would be a way around it with patches. Wait so the random ID isn't used in ANY game? I thought they were just being stupid and not using it with ACNH.
Even if it was used in future. Switch and Game should have a "backward" compatibility to use BCAT prior to this patch.. so not really an issue. Just some work to know how that's works and relaunch the Cat-Mouse chasing game
 
  • Like
Reactions: Dayfid
D

Deleted User

Guest
is it a ban risk to install a bcat early on an online switch?
say next bcat comes and its released 5 days early. if i install it is it a huge ban risk?

--------------------- MERGED ---------------------------

So what we need to add at the end of this file is information from BACT files..
FileName .. not really difficult.
A random key, but it's in fact unused. so whatever you want and you'll see that "forged" BCAT didn't have same number here.
File Size here always 159 bytes
And the MD5 Hash of file "BCAT_EventFlag_00x" generated. who is Truncated and reverted..
by this, do you mean, just put anything in the reandom key and itll worK?
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • LeoTCK @ LeoTCK:
    dammit that thread got moved from offtopic to edge, well since that happened
  • Xdqwerty @ Xdqwerty:
    @LeoTCK, atleast it's still avaliable
  • LeoTCK @ LeoTCK:
    yes but it wasn't meant to be a comedy thread
  • LeoTCK @ LeoTCK:
    and edge of the forum is mostly comedy and games
  • LeoTCK @ LeoTCK:
    so I don't get why it got moved at all
  • Xdqwerty @ Xdqwerty:
    @LeoTCK, mods are probably hating you
  • LeoTCK @ LeoTCK:
    on most sites mods hated me, sooner or later, but usually over time I get either banned or the mods get used to me
  • LeoTCK @ LeoTCK:
    sometimes to the point of thanking me for my quick actions etc against spam and other stuff, but yea...its either they come to respect me or outright hate me
    +1
  • BigOnYa @ BigOnYa:
    If it's not game related, it will be moved to the Egde of the forum. Mods have moved a few of my threads also.
  • Xdqwerty @ Xdqwerty:
    @BigOnYa, it was in the off topic chat forum
  • BigOnYa @ BigOnYa:
    Well atleast they didn't delete it completely.
  • LeoTCK @ LeoTCK:
    hmm
  • Xdqwerty @ Xdqwerty:
    uoiea
  • LeoTCK @ LeoTCK:
    huh?
  • Xdqwerty @ Xdqwerty:
    Aeiou backwards
  • BigOnYa @ BigOnYa:
    ?tuw
  • Xdqwerty @ Xdqwerty:
    yltcaxE
    +1
  • AncientBoi @ AncientBoi:
    ¡¡¡ tttoN
  • Xdqwerty @ Xdqwerty:
    ssssey ioBtneicnA@
    +1
  • AncientBoi @ AncientBoi:
    :angry: ¡¡¡¡¡ oooooooooooooooooooooooN
  • Xdqwerty @ Xdqwerty:
    ?draeh ton uoy evaH
  • AncientBoi @ AncientBoi:
    Gives you "The 🖕 BIRD" :tpi::rofl2::rofl2::rofl2:
    AncientBoi @ AncientBoi: Gives you "The 🖕 BIRD" :tpi::rofl2::rofl2::rofl2: