Tutorial  Updated

How to remove fake tickets from NSP file ("Standard crypto" equivalent) [Ban Risk Mitigation]

Hello everyone!

Since both Tinfoil and SX Installer now (finally) support Standard Crypto Conversion natively, the method described in this thread no longer serves any practical purpose.
The method is still fully functional (using Nut 1.2, as it was gutted of most of its features after that), so have a go at it for educational purposes if you desire to do so.

We had hell of a good run! This method was the gold standard of not getting your Switch banned after installing NSPs for more than a year.
But mainstream adoption has always been the desired outcome, and I'm proud to say it has been achieved!

Stay safe out there, block Big-N's telemetry servers on your router, and have a good time gaming!


PsychOsmosis





______________________

Hello everyone!

It is widely thought that going online after installing a NSP with a fake ticket leads to an almost inevitable ban.

Some people have been bragging on the forum that they use a private method (using the SDK) to reencrypt the NSP file with "standard crypto" (like the XCI/cartridge games) instead of the "ticket rights" usually used for eShop titles.
Detailed below is a method to modify a NSP file by removing the fake title rights, rewriting the header to no longer use the ticket, and finally deleting the fake ticket, therefore leading to a theoretically reduced risk of ban, as your console will no longer have a fake ticket in its ticket blob and your installed eShop titles will no longer have a rights-ID that doesn't match your console ID. This method leads to the creation of a NSP file that is practically equivalent to one that as been repacked using "standard crypto" (which is a bit misleading in its own right as NSP files are not encrypted).


DO NOT USE THIS GUIDE IF YOU ABSOLUTELY DON'T WANT TO GET BANNED!
THERE IS NO GUARANTEE THIS WILL PREVENT YOU FROM BEING BANNED!
THIS METHOD LEADS TO A THEORETICAL REDUCTION OF THE BAN RISK!


This method should be used in conjunction with other ban risk reduction methods, such as disabling telemetry (EU) / blocking the telemetry servers in your router hosts file (EU citizens should do BOTH), using a whitelist-based custom DNS/firewall configuration, using creport (for people not on SXOS) and/or using Stealth Mode (for people on SXOS, because we don't have access to creport... :()


This guide is based on the awesome script "nut" by Blawar!
Without him, this method would not exist!!


I added a guide on how to block the telemetry (and other harmful) servers in post #10 below!!


Game updates NSP files should NOT be processed using this method if you apply the update on a XCI game (cartridge dump)!
The tickets in an update are actually 100% legit and are neither console-specific or account-specific!


If you have processed the base game NSP file (using this method) on which you want to apply the update to, it is debatable if you should process the update as well or not.
The creator of CDNSP believes you should not, while I think it might raise some red flags if you install an update with tickets on a game for which there is no ticket in your console's ticket blob.
Please be aware of this information and proceed as you see fit.




Update (October 22, 2018) :

The script no longer works when applied to DLCs as of 6.0.1 (and probably 6.0.0)! It still works on base games though!!
This is due to the anti-piracy measures implemented by Big-N in this firmware version.

Since DLCs always come from the eShop, and therefore always come with a ticket, there is some kind of online check made when you try to run a game after installing a ticketless DLC for it.
Furthermore, it seems that the check is made using one of the few servers I actually whitelist (game update server maybe?).

I still have to try applying the script on an update to see if it works in this case. I will update you guys when I've done so.




Prerequisites :

- Download nut from github (https://github.com/blawar/nut/) by using the "Clone or download" green button and choosing "Download as ZIP". Extract the ZIP archive.

- LOOK AT THE REQUIREMENTS FOR NUT ON THE GITHUB PAGE. You need to have Python3 installed, then you use pip to install some modules :
pip3 install colorama pyopenssl requests tqdm unidecode image bs4 urllib3 flask pyqt5

In my case, I had to update pip before I could install the other modules :
py -m pip install --upgrade pip

If you try to run it and you get a Python error that's due to a missing module, it should display the name of the module in the error log on the command line interface window.
If the command line window shuts down before you can read, read the troubleshooting part below in red, it will help you reading the error message.
Just run "pip3 install MODULE_NAME" as you did with the other modules above.

Configure your nut.conf (in the "conf" folder). In my case, I just disabled (set to false) the first four settings of the "download" section of "nut.default.conf".

- A copy of your Switch keys. If you don't have them, you need to find them on your own on the interwebs or extract them from your console. There are guides for that. The file must be named "keys.txt" and be located in the (incredibly funny default-named) "nut-master" folder you extracted from the ZIP.

- A game in the NSP file format. Place it in the nut-master folder. The file can be a scene release or a game obtained from the CDN. You CAN use nut to download games from the CDN, but I personally don't know how and this is not a "CDN download tutorial".

- Hactool should be updated to the latest release (1.2.0) in the bin subfolder of nut-master in order to support NSP packages containing > 15 files!



NOW AUTOMATED IN A BATCH FILE!! :toot:
Code updated: October 16, 2018.
Confirmed working with firmwares up to 6.2.0 (on any CFW that supports installing unsigned NSPs)!!


You still need the prerequisites listed above though. There's no way around that! ;)


Your .NSP must be located in the nut-master folder AND must contain the TitleID in the filename so nut can use it to rewrite the header of the .NCA!!

Well, the code just got a fair bit prettier thanks to
Bigjokker with two simple but brilliant variable changes!
Now, after placing the .NSP and the batch file in the nut-master folder, just drag & drop the .NSP onto the batch file and voilà, it does its magic!!

You should see the ASCII squirrel a total of three times in the command line window, but it does not necessarily mean it worked if you see this!
In your nut-master folder, a folder with the same name as your NSP will be created, the NSP will be deleted and a new NSP will be created (about 2.5 kilobytes smaller than the original, compare with a backup of the original!!).

If the behavior of the script is any different, IT DIDN'T WORK!!

Even if all of the above is true, it might not have worked!! If the first part fails, you will still have a modified NSP 2.5 kilobytes smaller than the original (but it will crash at launch and send a dirty error log to Big-N)!

You can verify if it works by removing the "REM " at the three instances where there is a "REM pause" in the code, so it says "pause" instead.

By doing this, the script will pause after every step (prompting you to press a key to continue) so you can see if there was a nut / Python3 / Windows CLI related error!
You can also remove the @Echo off if you're having issues but the script doesn't show any error to make troubleshooting easier for us.

EVERYBODY SHOULD DO THIS AT LEAST ONCE TO MAKE SURE NUT AND PYTHON ARE PROPERLY CONFIGURED!!!
If everything works as it should, you can revert back the script to its original form to re-automate the three steps together.


Code:
@echo off
SET "nutpy=%~dp0"
SET "filenam=%~n1"
if EXIST "%nutpy%%filenam%\" rmdir /s /q "%nutpy%%filenam%"
if NOT EXIST "%nutpy%backup\" mkdir "%nutpy%backup"
if NOT EXIST "%nutpy%backup\%filenam%.nsp" copy /v "%nutpy%%filenam%.nsp" "%nutpy%backup\%filenam%.nsp"
cd /d "C:\Windows"
py.exe "%nutpy%nut.py" --remove-title-rights "%filenam%.nsp"
REM pause
py.exe "%nutpy%nut.py" -x "%filenam%.nsp"
REM pause
cd /d "%nutpy%%filenam%"
del *.tik
del *.cert
cd /d "%nutpy%"
del "%filenam%.nsp"
cd /d "%nutpy%%filenam%"
set /a n=0
setlocal ENABLEDELAYEDEXPANSION
for %%i in (*) do (
    set /a n=n+1
    set files!n!=%%i
)
if !n! == 2 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%"
)
if !n! == 3 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%"
)
if !n! == 4 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%"
)
if !n! == 5 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%"
)
if !n! == 6 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%"
)
if !n! == 7 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%"
)
if !n! == 8 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%"
)
if !n! == 9 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%"
)
if !n! == 10 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%"
)
if !n! == 11 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%"
)
if !n! == 12 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%"
)
if !n! == 13 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%"
)
if !n! == 14 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%"
)
if !n! == 15 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%"
)
if !n! == 16 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%" "%nutpy%%filenam%\%files16%"
)
if !n! == 17 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%" "%nutpy%%filenam%\%files16%" "%nutpy%%filenam%\%files17%"
)
if !n! == 18 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%" "%nutpy%%filenam%\%files16%" "%nutpy%%filenam%\%files17%" "%nutpy%%filenam%\%files18%"
)
if !n! == 19 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%" "%nutpy%%filenam%\%files16%" "%nutpy%%filenam%\%files17%" "%nutpy%%filenam%\%files18%" "%nutpy%%filenam%\%files19%"
)
if !n! == 20 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%" "%nutpy%%filenam%\%files16%" "%nutpy%%filenam%\%files17%" "%nutpy%%filenam%\%files18%" "%nutpy%%filenam%\%files19%" "%nutpy%%filenam%\%files20%"
)
if !n! == 21 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%" "%nutpy%%filenam%\%files16%" "%nutpy%%filenam%\%files17%" "%nutpy%%filenam%\%files18%" "%nutpy%%filenam%\%files19%" "%nutpy%%filenam%\%files20%"  "%nutpy%%filenam%\%files21%"
)
if !n! == 22 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%" "%nutpy%%filenam%\%files16%" "%nutpy%%filenam%\%files17%" "%nutpy%%filenam%\%files18%" "%nutpy%%filenam%\%files19%" "%nutpy%%filenam%\%files20%"  "%nutpy%%filenam%\%files21%"  "%nutpy%%filenam%\%files22%"
)
if !n! == 23 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%" "%nutpy%%filenam%\%files16%" "%nutpy%%filenam%\%files17%" "%nutpy%%filenam%\%files18%" "%nutpy%%filenam%\%files19%" "%nutpy%%filenam%\%files20%"  "%nutpy%%filenam%\%files21%"  "%nutpy%%filenam%\%files22%"  "%nutpy%%filenam%\%files23%"
)
if !n! == 24 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%" "%nutpy%%filenam%\%files16%" "%nutpy%%filenam%\%files17%" "%nutpy%%filenam%\%files18%" "%nutpy%%filenam%\%files19%" "%nutpy%%filenam%\%files20%" "%nutpy%%filenam%\%files21%"  "%nutpy%%filenam%\%files22%"  "%nutpy%%filenam%\%files23%" "%nutpy%%filenam%\%files24%"
)
if !n! == 25 (
    "C:\Windows\py.exe" "%nutpy%nut.py" -c "%filenam%.nsp" "%nutpy%%filenam%\%files1%" "%nutpy%%filenam%\%files2%" "%nutpy%%filenam%\%files3%" "%nutpy%%filenam%\%files4%" "%nutpy%%filenam%\%files5%" "%nutpy%%filenam%\%files6%" "%nutpy%%filenam%\%files7%" "%nutpy%%filenam%\%files8%" "%nutpy%%filenam%\%files9%" "%nutpy%%filenam%\%files10%" "%nutpy%%filenam%\%files11%" "%nutpy%%filenam%\%files12%" "%nutpy%%filenam%\%files13%" "%nutpy%%filenam%\%files14%" "%nutpy%%filenam%\%files15%" "%nutpy%%filenam%\%files16%" "%nutpy%%filenam%\%files17%" "%nutpy%%filenam%\%files18%" "%nutpy%%filenam%\%files19%" "%nutpy%%filenam%\%files20%" "%nutpy%%filenam%\%files21%"  "%nutpy%%filenam%\%files22%"  "%nutpy%%filenam%\%files23%" "%nutpy%%filenam%\%files24%" "%nutpy%%filenam%\%files25%"
)
endlocal
REM pause



Troubleshooting script :


If you're having issues and want our help, run the following script on your NSP BEFORE AND AFTER running the method described above and provide us with the information this script displays.


Code:
@echo off
SET "nutpy=%~dp0"
SET "filenam=%~n1"
py.exe "%nutpy%nut.py" -i "%filenam%.nsp"
pause



Batch processing :


If you have a bunch of NSP files in a folder and some of them don't have the TitleKey in the filename, I understand that it would be a pain to process them one by one using the batch file (even though it takes only 2 seconds per file).

If you are in this situation, @Bigjokker has made another batch file that will process every NSP in a folder, even if the TitleKey is not in the filename!!

The code of his batch file is a bit above my skill level, so I cannot vouch 100% for it (since I understand about 85% of it), but the code looks fine and I trust the guy.
For the same reason, I cannot troubleshoot your issues and modify the code accordingly, so if you use his batch processing batch file (it might not be the most elegant way to call it, but it is what it is! :lol:), you'll have to see with him if you have problems with it.
You might want to test your setup of Python3 and nut with my batch file first (to see if everything works properly) since it has been tested by more people since its release and then switch to @Bigjokker 's batch file if all goes well.

Here'a a link to his post where you can download his file!




Manual Method :

No longer kept up to date, but it should still work if you don't want to use the above script for whatever reason.

- Copy your NSP file in the "nut-master" folder.

- (OPTIONAL) Use the following command to pull the info of your NSP file. This is not required as it's only used to compare your file before and after the two "main steps" of this method.
nut.py -i "YOUR_GAME [TITLEKEY][vX].nsp"
In my case, on Windows 10, I had to use the following command to access nut.py using python. So, if you have problems getting nut.py to run, try this for each and every command in this guide :
cd C:\PYTHON3_INSTALL_FOLDER
python "C:\WHERE_YOU_EXTRACTED\nut-master\nut.py" -i "YOUR_GAME [TITLEKEY][vX].nsp"

In the info dump provided by nut, you can see a ticket file (in which the rightsId is not related to your console-id), a few NCA files, a CERT file and a XML file.
If you install the NSP as is, this ticket gets imported in your console's ticket blob and when it sends its telemetry to Big-N, you get banned!!
The "main NCA file" (the one with the largest file size, AKA "the game") also has a rightsId which doesn't match your console, which could also lead to a ban if you launch the game and then connect to the internet.
You can see that the smaller NCA files have their rightsID set to 0, as they are "unprotected" because they are not important enough to protect.

- Run the following command to set the value of these rightsId to 0.
nut.py --remove-title-rights "YOUR_GAME [TITLEKEY][vX].nsp"

- (OPTIONAL) Then, if you run the "info" command again, you should see that the ticket is still there, but the instances where you had fake rightsId are set to 0 (as they are in the other NCA files, so it should theoretically be considered "unprotected" by the console).

- Now we need to remove this evil ticket to prevent it from being imported in our precious ticket blob. Let's start by unpacking the NSP.
nut.py -x "YOUR_GAME [TITLEKEY][vX].nsp"

A folder is then created with all the files of the NSP inside.

- DELETE (OR MOVE AWAY) THE NSP FROM YOUR nut-master FOLDER!!

- Navigate to that folder, and delete the ticket file "WHATEVER.TIK".

- Then, we repack the NSP without this ticket :
nut.py -c "YOUR_GAME [TITLEKEY][vX].nsp" "C:\WHERE_YOU_EXTRACTED\nut-master\YOUR_GAME [TITLEKEY][vX]\*.*"

For some reason, in my case, this command didn't work. It seems that, in some instances on Windows, Python3 shits the bed when using wildcards. But for Blawar, also on Windows 10, it works perfectly. Go figure.

If this happens to you, use the following command instead (it's incredibly long and tedious to input, but I didn't find another way to make it work) :
nut.py -c "YOUR_GAME [TITLEKEY][vX].nsp" "C:\WHERE_YOU_EXTRACTED\nut-master\YOUR_GAME [TITLEKEY][vX]\FILE1.cert" "C:\WHERE_YOU_EXTRACTED\nut-master\YOUR_GAME [TITLEKEY][vX]\FILE2.nca" "C:\WHERE_YOU_EXTRACTED\nut-master\YOUR_GAME [TITLEKEY][vX]\FILE3.nca" ............. "C:\WHERE_YOU_EXTRACTED\nut-master\YOUR_GAME [TITLEKEY][vX]\LAST_FILE.xml"

YOU MUST DO THIS WITH EVERY FILE (apart from the deleted ticket) IN THE FOLDER IN A SINGLE COMMAND!

- There you go, it's done. You can run the "info" command again and you should see that the ticket (along with the rightsID) is no more.
The final file size should be about 768 bytes smaller than the initial file size.



This has been tested with SXOS and it works flawlessly. The games install and run just fine.
You also need to follow the same procedure for the NSP updates you want to install.

Thanks again Blawar for your incredible tool and all the help you gave me!!
 
Last edited by PsychOsmosis,

mike087

Well-Known Member
Member
Joined
Jan 6, 2017
Messages
214
Trophies
0
Age
39
XP
1,238
Country
Ecuador
It's a Huawei right? It's indeed the right option. You don't need the 127.0.0.1 since it's not a hosts file (it's an interface that manages the hosts file, it will add it by itself).
I did a bit of googling and it seems Priority is only useful if multiple rules apply to know which rule gets priority over the others. So just start with the worst servers (telemetry) with priority 1 and then the next one is 2, etc.
Status should be enabled so the rule is applied.

Depending on the model there is also an "action" setting (or something similar) that lets you choose allow, deny or reject. If so, choose reject.
If there is no such setting to choose, my understanding is that every rule you add is automatically a "reject" rule. So with the URL sun.hac.lp1.d4c.nintendo.net , the priority 1 and the status Enabled , it should work as intended.

Of course, if there is a way for you to test that it's working without putting your console at risk, that would be your best bet.
Maybe try pinging the url from a PC on your network (if you know how) before applying the rule and after so you know if it works.

Personally, I just tried to access the eShop on Horizon. If it works before you apply the rules and then afterwards it doesn't work, you're all set!

PS. If it doesn't work and you did everything right (and there was no "action" field), then maybe, just maybe, there is a problem with the translation (as it is a chinese company after all) and status "enable" means "allow" and "disable" means "deny/reject". Although I wouldn't bet on that since having a toggle to enable or disable firewall rules is pretty commonplace in router web interfaces!
Yes, is a huawei. So adding this two urls: sun.hac.lp1.d4c.nintendo.net, beach.hac.lp1.eshop.nintendo.net just to block telemetry, i can still acces eshop, update my original games and play online with my original games right?
 

PsychOsmosis

Well-Known Member
OP
Newcomer
Joined
Jan 18, 2016
Messages
99
Trophies
0
XP
592
Country
Canada
Yes, is a huawei. So adding this two urls: sun.hac.lp1.d4c.nintendo.net, beach.hac.lp1.eshop.nintendo.net just to block telemetry, i can still acces eshop, update my original games and play online with my original games right?

Yup, those two are just the bad stuff (ie. sending your usage info to Big-N). I directly block those in the hosts file, so nobody on my network (including my non-hacked Switch) can access them, and that causes no issue whatsoever.

EDIT: I would still try pinging from your phone though, to see if it's indeed applied correctly!
EDIT2: I just remembered I initially used PingTools on Android to verify if the telemetry servers were indeed blocked and it worked very well for that purpose!
EDIT3: Make sure your phone in connected to the wifi network before doing so, and that no VPN is enabled on it. If it's successfully blocked, it should say that it couldn't ping the server.

--------------------- MERGED ---------------------------

Pray tell me, if blocking all those nintendo addresses, won't your console be prevented to connect to any online service?
If so, just remove your Wifi connection from the console and that's it. Disable all options all you want then.
Of course, if there's any online service still functioning and worth having connected, please share.

I know, you want to use FTP to your console. Besides that.

Apart from FTP (which I use exclusively to push games and updates to my console), I still allow the following :
- Game update servers --> so I can update my legit / XCI games using the Big-N servers
- Homebrew with web access --> there's a few homebrew that have a "download updated list" option and there's the Homebrew Appstore that also works
- LAN multiplayer between my hacked console and legit console

So in my case, disabling the WiFi connection is not an option. Of course, to each their own!
 
Last edited by PsychOsmosis,

eyeliner

Has an itch needing to be scratched.
Member
Joined
Feb 17, 2006
Messages
2,894
Trophies
2
Age
44
XP
5,563
Country
Portugal
Yup, those two are just the bad stuff (ie. sending your usage info to Big-N). I directly block those in the hosts file, so nobody on my network (including my non-hacked Switch) can access them, and that causes no issue whatsoever.

EDIT: I would still try pinging from your phone though, to see if it's indeed applied correctly!
EDIT2: I just remembered I initially used PingTools on Android to verify if the telemetry servers were indeed blocked and it worked very well for that purpose!
EDIT3: Make sure your phone in connected to the wifi network before doing so, and that no VPN is enabled on it. If it's successfully blocked, it should say that it couldn't ping the server.

--------------------- MERGED ---------------------------



Apart from FTP (which I use exclusively to push games and updates on my console), I still allow the following :
- Game update servers --> so I can update my legit / XCI games using the Big-N servers
- Homebrew with web access --> there's a few homebrew that have a "download updated list" option and there's the Homebrew Appstore that also works
- LAN multiplier between my hacked console and legit console

So in my case, disabling the WiFi connection is not an option. Of course, to each their own!
Thank you, young grasshopper. You have shared much useful information that I shall not make use of. Methinks that such an effort is in vain.
 
  • Like
Reactions: PsychOsmosis

Chocola

GBAtemp Meowgular
Member
Joined
Sep 18, 2018
Messages
379
Trophies
0
Age
32
Location
Neko Paradise
XP
723
Country
Korea, South
Yup, those two are just the bad stuff (ie. sending your usage info to Big-N). I directly block those in the hosts file, so nobody on my network (including my non-hacked Switch) can access them, and that causes no issue whatsoever.

EDIT: I would still try pinging from your phone though, to see if it's indeed applied correctly!
EDIT2: I just remembered I initially used PingTools on Android to verify if the telemetry servers were indeed blocked and it worked very well for that purpose!
EDIT3: Make sure your phone in connected to the wifi network before doing so, and that no VPN is enabled on it. If it's successfully blocked, it should say that it couldn't ping the server.

--------------------- MERGED ---------------------------



Apart from FTP (which I use exclusively to push games and updates on my console), I still allow the following :
- Game update servers --> so I can update my legit / XCI games using the Big-N servers
- Homebrew with web access --> there's a few homebrew that have a "download updated list" option and there's the Homebrew Appstore that also works
- LAN multiplier between my hacked console and legit console

So in my case, disabling the WiFi connection is not an option. Of course, to each their own!

This can be dangerous, N can add more hosts on the firmware (but don't use it for now, so they are unknown for now) or use hardcoded IP address to bypass the router filters.

I think that the better solution are a hook with a CFW patch on telemetry system and block specific telemetry before send it, atmosphere it's working on something like it if I remember fine.
 
Last edited by Chocola,

PsychOsmosis

Well-Known Member
OP
Newcomer
Joined
Jan 18, 2016
Messages
99
Trophies
0
XP
592
Country
Canada
This can be dangerous, N can add more hosts on the firmware (but don't use it for now, so they are unknown for now) or use hardcoded IP address to bypass the router filters.

I think that the better solution are a hook with a CFW patch on telemetry system and block specific telemetry before send it, atmosphere it's working on something like it if I remember fine.

Well obviously that's the better way, but in the meantime, this is an easy thing to do and is obviously way better than being online without protection.

Personally, I use whitelisted IP addresses for my hacked console, so even if they add more hosts or use hardcoded IPs, I'm covered as I only allow what I want to allow.
But I understand whitelisted IPs are not necessarily easy to achieve and/or wanted by most people so that's why I explained how to block the telemetry when I was asked to.

EDIT: And actually, now that I think about it, there is absolutely no reason for anyone not to block those two hosts, as they are SOLELY used for telemetry and this can be used in conjunction with every other method of ban risk reduction!
There is nothing dangerous about doing this. What is dangerous though, is believing that you are protected against being banned when you do so. It's that thinking that will lead to a ban!
 
Last edited by PsychOsmosis,

mike087

Well-Known Member
Member
Joined
Jan 6, 2017
Messages
214
Trophies
0
Age
39
XP
1,238
Country
Ecuador
Yup, those two are just the bad stuff (ie. sending your usage info to Big-N). I directly block those in the hosts file, so nobody on my network (including my non-hacked Switch) can access them, and that causes no issue whatsoever.

EDIT: I would still try pinging from your phone though, to see if it's indeed applied correctly!
EDIT2: I just remembered I initially used PingTools on Android to verify if the telemetry servers were indeed blocked and it worked very well for that purpose!
EDIT3: Make sure your phone in connected to the wifi network before doing so, and that no VPN is enabled on it. If it's successfully blocked, it should say that it couldn't ping the server.

--------------------- MERGED ---------------------------



Apart from FTP (which I use exclusively to push games and updates on my console), I still allow the following :
- Game update servers --> so I can update my legit / XCI games using the Big-N servers
- Homebrew with web access --> there's a few homebrew that have a "download updated list" option and there's the Homebrew Appstore that also works
- LAN multiplayer between my hacked console and legit console

So in my case, disabling the WiFi connection is not an option. Of course, to each their own!
Yup, those two are just the bad stuff (ie. sending your usage info to Big-N). I directly block those in the hosts file, so nobody on my network (including my non-hacked Switch) can access them, and that causes no issue whatsoever.

EDIT: I would still try pinging from your phone though, to see if it's indeed applied correctly!
EDIT2: I just remembered I initially used PingTools on Android to verify if the telemetry servers were indeed blocked and it worked very well for that purpose!
EDIT3: Make sure your phone in connected to the wifi network before doing so, and that no VPN is enabled on it. If it's successfully blocked, it should say that it couldn't ping the server.

--------------------- MERGED ---------------------------



Apart from FTP (which I use exclusively to push games and updates on my console), I still allow the following :
- Game update servers --> so I can update my legit / XCI games using the Big-N servers
- Homebrew with web access --> there's a few homebrew that have a "download updated list" option and there's the Homebrew Appstore that also works
- LAN multiplayer between my hacked console and legit console

So in my case, disabling the WiFi connection is not an option. Of course, to each their own!
My bad, there are 3 options in status: dissable, accept and reject (i put reject). Then i pinged in my pc to those urls to test, and it blocks like a charm. Thank you!
 
  • Like
Reactions: PsychOsmosis

PsychOsmosis

Well-Known Member
OP
Newcomer
Joined
Jan 18, 2016
Messages
99
Trophies
0
XP
592
Country
Canada
My bad, there are 3 options in status: dissable, accept and reject (i put reject). Then i pinged in my pc to those urls to test, and it blocks like a charm. Thank you!

That's more like it! I'm glad that it worked out well!

You can also use the list below to look at which servers you need to keep and which ones you can block (because even if we know that one server is required for one function, it doesn't mean it's not used for some kind of telemetry as well).
In particular, I personally don't trust the pearljam one. Nobody knows what it does and I don't think anybody saw an inconvenient to blocking it. It's worth noting it was added on update 5.0, which coincides with when Big-N upped their anti-piracy game!


Oh damn, and I just realized beach and sun are NOT the ones for telemetry! Must have looked at the wrong file before. Sorry about that!!
sun is for system updates (so blocking it blocks firmware updates such as 6.0 that released tonight, so it's alright to block it) and beach is for game cert and other weird stuff (good idea to block it too). So yeah, it was my "not telemetry but block anyway" file I read from!
If you notice there is useful stuff that no longer connects, you can try unblocking beach, but I don't think you're going to have any problem leaving it blocked.

Those are the right ones for telemetry :

receive-lp1.dg.srv.nintendo.net (diagnostics)
receive-lp1.er.srv.nintendo.net (error logs)


Are 90DNS blocking these? @AveSatanas

//Services
aauth-*.ndas.srv.nintendo.net; //App Authentication; Generates the App Key (Needed to Play Online)
dauth-*.ndas.srv.nintendo.net; //Device Authentication; Generates the Device Key (Needed to Play Online)
api-*.*.srv.nintendo.net; //Get App Data
app-*.*.npns.srv.nintendo.net; //Get App Data
broker.*.npns.srv.nintendo.net;
consumer.*.npns.srv.nintendo.net;
web-*.share.srv.nintendo.net; //Social Network Share
assets-*.share.srv.nintendo.net; //Social Network Share
receive-*.*.srv.nintendo.net; //Log Server

//Connection Test
//ctest.cdn.nintendo.net; //Need Unblocked to Let Connection to Internet
ctest-*-*.cdn.nintendo.net;
nasc.nintendowifi.net

//Game Checks CERT, Gold, etc...
beach.hac.*.eshop.nintendo.net; //Checks the Game CERT, RetrieveGold Feature, Link Device and VirtualAccount?

//Updates
sun.hac.*.d4c.nintendo.net; //Check for System Updates
//aqua.hac.*.d4c.nintendo.net; //Check for Updates and Check Required System Update; Needed to GameUpdates
//superfly.hac.*.d4c.nintendo.net; //Check for Updates and Get TitleInfo; Needed to GameUpdates
//atum.hac.*.d4c.nintendo.net; //CDN-Download for Games/Updates; Needed to GameUpdates

atumn.hac.*.d4c.nintendo.net; //CDN-Download for System Apps
tagaya.hac.*.eshop.nintendo.net; //VersionList for Games
pearljam.hac.*.eshop.nintendo.net; //Sugar and Civil?

//Account
accounts.nintendo.com; //Access to Account and eShop
api.accounts.nintendo.com; //Account Metadata (Needed to Play Online)
*.baas.nintendo.com; //Account Metadata, Blocked Friends, View and Add Friends (Needed to Play Online)

//eShop
bugyo.hac.*.eshop.nintendo.net; //Access to eShop
ecs-*.hac.shop.nintendo.net; //Access to eShop and GetTickets/AccountStatus
pushmo.hac.*.eshop.nintendo.net; //Download Games/App from eShop
ias-*.hac.shop.nintendo.net; //Reg-Challenge-Unreg-RegInfo-TicketSync-AccountTransfer-SyncReg

//News and Content
bcat-topics-*.cdn.nintendo.net; //News&Content Topics
bcat-list-*.cdn.nintendo.net; //News&Content List
service-status-*.cdn.nintendo.net;
g*-*.s.n.srv.nintendo.net;
 
Last edited by PsychOsmosis,
  • Like
Reactions: Mobutu16

mike087

Well-Known Member
Member
Joined
Jan 6, 2017
Messages
214
Trophies
0
Age
39
XP
1,238
Country
Ecuador
That's more like it! I'm glad that it worked out well!

You can also use the list below to look at which servers you need to keep and which ones you can block (because even if we know that one server is required for one function, it doesn't mean it's not used for some kind of telemetry as well).
In particular, I personally don't trust the pearljam one. Nobody knows what it does and I don't think anybody saw an inconvenient to blocking it. It's worth noting it was added on update 5.0, which coincides with when Big-N upped their anti-piracy game!


Oh damn, and I just realized beach and sun are NOT the ones for telemetry! Must have looked at the wrong file before. Sorry about that!!
sun is for system updates (so blocking it blocks firmware updates such as 6.0 that released tonight, so it's alright to block it) and beach is for game cert and other weird stuff (good idea to block it too). So yeah, it was my "not telemetry but block anyway" file I read from!
If you notice there is useful stuff that no longer connects, you can try unblocking beach, but I don't think you're going to have any problem leaving it blocked.

Those are the right ones for telemetry :

receive-lp1.dg.srv.nintendo.net (diagnostics)
receive-lp1.er.srv.nintendo.net (error logs)
Ok, thank you.

--------------------- MERGED ---------------------------

It doesnt work with 1 2 switch, i did the procedure but when i try to launch the game it gives me the black screen with an error then a message pops up saying corrupted savedata found or something like that, but i tried again deleting the savegame before installing the nsp, but the same error and message.
 

xXDungeon_CrawlerXx

Well-Known Member
Member
Joined
Jul 29, 2015
Messages
2,092
Trophies
1
Age
28
Location
Liverpool
XP
3,722
Country
Well, to be honest, I rebuild and reencrypt my NSPs for over two months now and still playing my legit Games online almost every day.
I am still not banned so I think this method is "pretty safe" along "disabled telemetry".

DnYqaosWwAIKC_N.jpg
 
  • Like
Reactions: PsychOsmosis

Chocola

GBAtemp Meowgular
Member
Joined
Sep 18, 2018
Messages
379
Trophies
0
Age
32
Location
Neko Paradise
XP
723
Country
Korea, South
Well, to be honest, I rebuild and reencrypt my NSPs for over two months now and still playing my legit Games online almost every day.
I am still not banned so I think this method is "pretty safe" along "disabled telemetry".

DnYqaosWwAIKC_N.jpg

How you modify the main menu? I want it, it's so kawaii and if isn't harder I can try one concept and share with all when are ready
 
Last edited by Chocola,

PsychOsmosis

Well-Known Member
OP
Newcomer
Joined
Jan 18, 2016
Messages
99
Trophies
0
XP
592
Country
Canada
Well, to be honest, I rebuild and reencrypt my NSPs for over two months now and still playing my legit Games online almost every day.
I am still not banned so I think this method is "pretty safe" along "disabled telemetry".

DnYqaosWwAIKC_N.jpg

Thank you very much for your input!! It's important that people using this method (or an equivalent one, such as you) give feedback about how they use their console and, most importantly, if they've been banned yet!
 

huma_dawii

Well-Known Member
Member
Joined
Apr 3, 2014
Messages
3,880
Trophies
2
Age
33
Location
Planet Earth
XP
4,271
Country
United States
Hello everyone!

It is widely thought that going online after installing a NSP with a fake ticket leads to an almost inevitable ban.

Some people have been bragging on the forum that they use a private method (using the SDK) to reencrypt the NSP file with "standard crypto" (like the XCI/cartridge games) instead of the "ticket rights" usually used for eShop titles.
Detailed below is a method to modify a NSP file by removing the fake title rights and deleting the fake ticket, therefore leading to a theoretically reduced risk of ban, as your console will no longer have a fake ticket in its ticket blob and your installed eShop titles will no longer have a rights-ID that doesn't match your console ID.
This method leads to the creation of a NSP file that is practically equivalent to one that as been reencrypted using "standard crypto" (which is a bit misleading in its own right as NSP files are not encrypted).


DO NOT USE THIS GUIDE IF YOU ABSOLUTELY DON'T WANT TO GET BANNED!
THERE IS NO GUARANTEE THIS WILL PREVENT YOU FROM BEING BANNED!
THIS METHOD LEADS TO A THEORETICAL REDUCTION OF THE BAN RISK!


This method should be used in conjunction with other ban risk reduction methods, such as disabling telemetry (EU) / blocking the telemetry servers in your router hosts file (EU citizens should do BOTH), using a whitelist-based custom DNS/firewall configuration, using creport (for people not on SXOS) and/or using Stealth Mode (for people on SXOS, because we don't have access to creport... :()


This guide is based on the awesome script "nut" by Blawar!
Without him, this method would not exist!!




Prerequisites :

- Download nut from github (https://github.com/blawar/nut/) by using the "Clone or download" green button and choosing "Download as ZIP". Extract the ZIP archive.

- LOOK AT THE REQUIREMENTS FOR NUT ON THE GITHUB PAGE. You need to have Python3 installed, then you use pip to install some modules :
pip3 install colorama pyopenssl requests tqdm unidecode image bs4

In my case, I had to update pip before I could install the other modules :
python -m pip install --upgrade pip

Configure your nut.conf (in the "conf" folder). In my case, I just disabled (set to false) the first four settings of the "download" section of "nut.default.conf".

- A copy of your Switch keys. If you don't have them, you need to find them on your own on the interwebs or extract them from your console. There are guides for that. The file must be named "keys.txt" and be located in the (incredibly funny default-named) "nut-master" folder you extracted from the ZIP.

- A game in the NSP file format. This can be a scene release or a game obtained from the CDN. You CAN use nut to download games from the CDN, but I personally don't know how and this is not a "CDN download tutorial".


Method :

- Copy your NSP file in the "nut-master" folder.

- (OPTIONAL) Use the following command to pull the info of your NSP file. This is not required as it's only used to compare your file before and after the two "main steps" of this method.
nut.py -i "YOUR_GAME [TITLEKEY][vX].nsp"
In my case, on Windows 10, I had to use the following command to access nut.py using python. So, if you have problems getting nut.py to run, try this for each and every command in this guide :
cd C:\PYTHON3_INSTALL_FOLDER
python "C:\WHERE_YOU_EXTRACTED\nut-master\nut.py" -i "YOUR_GAME [TITLEKEY][vX].nsp"

In the info dump provided by nut, you can see a ticket file (in which the rightsId is not related to your console-id), a few NCA files, a CERT file and a XML file.
If you install the NSP as is, this ticket gets imported in your console's ticket blob and when it sends its telemetry to Big-N, you get banned!!
The "main NCA file" (the one with the largest file size, AKA "the game") also has a rightsId which doesn't match your console, which could also lead to a ban if you launch the game and then connect to the internet.
You can see that the smaller NCA files have their rightsID set to 0, as they are "unprotected" because they are not important enough to protect.

- Run the following command to set the value of these rightsId to 0.
nut.py --remove-title-rights "YOUR_GAME [TITLEKEY][vX].nsp"

- (OPTIONAL) Then, if you run the "info" command again, you should see that the ticket is still there, but the instances where you had fake rightsId are set to 0 (as they are in the other NCA files, so it should theoretically be considered "unprotected" by the console).

- Now we need to remove this evil ticket to prevent it from being imported in our precious ticket blob. Let's start by unpacking the NSP.
nut.py -x "YOUR_GAME [TITLEKEY][vX].nsp"

A folder is then created with all the files of the NSP inside.

- DELETE (OR MOVE AWAY) THE NSP FROM YOUR nut-master FOLDER!!

- Navigate to that folder, and delete the ticket file "WHATEVER.TIK".

- Then, we repack the NSP without this ticket :
nut.py -c "YOUR_GAME [TITLEKEY][vX].nsp" "C:\WHERE_YOU_EXTRACTED\nut-master\YOUR_GAME [TITLEKEY][vX]\*.*"

For some reason, in my case, this command didn't work. It seems that, in some instances on Windows, Python3 shits the bed when using wildcards. But for Blawar, also on Windows 10, it works perfectly. Go figure.

If this happens to you, use the following command instead (it's incredibly long and tedious to input, but I didn't find another way to make it work) :
nut.py -c "YOUR_GAME [TITLEKEY][vX].nsp" "C:\WHERE_YOU_EXTRACTED\nut-master\YOUR_GAME [TITLEKEY][vX]\FILE1.cert" "C:\WHERE_YOU_EXTRACTED\nut-master\YOUR_GAME [TITLEKEY][vX]\FILE2.nca" "C:\WHERE_YOU_EXTRACTED\nut-master\YOUR_GAME [TITLEKEY][vX]\FILE3.nca" ............. "C:\WHERE_YOU_EXTRACTED\nut-master\YOUR_GAME [TITLEKEY][vX]\LAST_FILE.xml"

YOU MUST DO THIS WITH EVERY FILE (apart from the deleted ticket) IN THE FOLDER IN A SINGLE COMMAND!

- There you go, it's done. You can run the "info" command again and you should see that the ticket (along with the rightsID) is no more.
The final file size should be about 768 bytes smaller than the initial file size.



This has been tested with SXOS and it works flawlessly. The games install and run just fine.
You also need to follow the same procedure for the NSP updates you want to install.

Thanks again Blawar for your incredible tool and all the help you gave me!!

AWESOME! Now we need someone who can make a .bat file for this :D
 
  • Like
Reactions: PsychOsmosis

PsychOsmosis

Well-Known Member
OP
Newcomer
Joined
Jan 18, 2016
Messages
99
Trophies
0
XP
592
Country
Canada
AWESOME! Now we need someone who can make a .bat file for this :D

Huh, never thought about it, but I could easily do it...
I'll look into this in the next few days. Thanks for the advice!!

EDIT: You would have to edit it to change the location of your Python3 install folder and your nut-master folder though. But you change that once and that's it.
You would also have to change the NSP filename in the .bat file everytime you want to run it, but I could create a variable so you only need to input it at the beginning of the bat file and not have to change it for every single command.

Yeah, I'll do it soon!
 
Last edited by PsychOsmosis,
  • Like
Reactions: huma_dawii

PsychOsmosis

Well-Known Member
OP
Newcomer
Joined
Jan 18, 2016
Messages
99
Trophies
0
XP
592
Country
Canada
AWESOME! Now we need someone who can make a .bat file for this :D

And it's done!! Batch file available for everybody in the first post!!!

It was way harder than I thought because of the bug with the wildcards in python, so in the end I made an ugly pile of IF statements for 4 to 8 files in the folder.....
Oh well, at least it works!!
 

huma_dawii

Well-Known Member
Member
Joined
Apr 3, 2014
Messages
3,880
Trophies
2
Age
33
Location
Planet Earth
XP
4,271
Country
United States
And it's done!! Batch file available for everybody in the first post!!!

It was way harder than I thought because of the bug with the wildcards in python, so in the end I made an ugly pile of IF statements for 4 to 8 files in the folder.....
Oh well, at least it works!!

You are amazing!! i cant wait to test this out!! :D
 

PsychOsmosis

Well-Known Member
OP
Newcomer
Joined
Jan 18, 2016
Messages
99
Trophies
0
XP
592
Country
Canada
Replace SET "filenam=TITLE [TITLEKEY][vX]" with SET "filenam=%~n1"

Then you won't have to worry about changing name every time.

I can do that! I'm no expert in batch so I'm trying to figure out how it's gonna know which file is the right one.
Is it by drag & dropping the NSP onto the batch file?? If so, that's way better than what I came up with before!

Well, 2 minutes later, I just tried it, and holy fuck it works!!! Hahaha, that is truly amazing!!
Thank you very much for that!!
 

huma_dawii

Well-Known Member
Member
Joined
Apr 3, 2014
Messages
3,880
Trophies
2
Age
33
Location
Planet Earth
XP
4,271
Country
United States
I can do that! I'm no expert in batch so I'm trying to figure out how it's gonna know which file is the right one.
Is it by drag & dropping the NSP onto the batch file?? If so, that's way better than what I came up with before!

Well, 2 minutes later, I just tried it, and holy fuck it works!!! Hahaha, that is truly amazing!!
Thank you very much for that!!

Did you add it to the .bat? :O this is such a great finding!
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    Veho @ Veho: https://i.imgur.com/bG1pQld.mp4 +1