How to remove fake tickets from NSP file ("Standard crypto" equivalent) [Ban Risk Mitigation]

Discussion in 'Switch - Tutorials' started by PsychOsmosis, Sep 17, 2018.

  1. PsychOsmosis
    OP

    PsychOsmosis Advanced Member

    Newcomer
    2
    Jan 18, 2016
    Canada
    Nobody knows for sure as of now I think, but there's one easy way to find out. I'll quote what I said earlier in this thread to somebody else (who sadly didn't perform the steps to learn this invaluable information).
    If the key gets removed from the ticket blob, then we know uninstalling the game is enough to clean up your blob!!
    If you could perform these steps, I would be very grateful (and you will have an answer to your question)!


    I don't know. Both methods are quite clever and they both have their merits actually. CDNSP's forged tickets was the first one that was found out, so it's probably why it's the most widely used.
    And from your console's point of view, both methods are equally functional. It's on the Big-N servers' side that it differs.

    But recently, with the dev of the XCI to NSP converter having implemented this thread's method into his script, I find that there is an increasingly larger proportion of the scene releases that are masterkey encrypted!


    You can use the "Troubleshooting script" in the OP on your untreated NSP.
    It basically displays all the information available on the files included in the NSP.

    For it to be "correctly reencrypted", it requires that there is:
    1) No .cert file.
    2) No .tik file.
    3) The rightsID of ALL the NCA files have been zeroed out (as only one of the NCAs actually has a rightsID in the first place).



    Damn.. It pains me that I can't think of a way to help you... :(
    I know it's really a shit advice, but it's really the only one I can think of:
    Have you thought about using another CFW? ReiNX would most probably work with this method (although nobody ever came back to confirm it to me, even though I @'d the two people that were having issues with previous versions of ReiNX twice, so they'd get an alert saying I was talking about them, for confirmation...).

    I know if someone said that to me, there is no way I would go away from SXOS as I'm used to it, it has all the functionalities I need (apart from creport.....), it's working without issue in my case and it's quite easy and agreeable to use.
    The only other CFW I want to try out is legit Atmosphere when it will be officially released, as I want to know what the real written-from-scratch CFW is all about, even if it most probably won't become my daily driver.
    All of this to say that I know my advice is shit. Sorry...
     
    Last edited by PsychOsmosis, Oct 10, 2018
  2. blawar

    blawar GBAtemp Regular

    Member
    6
    Nov 21, 2016
    United States
    Homebrew DZ will let you delete common tickets, and it will also dump your title keys (common and private) in homebrew.
     
    Khim09 and PsychOsmosis like this.
  3. huma_dawii

    huma_dawii GBAtemp Addict

    Member
    8
    Apr 3, 2014
    United States
    Planet Earth
    Do you mind to explain a little on how to merge update and base game to repack to NSP?
     
  4. annson24

    annson24 The Patient One

    Member
    6
    May 5, 2016
    Philippines
    Just held a conversation with the creator of nut_batch_cleaner, he said it's definitely something to do with the modified atmosphere's lack of hashes sigpatch. He said that hacpack and 4nxci redos the hashes that's why they still work. So while my dump doesn't work on modified atmosphere (currently) it will work with ReiNX, RajNX, and SX OS.

    Oh, he also mentioned he'll include the ability to redo the hashes in the next release of his script for it to work with the current build of modified atmosphere.
     
    PsychOsmosis likes this.
  5. PsychOsmosis
    OP

    PsychOsmosis Advanced Member

    Newcomer
    2
    Jan 18, 2016
    Canada
    Oh well, that's what I thought! It's nice that you got a clear answer! I wonder what he will do to make the hash signature valid for it to work on a CFW that doesn't have sigpatch support... :mellow:

    Blawar! You finally had a look at my thread!! :lol:
    It grew so much since you helped me figure this stuff out last month! It's very much appreciated that you took the time to look at it!

    Thank you very much for the information by the way!!
     
    Last edited by PsychOsmosis, Oct 10, 2018
    annson24 likes this.
  6. PsychOsmosis
    This message by PsychOsmosis has been removed from public view by Joe88, Oct 10, 2018, Reason: Double post.
    Oct 10, 2018
  7. blawar

    blawar GBAtemp Regular

    Member
    6
    Nov 21, 2016
    United States
    hey, I read it when y ou first posted it, but it's grown a lot :)

    The person who replied to you is correct, nut is not changing the hash (renaming the file) and updating the CNMT like 4nxci and others do, and there is a very important reason for it. The files are identified by its hash. If you gave me the filename of the NCA, I could tell you exactly which title / version that NCA came from. Modifying NCA's is already dirty business, I believe in modifying the least amount possible. If nut renamed the NCA's like 4nxci and others do, it would become the wild wild west of NCA's. By at least not renaming the files, it is possible to easily undo any modifications and restore the NCA to its original form if needed.

    I believe I read somewhere that @SciresM does not want to encourage people modifying the NCA's at all, that is possibly why he has not removed that check.
     
    Khim09 and annson24 like this.
  8. PsychOsmosis
    OP

    PsychOsmosis Advanced Member

    Newcomer
    2
    Jan 18, 2016
    Canada
    Yeah, that's what I read about SciresM as well!

    I know nut is not renaming the NCAs, but I didn't know other scripts/programs did..!! I have no need for any of them, so I didn't take the time to research how they worked.
    Renaming the files also seems to me like a very bad idea due to the fact that I'm primarily stealth (anti-ban) oriented. That's the whole reason I reached out to you about this method in the first place!
    Having mismatched NCA names looks like a big red flag to me if your console reaches out to Big-N's servers for whatever reason!!

    So you see @annson24 , it's a good idea to stick to this script! Take it from the man who developed the program behind this script!

    Thanks a lot @blawar !! As always, you come to the rescue with invaluable information! :lol:
     
    Last edited by PsychOsmosis, Oct 11, 2018
    annson24 likes this.
  9. annson24

    annson24 The Patient One

    Member
    6
    May 5, 2016
    Philippines
    Then maybe it's time to switch to ReiNX. Kek.

    Sent from my SM-G950F using Tapatalk
     
    PsychOsmosis likes this.
  10. PsychOsmosis
    OP

    PsychOsmosis Advanced Member

    Newcomer
    2
    Jan 18, 2016
    Canada
    New update to the batch file in OP!

    Changelog:
    - Added support for NSPs with only 2 files (after removing the ticket and cert), such as the unofficial "unlock everything DLC" for a very anticipated game releasing around these times..!!
     
  11. s3phir0th115

    s3phir0th115 GBAtemp Advanced Fan

    Member
    3
    Dec 31, 2008
    United States
    So say I used this tool to obtain my nsp files: https://gbatemp.net/threads/nintendo-switch-sd-to-nsp-dumper.514816/

    To my understanding, that tool generates nsp files that have real tickets with the standard information about the console, Nintendo ID, etc.

    I'm guessing that since that information is stored in the ticket, that this same method would work to "anonymize" the NSP files so that they can't be traced back to the given Switch/Nintendo Account, etc, since the ticket is being deleted either way, fake or not?

    Edit:

    Nevermind, looks like my assumption was wrong. It does not generate them with real tickets by default:
    https://gbatemp.net/threads/nintendo-switch-sd-to-nsp-dumper.514816/page-4#post-8220750
     
    Last edited by s3phir0th115, Oct 17, 2018
  12. ctrlp

    ctrlp Member

    Newcomer
    3
    Apr 20, 2014
    United States
    Hi I was able to get this to work with batch o nuts but I am not sure how to use your updated code. I tried to make a .bat file with it and when I ran it the entire contents of the folder with my back ups got wiped and now I can't recover them, but that's okay. I care more about learning how to use this tool more than anything else.
     
  13. PsychOsmosis
    OP

    PsychOsmosis Advanced Member

    Newcomer
    2
    Jan 18, 2016
    Canada
    You need to drag&drop your NSP onto the batch file! If you double-click it, it would indeed not work...
    It will backup the NSP to the "backup" folder and process it. Are you sure your original NSPs are not in the "backup" folder?
     
  14. ctrlp

    ctrlp Member

    Newcomer
    3
    Apr 20, 2014
    United States
    Thanks! that did the trick. Now does the clean NSP end up in the root folder or is it the one in the backup folder? I'm used to seeing NSPOUT etc.
     
  15. PsychOsmosis
    OP

    PsychOsmosis Advanced Member

    Newcomer
    2
    Jan 18, 2016
    Canada
    The backup is your original NSP. The modified NSP replaces your original in the root folder.


    By the way, the script is confirmed to work with firmwares up to 6.0.1!! :toot:
     
    Last edited by PsychOsmosis, Oct 18, 2018
    ctrlp likes this.
  16. PsychOsmosis
    OP

    PsychOsmosis Advanced Member

    Newcomer
    2
    Jan 18, 2016
    Canada
    Quick update:

    Actually, the script no longer works when applied to DLCs as of 6.0.1 (and probably 6.0.0)! It still works on base games though!!
    This is due to the anti-piracy measures implemented by Big-N in this firmware version.

    Since DLCs always come from the eShop, and therefore always come with a ticket, there is some kind of online check made when you try to run a game after installing a ticketless DLC for it.

    Furthermore, it seems that the check is made using one of the few servers I actually whitelist (game update server maybe?), so there might be a ban coming for me in the next few weeks...
    I will also add this information to the OP.


    I still have to try applying the script on an update to see if it works in this case. I will update you guys when I've done so.
     
    Last edited by PsychOsmosis, Oct 22, 2018
    Whole lotta love and annson24 like this.
  17. Whole lotta love

    Whole lotta love GBAtemp Regular

    Member
    5
    Jan 7, 2006
    United States
    thanks for the update!

    my switch is still unbanned (have been using xci's with headers on sx pro) and was planning on trying some nsp's with your tool. do you still think that's a good idea?
     
  18. PsychOsmosis
    OP

    PsychOsmosis Advanced Member

    Newcomer
    2
    Jan 18, 2016
    Canada
    Sorry for the late reply.

    It really depends on a few factors:
    - Your firmware version (6.0.0+ doesn't support ticketless DRM, and I don't know yet about updates but it's alright not to process them anyway as the tickets for game updates are legit).
    - Do you plan on playing the ticketless games online? If so, either way, playing pirated games online is a very likely way to get quickly banned.

    I also don't know anything about the 6.1.0 update that was released yesterday (I won't update until the first game encrypted with the new 6.1.0 masterkey prevents me from playing it on an older firmware).

    But yeah, this method still works for base games at least (on 6.0.1), and I still think it's a safer way than playing with forged (CDNSP generated) tickets!
     
  19. PsychOsmosis
    OP

    PsychOsmosis Advanced Member

    Newcomer
    2
    Jan 18, 2016
    Canada
    I can confirm you can still apply this script on NSP Game Updates as of 6.0.1.
    Although, whether you should apply the script on updates or not is still uncertain (cf. OP for the reason).
     
  20. SuinkaiVS

    SuinkaiVS GBAtemp Regular

    Member
    3
    Apr 3, 2017
    Inside Hombrew
    Does this still work on 6.1.0?
     
  21. PsychOsmosis
    OP

    PsychOsmosis Advanced Member

    Newcomer
    2
    Jan 18, 2016
    Canada
    Didn't try it yet since I'm waiting as long as possible before updating (until a game I want to play forces me to basically, like The Missing did with 5.1.0 --> 6.0.1. I'll update the OP accordingly when I've done so.

    Or you could try it out if you've already updated I guess. It's alright if you don't want to be the first to do so.
     
Loading...