Invalid signature?

[Ondrashek06]

If I installed a XCI file and 3 of the 7 signatures are marked as invalid, should I be worried about tampering?
I've read that certain copies of EoW were bricking consoles and I really don't want to risk that.

 

[the_otsutsuki]

If I installed a XCI file and 3 of the 7 signatures are marked as invalid, should I be worried about tampering?
I've read that certain copies of EoW were bricking consoles and I really don't want to risk that.

as far as i’ve been aware none of the leaked versions of this game have caused any bricks on console. do you have any resources to back that up ?

 

[Ondrashek06]

as far as i’ve been aware none of the leaked versions of this game have caused any bricks on console. do you have any resources to back that up ?

A certain thread here on GBATemp, yeah, not a trustworthy source but better to be safe than sorry when it comes to tampered ROMs

 

[BigOnYa]

If you install with invalid signature, it auto joins you to discord. Lol just kidding, its fine, won't brick.

 

[the_otsutsuki]

A certain thread here on GBATemp, yeah, not a trustworthy source but better to be safe than sorry when it comes to tampered games

i’ve been covering a good majority of the EoW leak and threads. i have not seen a single thread stating this game bricking their console. the worst thing we’ve gotten was the game crashing on close and that was about it.

myself along with a few other members can confirm that we play some of our games with invalid hashes and invalid signatures on the game with no issues

 

[Dust2dust]

An valid version with good signatures will probably be released soon after the game officially comes out, if you don't feel confident, and are willing to wait a few more days before playing it.

 

[Blythe93]

I haven't played much of the Echoes of Wisdom, but so far so good, nothing's broken. I've never had issues with these leaked games as long as they come from a trusted source. I have two of them which are pretty decent and they usually have everything that I'm looking for. I use NxFileViewer to confirm whether the file was tempered with or not. Not sure if that's the best tool, but that's what I've seen other people using. If you're still unsure whether to use such files or not, proper version will be released in a couple of days.

 

[hippy dave]

There was a thread asking if anyone had been bricked. The answer is evidently no, there hasn't been a single claim of bricking in that thread or anywhere else I've seen.

 

[impeeza]

If I installed a XCI file and 3 of the 7 signatures are marked as invalid, should I be worried about tampering?
I've read that certain copies of EoW were bricking consoles and I really don't want to risk that.

no if you use DBI to install it.

Post automatically merged: Sep 23, 2024

There was a thread asking if anyone had been bricked. The answer is evidently no, there hasn't been a single claim of bricking in that thread or anywhere else I've seen.

Nothing broken so far:

 

[Nynrah]

This is something I've been wondering about more and more as of late. I always assumed that as long as the hash is valid, the signature's validity doesn't matter much. But I'm not so sure about that anymore. I avoid base games and patches with invalid signatures and hashes as much as I can, but for DLC I accepted invalid signatures as long as the hash is valid in a manner of defeat, since dumped DLC with legit signatures isn't available for every game out there.

But here's what I'm hoping someone can tell me to clear up my worries once and for all. Is there any reason to be concerned about DLC NSP files (so we're not talking about XCI-to-NSP conversions here!) with invalid signatures?

The idea that someone can just fake the validity of the hash by generating their own hashes and put those in an invalid signature worries me because it implies that hash validity is meaningless without a valid signature.

 

[Dust2dust]

This is something I've been wondering about more and more as of late. I always assumed that as long as the hash is valid, the signature's validity doesn't matter much. But I'm not so sure about that anymore. I avoid base games and patches with invalid signatures and hashes as much as I can, but for DLC I accepted invalid signatures as long as the hash is valid in a manner of defeat, since dumped DLC with legit signatures isn't available for every game out there.

But here's what I'm hoping someone can tell me to clear up my worries once and for all. Is there any reason to be concerned about DLC NSP files (so we're not talking about XCI-to-NSP conversions here!) with invalid signatures?

The idea that someone can just fake the validity of the hash by generating their own hashes and put those in an invalid signature worries me because it implies that hash validity is meaningless without a valid signature.

Don't quote me on this, but concerning invalid signatures on some DLC files, I believe this comes from Scene groups wanting to stamp their releases with their marks. The content is exactly the same, but it's kind of "watermarked" by the Scene group, hence no valid signature. More or less like the intro Scene groups were adding to rom releases back in the days. The game was the same, but the rom was modified by the Scene group. Just my theory, it could be wrong.

 

[Nynrah]

Don't quote me on this, but concerning invalid signatures on some DLC files, I believe this comes from Scene groups wanting to stamp their releases with their marks. The content is exactly the same, but it's kind of "watermarked" by the Scene group, hence no valid signature. More or less like the intro Scene groups were adding to rom releases back in the days. The game was the same, but the rom was modified by the Scene group. Just my theory, it could be wrong.

You're right that there is a significant amount of NSPs where this is the case. I noticed this recently after someone else mentioned this and I started looking at NxFileViewer's content viewer where you often see names like "VENOM" or "SUXXORS".

Then there are the XCI-to-NSP conversions that obviously don't pass the signature checks, although that only applies to former XCI files (I don't really get the practical point of this conversion, though); doesn't apply to DLC and that's where I encountered the most instances of invalid signatures.

The more annoying cases in my opinion are files that don't this XCI-to-NSP category nor contain an obvious scene group watermark. At that point I start wondering what happened. I used to think it was a case of files being obtained through false tickets, but I honestly don't know for sure. I do know that the more I think about these things, the more paranoid I get, especially if the validity of the signatures has bearing on the effective validity of the hash.

In the end, it all boils down to trust. Regardless of how harmless the reasons may be, messing with the signatures puts a dent in that trust.

 

[RealYoti]

The content is exactly the same, but it's kind of "watermarked" by the Scene group

Just a fake (prebuilt into game) DLCs that has a placeholder file (with watermark, yes).

 

[Nynrah]

Just a fake (prebuilt into game) DLCs that has a placeholder file (with watermark, yes).

What do you mean when you say fake? Like an unlocker file or a garbage file?

 

[Dust2dust]

What do you mean when you say fake? Like an unlocker file or a garbage file?

A vast majority of DLCs are just flags telling the game you "bought" the DLC. The actual content was previously installed in a game update, and just waiting to be unlocked. Mario Kart 8 DX DLC is an example.

 

[Nynrah]

A vast majority of DLCs are just flags telling the game you "bought" the DLC. The actual content was previously installed in a game update, and just waiting to be unlocked. Mario Kart 8 DX DLC is an example.

Ah, right. I always call that unlocker files.