[PSA]Verify ALL .nsp and .xci files regardless of where they come from, even homebrew

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by sj33, Nov 14, 2018.

  1. sj33
    OP

    sj33 GBAtemp Psycho!

    Member
    13
    Oct 22, 2013
    Japan
    It seems that this needs to be emphasised now more than ever. The current .nsp installers do NOT verify if what you are installing contains malicious code. Hopefully they will eventually, but at this point people have to take it into their own hands.

    Some people see it at a simple matter of common sense, but it is not that simple. It doesn't matter if it is a pirated game or homebrew, a reliable source or a shady site - installing an .nsp file without verifying it is folly, regardless of who made it. Brickers are designed to look legitimate to the untrained eye, otherwise they would not be effective.

    People MUST do the following.

    1. Verify any .nsp file they install using Hactool https://gbatemp.net/threads/release-hactoolgui-a-very-simple-gui-for-hactool.499526/

    2
    . Make a backup of your CURRENT firmware using hekate. You only need to back up the boot0/1 and SYS partitions and you should be able to compress this to around 1GB or so. Store it on your computer and a cloud service such as Google Drive just in case.
     
  2. Tripa

    Tripa Member

    Newcomer
    2
    Nov 3, 2018
    Brazil
    How can Hactool verify malicious code?
    Idk if that's possible...
    Backups however are an absolute must.
    And people must be triple aware when Smash launches bc the internet will be flooded with malwares.
    Anyways, LGP malware could be easily fixed with a backup.
    But without, it's a hard brick.
     
  3. sj33
    OP

    sj33 GBAtemp Psycho!

    Member
    13
    Oct 22, 2013
    Japan
    It’s not that hactool will detect malicious code, it will simply show more details about the file to give a better idea of its origin. It’s not a foolproof way, make s bsckup too.
     
  4. proffk

    proffk GBAtemp Fan

    Member
    4
    Aug 14, 2013
    United States
    This would be a good idea. But for now its best grabbing a scene release. Check MD5 matches to source file & who the uploader is.
     
    Xenon Hacks likes this.
  5. Frexxos

    Frexxos GBAtemp Fan

    Member
    6
    Apr 27, 2015
    Germany
    That wat some jerks did... they named the game like a official scene release, the game was also the right size (not md5 checked) only in windows shown. Of course everyone thought "hey a nice leak" and boom - bricked!

    Never go for first release/leak/link to something. Wait if someone can confirm. Check who is the uploader? How many uploads does he have? someone with only 1-2 posts is probably a faker.
     
    proffk likes this.
  6. Arras

    Arras GBAtemp Guru

    Member
    13
    Sep 14, 2010
    Netherlands
    For homebrew, is checking even effective? Someone could just take an open source homebrew, add brick code to it, recompile and it would be indistinguishable from a real one.
     
  7. NoSmokingBandit

    NoSmokingBandit GBAtemp Fan

    Member
    5
    Jan 17, 2009
    United States
    Yeah, but if you are downloading homebrew compiled by someone other than the creator you are kind of asking for it.
     
  8. Ashura66

    Ashura66 GBAtemp Advanced Maniac

    Member
    7
    Feb 1, 2016
    Portugal
    Under my bed
    As a warning, the current "leak" of Super smash Bros Ultimate is brickware
     
  9. fixingmytoys

    fixingmytoys GBAtemp Advanced Fan

    Member
    5
    Jan 4, 2018
    Australia
    I wish the “backup” was dumped on the USB hard drive that would make it so much easer then have to clear and setup a big enough SD CARD
     
  10. IHOP

    IHOP GBAtemp Regular

    Member
    4
    Jul 11, 2018
    United States
    Obviously any game "leaked" a month before release is going to be brickware. Use common sense, if you think you're the first one to find a leaked copy of a game on some fourm, chances are if it was real everyone would be talking about it/ be playing it.
     
  11. noahc3

    noahc3 GBAtemp Regular

    Member
    5
    Oct 17, 2015
    Canada
    It checks if the NCA's are signed correctly. If they are signed correctly, then they are official from Nintendo. Otherwise, they have been modified.

    Even XCI's converted to NSP's and visa-versa should verify correctly with hactool afaik, but will fail if any of the NCA's are modified and resigned with an unofficial key.
     
  12. Ashura66

    Ashura66 GBAtemp Advanced Maniac

    Member
    7
    Feb 1, 2016
    Portugal
    Under my bed
    That's not always the case, early leaks DO happen, at least for PC games. Not with so much time in advance granted but they still happen. And the only reason i mentioned it is because i know some people lack common sense so might as well warn them. Also this particular brickware, i have NO idea why it was made, other than just for kicks. The Pikachu one had a specific purpose
     
  13. sj33
    OP

    sj33 GBAtemp Psycho!

    Member
    13
    Oct 22, 2013
    Japan
    I don't just mean you specifically, but the idea that anybody is 'asking for it' is toxic and contributes to the problem.
     
    noahc3 likes this.
  14. NoSmokingBandit

    NoSmokingBandit GBAtemp Fan

    Member
    5
    Jan 17, 2009
    United States
    Bro its like finding a sandwhich on the bathroom floor, eating it, then thinking you did nothing wrong when you die of dehydration via cholera. I'm not trying to victim-blame here, but at a certain point you have to be responsible for the risks you take, and if one of those risks is downloading 'modified' homebrew by some script kiddie named "xXxDarkLordSatanxXx" off discord you probably need to learn a lesson the hard way.
     
  15. GTRagnarok

    GTRagnarok Member

    Newcomer
    4
    Apr 21, 2009
    United States
    I followed a guide when I got started a few months ago and dumped these files. It comes to 2.62 GB in total and the two boot files are 4MB each. Is this a sufficient backup or do I need the whole rawnand.bin?
    [​IMG]
     
    Last edited by GTRagnarok, Nov 18, 2018
  16. Erol

    Erol GBAtemp Fan

    Member
    6
    May 13, 2009
    Gambia, The
    Or always use xci.
     
  17. Ashura66

    Ashura66 GBAtemp Advanced Maniac

    Member
    7
    Feb 1, 2016
    Portugal
    Under my bed
    .XCI can also be infected with malicious code. It's not going to save you
     
  18. jeverden

    jeverden Newbie

    Newcomer
    1
    Nov 19, 2018
    United States
    Do you use the -y option? I'm getting Invalid NCA Header! Are keys correct? Grabbing some from torrents and want to make sure they are clean. Is their a risk if I install NSP files to an SD card only?
     
  19. jeverden

    jeverden Newbie

    Newcomer
    1
    Nov 19, 2018
    United States
    Is there a list of checksums for NSP files that can be compared? I can't get hactool to work for the life of me. I know I've dumped keys correctly but I presume from this error it's related to keys dumped. As far as I can tell CDN downloader doesn't work anymore or I would risk a ban using my own keys? I could probably live with a ban if it wasn't 100% guaranteed if I just grabbed a few files.
     
  20. Ian095

    Ian095 GBAtemp Fan

    Member
    4
    Jun 25, 2018
    United Kingdom
    I'd just recommend to anyone attempting to install Smash Bros in two weeks... Backup first. I don't know how I've always managed to avoid brick code guess I can count myself lucky but as said somewhere above there's going to be absolutely tons of fake Smash Bros NSPs no doubt.
     
Loading...