Gaming Smash Ultimate C2C-version is bad. 25E version is not a "frankenbuild".

[Deleted User]

https://gbatemp.net/threads/pro-tip-smash-md5.524271/#post-8397028

Why are you doubling down and still spreading this BS you have no claims about what you're saying in your thread and multiple people have proven you wrong yet you still have yet to edit the thread or reply to anyone since you're busy saying things are fake just to say they are

 

[Redbaronjm]

MD5 25E8328F47D3A1EBFE5A4197814D9B62

Works great

 

[Chelsea_Fantasy]

@Rawrkanos please censor the d*****bra site name on the first picture

 

[Rawrkanos]

It relates to how the two copies were assembled and the sourcing of the NCAs. Don't worry about it. Neither copy is malicious, one just has remnants of efforts to get the earlier (messed up) program.nca to work fully, to let you go into battles.

That does not explain 16kb of APPENDED data to 3 different NCA files, but not every NCA file. The main NCAs are the exact same size, and one 100mb NCA file is the exact same in both. If it was just "differences in assembling/sourcing", that wouldn't be the case.

Base case: C2C is the "frankenbuild".
Worse case: C2C is the brickbuild.

 

[Kupie]

2c2c one works great for me.

 

[Deleted User]

That does not explain 16kb of APPENDED data to 3 different NCA files, but not every NCA file. The main NCAs are the exact same size, and one 100mb NCA file is the exact same in both. If it was just "differences in assembling/sourcing", that wouldn't be the case.

Base case: C2C is the "frankenbuild".
Worse case: C2C is the brickbuild.

It's not a malicious build. I've put almost 5 hours into the game already (using that build), and I have yet to come across anything wrong. Game boots fine, I've rebooted my switch, and still fine. Played world of light (were most of my play time) and yet to come across a crash or anything that could be wrong. If it was malicious, it would brick on boot up of the game.

 

[Clydefrosch]

It's not a malicious build. I've put almost 5 hours into the game already (using that build), and I have yet to come across anything wrong. Game boots fine, I've rebooted my switch, and still fine. Played world of light (were most of my play time) and yet to come across a crash or anything that could be wrong. If it was malicious, it would brick on boot up of the game.

imagine if you will, a hacker with a virus.
he wants the virus to cause maximum damage.
so instead of releasing it, infecting 3 computers that instantly shut down, having people check what is wrong and throw out a security patch or update to anti malware programs, he releases it with a delayed effect. so it can spread for weeks over many systems. and only then will he send a kill signal or have it go off.

in the (frankly unlikely, but you never know) case that a time bomb brick code exists, the game working flawlessly for a certain ammount of time is exactly what you'd want after people are aware of bricking like on lets go pikachu, after all, that bricking version is quickly noticed and quickly dispatched off

 

[Rawrkanos]

It's not a malicious build. I've put almost 5 hours into the game already (using that build), and I have yet to come across anything wrong. Game boots fine, I've rebooted my switch, and still fine. Played world of light (were most of my play time) and yet to come across a crash or anything that could be wrong. If it was malicious, it would brick on boot up of the game.

XCI Explorer shits the bed when trying to view the C2C version. That alone is all the red-flag you actually need to say it could be malicious.

 

[SomeGamer]

Not taking sides just curious why the version you claim valid seems to crash more.

 

[Deleted User]

XCI Explorer shits the bed when trying to view the C2C version. That alone is all the red-flag you actually need to say it could be malicious.

Wow... just... wow. Ok looked up xci explorer. and it sounds like it only has support to masterkey 4. (ultimate is master key 5) So of course xci explorer is going to shit itself if it doesn't have master key 5 support. But also. IT'S NOT A XCI. The franken build, as far as I know is only in nsp format. XCI and NSPs are not the same.

 

[Rawrkanos]

Wow... just... wow. Ok looked up xci explorer. and it sounds like it only has support to masterkey 4. (ultimate is master key 5) So of course xci explorer is going to shit itself if it doesn't have master key 5 support. But also. IT'S NOT A XCI. The franken build, as far as I know is only in nsp format. XCI and NSPs are not the same.

1) XCI Explorer also has NSP support, so you didn't look up shit.
2) And yet it works on the 25E copy.
3) Did you even read the notes on the latest version?

XCI => NSP via 4nxci still leaves the files viewable with XCI explorer, as is the case with the early pre-screen leaks of Pokemon Let's Go Eevee and Pikachu.

Not taking sides just curious why the version you claim valid seems to crash more.

I couldn't say. I haven't had a crash on 25E, and I've seen a number of reports that C2C doesn't work at all for some people.

But just to dig deeper: The first early-leak of Let's Go Eevee has a CNMT-nca file that's also 4KB, rather than 20KB. The Pikachu version, converted to NSP from XCI via 4nxci, from the Warez-scene has .cert and .tik files as well as, again, a cnmt-nca file of 4KB.

So, again: C2C appears more likely to be cancer.

 

[-Pao]

Not taking sides just curious why the version you claim valid seems to crash more.

it seems those crashes are mostly related to exFat corruption or similiar stuff. I have 25E and never got a single crash.

 

[blahblah]

That does not explain 16kb of APPENDED data to 3 different NCA files, but not every NCA file. The main NCAs are the exact same size, and one 100mb NCA file is the exact same in both. If it was just "differences in assembling/sourcing", that wouldn't be the case.

Base case: C2C is the "frankenbuild".
Worse case: C2C is the brickbuild.

It actually does. People were screwing around trying to get the bad dump (a collection of NCAs, shared to a few people anonymously, as opposed to a normal XCI with the NCAs inside as well as other cart specific data) to boot. When the correct program.nca was dumped, they just packaged up what they had with this new program.nca dump, booted it, saw it worked and shared the NSP. No one wanted to delay sharing it to diagnose which, if any, of the 1000 modifications that were made were actually needed to get this copy to boot.

There is no brick build, dummy. Look at the EXEFS. OG is no where near smart enough to do anything like a delayed brick, and the contents of the exefs tells the tale regardless - untampered. Both versions have the same executable. No where in the actual file contents of the game is a malicious executable. The manual contents contain a manual, the tiny NCAs contain non-executable contents, etc.

 

[Rawrkanos]

It actually does. People were screwing around trying to get the bad dump (a collection of NCAs, shared to a few people anonymously, as opposed to a normal XCI with the NCAs inside as well as other cart specific data) to boot. When the correct program.nca was dumped, they just packaged up what they had with this new program.nca dump, booted it, saw it worked and shared the NSP. No one wanted to delay sharing it to diagnose which, if any, of the 1000 modifications that were made were actually needed to get this copy to boot.

There is no brick build, dummy. Look at the EXEFS. OG is no where near smart enough to do anything like that, and the contents of the exefs tells the tale - untampered. No where in the actual file contents of the game is a malicious executable.

So you support what I'm saying that C2C is the frankenbuild, then?

But, seriously, "the extracted files are fine so the NCAs aren't tampered with" is shit logic.

 

[TunaKetchup]

So you support what I'm saying that C2C is the frankenbuild, then?

But, seriously, "the extracted files are fine so the NCAs aren't tampered with" is shit logic.

Why are you getting so fucking defensive?

I think it would be best if you just jog off

 

[blahblah]

So you support what I'm saying that C2C is the frankenbuild, then?

But, seriously, "the extracted files are file so the NCAs aren't tampered with" is shit logic.

I wouldn't call it a frankenbuild. It contains an untampered copy of the actual game itself. Non-game NCAs have been modified in an effort to get a bad dump of the game to load. It was shared very quickly after people got their hands on the correct program.nca. No one wanted to wait to release, and throwing the original NCAs back in the folder, building again, testing again would have delayed things by at least an hour.

That's actually perfect logic. The container only matters in so far that it contains things. If the things it contains are untampered with, all is well. Malware has to actually be invoked somehow by the running (game) executable. This means either modifying said executable itself or modifying an actual game content - some form of executable content invoked by the game. Appending random stuff outside the exefs/romfs does not suffice.

It is valid to say the other copy is 'better', as it does not contain modified NCAs. But that only matters in that old, crappy CFWs - like old versions of Hekate with sig patches added - do not have the patches needed to run modified NCAs. And no one should be using those garbo CFWs anyway.

 

[Rawrkanos]

Why are you getting so fucking defensive?
I think it would be best if you just jog off

Bad logic is bad.

I wouldn't call it a frankenbuild. It contains an untampered copy of the actual game itself. Non-game NCAs have been modified in an effort to get a bad dump of the game to load. It was shared very quickly after people got their hands on the correct program.nca. No one wanted to wait to release, and throwing the original NCAs back in the folder, building again, testing again would have delayed things by at least an hour.

That's actually perfect logic. The container only matters in so far as that it contains things. If the things it contains are untampered with, all is well. Malware has to actually go somewhere.

I'm no switch-scientist here but based on the SwitchBrew article about the NCA format, it might be possible to inject bad data via a modified NCA file. Which is why I'm calling C2C suspect.

And either way, even you admit that 25E looks more legit given it doesn't have a fuckton of extra useless data.

 

[blahblah]

Bad logic is bad.
I'm no switch-scientist here but based on the SwitchBrew article about the NCA format, it might be possible to inject bad data via a modified NCA file. Which is why I'm calling C2C suspect.

And either way, even you admit that 25E looks more legit given it doesn't have a fuckton of extra useless data.

You can inject as many brickers as you want into (non-file system portions of a) NCA. They will just sit there, dormant, as they are not being invoked by a modified exefs or are in the romfs, replacing executable contents the main executable already invokes.

Modified exefs = not great. Though that does not automatically mean malware. Reverse the executable before saying one way or another.

Modified romfs = not great. Check the changes, make sure they aren't executable content.

NCAs looking weird = meaningless. If the data is not in the actual file system, the game will 100% not invoke it. And the data in question is just random nonsense, not any distinct executable content - let alone malicious executable content.

You're doing politics again. I'm talking about technical fact. You're talking about which MD5 is better. I'm educating you. Stop calling something suspect. Do the actual work of understanding the technical facts at hand. If you suspect malware, fire up IDA and reverse your malicious executable. If you do not have a malicious executable, do not have a secret file system, just have random data appended to some NCAs, you have nothing.

It is not possible - it is *not possible* - for an unmodified executable and unmodified game content (romfs) to invoke code located in a place that said executable was never programmed to read from, to execute code from. That's just so far from how things work that it is more humorous than anything else.

You would have signs of tampering with the executable (or an executable of some sort stored in romFS for some reason, one or the other) and comparing to a clean version (which we have) would reveal all. Because nothing malicious is actually afoot, you have paranoid nonsense.

 

[Rawrkanos]

NCAs looking weird = meaningless. If the data is not in the actual file system, the game will not invoke it. And the data in question is just random nonsense, not any distinct executable content - let alone malicious executable content.

And what about the NSP installer? 'cause, again, I'm not a switch scientist. I just know which one is obviously-modified, and that's the C2C version.

 

[blahblah]

And what about the NSP installer? 'cause, again, I'm not a switch scientist. I just know which one is obviously-modified, and that's the C2C version.

If the installer is very poorly programmed and is, for some reason, opting to execute any code it sees while reading an NCA for installation (note: nothing is this poorly programmed in this decade, or last decade either really) that could be possible, but it would create lots of evidence. But that isn't possible here as there is no distinct executable of any type in the modified NCAs. There is just garbage data that the installer would not know how to execute. In this case, pretending that you are right and there is malware afoot, the installer would need to be aware of the malicious file system structure, know how to read from it, read from it and execute the code inside. None of that is the case, and all of that would be trivial to recognize, catch and prove.

If you don't know, you don't know. Do not whip up fear regarding stuff you know nothing about. You need actual evidence of a malicious executable in order to raise the alarm.