Hacking starting games without updates

[ihaveahax]

I found an interesting file at /storage_slc/security/versions.bin, which after playing around for a bit, seems to be a list of minimum title versions, to prevent users from deleting game updates and starting them until the latest update is re-installed.

for instance, this is for Nintendo Land USA (0005000010102000):

0005 0000 1010 2000 0000 FFFF 0020 0000

it seems to go title id (8 bytes), ??1 (4 bytes), title version (2 bytes), ??2 (2 bytes), at least for full games

there are also individual lines for update titles too (e.g. 0005000E10102000), and it seems the "??1" field change for them, whereas they remain the same for full titles. the "??2" field is a mystery to me right now.

I tried updating Super Mario Maker (because mine was apparently outdated), and only one byte changed in versions.bin: the title version.

so after that, I tried modifying the title version for Nintendo Land in this file to 00 00 (from the disc tmd), deleted the update data and uploaded the modified versions.bin. the result was being able to start the game without being forced to update.

Spoiler

I wonder what this could be useful for. maybe running SSB4 with older updates to get older replays back?

I haven't tested modifying versions.bin without deleting the update data.

 

[Jayster_2]

Interesting find.

 

[Pachee]

You doing this on rednand? What happens if you corrupt/delete this file?

 

[ihaveahax]

You doing this on rednand? What happens if you corrupt/delete this file?

I didn't test this on rednand so I don't know. I wanted to try it on that since I didn't know how it worked, but seeing how the SMM update only changed a single byte, I tried it on sysnand anyway.

 

[icw35]

Interesting. Are there only game updates in that file? Any system stuff? Wondering if it might be a way to block updates (not block as such but you get me).

 

[ihaveahax]

Interesting. Are there only game updates in that file? Any system stuff? Wondering if it might be a way to block updates (not block as such but you get me).

both title IDs are in the file (e.g. 00050000- and 0005000E- for applications and updates respectively). I've only changed the one for 0005000- which might be the only one that matters, but I don't know.

 

[icw35]

both title IDs are in the file (e.g. 00050000- and 0005000E- for applications and updates respectively). I've only changed the one for 0005000- which might be the only one that matters, but I don't know.

I mean system updates, thats why I asked if there were only games or if there is any system stuff? If so we could spoof the system title so it wouldnt update (maybe).

 

[ihaveahax]

I mean system updates, thats why I asked if there were only games or if there is any system stuff? If so we could spoof the system title so it wouldnt update (maybe).

actually there are. I checked out a few titles (all USA), such as Wii U Menu (0005001010040100), Internet Browser (000500301001210A), and System Settings (0005001010047100). these were in versions.bin and all matched the version in the tmd (offset 0x1DC):

0005001010040100 0000FFFF 00D5 0000
000500301001210A 0000FFFF 00F1 0000
0005001010047100 0000FFFF 00C5 0000

if the update procedure only checks this file, it could possibly be used to block updates. possibly, I dunno if I want to try, and I definitely don't know how it works

 

[icw35]

actually there are. I checked out a few titles (all USA), such as Wii U Menu (0005001010040100), Internet Browser (000500301001210A), and System Settings (0005001010047100). these were in versions.bin and all matched the version in the tmd (offset 0x1DC):

0005001010040100 0000FFFF 00D5 0000
000500301001210A 0000FFFF 00F1 0000
0005001010047100 0000FFFF 00C5 0000

if the update procedure only checks this file, it could possibly be used to block updates. possibly, I dunno if I want to try, and I definitely don't know how it works

Lol. Me neither. But good to know. Maybe what crediars spoofer does anyway?

 

[ihaveahax]

Lol. Me neither. But good to know. Maybe what crediars spoofer does anyway?

I tried changing the version for Internet Browser (000500301001210A) from 00F1 to 00F0, but "System Update" didn't seem to do anything. so I don't know if this can really be used for spoofing. or maybe it changed it back to 00F1, didn't check yet.........

--------------------- MERGED ---------------------------

no it did not modify it again, therefore it probably isn't checked for updates. but what is?

--------------------- MERGED ---------------------------

running Internet Browser resets the version in versions.bin to 00F1. so that's something.

... and setting it to 00F2 then running the browser hangs the system. ¯\_(ツ)_/¯

 

[Pachee]

running Internet Browser resets the version in versions.bin to 00F1. so that's something.

... and setting it to 00F2 then running the browser hangs the system. ¯\_(ツ)_/¯

So if you increase the version of a system title like Wii U menu = brick.

 

[icw35]

So if you increase the version of a system title like Wii U menu = brick.

Maybe. But we'll let people who dont mind messing around with rednand test the theory.

 

[ihaveahax]

one thing I discovered, I tried replacing the line for the update data (Nintendo Land USA is 0005000E10102000) with FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF (which is for empty lines), and modifying the title version for the main game. the result is being able to launch the game without update, and without it nagging/attemping to download it again.