Hacking What's the challenge with the XCI loader?

[Philourer]

You are running your switch in RCM, although i have not validated the following, if Nintendo tracks RCM loading, and they see that Horizon OS is running from RCM, they'll know something is up instantly, irrelevant on whether you loaded XCI's or NSP's. I think the only reason myself and others have not been banned yet even though we're online (WiFi active but no NNID, for me at least), is because i'd like to believe that the telemetry report only gets sent if you are logging to their online servers through your NNID (could be very wrong on this, but then i don't see why i'm not banned yet).

Assuming you mean AutoRCM, as I don't believe they can detect a jig used before OFW boots (but they could after). Regardless, I am using AutoRCM, so your points apply to me.

Everything has a risk. I've researched, and have made a decision as to what I am, and am not, comfortable with. I'd prefer not using AutoRCM if all else was equal, BUT it has two main advantages for me. 1, Easier for the kids to use (Minecraft and Splatoon seem to be bad at causing crashes). 2, Keeps fuses from being burned (since I started at 5.1.0 it's not a huge deal, but still...). Running a cart as nsp, the convenience does not outweigh the added risk that I perceive. Perhaps if I was a developer and "knew" it was as safe or safer than xci, but I'm not so I don't.

There's also the fact I already had the licenses for SX OS. If I hadn't, maybe I'd be ok with nsp instead of xci.

 

[jajamundo]

Certainly. Unlike .XCI files, raw .NSP files typically need a ticket to be launched. These can be either real or fake; real ones are obtained by purchasing them from the eShop while fake ones are generated via CFW. Now you can just modify an .NSP file to no longer launch without a ticket so it functions like an .XCI but for the purposes of this argument, let's just stick to .XCI files. .XCI files are simply launched without modification since the Switch natively supports these; these are 1:1 copies of retail cartridges. However you can install a .XCI file into the USER partition similar to how .NSP files are installed and launch it from there.

What causes users to be banned for using .NSP files are not the .NSP files themselves (these are 1:1 copies of eShop games once installed) but the fake tickets used to install/launch them. Therefore, if you install anything that doesn't need a fake ticket, then Nintendo won't know that you're launching it using CFW (because it won't have a fake ticket).

This is true, but in order to can do this you really need to much time to remove the fake ticket to the nsp file. I'm not against nsp files, just dont have any interest of installing them. I thought I'm on the safety side using XCI files. One advantage they have is that we dont need to wait until they install on the console. Just plug and play option

 

[Draxzelex]

This is true, but in order to can do this you really need to much time to remove the fake ticket to the nsp file. I'm not against nsp files, just dont have any interest of installing them. I thought I'm on the safety side using XCI files. One advantage they have is that we dont need to wait until they install on the console. Just plug and play option

And that is completely acceptable. I have no qualms against the .XCI format. While .NSP is superior objectively, there are subjective benefits to both. Although now that Tinfoil supports USB installation of .NSP files, this is yet-another blow to .XCI files.

 

[thaikhoa]

• You can install DLC and updates with .NSP unlike .XCI which have to rely on buying/downloading them (or using .NSP in conjunction which defeats the purpose using a .XCI in the first place)
• .NSP are smaller than even a trimmed .XCI file
• .NSP have faster load times than .XCI files
• .NSP can be installed without an SD card
• .NSP can be launched without an SD card

• Agree
• Use NX-Trimmer to cut the size of an xci as small as a nsp
• As what I've tested, loading game using Octopath, xci and nsp loaded to main menu at the same time.
• We all need SD card for CFW. Yes we can install nsp to system memory.

 

[jajamundo]

And that is completely acceptable. I have no qualms against the .XCI format. While .NSP is superior objectively, there are subjective benefits to both. Although now that Tinfoil supports USB installation of .NSP files, this is yet-another blow to .XCI files.

I know nsp is superior. Faster loadings, and less space on the SD Card is the only the matters. But as I said before, I just like the plug and play option and dont wait for a game to install. And all this ban waves, you already said that the XCI dont send to Nintendo any certs, make them even safer to avoid bans

 

[Philourer]

Certainly. Unlike .XCI files, raw .NSP files typically need a ticket to be launched. These can be either real or fake; real ones are obtained by purchasing them from the eShop while fake ones are generated via CFW. Now you can just modify an .NSP file to no longer launch without a ticket so it functions like an .XCI but for the purposes of this argument, let's just stick to .XCI files. .XCI files are simply launched without modification since the Switch natively supports these; these are 1:1 copies of retail cartridges. However you can install a .XCI file into the USER partition similar to how .NSP files are installed and launch it from there.

What causes users to be banned for using .NSP files are not the .NSP files themselves (these are 1:1 copies of eShop games once installed) but the fake tickets used to install/launch them. Therefore, if you install anything that doesn't need a fake ticket, then Nintendo won't know that you're launching it using CFW (because it won't have a fake ticket).

Ok, I'm still not 100% on how this works. You know my stance on "safe-ish" "acceptable risk", etc. So...

Let's say I have two identical Switches, both on 6.0. I have a physical cart of Mario Kart 8 and have dumped to xci, including the unique cert. Switch #1 can load MK8 as an xci using SX OS 1.9. Switch #2 can take the same xci but install on the user partition, using whatever means you think would give the best odds of not getting banned.

I'm going to update both to the newest version and play online.

Do you think Switch 1 or 2 would be more likely to be banned? Why? If you think both have the exact same odds, let's say you find out one was banned and the other wasn't. If you guess the right one you get $100. What's your guess?

 

[thaikhoa]

I know nsp is superior. Faster loadings, and less space on the SD Card is the only the matters. But as I said before, I just like the plug and play option and dont wait for a game to install. And all this ban waves, you already said that the XCI dont send to Nintendo any certs, make them even safer to avoid bans

Unless you can install game update via Nintendo or shared from another Switch. Install game update using public nsps will mess with the cert / or install DLC nsps will do too.

 

[Draxzelex]

Ok, I'm still not 100% on how this works. You know my stance on "safe-ish" "acceptable risk", etc. So...

Let's say I have two identical Switches, both on 6.0. I have a physical cart of Mario Kart 8 and have dumped to xci, including the unique cert. Switch #1 can load MK8 as an xci using SX OS 1.9. Switch #2 can take the same xci but install on the user partition, using whatever means you think would give the best odds of not getting banned.

Do you think Switch 1 or 2 would be more likely to be banned? Why? If you think both have the exact same odds, let's say you find out one was banned and the other wasn't. If you guess the right one you get $100. What's your guess?

If I had to pick one, I would say Switch 1 is more likely to get banned than Switch 2 because SX OS patches the firmware to redirect the .XCI loading to the SD card instead of the gamecart slot. Installing an .XCI is more similar to loading a .XCI from the cartridge slot than from the SD card because you do not have to patch the firmware to launch it (it should even launch in OFW). However I believe this difference to be negligible in terms of getting banned.

 

[SavagePR]

what's the hold-up on release an XCI loader? Is it lack of interest or technical hurdles?

What's your understanding or take on it?

The hold up is that every developer out there just wants to crack SX OS and copy the xci loader code instead of developing their own open source code.
At least thats what i see.

 

[Philourer]

If I had to pick one, I would say Switch 1 is more likely to get banned than Switch 2 because SX OS patches the firmware to redirect the .XCI loading to the SD card instead of the gamecart slot. Installing an .XCI is more similar to loading a .XCI from the cartridge slot than from the SD card because you do not have to patch the firmware to launch it (it should even launch in OFW). However I believe this difference to be negligible in terms of getting banned.

Wait...it can load from OFW? How does it show up in the main screen, just like any other nsp installed game? I don't get how it could be safer than xci emulating the cart slot, but if you think it's "probably" just as safe if not safer...I may just try this out on my virgin Switch. No worries, I won't hold you responsible if it ends in a ban

I posted in the Switch ban thread about being willing to be a guinea pig. If there's a certain way you'd like to see this tested, let me know.

 

[Draxzelex]

Wait...it can load from OFW? How does it show up in the main screen, just like any other nsp installed game? I don't get how it could be safer than xci emulating the cart slot, but if you think it's "probably" just as safe if not safer...I may just try this out on my virgin Switch. No worries, I won't hold you responsible if it ends in a ban

I posted in the Switch ban thread about being willing to be a guinea pig. If there's a certain way you'd like to see this tested, let me know.

Yes, it shows up like an .NSP game. After all, .XCI and retail carts also show up on your home screen and the icons don't go away even after you remove the .XCI file/cartridge. However, not entirely sure it will launch in OFW; I'm just going off of how they are launched (installation would have to be done in CFW still).

 

[Philourer]

Yes, it shows up like an .NSP game. After all, .XCI and retail carts also show up on your home screen and the icons don't go away even after you remove the .XCI file/cartridge. However, not entirely sure it will launch in OFW; I'm just going off of how they are launched (installation would have to be done in CFW still).

What tool should I be using? The only useful post I can find regarding installing an xci with a unique cert as nsp was from August and said it couldn't be done (it was actually by you, a lot has changed since then though). I also found a reddit post saying it was impossible to load from OFW, but again it was an older post.

I don't mind booting in CFW (OFW would just be a huge bonus, I could get rid of the need for AutoRCM). I do want it to look the same (or very, very similar) as a cart, complete with unique cert. I plan on going online with these games.

 

[Draxzelex]

What tool should I be using? The only useful post I can find regarding installing an xci with a unique cert as nsp was from August and said it couldn't be done (it was actually by you, a lot has changed since then though). I also found a reddit post saying it was impossible to load from OFW, but again it was an older post.

I don't mind booting in CFW (OFW would just be a huge bonus, I could get rid of the need for AutoRCM). I do want it to look the same (or very, very similar) as a cart, complete with unique cert. I plan on going online with these games.

I'm about to try installing an .XCI file and see if it works in OFW although my gut is telling its not gonna work.

EDIT: As I figured, it doesn't work. I think when its installed, it alters part of the .XCI so it can be launched similar to how SX OS patches the firmware to allow .XCI files to be launched from the SD card after selecting them in Rommenu (their homebrew menu).

 

[bundat]

You are running your switch in RCM, although i have not validated the following, if Nintendo tracks RCM loading, and they see that Horizon OS is running from RCM, they'll know something is up instantly

Afaik, the way they know you booted from RCM is the value of "boot reason".
I know from CTCaer's post here that Hekate clears the boot reason, to hide from Nintendo the fact that the Switch was booted from RCM:
https://gbatemp.net/threads/rcm-hekate-ipl-for-5-0-x-working-hb-menu.503299/page-9#post-7963386

By the way, upstream hekate included clearing of boot reason.
This is important to have, otherwise, Switch OS will know that you booted from RCM.
And because I believe most users here will use it on their online console, it may create problems/blacklisting from nintendo in the future.

Also, from this post, it seems rajkosto also clears the boot reason, so RajNX should also hide the fact that the Switch was booted from RCM:
https://gbatemp.net/threads/rcm-payload-hekate-ctcaer-mod.502604/page-19#post-7999648

Well, the only ones that cleared the boot reason, since the first releases, were mine and rajkosto's.

Not sure if ReiNX or SX OS does this though.
This is why I personally prefer open source... questions like this are easily answered.
Meanwhile, people have been debating the noGC behavior of SX OS, with some saying it updated their gc FW, some saying it didn't... until we got some clarification from json about it in this post (and we're STILL not 100% sure because it's not a statement from TX themselves):
https://gbatemp.net/threads/does-sx-os-prevent-updating-game-card-firmware.517892/#post-8285354

If you dont insert a gc then SX OS will prevent card fw updates. If you insert a gc it fallbacks to original behavior which is to update the gc asic if needed.
Also seems it only does this with a legit license. If you dont have a license it will fallback again

If any free CFW had XCI loading, I'd switch instantly from SX OS. It's just that I prefer XCIs due to the ease of drag-and-drop, and using multiple SD cards. The loading time advantage feels insignificant to me (barely a second, two at most, as seen in some videos), and the trim difference is barely a few MBs. I do use NSPs for updates and DLCs though, so I can't say I'm using XCI only.

 

[alantgw]

I'm about to try installing an .XCI file and see if it works in OFW although my gut is telling its not gonna work.

EDIT: As I figured, it doesn't work. I think when its installed, it alters part of the .XCI so it can be launched similar to how SX OS patches the firmware to allow .XCI files to be launched from the SD card after selecting them in Rommenu (their homebrew menu).

is it done by the tool 'ZeroTwoXCI' by 2168-0002?

 

[Akira]

And that is completely acceptable. I have no qualms against the .XCI format. While .NSP is superior objectively, there are subjective benefits to both. Although now that Tinfoil supports USB installation of .NSP files, this is yet-another blow to .XCI files.

Usb installation? Im listening

 

[MonMonz]

I Wish the community develop a XCI Loader its the only feature that we miss now in the open source CFW

 

[Khar00f]

And that is completely acceptable. I have no qualms against the .XCI format. While .NSP is superior objectively, there are subjective benefits to both. Although now that Tinfoil supports USB installation of .NSP files, this is yet-another blow to .XCI files.

We can load and install NSP's through USB? That's Awesome, since when?

I hope that means USB installs are close as well, would love to be able to use USB as storage.


Also did I read you correctly when you said in your post about certs that you can change the flag of an NSP to tell the system that this NSP doesn't need to be validated?

Afaik, the way they know you booted from RCM is the value of "boot reason".
I know from CTCaer's post here that Hekate clears the boot reason, to hide from Nintendo the fact that the Switch was booted from RCM:
https://gbatemp.net/threads/rcm-hekate-ipl-for-5-0-x-working-hb-menu.503299/page-9#post-7963386


Also, from this post, it seems rajkosto also clears the boot reason, so RajNX should also hide the fact that the Switch was booted from RCM:
https://gbatemp.net/threads/rcm-payload-hekate-ctcaer-mod.502604/page-19#post-7999648


Not sure if ReiNX or SX OS does this though.
This is why I personally prefer open source... questions like this are easily answered.
Meanwhile, people have been debating the noGC behavior of SX OS, with some saying it updated their gc FW, some saying it didn't... until we got some clarification from json about it in this post (and we're STILL not 100% sure because it's not a statement from TX themselves):
https://gbatemp.net/threads/does-sx-os-prevent-updating-game-card-firmware.517892/#post-8285354


If any free CFW had XCI loading, I'd switch instantly from SX OS. It's just that I prefer XCIs due to the ease of drag-and-drop, and using multiple SD cards. The loading time advantage feels insignificant to me (barely a second, two at most, as seen in some videos), and the trim difference is barely a few MBs. I do use NSPs for updates and DLCs though, so I can't say I'm using XCI only.

What I have a hard time understanding is, since they can block some telemetry, why don't they block ALL telemetry, I know wiping causes big flags and has been a subject for bans, but if the telemetry report doesn't write anything in the first place, or maybe intercept telemetry logs and clear them of the red flags.

I share the position as you on XCI loading, the simple drag and drop benefit outweighs both the loading times and the space saving.

--------------------- MERGED ---------------------------

I Wish the community develop a XCI Loader its the only feature that we miss now in the open source CFW

That and EMUNAND

 

[bundat]

What I have a hard time understanding is, since they can block some telemetry, why don't they block ALL telemetry

They don't know all the things that Horizon OS detects.

The "boot reason" thing I think is a Tegra X1 feature (hence why it gets set even if Horizon hasn't loaded yet).
The reason they probably know about it, is that the Tegra X1 (SoC) has a "publicly accessible" 3,000 page "Technical Reference Manual" (well, you need to have membership to the NVIDIA Developer Program to download it directly from developer.nvidia.com, but you could probably find it somewhere else).

Point being, it is completely documented.

On the other hand, Horizon OS is completely closed-source, so nothing is documented, everything has to be reverse-engineered (unless you work at Nintendo, and have access to the Horizon OS code).

 

[dragon_from_iso]

Ill answer the op the right way. Dev want to complain that tx is stealing stuff from them. So they dont want to release a xci loader cause then everyone can say they are stealing from tx.