I was able to run this and extract my certs, which is really helpful because I can backup the certs for more than one game stored separately from my actual game backups - so I don't have to waste space with two backups of the same game.
What I couldn't figure out is how to actually split the games. I don't see any split option anywhere. There's the option to load the XCI, and trim the XCI, and export or import the cert, or view the cert, or clear the cert, but no split option. If this is supposed to be an option, where is it?
Also: I found it interesting that I could extract from the cart. For example, I was able to extract StartupMovie.gif and view that on the PC. Why isn't there a way to inject files though, to replace things in a cart? I think a tool like this could lead to serious game modding potential AND allow people to share the mods to be injected into someone's backups without breaking the rules by sharing the complete modified game.
If they are only 80% confident, that means it 100% didn't match any virus definition and is just using heuristics.
Heuristics-based detection is used by an AV vender to get ahead of actual threats, but they have serious flaws. For example, if you wrote a simple "Hello World!" program in C and compiled an executable that file would get flagged as malicious by many venders UNLESS you set it as a final release in your compiler. From there, if something can open files and/or make changes to that (like, say, an application designed to edit a short list of hex values within a larger file, like a cert injection tool) it will also be flagged. A dev could submit the file to the company that flagged it (assuming there is even contact information available in English) and they MIGHT put it on their white list, but then the next compiled version will just break again. AV is the bane of all devs, including students like me who can't even share source code with another student working on a project with me without being blocked by over-zealous AV scans.
The only reason why mainstream software generally doesn't get flagged like this is because they use certificates that can be revoked. The basic idea is that if you pay a company like Microsoft for a certificate it must be safe, because those certificates can be revoked if they are not safe, but even that isn't safe because the malware like ransomware have valid certificates that they pay for, and just keep buying them when they get revoked because they make more money than the license costs, so you can't even trust 100% safe either.