Fork of https://github.com/themoonisacheese/autoverif where I updated the requirements. It will already need an update in December 2025 since pkg_resources will get deprecated soon.

Auto verify NSP, NSZ, XCI, XCZ to check if they have a valid hash and signature, on Linux and Windows.

Verification code stolen from NSCB, with mods from @seiya-git. This is essentially a stripped down squirrel.py that does only verification, meant for batch processing of stashes.

  -h, --help            show help message and exit
  -c CONTRIB_PATH, --contrib-path CONTRIB_PATH
                        input folder (valid games are moved from here)
  -s STASH_PATH, --stash-path STASH_PATH
                        output folder (verified games)
  -w WEBHOOK_URL, --webhook-url WEBHOOK_URL
                        discord webhook url
  -t, --check-stash     check for games with invalid format

clone this repo, then:

cd autoverif
python3 -m venv .venv

#Windows:
.venv\Scripts\activate.bat
#Linux:
source .venv/bin/activate

pip3 install -r requirements.txt

Put your prod.keys in the main folder.

python3 autoverify.py -c /path/to/unverified/games -s /path/to/stash

/path/to/unverified/games must contain folders named "Base", "UPD", and "DLC" (case sensitive). Only files in these folders will be checked.

If the folders in the contrib or stash directory do not exist, they will be created.

Files that pass the signature verification will be moved to their corresponding folder in the stash directory (ie, Base to Base, etc. Only the source folder is actually considered, not whether the file really is a Base nsp).

Files that do not pass the signature verification should be DELETED by you manually. This version does NOT auto-delete if the signature fails, as opposed to themoonisacheese's version.