If you decrypt the contents and edit the game, make it region free, or translate the game it etc, and then re-encrypt, the signature will not be valid.
Only nintendo can create these signatures.
What is a universal/preinstalled legit CIA?
Preinstalled content is special, the signature generated by nintendo is for every console.
If I buy a game from eshop, I can make a legit cia, but it will not be 'universal', in sysnand, it would only work with my 3DS.
For the universal CIAs, they will work on sysnand for everyone. (naturally, region lock still exists)
If the signature generated by Nintendo is universal, do we have a way to decrypt and edit legit CIAs only (e.g. ORAS with pk3DS) and then reencrypt them in a way that would still read as legit? I'm interested in editing shop inventories for legit XY/ORAS installs that could run on updated sysNANDs.
Which I guess begs the question, is it possible to spoof these universal signatures for other games? For example, installing a non-legit CIA that has been modified to have the TMD/ticket of one of the legit ones.
I'm guessing neither is possible, that there are more signatures than we know of and that we can't encrypt legit CIAs. Just wondering if that is the case.