Hacking Exosphere vs Incognito: How effective is it now?

[MushGuy]

Hello, so I'm currently using incognito_ rcm in my Switch with the original PRODINFO properly backed up. However, I'm planning to restore it to use Exosphere instead along with DNS MITM. How effective is Exosphere nowadays, and how does it work? Does it actually modify the PRODINFO in NAND, or does it just simulate a blanked PRODINFO without actually altering it?

 

[wownmnpare]

I would say 50% since there still a chance you'll get ban

 

[MushGuy]

Bump. Second opinions, anyone?

 

[izy]

Hello, so I'm currently using incognito_ rcm in my Switch with the original PRODINFO properly backed up. However, I'm planning to restore it to use Exosphere instead along with DNS MITM. How effective is Exosphere nowadays, and how does it work? Does it actually modify the PRODINFO in NAND, or does it just simulate a blanked PRODINFO without actually altering it?

exosphere works exactly the same as incognito

it uses the same code base all the way down to the fact that it would softbrick mariko units when enabled until they fixed that issue

its basically the same thing with some fixes
and the fact you dont need to write to nand to use it

so yeah i dont know how someone can estimate 2 identical things as one being 50% effective

https://github.com/Atmosphere-NX/Atmosphere/issues/1317

 

[MushGuy]

exosphere works exactly the same as incognito

it uses the same code base all the way down to the fact that it would softbrick mariko units when enabled until they fixed that issue

its basically the same thing with some fixes
and the fact you dont need to write to nand to use it

so yeah i dont know how someone can estimate 2 identical things as one being 50% effective

https://github.com/Atmosphere-NX/Atmosphere/issues/1317

So it works the same as Incognito, but without writing the blanked PRODINFO to NAND like Incognito does, is that right?

 

[jajamundo]

So it works the same as Incognito, but without writing the blanked PRODINFO to NAND like Incognito does, is that right?

Yes!

 

[Rahkeesh]

The timing of when prodinfo is blanked potentially matters. With Incognito it's blanked from before boot because the actual NAND was rewritten, with exosphere NAND is untouched and calls have to be intercepted, but this happens only starting from a certain point in the boot process. It might make absolutely zero difference but the Atmosphere documentation itself marks the feature as "experimental" because it is unknown whether that opening could provide any info to Nintendo.

 

[SciresM]

The timing of when prodinfo is blanked potentially matters. With Incognito it's blanked from before boot because the actual NAND was rewritten, with exosphere NAND is untouched and calls have to be intercepted, but this happens only starting from a certain point in the boot process. It might make absolutely zero difference but the Atmosphere documentation itself marks the feature as "experimental" because it is unknown whether that opening could provide any info to Nintendo.

This is horrifically misleading at best.

Atmosphere explicitly performs blanking before launching any other processes. What you describe has been accounted for, and solved.

It's not marked experimental because it's unknown what it provides to Nintendo. It's marked experimental because I personally think blanking PRODINFO is completely moronic. It's a nuke for a problem better solved by a scalpel.

 

[MeAndHax]

This is horrifically misleading at best.

Atmosphere explicitly performs blanking before launching any other processes. What you describe has been accounted for, and solved.

It's not marked experimental because it's unknown what it provides to Nintendo. It's marked experimental because I personally think blanking PRODINFO is completely moronic. It's a nuke for a problem better solved by a scalpel.

And Why do you think it’s better not to blank it completely? I don’t understand...
I don’t see any disadvantages from blanking it completely; it consists of serial numbers which should be unimportant to an average user

 

[Draxzelex]

And Why do you think it’s better not to blank it completely? I don’t understand...
I don’t see any disadvantages from blanking it completely; it consists of serial numbers which should be unimportant to an average user

Just because PRODINFO is blanked doesn't mean all of the console's information is blanked. This is why there is some merits to 90DNS or dns.mitm to block Nintendo traffic because this way prevents all information from reaching Nintendo in the first place.

 

[0nry0]

So if my 90dns says everything is blocked am I safe?

 

[ezkitty]

So if my 90dns says everything is blocked am I safe?

yeah but its best to use incognito or exosphere. 90dns only applies to the internet connection with the 90dns settings. if you connect to a new internet connection without inputting the 90dns, youre not safe. incognito and exosphere are more permanent

 

[BeckysFootSlave]

Hello guys,

I thought lot about it and made a good hosts file using atmosphere!

1. Changed and activated many things in system_settings.ini
2. Hosts file blocks anything related to nintendo or switch
Blocks also game servers
Blocks Google tracking
Blocks most YouTube ads

HBL appstore is also blocked because url is switchbru(dot)com, but I found a solution to let it thru!

Please feel free to first take a look at any single file and feel free to use it!
Feedback is very welcome!!!

Browse to sd:/atmosphere/logs/ and look into the log file!
It shows anything that it blocked!

Forget 90dns or the 90dns tester (I deleted that)

In internet settings I have set up cloudflare for DNS 1 and DNS 2 (1.1.1.1 and 1.0.0.1) because I don't trust and hate google!

Just drag all files from zip to root of SD and reboot if you do it in atmosphere with ftp or anything else!
If you do it with hekate ums then just load atmosphere after dragging the files!

 

[0nry0]

Will try it out thank you

 

[Dragon91Nippon]

This is horrifically misleading at best.

Atmosphere explicitly performs blanking before launching any other processes. What you describe has been accounted for, and solved.

It's not marked experimental because it's unknown what it provides to Nintendo. It's marked experimental because I personally think blanking PRODINFO is completely moronic. It's a nuke for a problem better solved by a scalpel.

If that's the case why does it still say it's discouraged due to potentially cached data if that's not the reason it's experimental.
Shouldn't it say something more along the lines of "this solution is experimental and not encouraged because it is overkill" or something like that?

Spoiler: exosphere config

# Key: debugmode, default: 1.
# Desc: Controls whether kernel is debug mode.
# Disabling this may break Atmosphere's debugger in a future release.

# Key: debugmode_user, default: 0.
# Desc: Controls whether userland is debug mode.

# Key: disable_user_exception_handlers, default: 0.
# Desc: Controls whether user exception handlers are executed on error.
# NOTE: This will cause atmosphere to not fail gracefully.
# Support may not be provided to users tho disable these.
# If you do not know what you are doing, leave them on.

# Key: enable_user_pmu_access, default: 0.
# Desc: Controls whether userland has access to the PMU registers.
# NOTE: It is unknown what effects this has on official code.

# Key: blank_prodinfo_sysmmc, default: 0.
# Desc: Controls whether PRODINFO should be blanked in sysmmc.
# This will cause the system to see dummied out keys and
# serial number information.
# NOTE: This is not known to be safe, as data may be
# cached elsewhere in the system. Usage is not encouraged.

# Key: blank_prodinfo_emummc, default: 0.
# Desc: Controls whether PRODINFO should be blanked in emummc.
# NOTE: This is not known to be safe, as data may be
# cached elsewhere in the system. Usage is not encouraged.

# Key: allow_writing_to_cal_sysmmc, default: 0.
# Desc: Controls whether PRODINFO can be written by homebrew in sysmmc.
# NOTE: Usage of this setting is strongly discouraged without
# a safe backup elsewhere. Turning this on will also cause Atmosphere
# to ensure a safe backup of calibration data is stored in unused
# mmc space, encrypted to prevent detection. This backup can be used
# to prevent unrecoverable edits in emergencies.

# Key: log_port, default: 0.
# Desc: Controls what uart port exosphere will set up for logging.
# NOTE: 0 = UART-A, 1 = UART-B, 2 = UART-C, 3 = UART-D

# Key: log_baud_rate, default: 115200
# Desc: Controls the baud rate exosphere will set up for logging.
# NOTE: 0 is treated as equivalent to 115200.

# Key: log_inverted, default: 0.
# Desc: Controls whether the logging uart port is inverted.

 

[KorenGan]

If that's the case why does it still say it's discouraged due to potentially cached data if that's not the reason it's experimental.
Shouldn't it say something more along the lines of "this solution is experimental and not encouraged because it is overkill" or something like that?

More like it’s experimental because a better solution has not been found that actually protects from switch bans.

 

[LightBeam]

Just because PRODINFO is blanked doesn't mean all of the console's information is blanked. This is why there is some merits to 90DNS or dns.mitm to block Nintendo traffic because this way prevents all information from reaching Nintendo in the first place.

Yeah but do we have any idea if they can still identify a console without prodinfo ? It's been years and I have never heard news about that.



I can understand why sciresm thinks it's just overkill. At the time I did it there was no other solution (other than maybe 90DNS iirc) and tbh, I'd rather have something more permanent than something that relies on a config file that could be overriden after a dumb mistake like a manual update.
I don't mind bombing my emunand as long as my sysnand stays clean. Tho whenever I have to use homebrews on my sysnand for saves or something, maybe exosphere comes handy ?? I don't even know if it does anything, if it helps not showing too much to Nintendo or not, but I guess that's better than absolutely nothing and maybe that's thanks to that that I haven't been banned yet (helped me not being paranoid when launching my sysnand with atmosphere)

 

[Disastrous-Lie9926]

Hello guys,

I thought lot about it and made a good hosts file using atmosphere!

1. Changed and activated many things in system_settings.ini
2. Hosts file blocks anything related to nintendo or switch
Blocks also game servers
Blocks Google tracking
Blocks most YouTube ads

HBL appstore is also blocked because url is switchbru(dot)com, but I found a solution to let it thru!

Please feel free to first take a look at any single file and feel free to use it!
Feedback is very welcome!!!

Browse to sd:/atmosphere/logs/ and look into the log file!
It shows anything that it blocked!

Forget 90dns or the 90dns tester (I deleted that)

In internet settings I have set up cloudflare for DNS 1 and DNS 2 (1.1.1.1 and 1.0.0.1) because I don't trust and hate google!

Just drag all files from zip to root of SD and reboot if you do it in atmosphere with ftp or anything else!
If you do it with hekate ums then just load atmosphere after dragging the files!

may I ask what solution you made to let hbl appstore online? im looking to trying this even with exosphere

 

[RednaxelaNnamtra]

Yeah but do we have any idea if they can still identify a console without prodinfo ? It's been years and I have never heard news about that.



I can understand why sciresm thinks it's just overkill. At the time I did it there was no other solution (other than maybe 90DNS iirc) and tbh, I'd rather have something more permanent than something that relies on a config file that could be overriden after a dumb mistake like a manual update.
I don't mind bombing my emunand as long as my sysnand stays clean. Tho whenever I have to use homebrews on my sysnand for saves or something, maybe exosphere comes handy ?? I don't even know if it does anything, if it helps not showing too much to Nintendo or not, but I guess that's better than absolutely nothing and maybe that's thanks to that that I haven't been banned yet (helped me not being paranoid when launching my sysnand with atmosphere)

What nintendo is currently using, and what they could use are two different pairs though.
Currently they don't seem to try to identify consoles with a blanked prodinfo, probably because a lot of requests don't even go through with it blanked, if I understood it correctly.
Nintendo also doesn't seem to go after homebrew only people, since you can go online with blanking disabled and atmosphere active just fine, as long as you don't install any nsps or xcis, which is what atmophere targets to allow anyway. This is also done by many people, including atmosphere devs and myself, many never even booting stock anymore.
I would also suggest against using exosphere blanking on the online nand, since while probably nothing happens, it might result in some extra traces somewhere, in case somethings logs the serial number somewhere.

There is also the component of human error.
For example a person might accidentally blank their sysnand instead or their emunand, resulting in them running in a lot of potential problems.
In case someone makes this mistake, with exosphere at max they leave a small trace somewhere, while with persistent blanking the worst case is that they might loose all online access forever.
On the other side, with other precautions already active (like dns blocking) disabling exospheres blanking by accidents doesn't result in any problems at all.

 

[BeckysFootSlave]

@Disastrous-Lie9926

Just take a look into the hosts file (it's still working) and look at the line for the "switchbru" URL!