Front-page Homebrew RELEASE  Updated

Incognito_RCM - wipe personal information to reduce risk of ban

Incognito_RCM

since Incognito by blawar doesn't work on vanilla atmosphere, I made a payload to use with hekate (or any other payload injector) with the same functionality.
Incognito_RCM wipes personal information from your Nintendo Switch by removing it from prodinfo.

Functionality:​
  • wipe personal information on sysnand/emunand
  • backup prodinfo from sysnand/emunand
  • restore prodinfo to sysnand/emunand
Since NAND memory is encrypted, this is based on shchmue's Lockpick_RCM to first get the neccessary encryption keys.
You can apply Incognito_RCM directly after installing atmosphere or any time after and it has the advantage that you don't need to set 90DNS after an internet connection and possibly communication with nintendo servers is already established. (You can apply 90DNS anyway)

This has only been tested by me on firmware 8.1.0, so please test it and report back.
Since it has only been tested by me, keep a hekate nand backup ready to be safe.

source: https://github.com/jimzrt/Incognito_RCM
releases: https://github.com/jimzrt/Incognito_RCM/releases

Disclaimer:
This is early stage and there is no guarantee that everything works as expected! Please have a hekate NAND backup ready!

Screenshots:
main.png
incognito.png

backup.png
restore.png

Changelog:
v0.6.1
  • bugfix: write to emummc instead of sdmmc
v0.6.0
  • incorporate hekate & lockpick_rcm changes
  • reboot to payload
v0.5.1
  • firmware 9.1.0 support
v0.4.0
  • adopt lockpick_rcm and hekate changes (includes fixing of possible bugs and better resource management)
  • reduced payload size
  • use tui progressbar
v0.3.0
  • more error handling
  • backup validation when reading and writing
  • retry up to 5 times when reading and writing before aborting
v0.2.0
  • more validation
  • code cleanup and refactoring
v0.1.0
  • much faster read and write speed (not sector by sector anymore)
  • much more validation and verification (still not perfect)
  • more error handling (still not perfect)
  • backups aren't overwritten, old backups are renamed
  • check for backup before applying incognito
  • auto-restore backup if something goes wrong
v0.0.2
  • Removed external libraries and better handling of reading big chunks of memory.
as always, have a NAND backup ready!
 
Last edited by jimzrt,
  • Like
Reactions: 18Phoenix, Mentelos, bobdob123usa and 52 others
Click to expand...
LightBeam

LightBeam

Well-Known Member
Member
Level 11
Joined
Oct 1, 2018
Messages
980
Trophies
0
XP
2,457
Country
France
The point of this RCM release is to not use the nro made by blawar, so we can keep our vanilla/kosmos atmosphere and not use a sysmodule
 
R

Rahkeesh

Well-Known Member
Member
Level 12
Joined
Apr 3, 2018
Messages
2,178
Trophies
1
Age
42
XP
3,262
Country
United States
Wiping prodinfo makes your *console* immune to ban because that's how Nintendo uniquely identifies consoles. If they decide they want to ban entire accounts that report invalid prodinfos and you set one up then your screwed, but so far they haven't been doing that. Safest bet would be to not have an account set up on or use a throwaway or kefir one on your incognito'd nand.
 
Last edited by Rahkeesh,
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,357
Trophies
2
XP
18,254
Country
Sweden
Rahkeesh said:
Wiping prodinfo makes your *console* immune to ban because that's how Nintendo uniquely identifies consoles. If they decide they want to ban entire accounts that report invalid prodinfos and you set one up then your screwed, but so far they haven't been doing that. Safest bet would be to not have an account set up on or use a throwaway or kefir one on your incognito'd nand.
Click to expand...
Again, no. It doesn't make your immune. Just probably less prone to get a ban. There is a TON of info that is collected. Atmosphere have their own way to block telemetry. But not all CFW have it and we never know what Nintendo can do next.
 
R

Rahkeesh

Well-Known Member
Member
Level 12
Joined
Apr 3, 2018
Messages
2,178
Trophies
1
Age
42
XP
3,262
Country
United States
They can collect all they want, they still need a unique hardware identifier to ban unique hardware. If you're running two seperate nands they likely look very different in terms of what is installed and what programs are run, they will have their own separate logs, etc. They can look at stuff like your access point or IP but its very hard to distinguish between one system with two boots and two systems on the same network. They can look at joycon serials or gamecard certs but again those can move between systems. There aren't a variety of hardware configs that generate unique IDs like on PCs. I don't see how they are going to single out a piece of hardware without making guesses and false positives once you remove the very thing whose sole purpose is to single out a piece of hardware, and at that point you might as well ban a shared account or IP address.
 
Last edited by Rahkeesh,
  • Like
Reactions: thaikhoa
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,357
Trophies
2
XP
18,254
Country
Sweden
Rahkeesh said:
They can collect all they want, they still need a unique hardware identifier to ban unique hardware. If you're running two seperate nands they likely look very different in terms of what is installed and what programs are run, they will have their own separate logs, etc. They can look at stuff like your access point or IP but its very hard to distinguish between one system with two boots and two systems on the same network. They can look at joycon serials or gamecard certs but again those can move between systems. There aren't a variety of hardware configs that generate unique IDs like on PCs. I don't see how they are going to single out a piece of hardware without making guesses and false positives once you remove the very thing whose sole purpose is to single out a piece of hardware, and at that point you might as well ban a shared account or IP address.
Click to expand...
And that's why Nintendo update the telemetry. 9.0.0+ added a whole heap of new identifiable options. https://switchbrew.org/wiki/Calibration
 
  • Like
Reactions: mathew77 and Bst22322
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,357
Trophies
2
XP
18,254
Country
Sweden
Godofcheese said:
Never used incognito in any form, only used dns.
How does this work when you have a Nintendo account linked?
Will that be removed?

Thanks
Click to expand...
It just seem to remove the serial number when I check the sourcecode. I might be wrong. I'm just reading inside keys.c

EDIT: Sorry it does some more.

Serial number, deletes client cert, deletes private key, deviceid 1 and 2, deletes device cert 1 and 2 and deletes the device key.
 
Last edited by linuxares,
E

Engezerstorung

Well-Known Member
Member
Level 9
Joined
Nov 9, 2011
Messages
208
Trophies
1
XP
1,743
Country
France
i thought that incognito was removing the infos that enabled the switch to be allowed to connect to nintendo? and that since its like that even if the switch send info there is no one to listen to them on the other side?
 
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,357
Trophies
2
XP
18,254
Country
Sweden
Engezerstorung said:
i thought that incognito was removing the infos that enabled the switch to be allowed to connect to nintendo? and that since its like that even if the switch send info there is no one to listen to them on the other side?
Click to expand...
In theory yes, and probably so forever. But we never know 100% what Nintendo do next. They might implement another SSL cert to do a handshake. To be 100% risk free from bans for hacking, it's to have another untouched switch. Incognito it does reduce the chance to get a ban for sure.
 
E

Engezerstorung

Well-Known Member
Member
Level 9
Joined
Nov 9, 2011
Messages
208
Trophies
1
XP
1,743
Country
France
linuxares said:
In theory yes, and probably so forever. But we never know 100% what Nintendo do next. They might implement another SSL cert to do a handshake. To be 100% risk free from bans for hacking, it's to have another untouched switch. Incognito it does reduce the chance to get a ban for sure.
Click to expand...

well, that's why we usually for greenlight before updating isn't it? and in this specific exemple case we coul remove this certificate to get back to square 1, no? :P
 
Dr.Hacknik

Dr.Hacknik

Ashley | Developer | Trans
Member
Level 10
Joined
Mar 26, 2014
Messages
1,773
Trophies
1
Age
24
Location
inside your fridge
Website
dochacknik.keybase.pub
XP
2,219
Country
United States
shchmue said:
i'm surprised you wanted to get a proof of concept out without full precautions in place, that's irresponsible

yeah you can't at the moment do a streaming hash, we only just figured that out, but there's no RAM limitation that could keep you from just allocating a 4MiB buffer and reading the whole prodinfo in at once then hashing it in one go. and if you bench it you'll be shocked, even an asm implementation tailored to armv4t from openssl will take 10-100x + longer than se
Click to expand...
Lol I think you're missing the point, it's a WIP. Experimental if anything. With proper disclaimers that it's early work is fine, it's on the user for using an experimental solution.
 
KuranKu

KuranKu

I am KranK
Developer
Level 7
Joined
Jan 13, 2019
Messages
367
Trophies
0
Age
34
Location
Israel
XP
1,181
Country
Israel
i would like to add one thing.
ability to add google accout or what ever to backup the file there for user convenience and prodinfo security , as an possible option

correction: a companion app or something
 
Last edited by KuranKu,

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Crosscode Hacking thread

Hacking  Weird findings from that DQ trilogy switch port

Migswitch backups without certificate files

switch change sd card, but android start fail

Hacking Hardware  Picofly on "old" Samsung EMMC glitching fails sometimes

General chit-chat
Help Users
  • Veho
  • BakerMan
    I rather enjoy a life of taking it easy. I haven't reached that life yet though.
    Veho @ Veho: :( +1