Front-page Homebrew RELEASE  Updated

Incognito_RCM - wipe personal information to reduce risk of ban

Incognito_RCM

since Incognito by blawar doesn't work on vanilla atmosphere, I made a payload to use with hekate (or any other payload injector) with the same functionality.
Incognito_RCM wipes personal information from your Nintendo Switch by removing it from prodinfo.

Functionality:​
  • wipe personal information on sysnand/emunand
  • backup prodinfo from sysnand/emunand
  • restore prodinfo to sysnand/emunand
Since NAND memory is encrypted, this is based on shchmue's Lockpick_RCM to first get the neccessary encryption keys.
You can apply Incognito_RCM directly after installing atmosphere or any time after and it has the advantage that you don't need to set 90DNS after an internet connection and possibly communication with nintendo servers is already established. (You can apply 90DNS anyway)

This has only been tested by me on firmware 8.1.0, so please test it and report back.
Since it has only been tested by me, keep a hekate nand backup ready to be safe.

source: https://github.com/jimzrt/Incognito_RCM
releases: https://github.com/jimzrt/Incognito_RCM/releases

Disclaimer:
This is early stage and there is no guarantee that everything works as expected! Please have a hekate NAND backup ready!

Screenshots:
main.png
incognito.png

backup.png
restore.png

Changelog:
v0.6.1
  • bugfix: write to emummc instead of sdmmc
v0.6.0
  • incorporate hekate & lockpick_rcm changes
  • reboot to payload
v0.5.1
  • firmware 9.1.0 support
v0.4.0
  • adopt lockpick_rcm and hekate changes (includes fixing of possible bugs and better resource management)
  • reduced payload size
  • use tui progressbar
v0.3.0
  • more error handling
  • backup validation when reading and writing
  • retry up to 5 times when reading and writing before aborting
v0.2.0
  • more validation
  • code cleanup and refactoring
v0.1.0
  • much faster read and write speed (not sector by sector anymore)
  • much more validation and verification (still not perfect)
  • more error handling (still not perfect)
  • backups aren't overwritten, old backups are renamed
  • check for backup before applying incognito
  • auto-restore backup if something goes wrong
v0.0.2
  • Removed external libraries and better handling of reading big chunks of memory.
as always, have a NAND backup ready!
 
Last edited by jimzrt,
  • Like
Reactions: 18Phoenix, Mentelos, bobdob123usa and 52 others
Click to expand...
scandal_uk

scandal_uk

Not Really There
Member
Level 5
Joined
Oct 3, 2005
Messages
322
Trophies
0
Location
UK
XP
580
Country
United Kingdom
masagrator said:
You don't need Incognito with 0.12.0
It has blank prodinfo in exosphere.ini and it's better, because it doesn't wipe your prodinfo from nand, but gives HOS fake one to use.
https://github.com/Atmosphere-NX/Atmosphere/blob/master/config_templates/exosphere.ini
Click to expand...
Actually that is what Incognito_RCM does - but the official version never calculated the serial checksum so it showed up as blank in the settings menu (even though it was a fake serial, it won't display something that doesn't match the block crc).

My fork of Incognito_RCM contains many fixes, including one for this.

https://github.com/Scandal-UK/Incognito_RCM/releases
 
  • Like
Reactions: IGHOR, Ninn, Nemix77 and 3 others
anth4m

anth4m

Member
Newcomer
Level 1
Joined
Dec 12, 2014
Messages
18
Trophies
0
Age
29
XP
107
Country
United States
scandal_uk said:
Actually that is what Incognito_RCM does - but the official version never calculated the serial checksum so it showed up as blank in the settings menu (even though it was a fake serial, it won't display something that doesn't match the block crc).

My fork of Incognito_RCM contains many fixes, including one for this.

https://github.com/Scandal-UK/Incognito_RCM/releases
Click to expand...
Nice job! Exactly what I'm looking for and solved my problems in HOS 10.0.1.

If anyone is using emuMMC and lose the original prodinfo.bin, you can make a backup from sysNAND and rename it to proinfo_emunand.bin.
 
Muxi

Muxi

Well-Known Member
Member
Level 10
Joined
Jun 1, 2016
Messages
605
Trophies
0
Age
52
XP
2,113
Country
Germany
@scandal_uk It would be great if you could keep this tool up to date in the future, especially if a new FW update is released that changes the pkg1. Obviously the original will not be updated any further.
 
scandal_uk

scandal_uk

Not Really There
Member
Level 5
Joined
Oct 3, 2005
Messages
322
Trophies
0
Location
UK
XP
580
Country
United Kingdom
Muxi said:
@scandal_uk It would be great if you could keep this tool up to date in the future, especially if a new FW update is released that changes the pkg1. Obviously the original will not be updated any further.
Click to expand...
This version also benefits from all updates made by CTCaer and Schmue in Hekate & Lockpick_RCM. So most of my commits are code that was written by them, so it didn’t break when 10.0.1 was released.

I will keep it up-to-date and if anyone needs a feature then drop me a message on temp.
 
  • Like
Reactions: Ninn, LiveMChief, RAGER and 1 other person
scandal_uk

scandal_uk

Not Really There
Member
Level 5
Joined
Oct 3, 2005
Messages
322
Trophies
0
Location
UK
XP
580
Country
United Kingdom
To be honest I had it as a private copy, but then I thought I've gathered enough improvements and some people out there still use it so I'll give a little something back.

I'm interested in seeing some portions of other backups (non-sensitive stuff) and if any banned users want to help out I have a great anonymizing idea to fix an "upcoming problem".

For now, I have released v0.6.5 and created a DEV branch which I will keep active!


Edit: To be fair, who the hell would wanna review a PR like this??
https://github.com/jimzrt/Incognito_RCM/pull/31
 
Last edited by scandal_uk,
  • Like
Reactions: LiveMChief, anth4m and Muxi
LiveMChief

LiveMChief

Well-Known Member
Newcomer
Level 3
Joined
Apr 11, 2020
Messages
85
Trophies
0
Location
USA
XP
350
Country
United States
scandal_uk said:
To be honest I had it as a private copy, but then I thought I've gathered enough improvements and some people out there still use it so I'll give a little something back.

I'm interested in seeing some portions of other backups (non-sensitive stuff) and if any banned users want to help out I have a great anonymizing idea to fix an "upcoming problem".

For now, I have released v0.6.5 and created a DEV branch which I will keep active!


Edit: To be fair, who the hell would wanna review a PR like this??
https://github.com/jimzrt/Incognito_RCM/pull/31
Click to expand...
Good stuff! Should start a thread for your fork.
 
Moquedami

Moquedami

Well-Known Member
Member
Level 9
Joined
Nov 16, 2006
Messages
436
Trophies
1
XP
1,791
Country
Argentina
Im using Sx os with 10.0.2 firm
I tried backing up my prodinfo with incognito rcm but it shows corrupt keyblob 0 to 5
Is this normal?
 
Moquedami

Moquedami

Well-Known Member
Member
Level 9
Joined
Nov 16, 2006
Messages
436
Trophies
1
XP
1,791
Country
Argentina
c
scandal_uk said:
Where did you see this?

Edit: never mind, try the release from my fork
Click to expand...
Thanks but still shows the same error.
Could it be because i have a prodinfo file in the root of my sd from a previous backup?
Does the .nro version of Incognito still work with SX os in 10.0.2?
 
scandal_uk

scandal_uk

Not Really There
Member
Level 5
Joined
Oct 3, 2005
Messages
322
Trophies
0
Location
UK
XP
580
Country
United Kingdom
Moquedami said:
c
Thanks but still shows the same error.
Could it be because i have a prodinfo file in the root of my sd from a previous backup?
Does the .nro version of Incognito still work with SX os in 10.0.2?
Click to expand...
No and no. It will rename the older version (by appending .0 to the end).

The latest version of Atmosphere has an "incognito mode" that is enabled by adding the exosphere.ini file to the root of the SD card, I think SX has a similar feature.

The error you are seeing is because the keys in your BIS are corrupted - Incognito_RCM does not modify the area that holds these keys. The method that displays this error is from Lockpick_RCM, can you try and run that payload and report back..?
 
Nemix77

Nemix77

Well-Known Member
Member
Level 6
Joined
May 30, 2009
Messages
851
Trophies
0
XP
757
Country
Canada
I'm now using the new Ingonito_RCM by scandal_uk in conjunction with exosphere.ini and 90DNS on firmware 10.0.4 and Atmoshpere 0.12.0.

I know it's redundant but just in case one fails or gets accidentally deleted/corrupted/reset.
 
Last edited by Nemix77,
  • Like
Reactions: scandal_uk and Muxi
Muxi

Muxi

Well-Known Member
Member
Level 10
Joined
Jun 1, 2016
Messages
605
Trophies
0
Age
52
XP
2,113
Country
Germany
That's right! You only have to delete the exosphere.ini by mistake and you have a problem! So this is a safe thing for the emuMMC in any case.
Also, the backup of the prodinfo does not necessarily have to be stored, since you can create a new one via sysNand at any time if necessary.
 
Last edited by Muxi,
scandal_uk

scandal_uk

Not Really There
Member
Level 5
Joined
Oct 3, 2005
Messages
322
Trophies
0
Location
UK
XP
580
Country
United Kingdom
I use exosphere.ini as well as this, better to be safe than sorry. This is a bit more of a “brute force” method, but that’s fine for EmuMMC - I wouldn’t touch SysNAND even if I was banned, I don’t like that option but someone might have a purpose for it.

Edit: I’m working on encrypted backups and optional erasures at the moment, then possibly a counterfeit SSL cert...
 
Last edited by scandal_uk,
  • Like
Reactions: anth4m and Nemix77
Moquedami

Moquedami

Well-Known Member
Member
Level 9
Joined
Nov 16, 2006
Messages
436
Trophies
1
XP
1,791
Country
Argentina
scandal_uk said:
No and no. It will rename the older version (by appending .0 to the end).

The latest version of Atmosphere has an "incognito mode" that is enabled by adding the exosphere.ini file to the root of the SD card, I think SX has a similar feature.

The error you are seeing is because the keys in your BIS are corrupted - Incognito_RCM does not modify the area that holds these keys. The method that displays this error is from Lockpick_RCM, can you try and run that payload and report back..?
Click to expand...
OK, this is what i got:

MMC init... done in 10097 us
TSEC key(s)... done in 33820 us
unable to derive master key, kb = 10.
put current sept files to sd and retry
Master keys... done in 5669 us
Unable to derive package2 key
FS keys... done in 12390 us
Missing F keys. Skipping ES/SSL keys
Found 81 keys
Lockpick totally done in 86387 us
Found through master_key_0A
wrote 5945 bytes to sd:/switch/prod.keys
 
scandal_uk

scandal_uk

Not Really There
Member
Level 5
Joined
Oct 3, 2005
Messages
322
Trophies
0
Location
UK
XP
580
Country
United Kingdom
Moquedami said:
OK, this is what i got:

MMC init... done in 10097 us
TSEC key(s)... done in 33820 us
unable to derive master key, kb = 10.
put current sept files to sd and retry
Master keys... done in 5669 us
Unable to derive package2 key
FS keys... done in 12390 us
Missing F keys. Skipping ES/SSL keys
Found 81 keys
Lockpick totally done in 86387 us
Found through master_key_0A
wrote 5945 bytes to sd:/switch/prod.keys
Click to expand...

This feels like a stupid question - but do you have the bootloader folder from Hekate and the the sept folder from Atmosphere on your SD card?
 
pcwizard7

pcwizard7

Well-Known Member
Member
Level 9
Joined
Aug 2, 2013
Messages
1,409
Trophies
0
XP
1,688
Country
Australia
scandal_uk said:
Actually that is what Incognito_RCM does - but the official version never calculated the serial checksum so it showed up as blank in the settings menu (even though it was a fake serial, it won't display something that doesn't match the block crc).

My fork of Incognito_RCM contains many fixes, including one for this.

https://github.com/Scandal-UK/Incognito_RCM/releases
Click to expand...

I found this by google and confirm still works on fw 10.2.0

suggestion: this should be on the front page
 
  • Like
Reactions: Ottorocket and scandal_uk
J

jboom91

Member
Newcomer
Level 3
Joined
Aug 6, 2020
Messages
21
Trophies
0
Age
32
XP
306
Country
United States
scandal_uk said:
I use exosphere.ini as well as this, better to be safe than sorry. This is a bit more of a “brute force” method, but that’s fine for EmuMMC - I wouldn’t touch SysNAND even if I was banned, I don’t like that option but someone might have a purpose for it.

Edit: I’m working on encrypted backups and optional erasures at the moment, then possibly a counterfeit SSL cert...
Click to expand...

I used your fork of incognito rcm to blank my emummc serial number because exosphere.ini on my sd root causes my cfw on emummc to not boot past the nintendo logo. I was going to ask though, is it normal for the new serial to be all zeros after the xaw and end with 1? Also, I noticed after using incognito rcm to blank the serial the incognito tab at the bottom of tinfoil 8.10 is no longer there, the last tab instead is just help, when its normally help then incognito.
 
scandal_uk

scandal_uk

Not Really There
Member
Level 5
Joined
Oct 3, 2005
Messages
322
Trophies
0
Location
UK
XP
580
Country
United Kingdom
jboom91 said:
I used your fork of incognito rcm to blank my emummc serial number because exosphere.ini on my sd root causes my cfw on emummc to not boot past the nintendo logo. I was going to ask though, is it normal for the new serial to be all zeros after the xaw and end with 1? Also, I noticed after using incognito rcm to blank the serial the incognito tab at the bottom of tinfoil 8.10 is no longer there, the last tab instead is just help, when its normally help then incognito.
Click to expand...
The fake serial number has always been added by Incognito_RCM, however, the original version did not save a calculated checksum for it so it did not display in the System menu - my patched version adds the checksum so the serial number shows up correctly. Hope that answers the question?
I cannot comment on Tinfoil's Incognito.
 
  • Like
Reactions: pcwizard7, jboom91 and LiveMChief

Site & Scene News

Go to forum More news

Popular threads in this forum

The MIG Switch Thread

Kingdom Come Deliverance Nswitch MOD

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

General chit-chat
Help Users
    SylverReZ @ SylverReZ: @Psionic Roshambo, JonTron's back yet again until he disappears into the void for another 6 or...