RELEASE Incognito_RCM - wipe personal information to reduce risk of ban

Discussion in 'Switch - Emulation, Homebrew & Software Projects' started by jimzrt, Oct 3, 2019.


    24,034

    127
    Front-page RELEASE
    Incognito_RCM

    since Incognito by blawar doesn't work on vanilla atmosphere, I made a payload to use with hekate (or any other payload injector) with the same functionality.
    Incognito_RCM wipes personal information from your Nintendo Switch by removing it from prodinfo.

    Functionality:​
    • wipe personal information on sysnand/emunand
    • backup prodinfo from sysnand/emunand
    • restore prodinfo to sysnand/emunand
    Since NAND memory is encrypted, this is based on shchmue's Lockpick_RCM to first get the neccessary encryption keys.
    You can apply Incognito_RCM directly after installing atmosphere or any time after and it has the advantage that you don't need to set 90DNS after an internet connection and possibly communication with nintendo servers is already established. (You can apply 90DNS anyway)

    This has only been tested by me on firmware 8.1.0, so please test it and report back.
    Since it has only been tested by me, keep a hekate nand backup ready to be safe.

    source: https://github.com/jimzrt/Incognito_RCM
    releases: https://github.com/jimzrt/Incognito_RCM/releases

    Disclaimer:
    This is early stage and there is no guarantee that everything works as expected! Please have a hekate NAND backup ready!

    Screenshots:
    Warning: Spoilers inside!

    Changelog:

    v0.4.0
    • adopt lockpick_rcm and hekate changes (includes fixing of possible bugs and better resource management)
    • reduced payload size
    • use tui progressbar
    v0.3.0
    • more error handling
    • backup validation when reading and writing
    • retry up to 5 times when reading and writing before aborting
    v0.2.0
    • more validation
    • code cleanup and refactoring
    v0.1.0
    • much faster read and write speed (not sector by sector anymore)
    • much more validation and verification (still not perfect)
    • more error handling (still not perfect)
    • backups aren't overwritten, old backups are renamed
    • check for backup before applying incognito
    • auto-restore backup if something goes wrong
    v0.0.2
    • Removed external libraries and better handling of reading big chunks of memory.
    as always, have a NAND backup ready!
     
    Discussion (127 replies)
  1. hippy dave

    hippy dave BBMB

    Member
    15
    Apr 30, 2012
    United Kingdom
    Sounds promising, nice work. Does it support the various kinds of emunand, does it read config from emummc/emummc.ini?

    e: for anyone using this, ALWAYS copy your backup off your SD card onto your computer, and preferably keep multiple copies on flash drives, cloud drives etc. Don't lose it.
     
    Last edited by hippy dave, Oct 3, 2019
  2. Wuigi

    Wuigi GBAtemp Advanced Fan

    Member
    6
    Sep 14, 2012
    Germany
    Really nice, I already wanted to use the normal incognito, but ReiNX wasn't updated for 9.0 at that time.
     
  3. linuxares

    linuxares I'm not a generous god!

    Moderator
    17
    Aug 5, 2007
    Sweden
    Ooooohhh... this can be useful for sure.
     
    Fabian Schuchhardt and NoNAND like this.
  4. mrdude

    mrdude GBAtemp Advanced Fan

    Member
    7
    Dec 11, 2015
    RCM stuff such as this and lockpic only read & write to sysnand. If you want a solution to write to the micro sd card (hidden or file based) emunand - you can make a PC app to do that, then it won't care what CFW you have installed. PC app just needs to mount the hidden partition or emunand files and then write at various offsets. It would'n be hard to code this, why not try yourself? You could do it in visual studio (C#) or C++.
     
  5. Hayato213

    Hayato213 GBAtemp Guru

    Member
    12
    Dec 26, 2015
    United States
    I like it, atleast people now doesn't have to deal with Blawar's malware.
     
    frankadank, 98otiss, brenokk and 10 others like this.
  6. shchmue

    shchmue Developer

    pip Developer
    8
    Dec 23, 2013
    United States
    i can't comment on the usefulness/foolhardiness of wiping these areas of prodinfo but more importantly...

    • this doesn't validate any step of the backup before proceeding, none of the fatfs calls at all, you don't even check how many bytes were actually written, you only subtract the amount that should be written from the total
    • why did you bundle a sha256 library? not only is calling the SE enormously faster, there are multiple example se_calc_sha256 calls in lockpick_rcm and hekate to reference. performance won't really matter for numbers this small but it is super unnecessary bloat when what you need is already in the codebase. and fwiw the calls are way simpler than the bconte library you used
    • combining these two issues, you should probably reread and hash the data on nand vs backup file before proceeding, too
    i do appreciate the utility of this solution getting around the cfw protection problem, but consider that protection is there for good reason. even if you take every precaution, none of this is literally foolproof
     
  7. jimzrt
    OP

    jimzrt Member

    Newcomer
    2
    Oct 3, 2019
    Germany
    yes, there is no validation (yet), it's a first release and I just wanted to share a first working solution. So work in progress. I will add a disclaimer that this is not guaranteed to work.
    I tried se_calc_sah256 calls first, but the application kept freezing. I suspected that this was because I needed to allocate a few megabytes to hash and the library that is bundled allows to incrementally build that hash.
    It is on my todo to investigate the possibility to use SE.

    Of course protection is there for a good reason and I support atmospheres decision to make prodinfo protected - no one should use this application without a nand backup from hekate!

    thanks for the feedback.

    This is not true, Lockpick has the ability to read and write to emunand as well, and consequently does this application
     
    Last edited by jimzrt, Oct 3, 2019
    eyeliner, iriez and RattletraPM like this.
  8. mrdude

    mrdude GBAtemp Advanced Fan

    Member
    7
    Dec 11, 2015
    Yep up until firmware 6.20 or something like that - after that firmware you need to use lockpic-rcm or it dumps the keys incorrectly - or not all of them. Also it just reads them, it writes to micro sd card not nand or emunand.

    — Posts automatically merged - Please don't double post! —

    Actually I'm not one for sticking up for people that use DRM - however, did you look at the github code that Blawar published for incogneto - it doesn't contain any malware, and it does work fairly well. Checks have been added to Atmosphere and SXOS probably as an Anti Brick measure - which is good for noobs. However don't blame Blawar now that his code doesn't work on these CFW as it's nothing to do with him.
     
    Last edited by mrdude, Oct 3, 2019
    epickid37, opmas and JoeBloggs777 like this.
  9. KitsumiTheFox

    KitsumiTheFox Advanced Member

    Newcomer
    3
    Jan 9, 2016
    United States
    Utah
    When you fully release it, this could be a super nifty tool to just keep around.
     
    drrastovac likes this.
  10. shchmue

    shchmue Developer

    pip Developer
    8
    Dec 23, 2013
    United States
    i'm surprised you wanted to get a proof of concept out without full precautions in place, that's irresponsible

    yeah you can't at the moment do a streaming hash, we only just figured that out, but there's no RAM limitation that could keep you from just allocating a 4MiB buffer and reading the whole prodinfo in at once then hashing it in one go. and if you bench it you'll be shocked, even an asm implementation tailored to armv4t from openssl will take 10-100x + longer than se
    lockpick_rcm actually declines all writes to any sys/emunand, it only allows writes to SD filesystem

    one more comment, i noticed you wrote a separate read function in diskio. this is against its design principle. it has an arg for what drive you're loading, but that doesn't even matter since you're not mounting a filesystem at all; ultimately reading and decrypting/writing and encrypting prodinfo would make more sense as functions outside fatfs - fatfs is for filesystems.
     
  11. jimzrt
    OP

    jimzrt Member

    Newcomer
    2
    Oct 3, 2019
    Germany
    well, I don't see it as irresponsible with notice to it being early stage and there being nand backups to revert everything I could to wrong in this application.
    some like to release when it is as fool proof as possible and some like to release very early. It is open source and every one can improve on it. I put it out there also to gauge general interest and to keep me motivated to improve upon it.

    If there is no limitation in allocation multiple mb then apparently I had another issue and I will probably do just that what you said in your comment.

    yeah, the function in diskio is not the best place, but the other function had no argument for which partition to use. I could have added another parameter or change the variable of system_part (and/or its name to be more clear).
    I'm going to organize those things in the near future and probably strip out most things I don't need. I know that this is more or less a hack to get what I wanted to accomplish.
     
    gamesquest1 likes this.
  12. Hayato213

    Hayato213 GBAtemp Guru

    Member
    12
    Dec 26, 2015
    United States
    Incognito Cal0 block in Atmosphere isn't Blawar fault, but my point is that in general the scene doesn't really like him for the whole tinfoil blunder, first with the 1.56 build for picking a fight with ctcaer and kosmos developer for not including ACID patches, and now he is forcing people to use a custom fork of Atmosphere just to use recent build of tinfoil. Not that I hate him but dude make HBG users life difficult with all these tinfoil update, and making people jump through just to get it working. I use Incognito and his build of Tinfoil, but it is just a headache jumping through hoops to get Tinfoil to work on Atmosphere/Kosmos bundle pack.
     
    MarkDarkness and skinnyBIGGS like this.
  13. 8BitWonder

    8BitWonder Small Homebrew Dev

    Member
    11
    Jan 23, 2016
    United States
    47 4F 54 20 45 45 4D
    Looks promising, will definitely be keeping an eye on how this progresses. :)
     
  14. mrdude

    mrdude GBAtemp Advanced Fan

    Member
    7
    Dec 11, 2015
    Try tinfoil mod - that works on Atmosphere (untouched) and can be version spoofed, also DRM is removed.
     
    iriez likes this.
  15. shchmue

    shchmue Developer

    pip Developer
    8
    Dec 23, 2013
    United States
    it does have such an arg: pdrv, but that's for things you mount using fatfs. since prodinfo isn't a filesystem, you don't need fatfs, just move the xts call to your module and be done with it :P
     
  16. Hayato213

    Hayato213 GBAtemp Guru

    Member
    12
    Dec 26, 2015
    United States
    Yea I know about the mod, I am currently using it.
     
  17. jimzrt
    OP

    jimzrt Member

    Newcomer
    2
    Oct 3, 2019
    Germany
    I thought pdrv is physical drive number? anyway, all this tweak magic that happens for xts depending on sector index happens there, so I just did it there as well - temporarily.
    I'm actually improving it right now (since there seems to be interest), but not everything is working as expected. Can I annoy you with one or two questions via pm regarding the code if I don't get it to work?
     
  18. iriez

    iriez GBAtemp Fan

    Member
    8
    Oct 27, 2016
    United States
    Didn't realize this had flown under my radar! Thanks mydude mrdude.
     
  19. jimzrt
    OP

    jimzrt Member

    Newcomer
    2
    Oct 3, 2019
    Germany
    Update v0.0.2 (from v1.0.0 - a step back, seems more realistic :D)
    https://github.com/jimzrt/Incognito_RCM/releases/tag/v0.0.2

    removed external sha256 library and use SE instead.
    Also changed the order of menu points as to not accidentally apply incognito directly.
    Better backup handling is coming!
     
    ry755, 0x9e, Garou and 4 others like this.
Quick Reply
Draft saved Draft deleted
Loading...