Incognito_RCM - wipe personal information to reduce risk of ban

hippy dave · Oct 3, 2019

Sounds promising, nice work. Does it support the various kinds of emunand, does it read config from emummc/emummc.ini?

e: for anyone using this, ALWAYS copy your backup off your SD card onto your computer, and preferably keep multiple copies on flash drives, cloud drives etc. Don't lose it.

Wuigi · Oct 3, 2019

Really nice, I already wanted to use the normal incognito, but ReiNX wasn't updated for 9.0 at that time.

linuxares · Oct 3, 2019

Ooooohhh... this can be useful for sure.

mrdude · Oct 3, 2019

hippy dave said:
Sounds promising, nice work. Does it support the various kinds of emunand, does it read config from emummc/emummc.ini?

e: for anyone using this, ALWAYS copy your backup off your SD card onto your computer, and preferably keep multiple copies on flash drives, cloud drives etc. Don't lose it.

RCM stuff such as this and lockpic only read & write to sysnand. If you want a solution to write to the micro sd card (hidden or file based) emunand - you can make a PC app to do that, then it won't care what CFW you have installed. PC app just needs to mount the hidden partition or emunand files and then write at various offsets. It would'n be hard to code this, why not try yourself? You could do it in visual studio (C#) or C++.

Hayato213 · Oct 3, 2019

I like it, atleast people now doesn't have to deal with Blawar's malware.

shchmue · Oct 3, 2019

i can't comment on the usefulness/foolhardiness of wiping these areas of prodinfo but more importantly...

this doesn't validate any step of the backup before proceeding, none of the fatfs calls at all, you don't even check how many bytes were actually written, you only subtract the amount that should be written from the total
why did you bundle a sha256 library? not only is calling the SE enormously faster, there are multiple example se_calc_sha256 calls in lockpick_rcm and hekate to reference. performance won't really matter for numbers this small but it is super unnecessary bloat when what you need is already in the codebase. and fwiw the calls are way simpler than the bconte library you used
combining these two issues, you should probably reread and hash the data on nand vs backup file before proceeding, too

i do appreciate the utility of this solution getting around the cfw protection problem, but consider that protection is there for good reason. even if you take every precaution, none of this is literally foolproof

jimzrt · Oct 3, 2019

shchmue said:
i can't comment on the usefulness/foolhardiness of wiping these areas of prodinfo but more importantly...

this doesn't validate any step of the backup before proceeding, none of the fatfs calls at all, you don't even check how many bytes were actually written, you only subtract the amount that should be written from the total

why did you bundle a sha256 library? not only is calling the SE enormously faster, there are multiple example se_calc_sha256 calls in lockpick_rcm and hekate to reference. performance won't really matter for numbers this small but it is super unnecessary bloat when what you need is already in the codebase. and fwiw the calls are way simpler than the bconte library you used

combining these two issues, you should probably reread and hash the data on nand vs backup file before proceeding, too

i do appreciate the utility of this solution getting around the cfw protection problem, but consider that protection is there for good reason. even if you take every precaution, none of this is literally foolproof

yes, there is no validation (yet), it's a first release and I just wanted to share a first working solution. So work in progress. I will add a disclaimer that this is not guaranteed to work.
I tried se_calc_sah256 calls first, but the application kept freezing. I suspected that this was because I needed to allocate a few megabytes to hash and the library that is bundled allows to incrementally build that hash.
It is on my todo to investigate the possibility to use SE.

Of course protection is there for a good reason and I support atmospheres decision to make prodinfo protected - no one should use this application without a nand backup from hekate!

thanks for the feedback.

mrdude said:
RCM stuff such as this and lockpic only read & write to sysnand. If you want a solution to write to the micro sd card (hidden or file based) emunand - you can make a PC app to do that, then it won't care what CFW you have installed. PC app just needs to mount the hidden partition or emunand files and then write at various offsets. It would'n be hard to code this, why not try yourself? You could do it in visual studio (C#) or C++.

This is not true, Lockpick has the ability to read and write to emunand as well, and consequently does this application

mrdude · Oct 3, 2019

jimzrt said:
This is not true, Lockpick has the ability to read and write to emunand as well, and consequently does this application

Yep up until firmware 6.20 or something like that - after that firmware you need to use lockpic-rcm or it dumps the keys incorrectly - or not all of them. Also it just reads them, it writes to micro sd card not nand or emunand.

--------------------- MERGED ---------------------------

Hayato213 said:
I like it, atleast people now doesn't have to deal with Blawar's malware.

Actually I'm not one for sticking up for people that use DRM - however, did you look at the github code that Blawar published for incogneto - it doesn't contain any malware, and it does work fairly well. Checks have been added to Atmosphere and SXOS probably as an Anti Brick measure - which is good for noobs. However don't blame Blawar now that his code doesn't work on these CFW as it's nothing to do with him.

KitsumiTheFox · Oct 3, 2019

jimzrt said:
yes, there is no validation (yet), it's a first release and I just wanted to share a first working solution. So work in progress. I will add a disclaimer that this is not guaranteed to work.
I tried se_calc_sah256 calls first, but the application kept freezing. I suspected that this was because I needed to allocate a few megabytes to hash and the library that is bundled allows to incrementally build that hash.
It is on my todo to investigate the possibility to use SE.

Of course protection is there for a good reason and I support atmospheres decision to make prodinfo protected - no one should use this application without a nand backup from hekate!

thanks for the feedback.

This is not true, Lockpick has the ability to read and write to emunand as well, and consequently does this application

When you fully release it, this could be a super nifty tool to just keep around.

shchmue · Oct 3, 2019

jimzrt said:
yes, there is no validation (yet), it's a first release and I just wanted to share a first working solution. So work in progress. I will add a disclaimer that this is not guaranteed to work.
I tried se_calc_sah256 calls first, but the application kept freezing. I suspected that this was because I needed to allocate a few megabytes to hash and the library that is bundled allows to incrementally build that hash.
It is on my todo to investigate the possibility to use SE.

Of course protection is there for a good reason and I support atmospheres decision to make prodinfo protected - no one should use this application without a nand backup from hekate!

thanks for the feedback.

i'm surprised you wanted to get a proof of concept out without full precautions in place, that's irresponsible

yeah you can't at the moment do a streaming hash, we only just figured that out, but there's no RAM limitation that could keep you from just allocating a 4MiB buffer and reading the whole prodinfo in at once then hashing it in one go. and if you bench it you'll be shocked, even an asm implementation tailored to armv4t from openssl will take 10-100x + longer than se

This is not true, Lockpick has the ability to read and write to emunand as well, and consequently does this application

lockpick_rcm actually declines all writes to any sys/emunand, it only allows writes to SD filesystem

one more comment, i noticed you wrote a separate read function in diskio. this is against its design principle. it has an arg for what drive you're loading, but that doesn't even matter since you're not mounting a filesystem at all; ultimately reading and decrypting/writing and encrypting prodinfo would make more sense as functions outside fatfs - fatfs is for filesystems.

jimzrt · Oct 3, 2019

shchmue said:
i'm surprised you wanted to get a proof of concept out without full precautions in place, that's irresponsible

yeah you can't at the moment do a streaming hash, we only just figured that out, but there's no RAM limitation that could keep you from just allocating a 4MiB buffer and reading the whole prodinfo in at once then hashing it in one go. and if you bench it you'll be shocked, even an asm implementation tailored to armv4t from openssl will take 10-100x + longer than se

lockpick_rcm actually declines all writes to any sys/emunand, it only allows writes to SD filesystem

one more comment, i noticed you wrote a separate read function in diskio. this is against its design principle. it has an arg for what drive you're loading, but that doesn't even matter since you're not mounting a filesystem at all; ultimately reading and decrypting/writing and encrypting prodinfo would make more sense as functions outside fatfs - fatfs is for filesystems.

well, I don't see it as irresponsible with notice to it being early stage and there being nand backups to revert everything I could to wrong in this application.
some like to release when it is as fool proof as possible and some like to release very early. It is open source and every one can improve on it. I put it out there also to gauge general interest and to keep me motivated to improve upon it.

If there is no limitation in allocation multiple mb then apparently I had another issue and I will probably do just that what you said in your comment.

yeah, the function in diskio is not the best place, but the other function had no argument for which partition to use. I could have added another parameter or change the variable of system_part (and/or its name to be more clear).
I'm going to organize those things in the near future and probably strip out most things I don't need. I know that this is more or less a hack to get what I wanted to accomplish.

Hayato213 · Oct 3, 2019

mrdude said:
Yep up until firmware 6.20 or something like that - after that firmware you need to use lockpic-rcm or it dumps the keys incorrectly - or not all of them. Also it just reads them, it writes to micro sd card not nand or emunand.

--------------------- MERGED ---------------------------

Actually I'm not one for sticking up for people that use DRM - however, did you look at the github code that Blawar published for incogneto - it doesn't contain any malware, and it does work fairly well. Checks have been added to Atmosphere and SXOS probably as an Anti Brick measure - which is good for noobs. However don't blame Blawar now that his code doesn't work on these CFW as it's nothing to do with him.

Incognito Cal0 block in Atmosphere isn't Blawar fault, but my point is that in general the scene doesn't really like him for the whole tinfoil blunder, first with the 1.56 build for picking a fight with ctcaer and kosmos developer for not including ACID patches, and now he is forcing people to use a custom fork of Atmosphere just to use recent build of tinfoil. Not that I hate him but dude make HBG users life difficult with all these tinfoil update, and making people jump through just to get it working. I use Incognito and his build of Tinfoil, but it is just a headache jumping through hoops to get Tinfoil to work on Atmosphere/Kosmos bundle pack.

8BitWonder · Oct 3, 2019

Looks promising, will definitely be keeping an eye on how this progresses.

mrdude · Oct 3, 2019

Hayato213 said:
Incognito Cal0 block in Atmosphere isn't Blawar fault, but my point is that in general the scene doesn't really like him for the whole tinfoil blunder, first with the 1.56 build for picking a fight with ctcaer and kosmos developer for not including ACID patches, and now he is forcing people to use a custom fork of Atmosphere just to use recent build of tinfoil. Not that I hate him but dude make HBG users life difficult with all these tinfoil update, and making people jump through just to get it working. I use Incognito and his build of Tinfoil, but it is just a headache jumping through hoops to get Tinfoil to work on Atmosphere/Kosmos bundle pack.

Try tinfoil mod - that works on Atmosphere (untouched) and can be version spoofed, also DRM is removed.

shchmue · Oct 3, 2019

jimzrt said:
well, I don't see it as irresponsible with notice to it being early stage and there being nand backups to revert everything I could to wrong in this application.
some like to release when it is as fool proof as possible and some like to release very early. It is open source and every one can improve on it. I put it out there also to gauge general interest and to keep me motivated to improve upon it.

If there is no limitation in allocation multiple mb then apparently I had another issue and I will probably do just that what you said in your comment.

yeah, the function in diskio is not the best place, but the other function had no argument for which partition to use. I could have added another parameter or change the variable of system_part (and/or its name to be more clear).
I'm going to organize those things in the near future and probably strip out most things I don't need. I know that this is more or less a hack to get what I wanted to accomplish.

it does have such an arg: pdrv, but that's for things you mount using fatfs. since prodinfo isn't a filesystem, you don't need fatfs, just move the xts call to your module and be done with it

Hayato213 · Oct 3, 2019

mrdude said:
Try tinfoil mod - that works on Atmosphere (untouched) and can be version spoofed, also DRM is removed.

Yea I know about the mod, I am currently using it.

jimzrt · Oct 3, 2019

shchmue said:
it does have such an arg: pdrv, but that's for things you mount using fatfs. since prodinfo isn't a filesystem, you don't need fatfs, just move the xts call to your module and be done with it

I thought pdrv is physical drive number? anyway, all this tweak magic that happens for xts depending on sector index happens there, so I just did it there as well - temporarily.
I'm actually improving it right now (since there seems to be interest), but not everything is working as expected. Can I annoy you with one or two questions via pm regarding the code if I don't get it to work?

iriez · Oct 4, 2019

mrdude said:
Try tinfoil mod - that works on Atmosphere (untouched) and can be version spoofed, also DRM is removed.

Didn't realize this had flown under my radar! Thanks mydude mrdude.

jimzrt · Oct 4, 2019

Update v0.0.2 (from v1.0.0 - a step back, seems more realistic

)
https://github.com/jimzrt/Incognito_RCM/releases/tag/v0.0.2

removed external sha256 library and use SE instead.
Also changed the order of menu points as to not accidentally apply incognito directly.
Better backup handling is coming!

BBMB

Well-Known Member

The inadequate, autocratic beast!

Developer

Newcomer

Developer

Active Member

Developer

Well-Known Member

Developer

Active Member

Newcomer

Small Homebrew Dev

Developer

Developer

Newcomer

Active Member

Well-Known Member

Active Member

Similar threads

Popular threads in this forum