Here's a quick guide/code snippet for dumping the latest master key, as well as the tsec_root_key.

Add this to line 144 of key_derivation.c in atmosphere/fusee_secondary, then compile atmosphere as usual:

    if (target_firmware >= EXOSPHERE_TARGET_FIRMWARE_620) {
        if (memcmp(tsec_root_key, zeroes, 0x10) != 0) {
            /* Determine filename based on whether the device is a retail or dev unit. */
            char *filename = fuse_get_retail_type() ? "prod.keys" : "dev.keys";
            /* Open the key file for writing. */
            FILE *keyf = fopen(filename, "wb");
            /* Log to screen. */
            printf("[NXBOOT]: Dumping keys to %s...\n", filename);
            /* Print the name of the key. */
            fprintf(keyf, "tsec_root_key = ");
            /* Print the tsec_root_key as an uppercase hex string to the key file. */
            for (int i = 0; i < 16; i++) {
                fprintf(keyf, "%02X", ((uint8_t*)tsec_root_key)[i]);
            }
            /* Print the name of the key. */
            fprintf(keyf, "\nmaster_kek_source_06 = ");
            /* Print master_key_source_06 as an uppercase hex string to the key file. */
            for (int i = 0; i < 16; i++) {
                fprintf(keyf, "%02X", new_master_kek_seeds[0][i]);
            }
            /* Print the name of the key. */
            fprintf(keyf, "\nmaster_key_06 = ");
            /* Set keyslot 0xC with the tsec_root_key. */
            set_aes_keyslot(0xC, tsec_root_key, 0x10);
            for (unsigned int rev = MASTERKEY_REVISION_620_CURRENT; rev < MASTERKEY_REVISION_MAX; rev++) {
                /* Decrypt the new master kek seed with the contents of keyslot 0xC (tsec_root_key) and write the result to work_buffer. */
                se_aes_ecb_decrypt_block(0xC, work_buffer, 0x10, new_master_kek_seeds[rev - MASTERKEY_REVISION_620_CURRENT], 0x10);
                /* Set keyslot 0xC to the derived value stored in work_buffer */
                set_aes_keyslot(0xC, work_buffer, 0x10);
                /* Lastly, decrypt the masterkey_seed with the contents of keyslot 0xC (the master_kek) and write the result to work_buffer. */
                se_aes_ecb_decrypt_block(0xC, work_buffer, 0x10, masterkey_seed, 0x10);
                /* Print work_buffer as an uppercase hex string to the key file. (this is master_key_06!) */
                for (int i = 0; i < 16; i++) {
                    fprintf(keyf, "%02X", work_buffer[i]);
                }
                /* Set keyslot 0xC back to its intended value. */
                set_aes_keyslot(0xC, tsec_root_key, 0x10);
                se_aes_ecb_decrypt_block(0xC, work_buffer, 0x10, new_master_kek_seeds[rev - MASTERKEY_REVISION_620_CURRENT], 0x10);
                memcpy(g_dec_keyblobs[rev].master_kek, work_buffer, 0x10);
            }
            fclose(keyf);
        } else {

Alternatively, attached is a pre-compiled fusee_secondary.bin (for version 0.8.1) to save you the trouble of compiling atmosphere.

Place the fusee_secondary.bin file on the root of your SD card, boot atmosphere as normal, and the keys will be dumped to prod.keys (or dev.keys if using a dev unit).

 

[Deleted User]

Epic

 

[Space_Man_Ed]

Nice!

 

[Selver]

Add this to line 144 of key_derivation.c in atmosphere/fusee_secondary, then compile atmosphere as usual:

Can you give a GIT repo link and corresponding GIT commit hash for the source you apply this to?

As you know, giving a line number makes the instructions heavily dependent on a specific revision. Giving the git commit hash the instructions are based on removes (future) ambiguity.

Thanks!

 

[ScarletDreamz]

As far as i know, its already commited on atmosphere:
https://github.com/Atmosphere-NX/Atmosphere/blob/master/fusee/fusee-secondary/src/key_derivation.c

 

[Selver]

Fusee-secondary does not dump the keys, it only initializes them for internal use.
It's OK, I was able to modify the file enough for my use.

 

[SimonMKWii]

Sorry, I should have clarified, replace lines 144-152 with the code snippet.
Although you may want to alter it a little bit and add another buffer for the derived master_kek to prevent performing the same crypto operation twice.

 

[midstor]

Here's a quick guide/code snippet for dumping the latest master key, as well as the tsec_root_key.

Add this to line 144 of key_derivation.c in atmosphere/fusee_secondary, then compile atmosphere as usual:

    if (target_firmware >= EXOSPHERE_TARGET_FIRMWARE_620) {
        if (memcmp(tsec_root_key, zeroes, 0x10) != 0) {
            /* Determine filename based on whether the device is a retail or dev unit. */
            char *filename = fuse_get_retail_type() ? "prod.keys" : "dev.keys";
            /* Open the key file for writing. */
            FILE *keyf = fopen(filename, "wb");
            /* Log to screen. */
            printf("[NXBOOT]: Dumping keys to %s...\n", filename);
            /* Print the name of the key. */
            fprintf(keyf, "tsec_root_key = ");
            /* Print the tsec_root_key as an uppercase hex string to the key file. */
            for (int i = 0; i < 16; i++) {
                fprintf(keyf, "%02X", ((uint8_t*)tsec_root_key)[i]);
            }
            /* Print the name of the key. */
            fprintf(keyf, "\nmaster_kek_source_06 = ");
            /* Print master_key_source_06 as an uppercase hex string to the key file. */
            for (int i = 0; i < 16; i++) {
                fprintf(keyf, "%02X", new_master_kek_seeds[0][i]);
            }
            /* Print the name of the key. */
            fprintf(keyf, "\nmaster_key_06 = ");
            /* Set keyslot 0xC with the tsec_root_key. */
            set_aes_keyslot(0xC, tsec_root_key, 0x10);
            for (unsigned int rev = MASTERKEY_REVISION_620_CURRENT; rev < MASTERKEY_REVISION_MAX; rev++) {
                /* Decrypt the new master kek seed with the contents of keyslot 0xC (tsec_root_key) and write the result to work_buffer. */
                se_aes_ecb_decrypt_block(0xC, work_buffer, 0x10, new_master_kek_seeds[rev - MASTERKEY_REVISION_620_CURRENT], 0x10);
                /* Set keyslot 0xC to the derived value stored in work_buffer */
                set_aes_keyslot(0xC, work_buffer, 0x10);
                /* Lastly, decrypt the masterkey_seed with the contents of keyslot 0xC (the master_kek) and write the result to work_buffer. */
                se_aes_ecb_decrypt_block(0xC, work_buffer, 0x10, masterkey_seed, 0x10);
                /* Print work_buffer as an uppercase hex string to the key file. (this is master_key_06!) */
                for (int i = 0; i < 16; i++) {
                    fprintf(keyf, "%02X", work_buffer[i]);
                }
                /* Set keyslot 0xC back to its intended value. */
                set_aes_keyslot(0xC, tsec_root_key, 0x10);
                se_aes_ecb_decrypt_block(0xC, work_buffer, 0x10, new_master_kek_seeds[rev - MASTERKEY_REVISION_620_CURRENT], 0x10);
                memcpy(g_dec_keyblobs[rev].master_kek, work_buffer, 0x10);
            }
            fclose(keyf);
        } else {

Alternatively, attached is a pre-compiled fusee_secondary.bin (for version 0.8.1) to save you the trouble of compiling atmosphere.

Place the fusee_secondary.bin file on the root of your SD card, boot atmosphere as normal, and the keys will be dumped to prod.keys (or dev.keys if using a dev unit).

Thanks <3 very g00d work

 

[OrGoN3]

Sure. Don't mind if I do! I assume tsec_root_key is console unique?

 

[SimonMKWii]

Sure. Don't mind if I do! I assume tsec_root_key is console unique?

tsec_root_key isn't console unique.

 

[Space_Man_Ed]

Nice!