This thread is deprecated
For a faster, easier and more up-to-date way of getting keys use Lockpick_RCM by shchmue
If you still want to follow this tutorial and end up with less keys, continue reading the Thread.

WARNING

• DO NOT GIVE OUT ANY OF YOUR KEYS TO ANYONE! I CANNOT STRESS THAT ENOUGH!
• DO NOT SHARE YOUR KEYS BETWEEN MULTIPLE SWITCHES THAT YOU DO/DON'T OWN! SOME ARE CONSOLE-UNIQUE
• DO NOT ASK ME FOR KEYS

LEGEND

• SBK
  SecureBootKey
• TSEC
  Tegra Security Co-processor Key
• eMMC
  Embedded MultiMediaCard (Switch's Onboard Storage)

GOAL
End up with 83+ keys including SBK and TSEC keys. Get Master Key's 0-5. (Master Keys 6 onwards is not done in this tutorial)
Reminder, if you want more up-to-date and much more convenient way to get your Switch's Keys, use Lockpick by shchmue (available in nx-appstore/homebrew store)

Tutorial — (Outdated for Switch's on firmware 6.x or newer)

#1 - Dumping System Keys (Biskeydump)#2 - Dumping Required Files#3 - Hactool Preparation#4 - Dumping KeysFinal WordsTroubleshooting

1. 
   We need to get your Secure Boot Key (SBK) and Tegra Security Co-processor Key (TSEC) before we can get the main keys.
   These are 100% console unique.
   
   
   1. Download and extract biskeydump.bin from biskeydumpvx.zip
      - Follow this tutorial but instead of using CTCaer's Hekate Mod .bin file, use the biskeydump.bin file
      - If the QR Code is Blue, Scan the QR Code with your Phone, Laptop e.t.c
      - If you cant find a device you can scan with, type them out into your PC/Laptop (Its highly recommended to scan the QR Code, as a lot of characters can look like another, O0, Il, rn can look like m, e.t.c)
   2. Once you have the biskeydump of your System, store all the keys you received somewhere safe, I recommend a secure cloud storage aswell as a USB Stick, perhaps even print it.
      - Don't give this to ANYONE, Seriously.
   
   If you get any errors please go to the Troubleshooting Tab.
   
2. 
   
   1. Follow this tutorial AGAIN but this time use CTCaer's Hekate Mod.
      - "Tools" -> "Backup..." -> "Backup eMMC BOOT0/1"
      - "Tools" -> "Backup..." -> "Backup eMMC SYS"
      - Back all the way to the first menu, and choose "Power off"
   2. Take the microSD Card out of your Switch and into your PC.
   3. Copy both "BOOT0" and "BCPKG2-1-Normal-Main" from "sd:/backup/xxxxxx/" (xxxxxx is different for everyone) to "hactool" on your Desktop (create the "hactool" folder)
      - Rename them with .bin at the end, "BOOT0.bin", "BCPKG2-1-Normal-Main.bin"
3. 
   
   1. Download and install Python 2.7.x - NOT Python 3.x.x
      When installing, it will ask you what features you want installed, scroll to the bottom and make sure "Add Python to Path" has "Entire Feature Installed to HDD" option chose (No Red X Icon), otherwise the scripts wont find Python and WILL fail
   2. Download and extract hactool TO THE DESKTOP AND NAME THE FOLDER "hactool"
      On Linux/MacOS: clone and build hactool manually
   3. Right-click this (script originally by tesnos6921, patched by shadowninja108, jakibaki and shchmue)
      - Click "Save link as" / "save as"
      - Set "Save as type" to "All Files"
      - Name it "keys.py"
      And finally save it to the hactool folder you placed in the Desktop.
      NOTICE TO GBATEMP STAFF: The "keys" inside this file, are NOT keys, they are SHA digest hashes used to search through files to find text that matches, which would be the keys.
4. 
   
   1. Press WIN(Btn)+R to open "Run", type "cmd" and press Ctrl+Shift then Enter to open Command Prompt as an Administrator
   2. Type (in order) or Copy the following and paste into Command Prompt (Some Windows Versions use Right Click to Paste, some use CTRL+C)
      python -m pip install --upgrade pip
      pip install lz4
      cd Desktop/hactool
      python keys.py SBK_Here_From_Biskeydump TSEC_Here_From_Biskeydump
   3. It should say: "Now you can do hactool --keyset=keys.txt to use them!", if it does, and there's no warning messages, you're good to go!
   If you get any errors please go to the Troubleshooting Tab.
   
5. 
   You now have a keys.txt file with your console-specific keys inside.
   Rename as needed by any software that requires a different name or file extension, it doesn't matter.
   Though I highly recommend renaming it to prod.keys as this filename for Key file's is becoming a popular choice with other software
   There may be more keys, as the Switch's lifecycle goes on, more and more keys will be needed as the firmwares grow and grow.
   
   • The Hactool warning:

     [WARN] prod.keys does not exist.

     can be safely ignored.
     - if you want to place your "keys.txt" file their, put "keys.txt" on your Desktop and run the following with Administrator Command Prompt (Step #4.1 for instructions):
     

     mkdir -p %USERPROFILE%\.switch
     move "%USERPROFILE%\Desktop\keys.txt" "%USERPROFILE%\.switch\prod.keys"

6. 
   #1 ISSUES:
   

   • Red QR Code Outline

     - The reasons this can occur is quite a rarity, all I can say is to keep rebooting and trying again.
     - If there's a new version of biskeydump out, try using the newer biskeydump.bin

   • QR Code not being scanned by your Reader

     - Align your QR Code Readers alignment overlay with the Blue Square's Corners/Edges, NOT the QR Code's Corners/Edges.
     - Clean your camera lens
     - Be in a bright room
   
   #4 ISSUES:
   

   • File "keys.py", line ...
     print message
     ^
     SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?

     - You didn't place SBK and TSEC in the 4th line of the Command in Step #4.2
     - You installed Python 3.x.x when you must use 2.7.x, uninstall python, logout of windows (important it removes python from PATH) and follow Step #3.2 then move back to #4.1

   • import lz4.block
     File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
     from ._version import ( # noqa: F401
     ImportError: DLL load failed: The specified module could not be found.

     - The 2nd line of the Command in Step #4.2 failed without you noticing. Try running the 1st line to upgrade pip and if that goes successfully run the 2nd line to install lz4 and see if it successfully installs.

 

[Lee Griffin]

i got my keys and im trying to use hactool but it keeps saying "prod.keys does not exists" when clearly its right in the folder. Ive tried renaming, putting the full path in, no luck

 

[8BitWonder]

i got my keys and im trying to use hactool but it keeps saying "prod.keys does not exists" when clearly its right in the folder. Ive tried renaming, putting the full path in, no luck

When using hactool, you're specifying the key file right?
e.g:

hactool.exe -[×|i] -k prod.keys [...]

If the key file isn't specified, it doesn't look in it's own directory, it looks in $HOME/.switch for prod.keys.

 

[shchmue]

does it say [WARN] first? it gives that warning even if you provide a keyfile.

 

[HardMind]

what about Key.dot ? is it the same key.ini ?
If not, from where can I take it

 

[xXxSwagnemitexXx]

EDIT: nevermind i cant read

 

[ethancawse]

I have found some keys on the internet. At least I think they are keys. They are sha256. I do not know if that counts. Anyways, if they are correct, then how would I "apply" them to my keys.txt file? I want to downgrade from 5.1.0 and I am trying to decrypt my NSA's for the firmware. Thank you.

 

[Anthraxx]

Thanks for the tutorial! I was really having trouble figuring this out until I found this thread.

While I've been able to use the keys generated to decrypt just about every game, I get an error with Sonic Mania Plus. The errors seemed to indicate the keys were invalid, but no other games give the same error with these keys. Is it possible that some update to the python script is necessary to get valid keys for SMP? Are there any other methods I could try?

Anyways, if they are correct, then how would I "apply" them to my keys.txt file?

I managed to stumble upon a few key files online, they all looked like they're ready to go; just point Choi Dujour or whatever at that key file.

 

[Clydefrosch]

Checking the key file i got, i noticed that i've only gotten masterkey 00 and 02.
(I got a total of 39 keys)
can i just add the others from the web? I've gotten them before for the exfat guide i think.

 

[hene193]

Hi I get "Failed to decrypt PK21! Is correct key present?" What could cause this? I have double checked my keys.

 

[biohazard1150]

Using BOOT0.bin to get keys from package1...
Deriving keys...
Decrypting package1...
Using Secure_Monitor.bin to get keys to decrypt package2...
Decrypting package2...
Error: Package2 Header is corrupt!
Decompressing spl.kip1 and FS.kip1...
Traceback (most recent call last):
File "keys.py", line 409, in <module>
SPL_KIP1_f = open("ini1/spl.kip1", "rb")
IOError: [Errno 2] No such file or directory: 'ini1/spl.kip1'

Is my backup corrupted? because hactool reads it fine? did the tut correct.

@CKkio23 - this is a month late and you probably figured it out but last night I had the same problem. Basically, I was using the BOOT0 I backed up originally (4.1.0) and had my emmc sys dumped from my updated version (5.1.0) and the keydump from 5.1.0. So because I mismatched some of the files it was giving me an error on line 409 with ini1/spl.kip1. As soon as I re-dumped my BOOT0 from the 5.1.0 version, everything worked out fine.

it probably wouldn't have happened if it wasn't 4 am when I was trying to do all this and tired as all hell. But now that I got a clear head, I was able to work it out.
Hope this helps!

 

[Mauste]

I have gotten my keys.txt successfully.
However, whenever I try to do anything with the hactool (such as hactool --keyset=keys.txt or anything else), I receive the following error message:

[Warn] prod.keys does not exist.
Unable to open : invalid argument


Additional information:
- I am using Python 2.7.15 32-bit (though I tried with 64-bit also and that did not work either).
- I am using Windows 7.
- I am in the proper location (C:\users\username\desktop\hactool)
- I have tried running command prompt with non-elevated privileges and with admin privileges

Please help me!

 

[shchmue]

I have gotten my keys.txt successfully.
However, whenever I try to do anything with the hactool (such as hactool --keyset=keys.txt or anything else), I receive the following error message:

[Warn] prod.keys does not exist.
Unable to open : invalid argument


Additional information:
- I am using Python 2.7.15 32-bit (though I tried with 64-bit also and that did not work either).
- I am using Windows 7.
- I am in the proper location (C:\users\username\desktop\hactool)
- I have tried running command prompt with non-elevated privileges and with admin privileges

Please help me!

the first line is optional. it's looking for the key file to be named prod.keys and placed in /users/username/.switch and it's up to you if you want to do that for convenience-you wouldn't have to add --keyset to the command line for hactool any more. I use hactool a ton so I did that.

the second line means you typed the command wrong. if you give an example I could tell you why it doesn't work.

also hactool doesn't require Python, that only matters for the key derivation. and command prompt doesn't have to be admin.

 

[Mauste]

the first line is optional. it's looking for the key file to be named prod.keys and placed in /users/username/.switch and it's up to you if you want to do that for convenience-you wouldn't have to add --keyset to the command line for hactool any more. I use hactool a ton so I did that.

Yeap. You were right, I wrote the command wrong (did not have space after --keyset=). However, now it is telling me that:

Invalid NCA Header! Are keys correct?
Done!

I used the provided keys.py in the OP to get the keys and it made the keys.txt file. I opened it and calculated that I have 40 keys.
I now went through this thread and used a keys.py from page 17 (Darksamus), and it did not generate a keys.txt, but instead it made the prod.keys file to the path you specified. However, it still gives me the error above.

Additional information:
- My Switch system is 5.1.0 and I took the bin files (Boot0, BCPKG2-1-Normal-Main) from that. Does it matter?
- The python scripts for the keys do not give me any errors.

In the meanwhile, I will search for the keys online and change to those ones to see what happens.


EDIT: I got it working. I dumped the keys yet again, and it seemed to work properly this time. I do not know what I did differently. Maybe I messed up some commands earlier But anyway, thanks for the help! Everything is great now.

 

[eyeliner]

For those that might still have that dll error:

Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
File "C:\Python27\lib\site-packages\lz4\__init__.py", line 11, in <module>
from ._version import ( # noqa: F401
ImportError: DLL load failed: The specified module could not be found.

I solved it by using a win7 VM, with a username without special chars. Installed 32bit python, installed lz4.
Worked at first try. I believe there's some kind of architecture mismatch somewhere?

 

[Deleted User]

I'm on step 4 and I get this...

 

[Naguz]

I can't seem to get this to work;

[X@Y hactool]$ python2 keys.py XXXXXXXXXXXXXXXX YYYYYYYYYYYYYYYYYY
Using BOOT0.bin to get keys from package1...
Deriving keys...
Decrypting package1...
Using Secure_Monitor.bin to get keys to decrypt package2...
Decrypting package2...
Decompressing spl.kip1 and FS.kip1...
Traceback (most recent call last):
  File "keys.py", line 409, in <module>
    SPL_KIP1_f = open("ini1/spl.kip1", "rb")
IOError: [Errno 2] No such file or directory: 'ini1/spl.kip1'

It never creates a ini1 or package2 irectory, so I guess that's where it fails.

 

[Deleted member 456320]

You can just use keplez-nx

 

[shchmue]

You can just use keplez-nx

yep, kezplez-nx is made by the same person who made this Python script.
shameless plug for my fork that handles hekate 4.0 changes to fuse/tsec dump naming https://github.com/shchmue/kezplez-nx/releases/tag/v1.1.1

 

[Boriskr]

tried everything always get errors
win10X64
Python 2.7.15
pip install lz4 installed
SBK,TSEC are fine

C:\Users\Boris\Desktop\hactool>python keys.py mykey mykey
Using BOOT0.bin to get keys from package1...
Deriving keys...
Decrypting package1...
Failed to decrypt PK11! Is correct key present?
Using Secure_Monitor.bin to get keys to decrypt package2...
Traceback (most recent call last):
  File "keys.py", line 417, in <module>
    TZ_f = open("package1/Secure_Monitor.bin", "rb")
IOError: [Errno 2] No such file or directory: 'package1/Secure_Monitor.bin'

 

[Naguz]

yep, kezplez-nx is made by the same person who made this Python script.
shameless plug for my fork that handles hekate 4.0 changes to fuse/tsec dump naming https://github.com/shchmue/kezplez-nx/releases/tag/v1.1.1

Thanks. Considering how many people have trouble with the Python script, the first post should be updated with this. I already got the keys... elsewhere, after realizing the script fails beacuse hactool actually segfaults. Very strange.