This thread is deprecated
For a faster, easier and more up-to-date way of getting keys use Lockpick_RCM by shchmue
If you still want to follow this tutorial and end up with less keys, continue reading the Thread.

WARNING

• DO NOT GIVE OUT ANY OF YOUR KEYS TO ANYONE! I CANNOT STRESS THAT ENOUGH!
• DO NOT SHARE YOUR KEYS BETWEEN MULTIPLE SWITCHES THAT YOU DO/DON'T OWN! SOME ARE CONSOLE-UNIQUE
• DO NOT ASK ME FOR KEYS

LEGEND

• SBK
  SecureBootKey
• TSEC
  Tegra Security Co-processor Key
• eMMC
  Embedded MultiMediaCard (Switch's Onboard Storage)

GOAL
End up with 83+ keys including SBK and TSEC keys. Get Master Key's 0-5. (Master Keys 6 onwards is not done in this tutorial)
Reminder, if you want more up-to-date and much more convenient way to get your Switch's Keys, use Lockpick by shchmue (available in nx-appstore/homebrew store)

Tutorial — (Outdated for Switch's on firmware 6.x or newer)

#1 - Dumping System Keys (Biskeydump)#2 - Dumping Required Files#3 - Hactool Preparation#4 - Dumping KeysFinal WordsTroubleshooting

1. 
   We need to get your Secure Boot Key (SBK) and Tegra Security Co-processor Key (TSEC) before we can get the main keys.
   These are 100% console unique.
   
   
   1. Download and extract biskeydump.bin from biskeydumpvx.zip
      - Follow this tutorial but instead of using CTCaer's Hekate Mod .bin file, use the biskeydump.bin file
      - If the QR Code is Blue, Scan the QR Code with your Phone, Laptop e.t.c
      - If you cant find a device you can scan with, type them out into your PC/Laptop (Its highly recommended to scan the QR Code, as a lot of characters can look like another, O0, Il, rn can look like m, e.t.c)
   2. Once you have the biskeydump of your System, store all the keys you received somewhere safe, I recommend a secure cloud storage aswell as a USB Stick, perhaps even print it.
      - Don't give this to ANYONE, Seriously.
   
   If you get any errors please go to the Troubleshooting Tab.
   
2. 
   
   1. Follow this tutorial AGAIN but this time use CTCaer's Hekate Mod.
      - "Tools" -> "Backup..." -> "Backup eMMC BOOT0/1"
      - "Tools" -> "Backup..." -> "Backup eMMC SYS"
      - Back all the way to the first menu, and choose "Power off"
   2. Take the microSD Card out of your Switch and into your PC.
   3. Copy both "BOOT0" and "BCPKG2-1-Normal-Main" from "sd:/backup/xxxxxx/" (xxxxxx is different for everyone) to "hactool" on your Desktop (create the "hactool" folder)
      - Rename them with .bin at the end, "BOOT0.bin", "BCPKG2-1-Normal-Main.bin"
3. 
   
   1. Download and install Python 2.7.x - NOT Python 3.x.x
      When installing, it will ask you what features you want installed, scroll to the bottom and make sure "Add Python to Path" has "Entire Feature Installed to HDD" option chose (No Red X Icon), otherwise the scripts wont find Python and WILL fail
   2. Download and extract hactool TO THE DESKTOP AND NAME THE FOLDER "hactool"
      On Linux/MacOS: clone and build hactool manually
   3. Right-click this (script originally by tesnos6921, patched by shadowninja108, jakibaki and shchmue)
      - Click "Save link as" / "save as"
      - Set "Save as type" to "All Files"
      - Name it "keys.py"
      And finally save it to the hactool folder you placed in the Desktop.
      NOTICE TO GBATEMP STAFF: The "keys" inside this file, are NOT keys, they are SHA digest hashes used to search through files to find text that matches, which would be the keys.
4. 
   
   1. Press WIN(Btn)+R to open "Run", type "cmd" and press Ctrl+Shift then Enter to open Command Prompt as an Administrator
   2. Type (in order) or Copy the following and paste into Command Prompt (Some Windows Versions use Right Click to Paste, some use CTRL+C)
      python -m pip install --upgrade pip
      pip install lz4
      cd Desktop/hactool
      python keys.py SBK_Here_From_Biskeydump TSEC_Here_From_Biskeydump
   3. It should say: "Now you can do hactool --keyset=keys.txt to use them!", if it does, and there's no warning messages, you're good to go!
   If you get any errors please go to the Troubleshooting Tab.
   
5. 
   You now have a keys.txt file with your console-specific keys inside.
   Rename as needed by any software that requires a different name or file extension, it doesn't matter.
   Though I highly recommend renaming it to prod.keys as this filename for Key file's is becoming a popular choice with other software
   There may be more keys, as the Switch's lifecycle goes on, more and more keys will be needed as the firmwares grow and grow.
   
   • The Hactool warning:

     [WARN] prod.keys does not exist.

     can be safely ignored.
     - if you want to place your "keys.txt" file their, put "keys.txt" on your Desktop and run the following with Administrator Command Prompt (Step #4.1 for instructions):
     

     mkdir -p %USERPROFILE%\.switch
     move "%USERPROFILE%\Desktop\keys.txt" "%USERPROFILE%\.switch\prod.keys"

6. 
   #1 ISSUES:
   

   • Red QR Code Outline

     - The reasons this can occur is quite a rarity, all I can say is to keep rebooting and trying again.
     - If there's a new version of biskeydump out, try using the newer biskeydump.bin

   • QR Code not being scanned by your Reader

     - Align your QR Code Readers alignment overlay with the Blue Square's Corners/Edges, NOT the QR Code's Corners/Edges.
     - Clean your camera lens
     - Be in a bright room
   
   #4 ISSUES:
   

   • File "keys.py", line ...
     print message
     ^
     SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?

     - You didn't place SBK and TSEC in the 4th line of the Command in Step #4.2
     - You installed Python 3.x.x when you must use 2.7.x, uninstall python, logout of windows (important it removes python from PATH) and follow Step #3.2 then move back to #4.1

   • import lz4.block
     File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
     from ._version import ( # noqa: F401
     ImportError: DLL load failed: The specified module could not be found.

     - The 2nd line of the Command in Step #4.2 failed without you noticing. Try running the 1st line to upgrade pip and if that goes successfully run the 2nd line to install lz4 and see if it successfully installs.

 

[Dylos]

updated the script again to use platform agnostic filepaths and tested on Win + Mac + Ubuntu. you must still build hactool yourself on Linux and MacOS.

(internal thing: I also fixed the script trying to look for the keyblob seeds in pkg1loader even though it's already going to grab them from Atmosphere github, and it only had then through 5.1.0. this prevented it from working on 6.0 afaict)


if you don't mind, grab the new script and try again and let me know if it works

It worked this time, no errors and I got a keys.txt file now.

 

[shchmue]

I've downloaded the Hekate 4.2 and it boot directly to the NSW with hbc etc..., I don't get the options like the older version such as 3.2. What am I missing here? TIA.

what are you trying to do? you're probably in the wrong thread

WOW! It worked for my problem! Thanks! You saved me!
Now it says:

[WARN] prod.keys does not exist.
unable to open : Invalid argument

Where can I get prod.keys?

that's a warning produced by hactool if you don't have a file called prod.keys in c:\users\<username>\.switch but all it is is a warning, you can rename your keys.txt to that and put it there or not, it doesn't matter

It worked this time, no errors and I got a keys.txt file now.

nice.

 

[Andrew-sama]

what are you trying to do? you're probably in the wrong thread


that's a warning produced by hactool if you don't have a file called prod.keys in c:\users\<username>\.switch but all it is is a warning, you can rename your keys.txt to that and put it there or not, it doesn't matter


nice.

Now it says "unable to open : Invalid argument"

 

[shchmue]

Now it says "unable to open : Invalid argument"

what says that? what command?

 

[Andrew-sama]

what says that? what command?

I created the .switch folder and put the renamed keys.txt file there. When I enter "hactool --keyset=keys.txt", that message pops up. Isn't that what I should do next?

 

[shchmue]

I created the .switch folder and put the renamed keys.txt file there. When I enter "hactool --keyset=keys.txt", that message pops up. Isn't that what I should do next?

no, that command means you're telling hactool that instead of looking for prod.keys in ~/.switch it should look for a file called keys.txt. now you should be able to run hactool without any keyset argument and it will work fine.

 

[Andrew-sama]

no, that command means you're telling hactool that instead of looking for prod.keys in ~/.switch it should look for a file called keys.txt. now you should be able to run hactool without any keyset argument and it will work fine.

My Switch lives! Thank you A LOT! You are my hero!

 

[Cyan]

Could you add a tutorial for your kezplez-nx too ?
I read the readme, but it doesn't tell where to put the fuses and tsec keys file. Do I put them on root? or does it find them in backup/<nand id>/dumps/ as it only says dump with hekate?
what is kezplez-nx.nacp file? it's not always provided with new releases. they work with all nro ?

is it still useful to do the SBK/TSec biskey steps from current guide? is SBK inside fuses.bin ? could you generate a text file or binary with extracted BSK/Tsec key like the QRCode?

 

[shchmue]

Could you add a tutorial for your kezplez-nx too ?
I read the readme, but it doesn't tell where to put the fuses and tsec keys file. Do I put them on root? or does it find them in backup/<nand id>/dumps/ as it only says dump with hekate?
what is kezplez-nx.nacp file? it's not always provided with new releases. they work with all nro ?

is it still useful to do the SBK/TSec biskey steps from current guide? is SBK inside fuses.bin ? could you generate a text file or binary with extracted BSK/Tsec key like the QRCode?

it finds them on its own after dumping with hekate. i’m not super invested in supporting that because i’m working on a ground-up rewrite

 

[osbodav]

my switch is bricked and im getting keybloc decrypted using current sbk & tsec keys not valid! using biskeydump,hactool. any fixes for this?

 

[shchmue]

my switch is bricked and im getting keybloc decrypted using current sbk & tsec keys not valid! using biskeydump,hactool. any fixes for this?

looking at your post history it sounds like your BOOT0 is hosed. that’s where the keyblobs live so it can’t derive master keys or anything else related to that. you’d need to either manually regenerate your keyblob data or have a backup of your encrypted keyblobs from before

 

[osbodav]

looking at your post history it sounds like your BOOT0 is hosed. that’s where the keyblobs live so it can’t derive master keys or anything else related to that. you’d need to either manually regenerate your keyblob data or have a backup of your encrypted keyblobs from before

Is there a way to fix this? I have my biskeys but don't know how to find keyblobs with them

 

[Joshywooful]

I've managed to follow the tutorial up to step 4 part 5, and when I run the script, I get this error:

Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
from ._version import ( # noqa: F401
ImportError: DLL load failed: The specified module could not be found.

I don't think I've done anything wrong, I've got everything I need up to this point.

 

[khuong]

i just grabbed my friends switch and i'm having the same error regarding sbk and tsec keys not valid.. anyway to fix the keyblob?

 

[PRAGMA]

I updated the tutorial to reflect changes on various applications used.
Thanks to the other dudes who were updating the keys script

--------------------- MERGED ---------------------------

I've managed to follow the tutorial up to step 4 part 5, and when I run the script, I get this error:

Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
from ._version import ( # noqa: F401
ImportError: DLL load failed: The specified module could not be found.

I don't think I've done anything wrong, I've got everything I need up to this point.

I added your issue to Troubleshooting tab.
Basically line 2 of the CMD Command for keys.py failed somehow

 

[Arnold101]

it finds them on its own after dumping with hekate. i’m not super invested in supporting that because i’m working on a ground-up rewrite

keplez can't find keys on firmware 6.1, i used the app before on 6.01 and worked fine, it need to be updated or what? i have dumped all the fuses correctly. please help

 

[Zaybokk]

If someone wants edit access to first post to update it, I can do that.

problem is now this....

 

[Cyan]

well, the problem is not because I gave access to the first post, is it? why am I quoted here?
SciresM updated hactool to support 6.2.0, so lot of commands and tutorials might be outdated if you use today's files? use previous version if you have issue with a specific version.

Also, never use folders fulls of spaces in your path.
rename your folder to something smaller without space in it.

 

[shchmue]

problem is now this....

you’re running it on files from a 6.2.0 switch. that’s not going to work until the full procedure is documented so the script can be updated

 

[Zaybokk]

sorry @Cyan lol , but trying to figure out what im exactly doing wrong, basically this is where im at..
https://gbatemp.net/conversations/c...ed-6-2-0-accidentally.330756/#message-1186809..

what im saying I have done that prior before the guide : BIS keys-(but problem with this for me, don't know what there named example: keys.txt , keys.dat , keys.bat , keys.ini , or BISkeys.txt??) , etc. etc.. get my point.. also trying 2 show u pics but don't know how 2 post them here??..