A while ago I described in private to another user everything I did. I will copy and place the file for you here.
I hope this helps you
my problem was in the prod.keys file.
first I restored my keyblobs at boot0 (I believe you have already done so),
then I dumped the prod.keys again using Lockpick_RCM.
I downloaded a Prod.keys from 9.2.0 on the internet (it comes clean, and functional)
I opened both prod.keys files with the notepad and started to copy my keys to the file I downloaded, copying the missing information from one to the other.
follows all the lines I copied and changed to the clean prod.keys that I downloaded:
"bis_kek_source = (add)
bis_key_00 = (add)
bis_key_01 = (add)
bis_key_02 = (add)
bis_key_03 = (add)
bis_key_source_00 = (add)
bis_key_source_01 = (add)
bis_key_source_02 = (add)
device_key = (add)
device_key_4x = (add)
key_area_key_application_09 = (add)
key_area_key_application_0a = (add)
key_area_key_ocean_09 = (add)
key_area_key_ocean_0a = (add)
key_area_key_system_09 = (add)
key_area_key_system_0a = (add)
keyblob_key_00 = (replace)
keyblob_key_01 = (replace)
keyblob_key_02 = (replace)
keyblob_key_03 = (replace)
keyblob_key_04 = (replace)
keyblob_key_05 = (replace)
keyblob_mac_key_00 = (replace)
keyblob_mac_key_01 = (replace)
keyblob_mac_key_02 = (replace)
keyblob_mac_key_03 = (replace)
keyblob_mac_key_04 = (replace)
keyblob_mac_key_05 = (replace)
master_kek_source_09 = (add)
master_kek_source_0a = (add)
master_key_09 = (add)
master_key_0a = (add)
package2_key_09 = (add)
package2_key_0a = (add)
save_mac_key = (replace)
save_mac_sd_card_kek_source = (add)
save_mac_sd_card_key_source = (add)
sd_card_custom_storage_key_source = (add)
secure_boot_key = (replace)
titlekek_09 = (replace)
titlekek_0a = (replace)
tsec_key = (replace)"
that was all I change/add, it is important that these lines are in the correct locations and do not delete the lines that have not been changed.
After finishing i used this new corrected prod.keys file to extract the correct firmware with emmchaccgen (using the command "hactoolnet.exe -t save -k keyfile path_to_8000...").
so far so good.
but something i hadn't done before was the next step.
I copied this new extracted firmware to a folder with the
hactoolnet.exe, opened cmd and run the command:
hactoolnet.exe -t save -k keyfile path_to_8000...
it is important that the platform hardware is "exFAT"
The screen you must see to work is the one I'm leaving attached.
the text (GOOD) must appear in the two circled areas, if any fails, go back to prod.keys to check for any possible errors or differences with the console keys and do the whole process again.
if both appear as (GOOD), just follow the process of injecting the firmware manually with the Balena Etcher and Hacdiskmount.
mine worked again like that, I hope it helps you.
--------------------- MERGED ---------------------------
all,
I am facing similar situation with thiago. when I run lockpickrcm to get prod.keys, there are keyblobs 0-5 errors.
I want to fix that, but I am stucked.
I have some questions :
1. how do you get encrypted_keyblob_0 - 5 ?
I run linkle keygen -k prod.keys, the output does not contain encrypted_keyblob 0 - 5, only these:
*Snip!*
2. which boot0.bin file is to be edited, the original file from the extracted file from the firmware (file size 1.5MB) or boot0.bin from sysnand dump (file size 4MB)
Thanks
to get the keyblobs I used the linkle together with the prod.keys file, then I made a backup of Boot0.bin on heckate and added the new keyblobs with HxD