Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

• Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
• Upon completion, keys will be saved to /switch/prod.keys on SD
• If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

• Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

 

[Deleted member 523475]

The Nehterlands have to follow EU law that have the same-ish law.
San Marino might be an option but they have joined WIPO so it's just a matter of time.

Sigpatches and prod keys are hosted in Russia now, shouldn't have any DMCA problems there (although note that DBI contains keys in the .nro and is hosted on gbatemp, along with sigpatches in a separate thread, so maybe also host lockpick on gbatemp?)

 

[Slluxx]

the newer keys will still pop up in pastebin or some other places

Thats not even the issue. The keys are always public and "released" by a well known source and used in their project. The DMCA claim was basically "about the extraction of the keys" needed to run an emulator, not the keys needed to be able to make a dump.

 

[ShadowOne333]

Sigpatches and prod keys are hosted in Russia now, shouldn't have any DMCA problems there (although note that DBI contains keys in the .nro and is hosted on gbatemp, along with sigpatches in a separate thread, so maybe also host lockpick on gbatemp?)

How are the keys being hosted in Russia?

 

[Slluxx]

How are the keys being hosted in Russia?

thats just some bs.

 

[linuxares]

Sigpatches and prod keys are hosted in Russia now, shouldn't have any DMCA problems there (although note that DBI contains keys in the .nro and is hosted on gbatemp, along with sigpatches in a separate thread, so maybe also host lockpick on gbatemp?)

Doesn't solve the issue with needing your own keys for nand backups for example. (to open on your PC)

 

[ShadowOne333]

thats just some bs.

Oh I thought he meant a repository in Russia hosting Lockpick, I missed the part where he mentioned prod.keys specifically, so yeah those can be hosted in Russia I guess, but we still have the dilemma of where to host the actual repository without Ninty throwing a tantrum about it.
Is there a GitHub made in Russia?

 

[Slluxx]

Oh I thought he meant a repository in Russia hosting Lockpick, I missed the part where he mentioned prod.keys specifically, so yeah those can be hosted in Russia I guess, but we still have the dilemma of where to host the actual repository without Ninty throwing a tantrum about it.
Is there a GitHub made in Russia?

git is just software. Githlab, Gitea, Gitbucket etc are all different selfhostable github alternatives.



I deleted the repository. Multiple sources told me that its not worth getting a letter from Nintendo and i should not risk getting the same fate/blame from them as as Gary did. I still have a private repository for .. "archival" purposes.

The keys to update lockpick/picklock are right here in the Atmosphere repository. You just have to update /source/keys/crypto.h and /source/keys/key_sources.inl with the new keys provided by atmosphere. If you look at my commits, they make it pretty clear what goes where.

Again, the keys are not the issue. The issue is that those boot keys are used within lockpick/picklock to dump prod.keys etc, which enables emulators and so on to be able to play illegitimate game copys. That was what the DMCA is about.

 

[oresterosso]

There is no way out of this situation, damned Nintendo

 

[Deleted member 523475]

Doesn't solve the issue with needing your own keys for nand backups for example. (to open on your PC)

If you for some reason haven't dumped your own console's keys yet (this should have been done when taking your initial nand backup), you could always use Daybreak to install whatever firmware your local lockpick_rcm.bin supports, if your concern is a future firmware update not working with whatever payload you can find on the web. Or try using your console's bis keys that atmosphere dumps to your SD card automatically.

 

[linuxares]

You don't get it. Let's say someone hack their Switch tomorrow and they can't get Lockpick anywhere. They don't have their own keys.

 

[Deleted member 523475]

You don't get it. Let's say someone hack their Switch tomorrow and they can't get Lockpick anywhere. They don't have their own keys.

Do the BIS keys that Atmosphere automatically dumps not work? And someone hacking their console in the future can still grab the binary hosted in Russia (sigmapatches and a hundred other hosts) and run that RCM payload. Even if a new firmware comes out tomorrow, and the lockpick binary doesn't support it...once atmosphere supports it, Daybreak can downgrade.

 

[linuxares]

Do the BIS keys that Atmosphere automatically dumps not work? And someone hacking their console in the future can still grab the binary hosted in Russia (sigmapatches and a hundred other hosts) and run that RCM payload. Even if a new firmware comes out tomorrow, and the lockpick binary doesn't support it...once atmosphere supports it, Daybreak can downgrade.

Probably need to be removed as well if Nintendo are so anal about keys

 

[alula]

Do the BIS keys that Atmosphere automatically dumps not work? And someone hacking their console in the future can still grab the binary hosted in Russia (sigmapatches and a hundred other hosts) and run that RCM payload. Even if a new firmware comes out tomorrow, and the lockpick binary doesn't support it...once atmosphere supports it, Daybreak can downgrade.

BIS keys are device specific and only let you decrypt internal storage, not the games.

 

[Slluxx]

All this hosting here or there is absolutely irrelevant and mostly even just flat out wrong. No one gives a shit about where everything comes from. Things will always be shared in one way or another and "hosting it in russia" or whatever can just come from people who believe everything they get told. It only needs one person to take the boot keys from atmosphere, which are legal to have or use, put them into a fork of lockpick and upload the resulting binary to anonfiles or any other privacy oriented hoster. One could even make a homebrew to download the latest version automatically so no one would need to follow any random link. A homebrew like that is written in a short amount of time.

 

[linuxares]

So you mean make a homebrew that checks the crypto.h file and from there it generates the keys? Since then the homebrew itself can't do anything without another file.

 

[blindseer]

git is just software. Githlab, Gitea, Gitbucket etc are all different selfhostable github alternatives.



I deleted the repository. Multiple sources told me that its not worth getting a letter from Nintendo and i should not risk getting the same fate/blame from them as as Gary did. I still have a private repository for .. "archival" purposes.

The keys to update lockpick/picklock are right here in the Atmosphere repository. You just have to update /source/keys/crypto.h and /source/keys/key_sources.inl with the new keys provided by atmosphere. If you look at my commits, they make it pretty clear what goes where.

Again, the keys are not the issue. The issue is that those boot keys are used within lockpick/picklock to dump prod.keys etc, which enables emulators and so on to be able to play illegitimate game copys. That was what the DMCA is about.

Thanks for explaining how to update it, I know next to nothing about programing but I figured out how I would manually add the keys and make the bin, feels better knowing that Its possible to do it yourself!

 

[oresterosso]

Grazie per aver spiegato come aggiornarlo, non so quasi nulla di programmazione ma ho capito come aggiungere manualmente le chiavi e creare il cestino, mi sento meglio sapendo che è possibile farlo da soli!

I'm following the discussion with great interest, however I still haven't figured out how to do this procedure.
Russian hosting is being discussed but the path we want to take is not clear, each of us has his say.
while waiting to know what will be the future of lockpic/ picklock , I ask @Slluxx couldn't you create a guide for this?

 

[Slluxx]

I'm following the discussion with great interest, however I still haven't figured out how to do this procedure.
Russian hosting is being discussed but the path we want to take is not clear, each of us has his say.
while waiting to know what will be the future of lockpic/ picklock , I ask @Slluxx couldn't you create a guide for this?

There are plenty of guides on how to create homebrew, one of them being this, which i have written myself.
A few posts up i explained where to find the keys and where to place them. Its really not that hard.

stuff like russian hosting is absolute nonsense to me. It will pop up here no matter what, even if someone in the US or europe compiles it.

 

[oresterosso]

There are plenty of guides on how to create homebrew, one of them being this, which i have written myself.
A few posts up i explained where to find the keys and where to place them. Its really not that hard.

stuff like russian hosting is absolute nonsense to me. It will pop up here no matter what, even if someone in the US or europe compiles it.

so following your tutorial ,https://blog.teamneptune.net/getting-started-with-nintendo-switch-homebrew-development/, i need to upload picklok source code and add keys?

 

[Slluxx]

so following your tutorial ,https://blog.teamneptune.net/getting-started-with-nintendo-switch-homebrew-development/, i need to upload picklok source code and add keys?

You dont need to upload anything. You place a copy of the source code into the folder thats mapped from your host pc into docker and then you can run "make" from the terminal inside your source code folder. No keys need to be added yet, most likely only when support for firmware 17.0.0 comes out, atmosphere will change/add keys.