pip install pycryptodome
--------------------- MERGED ---------------------------
Do you even know how to write Python code ???
I mean that code looks horrible... and btw what are rpk_key_y and key_x_gak ? both variables are undefined...
rpk_key = GenerateAesKek(rsa_private_kek_generation_source, key_x_gak, master_key)
NameError: name 'key_x_gak' is not defined
the last error is because the OP uploaded unfinished code, can't help you with thatThank you!. Now I get this xd
Want your cert to access Nintendo's CDN, but you're not on 3.0.0 anymore so you can't run the PegaSwitch script?
Don't worry, I've got you covered!
Included in the pack is everything you need to generate a pfx certificate file from a NAND dump!
Usage:
How 2 get dem keyz???
- First, make sure Python3 and both the asn1 and pycrypto modules are installed.
- Next, copy your PRODINFO.bin partition into the folder
- Now, add the required keydata into "00_generate_ssl_kek.py", then run it; this will output the ssl_kek.
- Add the generated ssl_kek into "01_decrypt_privk_extract_cert.py", then run it, that will decrypt your private key and extract your cert.
- Then, run "02_convert_to_der.py", which will convert the extracted files into DER.
- Lastly, run "03_save_as_pfx.bat" to save it as an installable PFX certificate!
- Voila! You can now find your generated certificate in the new folder named "Out"!
Massive thanks to @SocraticBliss for helping me out with the python stuff and @SciresM for the RSA calcs required in script 02.
- The first key is generated by XORing the AES_KEK (kek_mask 0) with the CryptoUsecase_RsaPrivate seed (kek_seed 1).
- The second key is the original master key, you can extract it from your keyblobs using hactool.
- The third and fourth keys are plaintext in the ssl sysmodule NSO.
- Or alternatively, you can skip this entire step by finding the ssl_kek online, not giving links for obvious reasons... (Trust me, it's out there!)
But how do I dump the NAND? @SimonMKWiiWant your cert to access Nintendo's CDN, but you're not on 3.0.0 anymore so you can't run the PegaSwitch script?
Don't worry, I've got you covered!
Included in the pack is everything you need to generate a pfx certificate file from a NAND dump!
Usage:
How 2 get dem keyz???
- First, make sure Python3 and both the asn1 and pycrypto modules are installed.
- Next, copy your PRODINFO.bin partition into the folder
- Now, add the required keydata into "00_generate_ssl_kek.py", then run it; this will output the ssl_kek.
- Add the generated ssl_kek into "01_decrypt_privk_extract_cert.py", then run it, that will decrypt your private key and extract your cert.
- Then, run "02_convert_to_der.py", which will convert the extracted files into DER.
- Lastly, run "03_save_as_pfx.bat" to save it as an installable PFX certificate!
- Voila! You can now find your generated certificate in the new folder named "Out"!
Massive thanks to @SocraticBliss for helping me out with the python stuff and @SciresM for the RSA calcs required in script 02.
- The first key is generated by XORing the AES_KEK (kek_mask 0) with the CryptoUsecase_RsaPrivate seed (kek_seed 1).
- The second key is the original master key, you can extract it from your keyblobs using hactool.
- The third and fourth keys are plaintext in the ssl sysmodule NSO.
- Or alternatively, you can skip this entire step by finding the ssl_kek online, not giving links for obvious reasons... (Trust me, it's out there!)
hence the keys....how to decrypt PRODINFO?
dump from raw nand is decrypted?
cat clcert.pem privkey.pem > nx_tls_client_cert.pem
.bat with cat command, that's why you end up with 0 filesize nx_tls_client_cert.pem
changed his .bat file to have this change but still spits out an empty file.Could probably use type...
type clcert.pem privkey.pem > nx_tls_client_cert.pem
I fixed the codeprint("eticket_ssl_rpk = " + hx(rpk_key).upper())
TypeError: Can't convert 'bytes' object to str implicitly
import sys
from binascii import unhexlify as uhx, hexlify as hx
from Crypto.Cipher import AES
def decrypt(inputkey, iv):
return AES.new(iv, AES.MODE_ECB).decrypt(inputkey)
def unwrap(wrappedkey, iv):
return decrypt(wrappedkey, iv)
rsa_private_kek_generation_source = uhx('X')
master_key = uhx('X')
ssl_aes_key_x = uhx('X')
ssl_rsa_key_y = uhx('X')
def GenerateAesKek(rsa_private_kek_generation_source, ssl_aes_key_xk, master_key):
unwrapped_kek = unwrap(rsa_private_kek_generation_source, master_key)
unwrapped_kekek = unwrap(ssl_aes_key_x, unwrapped_kek)
return unwrap(ssl_rsa_key_y, unwrapped_kekek)
rpk_key = GenerateAesKek(rsa_private_kek_generation_source, ssl_aes_key_x, master_key)
rpk_key_b = hx(rpk_key).upper()
print("eticket_ssl_rpk = " + "".join(map(chr, rpk_key_b)))
Thank you all. I was able to make the file Der. But when I want to create the "nx_tls_client_cert.pfx" with "03_save_as_pfx.bat" it does not build it and it creates a 0KB file...
--------------------- MERGED ---------------------------
ROLF