Hacking RELEASE CertNXtractionPack - Get your Switch cert from a NAND dump!

[SocraticBliss]

EDIT: Here, I made it easier for you, if you have a keys.txt file in the same directory (in the hactool format, ie. key = 32 digit hex value), it will automatically use the key, so you don't have to edit the script at all!

EDIT: I have added @JupiterJesus 's commit!

EDIT: Refer to latest post

 

[t1op]

Download python 2.7, and the attached CertNXtractionPack.zip

NOTE: The below link will have the most updated versions of the scripts...

https://gist.github.com/SocraticBliss/4410790b6e5a27161f521c45d1eb2684

PREREQUISITES​

1. Get your BIS Keys (via biskeydump)
2. Dump your SYSNAND (via hekate)
3. Decrypt your PRODINFO (BIS 0 Key) and Save to file - PRODINFO.bin to your working directory (via HacDiskMount)
4. Edit CertNXtractionPack.py and replace ONLY the 32 F's with the correct key!
   Hint: lines 10, 11, 12, 13
5. Make sure the following files are in your working directory:
   • PRODINFO.bin
   • openssl.exe
   • CertNXtractionPack.cmd
   • CertNXtractionPack.py
   • Convert_to_der.py
6. Double-click on the CertNXtractionPack.cmd
7. Enjoy!

Thank you! These instructions are very clear and helpful!

 

[Mario119]

Thanks for the reply. However, I'm still receiving an error upon running CertNXtractionPack

Error: Your PRODINFO.bin is still encrypted!

I used HacDiskMount and decrypted my PRODINFO with my BIS 0 Keys, tripled checked they were correct. So I'm not sure why this is happening.

 

[annson24]

Thanks for the reply. However, I'm still receiving an error upon running CertNXtractionPack

Error: Your PRODINFO.bin is still encrypted!

I used HacDiskMount and decrypted my PRODINFO with my BIS 0 Keys, tripled checked they were correct. So I'm not sure why this is happening.

Try to dump PRODINFO.bin using Reinx Toolkit I was able to get my cert with the prodinfo dump from reinx toolkit.

 

[JerryWeary]

Why cant we get a drag and drop? All this work to write the script but cant write the script for these steps? Bleh.

 

[TheExpertNoob]

Did someone say Drag-N-Drop?

come to this discord to find me.

https://discord.gg/KFf4v6t

Then PM me your PRODINFO.bin or ask for my version of the CertNXtractionPack.
I should respond within 24 hours. Please dont spam or you may get blocked.

The Expert Noob#3961

 

[annson24]

Why cant we get a drag and drop? All this work to write the script but cant write the script for these steps? Bleh.

There is actually a bot in the game chat network discord channel (also made by SimonMKWii) that does exactly that. Just send the bot your PRODINFO.bin and it will send you back your cert in just a few seconds.

SimonMKWii also ensures that neither he nor the bot stores a backup of your cert.

To easily obtain your PRODINFO.bin without having to extract if from a nand dump, just use ReiNX Toolkit to directly dump it.

 

[bodyXY]

There is actually a bot in the game chat network discord channel (also made by SimonMKWii) that does exactly that. Just send the bot your PRODINFO.bin and it will send you back your cert in just a few seconds.

SimonMKWii also ensures that neither he nor the bot stores a backup of your cert.

To easily obtain your PRODINFO.bin without having to extract if from a nand dump, just use ReiNX Toolkit to directly dump it.

https://discord.gg/mYurZS right? which channel and which command to send it to the bot?

 

[SocraticBliss]

Why cant we get a drag and drop? All this work to write the script but cant write the script for these steps? Bleh.

Mainly because I can't put the keys in the python script and still host it... I mean all you have to do is update the script to parse a hactool keys file for the values you need, then run the cmd script with everything in the directory...

EDIT: Here, I made it easier for you, if you have a keys.txt file in the same directory (in the hactool format, ie. key = 32 digit hex value), it will automatically use the key, so you don't have to edit the script at all!

EDIT: I have added @JupiterJesus 's commit!

EDIT: Refer to latest post

 

[Deleted member 456320]

There is actually a bot in the game chat network discord channel (also made by SimonMKWii) that does exactly that. Just send the bot your PRODINFO.bin and it will send you back your cert in just a few seconds.

SimonMKWii also ensures that neither he nor the bot stores a backup of your cert.

To easily obtain your PRODINFO.bin without having to extract if from a nand dump, just use ReiNX Toolkit to directly dump it.

Does this auto delete the prodinfo from the chat so no one can steal it?

 

[JupiterJesus]

Thanks for the reply. However, I'm still receiving an error upon running CertNXtractionPack

Error: Your PRODINFO.bin is still encrypted!

I used HacDiskMount and decrypted my PRODINFO with my BIS 0 Keys, tripled checked they were correct. So I'm not sure why this is happening.

Are you using python 3?

I am, and I sure as fuck am not going to install python 2, one python installed on my pc is quite enough. One of the biggest differences between 2 and 3 is the way they treat character strings. In short, python3 is way fussier about converting to/from and comparing byte arrays and strings. This is a good thing, because though back in the day everything was ASCII and every written character was just one byte, nowadays strings are in UTF-8 and many other encodings, and a 4-character string like "CAL0" could be anywhere from 4 bytes to 32 bytes!

Anyway, on python 3 there needs to be a decode call added. On line 69, replace

ssl_test != 'CAL0'

with

ssl_test.decode('utf-8') != 'CAL0'

Since 'CAL0' is actually a character string, while ssl_test is a byte array, you must decode the byte array to a character string using the UTF8 encoding.

Alternately, leave that alone, and put a b in front of 'CAL0'.

ssl_test != b'CAL0'

That way, 'CAL0' is treated like a python2 byte string. ssl_test is also a python2 byte string, so the equality works that way too. Either fix should work. I tested it, and they both gave me a cert successfully.

 

[SocraticBliss]

Are you using python 3?

I am, and I sure as fuck am not going to install python 2, one python installed on my pc is quite enough. One of the biggest differences between 2 and 3 is the way they treat character strings. In short, python3 is way fussier about converting to/from and comparing byte arrays and strings. This is a good thing, because though back in the day everything was ASCII and every written character was just one byte, nowadays strings are in UTF-8 and many other encodings, and a 4-character string like "CAL0" could be anywhere from 4 bytes to 32 bytes!

Anyway, on python 3 there needs to be a decode call added. On line 69, replace

ssl_test != 'CAL0'

with

ssl_test.decode('utf-8') != 'CAL0'

Since 'CAL0' is actually a character string, while ssl_test is a byte array, you must decode the byte array to a character string using the UTF8 encoding.

Alternately, leave that alone, and put a b in front of 'CAL0'.

ssl_test != b'CAL0'

That way, 'CAL0' is treated like a python2 byte string. ssl_test is also a python2 byte string, so the equality works that way too. Either fix should work. I tested it, and they both gave me a cert successfully.

Thanks for the suggestion, I tried to make it compatible with Python 3 (check the print statements!) and I seemed to have missed this

 

[annson24]

https://discord.gg/mYurZS right? which channel and which command to send it to the bot?

That's the correct channel, yes. Just send a PM to Ozone bot with your PRODINFO.bin attached and .cert command.

Does this auto delete the prodinfo from the chat so no one can steal it?

It doesn't,you can delete it yourself however the certs you can't. Just do a private chat with the bot so nobody else but you and the bot can see your private files.

 

[jolly1991]

That's the correct channel, yes. Just send a PM to Ozone bot with your PRODINFO.bin attached and .cert command.

It doesn't,you can delete it yourself however the certs you can't. Just do a private chat with the bot so nobody else but you and the bot can see your private files.

how can i to join in discord channel? i need Ozone bot

 

[Deleted member 456320]

how can i to join in discord channel? i need Ozone bot

Heres an invite: https://discord.gg/abxqkw DM the bot

 

[gross7]

Hi, I use a PRODINFO.bin from ReiNX Toolkit, Python 2.7.15 (Win8.1) and the instructions in post #241 and get...


Checking pip installation...
Checking setuptools installation...
Verifying keys...

Script #1 Completed Successfully!
Saved clcert.der and privk.bin to your working directory.
Checking Dependencies...
enum34 successfully installed!
Could not install packages due to an EnvironmentError: [Errno 2] No such file or
directory: 'c:\\users\\markus\\appdata\\local\\temp\\pip-req-tracker-llpvpk\\93
b16de836b6e2be5728a20570c7619783f8611cb14149e656816433'

future successfully installed!
Could not install packages due to an EnvironmentError: [Errno 2] No such file or
directory: 'c:\\users\\markus\\appdata\\local\\temp\\pip-req-tracker-llpvpk\\fe
807afebda4b684aff6287baa0c1719cedcf0013d0f08d2e1fc1cac'

asn1 successfully installed!
Traceback (most recent call last):
File "Convert_to_der.py", line 162, in <module>
main()
File "Convert_to_der.py", line 117, in main
E, N = get_pubk(clcert)
File "Convert_to_der.py", line 74, in get_pubk
clcert_decoder = asn1.Decoder()
NameError: global name 'asn1' is not defined

Press ...

Any solutions? Thanks!

 

[designgears]

Hi, I use a PRODINFO.bin from ReiNX Toolkit, Python 2.7.15 (Win8.1) and the instructions in post #241 and get...


Checking pip installation...
Checking setuptools installation...
Verifying keys...

Script #1 Completed Successfully!
Saved clcert.der and privk.bin to your working directory.
Checking Dependencies...
enum34 successfully installed!
Could not install packages due to an EnvironmentError: [Errno 2] No such file or
directory: 'c:\\users\\markus\\appdata\\local\\temp\\pip-req-tracker-llpvpk\\93
b16de836b6e2be5728a20570c7619783f8611cb14149e656816433'

future successfully installed!
Could not install packages due to an EnvironmentError: [Errno 2] No such file or
directory: 'c:\\users\\markus\\appdata\\local\\temp\\pip-req-tracker-llpvpk\\fe
807afebda4b684aff6287baa0c1719cedcf0013d0f08d2e1fc1cac'

asn1 successfully installed!
Traceback (most recent call last):
File "Convert_to_der.py", line 162, in <module>
main()
File "Convert_to_der.py", line 117, in main
E, N = get_pubk(clcert)
File "Convert_to_der.py", line 74, in get_pubk
clcert_decoder = asn1.Decoder()
NameError: global name 'asn1' is not defined

Press ...

Any solutions? Thanks!

pip install enum34 future asn1

then run the script again

 

[gross7]

pip install enum34 future asn1

then run the script again

Working Thanks for your help!

 

[SocraticBliss]

OK guys, I did a python re-write, so now it's only one python script!

Download python, and the attached CertNXtractionPack.zip

NOTE: The below link will have the most updated versions of the scripts...

https://gist.github.com/SocraticBliss/4410790b6e5a27161f521c45d1eb2684

PREREQUISITES

1. Get your BIS Keys (via biskeydump)
2. Dump your SYSNAND (via hekate)
3. Decrypt your PRODINFO (BIS 0 Key) and Save to file - PRODINFO.bin to your working directory (via HacDiskMount)
4. Edit keys.txt and replace ONLY the 32 F's with the correct keys!
   
5. Make sure the following files are in your working directory before running the batch script:
   • CertNXtractionPack.cmd
   • CertNXtractionPack.py
   • keys.txt
   • openssl.exe
   • PRODINFO.bin
6. Double-click on the CertNXtractionPack.cmd
7. Enjoy!

 

[od1n89]

Hi guys,

i tried this and get the following error

PRE-REQUISITES:
-- Get your BIS Keys (via biskeydump)
-- Dump your SYSNAND (via hekate)
-- Decrypt your PRODINFO (BIS 0 Key) and Save to file - PRODINFO.bin to your working directory (via HacDiskMount)
-- A hactool format keys.txt (ie. key = 32 digit hex value) file with the following keys...
-- master_key_00
-- rsa_private_kek_generation_source
-- ssl_rsa_kek_source_x
-- ssl_rsa_kek_source_y

Checking python module dependencies...

Verifying keys...
Traceback (most recent call last):
  File "CertNXtractionPack.py", line 180, in <module>
    main()
  File "CertNXtractionPack.py", line 145, in main
    if 'master_key_00' in line:
TypeError: a bytes-like object is required, not 'str'

can someone help me?