This thread is deprecated
For a faster, easier and more up-to-date way of getting keys use Lockpick_RCM by shchmue
If you still want to follow this tutorial and end up with less keys, continue reading the Thread.

WARNING

• DO NOT GIVE OUT ANY OF YOUR KEYS TO ANYONE! I CANNOT STRESS THAT ENOUGH!
• DO NOT SHARE YOUR KEYS BETWEEN MULTIPLE SWITCHES THAT YOU DO/DON'T OWN! SOME ARE CONSOLE-UNIQUE
• DO NOT ASK ME FOR KEYS

LEGEND

• SBK
  SecureBootKey
• TSEC
  Tegra Security Co-processor Key
• eMMC
  Embedded MultiMediaCard (Switch's Onboard Storage)

GOAL
End up with 83+ keys including SBK and TSEC keys. Get Master Key's 0-5. (Master Keys 6 onwards is not done in this tutorial)
Reminder, if you want more up-to-date and much more convenient way to get your Switch's Keys, use Lockpick by shchmue (available in nx-appstore/homebrew store)

Tutorial — (Outdated for Switch's on firmware 6.x or newer)

#1 - Dumping System Keys (Biskeydump)#2 - Dumping Required Files#3 - Hactool Preparation#4 - Dumping KeysFinal WordsTroubleshooting

1. 
   We need to get your Secure Boot Key (SBK) and Tegra Security Co-processor Key (TSEC) before we can get the main keys.
   These are 100% console unique.
   
   
   1. Download and extract biskeydump.bin from biskeydumpvx.zip
      - Follow this tutorial but instead of using CTCaer's Hekate Mod .bin file, use the biskeydump.bin file
      - If the QR Code is Blue, Scan the QR Code with your Phone, Laptop e.t.c
      - If you cant find a device you can scan with, type them out into your PC/Laptop (Its highly recommended to scan the QR Code, as a lot of characters can look like another, O0, Il, rn can look like m, e.t.c)
   2. Once you have the biskeydump of your System, store all the keys you received somewhere safe, I recommend a secure cloud storage aswell as a USB Stick, perhaps even print it.
      - Don't give this to ANYONE, Seriously.
   
   If you get any errors please go to the Troubleshooting Tab.
   
2. 
   
   1. Follow this tutorial AGAIN but this time use CTCaer's Hekate Mod.
      - "Tools" -> "Backup..." -> "Backup eMMC BOOT0/1"
      - "Tools" -> "Backup..." -> "Backup eMMC SYS"
      - Back all the way to the first menu, and choose "Power off"
   2. Take the microSD Card out of your Switch and into your PC.
   3. Copy both "BOOT0" and "BCPKG2-1-Normal-Main" from "sd:/backup/xxxxxx/" (xxxxxx is different for everyone) to "hactool" on your Desktop (create the "hactool" folder)
      - Rename them with .bin at the end, "BOOT0.bin", "BCPKG2-1-Normal-Main.bin"
3. 
   
   1. Download and install Python 2.7.x - NOT Python 3.x.x
      When installing, it will ask you what features you want installed, scroll to the bottom and make sure "Add Python to Path" has "Entire Feature Installed to HDD" option chose (No Red X Icon), otherwise the scripts wont find Python and WILL fail
   2. Download and extract hactool TO THE DESKTOP AND NAME THE FOLDER "hactool"
      On Linux/MacOS: clone and build hactool manually
   3. Right-click this (script originally by tesnos6921, patched by shadowninja108, jakibaki and shchmue)
      - Click "Save link as" / "save as"
      - Set "Save as type" to "All Files"
      - Name it "keys.py"
      And finally save it to the hactool folder you placed in the Desktop.
      NOTICE TO GBATEMP STAFF: The "keys" inside this file, are NOT keys, they are SHA digest hashes used to search through files to find text that matches, which would be the keys.
4. 
   
   1. Press WIN(Btn)+R to open "Run", type "cmd" and press Ctrl+Shift then Enter to open Command Prompt as an Administrator
   2. Type (in order) or Copy the following and paste into Command Prompt (Some Windows Versions use Right Click to Paste, some use CTRL+C)
      python -m pip install --upgrade pip
      pip install lz4
      cd Desktop/hactool
      python keys.py SBK_Here_From_Biskeydump TSEC_Here_From_Biskeydump
   3. It should say: "Now you can do hactool --keyset=keys.txt to use them!", if it does, and there's no warning messages, you're good to go!
   If you get any errors please go to the Troubleshooting Tab.
   
5. 
   You now have a keys.txt file with your console-specific keys inside.
   Rename as needed by any software that requires a different name or file extension, it doesn't matter.
   Though I highly recommend renaming it to prod.keys as this filename for Key file's is becoming a popular choice with other software
   There may be more keys, as the Switch's lifecycle goes on, more and more keys will be needed as the firmwares grow and grow.
   
   • The Hactool warning:

     [WARN] prod.keys does not exist.

     can be safely ignored.
     - if you want to place your "keys.txt" file their, put "keys.txt" on your Desktop and run the following with Administrator Command Prompt (Step #4.1 for instructions):
     

     mkdir -p %USERPROFILE%\.switch
     move "%USERPROFILE%\Desktop\keys.txt" "%USERPROFILE%\.switch\prod.keys"

6. 
   #1 ISSUES:
   

   • Red QR Code Outline

     - The reasons this can occur is quite a rarity, all I can say is to keep rebooting and trying again.
     - If there's a new version of biskeydump out, try using the newer biskeydump.bin

   • QR Code not being scanned by your Reader

     - Align your QR Code Readers alignment overlay with the Blue Square's Corners/Edges, NOT the QR Code's Corners/Edges.
     - Clean your camera lens
     - Be in a bright room
   
   #4 ISSUES:
   

   • File "keys.py", line ...
     print message
     ^
     SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?

     - You didn't place SBK and TSEC in the 4th line of the Command in Step #4.2
     - You installed Python 3.x.x when you must use 2.7.x, uninstall python, logout of windows (important it removes python from PATH) and follow Step #3.2 then move back to #4.1

   • import lz4.block
     File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
     from ._version import ( # noqa: F401
     ImportError: DLL load failed: The specified module could not be found.

     - The 2nd line of the Command in Step #4.2 failed without you noticing. Try running the 1st line to upgrade pip and if that goes successfully run the 2nd line to install lz4 and see if it successfully installs.

 

[TiMeBoMb4u2]

ChoiDujourNX doesn't require keys

I guess that’s why I didn’t encounter any errors!

 

[Zaybokk]

The 'keys' file is easily found using Google. However, a stripped-down version should look something like the following, where the "X's" are the actual keys.

master_key_00                                   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_01                                   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_02                                   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_03                                   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_04                                   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_05                                   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_seed                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
masterkey_4x_seed                               = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_00                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_01                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_02                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_03                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_04                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_05                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package2_key_00                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package2_key_01                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package2_key_02                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package2_key_03                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package2_key_04                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package2_key_05                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
titlekek_00                                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
titlekek_01                                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
titlekek_02                                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
titlekek_03                                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
titlekek_04                                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
titlekek_05                                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package2_key_source                             = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
titlekek_source                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
aes_kek_generation_source                       = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
aes_key_generation_source                       = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_application_source                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_ocean_source                       = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_system_source                      = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
header_kek_source                               = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
header_key_source                               = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sd_card_kek_source                              = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sd_card_save_key_source                         = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sd_card_nca_key_source                          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_seed_00                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_seed_01                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_seed_02                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_seed_03                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_seed_04                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_seed_05                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
normalseed_dev_00                               = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
normalseed_dev_01                               = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
normalseed_dev_02                               = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
devicekey_seed                                  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
devicekey_4x_seed                               = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_mac_seed                                = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
dev_master_key_seed                             = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
simpleseed_dev0_00                              = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
simpleseed_dev0_01                              = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
simpleseed_dev0_02                              = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
simpleseed_dev1_00                              = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
simpleseed_dev1_01                              = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
simpleseed_dev1_02                              = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
dev_package1_key_seed                           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
dev_per_console_key_seed                        = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
capsrv_hmac_key                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
header_key                                      = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sd_card_save_key                                = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sd_card_nca_key                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_application_00                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_application_01                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_application_02                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_application_03                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_application_04                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_application_05                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_ocean_00                           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_ocean_01                           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_ocean_02                           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_ocean_03                           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_ocean_04                           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_ocean_05                           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_system_00                          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_system_01                          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_system_02                          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_system_03                          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_system_04                          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_system_05                          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
rsa_oaep_kek_generation_source                  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
eticket_rsa_kek_source                          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
eticket_rsa_kekek_source                        = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
eticket_rsa_kek                                 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssl_aes_key_x                                   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssl_rsa_key_y                                   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssl_rsa_kek                                     = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

okay, ready now with keys file has them, so where to put them now?.. or name them or keys.txt file to put them in?, or once got, u copy paste them?...

 

[PlGGS]

Type in «pip install lz4» in cmd

i get this error tho
Using BOOT0.bin to get keys from package1...
Could not find keyblob_key_source_xx! Please check the integrity of the data used in the current stage!
Windows 10 32 bit
Switch 2.3.0



Thanks for reply, but after dumping boot0 with ctchekate 2.3 and renameing it, still the same error.
Gonna try with fat32 formated sd and dump again

Did you ever figure this out? I'm getting the same issue. and I've now tried two different fat32 sd cards

 

[Zaybokk]

Did you ever figure this out? I'm getting the same issue. and I've now tried two different fat32 sd cards

use exfat its alot better what i use

 

[shchmue]

okay, ready now with keys file has them, so where to put them now?.. or name them or keys.txt file to put them in?, or once got, u copy paste them?...

if you're asking about ChoiDujour, put them in the ChoiDujour folder

Did you ever figure this out? I'm getting the same issue. and I've now tried two different fat32 sd cards

same answer i gave them: you can't use this or any other hactool-key derivation method on 6.2.0.

use exfat its alot better what i use

it's more prone to data corruption

 

[Zaybokk]

it's more prone to data corruption

true but so far so good installing my games

--------------------- MERGED ---------------------------

if you're asking about ChoiDujour, put them in the ChoiDujour folder

okay great, but what do i name my keys, now that i have them to put in proper .txt file name?..
example: ones i know of are following:
keys.ini
keys.txt
keys.bat
keys.bin-(maybe??)
biskeys.txt
biskeys.ini
biskeys.bat

etc. etc.. list goes on and on..

 

[shchmue]

true but so far so good installing my games

--------------------- MERGED ---------------------------



okay great, but what do i name my keys, now that i have them to put in proper .txt file name?..
example: ones i know of are following:
keys.ini
keys.txt
keys.bat
keys.bin-(maybe??)
biskeys.txt
biskeys.ini
biskeys.bat

etc. etc.. list goes on and on..

it doesn't matter, you type the name in the choidujour command whatever it is

 

[Zaybokk]

it doesn't matter, you type the name in the choidujour command whatever it is

okay great
i will try, just sec..
also the keys i have now , do i just copy paste them inside my keys.txt file i have currently?..

 

[LemonScented]

okay, ready now with keys file has them, so where to put them now?.. or name them or keys.txt file to put them in?, or once got, u copy paste them?...

Hey would you mind helping me out with getting the keys file later today?

 

[Zaybokk]

Hey would you mind helping me out with getting the keys file later today?

well , there are threads that help with this part better than i *cough* max*sole* Cough*
above sorry clearing throat uhmm..

 

[LemonScented]

well , there are threads that help with this part better than i *cough* max*sole* Cough*
above sorry clearing throat uhmm..

Aha you wanna dm me on twitter and help direct me in the right direction? @LemonScented_

 

[Zaybokk]

Aha you wanna dm me on twitter and help direct me in the right direction? @LemonScented_

trust me bro, Google is your friend on this unfortunately keys are intellectual property of N
.. but other than that yeah .. i shoot you a whats up on Twitter my bro

hey bro there alot of Lemon scented so i dont know which one you??.. pm me

 

[LemonScented]

trust me bro, Google is your friend on this unfortunately keys are intellectual property of N

Thanks anyways, I guess I'll have to dig deeper later when I get home. You were able to downgrade from 6.2 without any previous backups though?

 

[Zaybokk]

Thanks anyways, I guess I'll have to dig deeper later when I get home. You were able to downgrade from 6.2 without any previous backups though?

no i havent tried yet to downgrade about too though in a sec.. pm me your twitter bro because there alot of lemon scented ones on there...

 

[LemonScented]

no i havent tried yet to downgrade about too though in a sec.. pm me your twitter bro because there alot of lemon scented ones on there...

https://twitter.com/LemonScented_ I am unable to PM on here. Let me know if you get it downgraded.

 

[Zaybokk]

https://twitter.com/LemonScented_ I am unable to PM on here. Let me know if you get it downgraded.

for sure bro! , i let you know if it works or not

 

[Dar55x]

I'm having the same problem with the "could not find keyblob_key source_xx" error.
Everything else worked so far, but not this for some reason. I'm on 6.1.0 btw, if that matters.

 

[Zaybokk]

I'm having the same problem with the "could not find keyblob_key source_xx" error.
Everything else worked so far, but not this for some reason. I'm on 6.1.0 btw, if that matters.

have a question guys, any help would be appreciated thanks..
here's my question:
are the switch console keys in which format??
any seen this anywhere yet??..
example:
NTLM, MD2, MD4, MD5, MD6-128 , RipeMD-128, Hexidecimal , decimal, .. etc. etc..
i think it may be NTLM , but not sure on that though??...

 

[shchmue]

have a question guys, any help would be appreciated thanks..
here's my question:
are the switch console keys in which format??
any seen this anywhere yet??..
example:
NTLM, MD2, MD4, MD5, MD6-128 , RipeMD-128, Hexidecimal , decimal, .. etc. etc..
i think it may be NTLM , but not sure on that though??...

most are just keys for use with AES-ECB: https://switchbrew.org/wiki/Cryptosystem

 

[Teclo]

I followed the steps but I didn't get "BCPKG2-1-Normal-Main", I have "BOOT0", "BOOT1" and "rawnand.bin" then an empty folder called "restore".

 

[shchmue]

I followed the steps but I didn't get "BCPKG2-1-Normal-Main", I have "BOOT0", "BOOT1" and "rawnand.bin" then an empty folder called "restore".

then you didn't choose "Backup eMMC SYS" in hekate