Hacking Switch: Extract keys.txt/prod.keys from a NAND dump

[iCRON]

Can i extract the keys.txt/prod.keys fom a NAND dump? I unable to dump the keys with LockpickRCM and so i can't use the manual ChoiDujour Downgrade. I have a clean dump in 14 parts. I have biskeys backup too in the "automatic_backup" folder. Or is there a other method i can try it to get keys.txt/prod.keys? Can i unbrick my console anymore in this situation now? Or it was too late?

 

[issayloki]

Can i extract the keys.txt/prod.keys fom a NAND dump? I unable to dump the keys with LockpickRCM and so i can't use the manual ChoiDujour Downgrade. I have a clean dump in 14 parts. I have biskeys backup too in the "automatic_backup" folder. Or is there a other method i can try it to get keys.txt/prod.keys? Can i unbrick my console anymore in this situation now? Or it was too late?

Op why do you need to downgrade?. LockpickRCM is the easy way of getting all the keys. You did meantion that lockpickRCM is not working, mind to tell us why it not working for you?.

 

[iCRON]

Op why do you need to downgrade?. LockpickRCM is the easy way of getting all the keys. You did meantion that lockpickRCM is not working, mind to tell us why it not working for you?.

My console bricked after my NAND restore and i haven't dump the keys before the brick. If i use LockpickRCM i don't getting the full keys because some says "corrupted". If i use there on ChoiDujour(no NX) it says "FAIL! Invalid NCA Header. Are keys correct?" = corrupted prod.keys from LockpickRCM. And my Backup wasn't working. So i have only the PC Downgrade method but without the keys i can't rebulit my NAND

 

[F4mouZSt4r]

you only need specific keys, when u have keys inside the keys.txt file which ChiDujour dont want he will say that

you only need these keys, ofc replace the X with the real numbers/letters

master_key_00 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_01 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_02 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_03 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_04 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_05 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

header_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
aes_kek_generation_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
aes_key_generation_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_application_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_ocean_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_system_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package2_key_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

[iCRON]

you only need specific keys, when u have keys inside the keys.txt file which ChiDujour dont want he will say that

you only need these keys, ofc replace the X with the real numbers/letters

master_key_00 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_01 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_02 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_03 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_04 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_05 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

header_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
aes_kek_generation_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
aes_key_generation_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_application_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_ocean_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_system_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

I opened my keys.txt and there are all these keys already inserted but the situation won't change. Same error before you reply[/QUOTE]

 

[F4mouZSt4r]

check for right order/formatting

 

[Boydy86]

If I remember right, this fails if your key file has keys that are unneeded. I think the error should tell you which keys it doesn't recognise. (remove that line from key.txt)

 

[F4mouZSt4r]

If I remember right, this fails if your key file has keys that are unneeded. I think the error should tell you which keys it doesn't recognise. (remove that line from key.txt)

I already said that but yeah

 

[hell_night]

I already said that but yeah

Were you able to resolve your problem? I was just doing the same thing and got it done now using my second switch keys. It was a little tedious without much documentation on the issues. If you need help, DM me bro.

 

[F4mouZSt4r]

I know how to do it.
I don't need any help, thx anyway.

Stay healthy

 

[Canna]

@F4mouZSt4r

as The OP Said

My console bricked after my NAND restore and i haven't dump the keys before the brick. If i use LockpickRCM i don't getting the full keys because some says "corrupted"

The console is bricked.. Master keys etc are f***king useless he needs his biskeys to restore not master keys etc..


@MK7Hax1811
You need to restore a nand backup that was good and working. with hekate, hekate does not need emmc to boot..
Restore your old nand image and the matching boot0/1 and aslong as you launch again with hekate to OFW you should get back in , hekate bypasses fuse check so will load old version of system.

And if you want keys, after you have a bootable nand.. Use LockpickRCM and load in rcm mode. This will give you soft decrypt keys and biskeys

 

[F4mouZSt4r]

@F4mouZSt4r

as The OP Said



The console is bricked.. Master keys etc are f***king useless he needs his biskeys to restore not master keys etc..

For manual downgrade u need the switch keys, not BISKeys

 

[Canna]

For manual downgrade u need the switch keys, not BISKeys

He is bricked no manual downgrade, with choidujourNX. Cant boot so no homebrew COME ON NOW !

 

[F4mouZSt4r]

Manual downgrade is also possible with ChoiDujour so yeah no homebrew needed

 

[Tafich]

Did you manage to fix this? I'm in a similar situation. I restored to a corrupted nand (only pkg2 is corrupted) and I get pkg2 decryption error every time I try to boot on CFW, OFW or dump my prod.keys with lockpick.

I was instructed by Ctcaer to rebuild my mmc but my prod.key file is corrupted as it shows the same error (Invalid NCA header). Do a downloaded prod.keys would serve me at all?

What can I do guys?? Is there another way to solve this? I guess I'm in need of someone talented.

 

[Olmectron]

Did you manage to fix this? I'm in a similar situation. I restored to a corrupted nand (only pkg2 is corrupted) and I get pkg2 decryption error every time I try to boot on CFW, OFW or dump my prod.keys with lockpick.

I was instructed by Ctcaer to rebuild my mmc but my prod.key file is corrupted as it shows the same error (Invalid NCA header). Do a downloaded prod.keys would serve me at all?

What can I do guys?? Is there another way to solve this? I guess I'm in need of someone talented.

I think I could try helping you.

 

[Tafich]

I would love to and truly appreciate it. On your command!

 

[Olmectron]

I would love to and truly appreciate it. On your command!

Sent you a PM.

 

[Canna]

Did you manage to fix this? I'm in a similar situation. I restored to a corrupted nand (only pkg2 is corrupted) and I get pkg2 decryption error every time I try to boot on CFW, OFW or dump my prod.keys with lockpick.

I was instructed by Ctcaer to rebuild my mmc but my prod.key file is corrupted as it shows the same error (Invalid NCA header). Do a downloaded prod.keys would serve me at all?

What can I do guys?? Is there another way to solve this? I guess I'm in need of someone talented.

Do as Ctcaer says.

Choidujour.exe will say invalid keys or show warnings. Delete the keys that are warned about from your prod.key /key file etc.
And choidujour will move and process ya fw package.

When you use hacdiskmount to push the files to the switch make sure you test and save entorpy, (Enter the biskeys in the correct boxes

 

[ragnahawk]

I’m trying to recover data from a decimated switch. And this feels like a start, but I need to understand more. Is there a primer for how the keys are stored and what they are used for? I’ve figured you can’t just yank the chip board out of one switch and plop it into another because it’s encrypted with keys that may be situated elsewhere on the machine, but where they are and if they’re even accessible given the damage to my device is what I’m trying to figure out.