Hacking Sigpatches for Atmosphere (Hekate, fss0, fusee & package3)

impeeza · Saturday at 5:10 AM

svoc said:
Did not think to see if new lockpick was out thought it was discontinued a while back but good to know where to look now

also:

https://gbatemp.net/threads/lockpick_rcm-payload-official-thread.532916/

bth · Saturday at 5:36 AM

svoc said:
Did not think to see if new lockpick was out thought it was discontinued a while back but good to know where to look now

https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/mariko_keygen.py

requirements: python3, hactoolnet, firmware files such as from https://github.com/THZoria/NX_Firmware/
usage:
1. git clone https://github.com/borntohonk/Switch-Ghidra-Guides.git
2. enter Switch-Ghidra-Guides folder
3. create folder named firmware, put .nca's from firmware dump inside of folder named firmware
4. python scripts/mariko_keygen.py

keys for whatever version firmware files you just processed got made. (regardless of how new or old)

There's no reason to use lockpick anymore, it requires maintenance and manual addition of master_kek_sources.

You can in other words, fully generate all keys on pc, just by using mariko_keygen.py and having firmware files.

copypasted from my README.md on the subject

* It will obtain the key source referred to as "mariko_master_kek_source_%%" from the firmware files you've provided, and output to prod.keys or a file location you've designated with -k or --keys.
* This script eliminates the need for "lockpick" of any kind, as long as the user provides firmware files.
* This script works by first extracting the nca containing package1 with master_key_00, then extracting "package1" with the "mariko_bek" (obtainable with the release.nfo for scene release of "Marvel's Spider-Man: Miles Morales" by BigBlueBox), and then proceeds in finding "mariko_master_kek_source_%%", And then transforms "mariko_master_kek_source_%%" using "mariko_kek" to become "master_kek" and subsequently sets off the key derivation chain, using the tool "hactoolnet".
* Usage: do "python scripts/mariko_keygen.py -f folder -k prod.keys" with firmware files present in a folder called firmware, or as supplied with -f or --firmware, or store the keys at another location as supplied with -k or --keys

svoc · Saturday at 6:14 AM

bth said:
https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/mariko_keygen.py

requirements: python3, hactoolnet, firmware files such as from https://github.com/THZoria/NX_Firmware/
usage:
1. git clone https://github.com/borntohonk/Switch-Ghidra-Guides.git
2. enter Switch-Ghidra-Guides folder
3. create folder named firmware, put .nca's from firmware dump inside of folder named firmware
4. python scripts/mariko_keygen.py

keys for whatever version firmware files you just processed got made. (regardless of how new or old)

There's no reason to use lockpick anymore, it requires maintenance and manual addition of master_kek_sources.

You can in other words, fully generate all keys on pc, just by using mariko_keygen.py and having firmware files.

copypasted from my README.md on the subject

* It will obtain the key source referred to as "mariko_master_kek_source_%%" from the firmware files you've provided, and output to prod.keys or a file location you've designated with -k or --keys.
* This script eliminates the need for "lockpick" of any kind, as long as the user provides firmware files.
* This script works by first extracting the nca containing package1 with master_key_00, then extracting "package1" with the "mariko_bek" (obtainable with the release.nfo for scene release of "Marvel's Spider-Man: Miles Morales" by BigBlueBox), and then proceeds in finding "mariko_master_kek_source_%%", And then transforms "mariko_master_kek_source_%%" using "mariko_kek" to become "master_kek" and subsequently sets off the key derivation chain, using the tool "hactoolnet".
* Usage: do "python scripts/mariko_keygen.py -f folder -k prod.keys" with firmware files present in a folder called firmware, or as supplied with -f or --firmware, or store the keys at another location as supplied with -k or --keys

That is cool but can't use it unless it runs on android no PC never needed one I use my phones desktop mode at home to get remote work done and that is I ever needed

SHAM_UAE · Saturday at 10:08 AM

Hi all, i download ps1 games from tinfoil and installed already RetoArch.

when i try to launch the game there is message appear to me saying unable to start software, it was work before with old CFW

impeeza · Saturday at 1:09 PM

svoc said:
That is cool but can't use it unless it runs on android no PC never needed one I use my phones desktop mode at home to get remote work done and that is I ever needed

It's python, runs everywhere!

Post automatically merged: Saturday at 1:16 PM

OrGoN3 said:
atmosphere=1 isn't needed.
You shouldn't be being usb3 enabled all the time. There are reasons why it's disabled by default.

Any update? Any source?

LuigiGad · Saturday at 2:42 PM

impeeza said:
because that version of SYS-Patch was built with another branch of the code which have some additional code, that code is not for everybody use, that is why I removed the binary, now we have very convenient ways to create forwarders which can work on any Atmosphère version there is no point to add extra patches to sys-patch.

you can create such forwarders using https://github.com/mrdude2478/NRO-Forwarder or https://nsp-forwarder.n8.io/.

about tinfoil and Super Mario 64 NSP they are more piracy than homebrew, so no too mucho support is provided. you can switch to alternatives, for tinfoil you can use TinWoo https://github.com/mrdude2478/TinWoo/releases and for super Mario 64 you can create a NRO in a legal way following the instructions on https://gbatemp.net/threads/building-sm64-for-nintendo-switch-from-sm64ex-alo-repository.652092

Post automatically merged: Thursday at 1:24 PM

Hello there, can you please elaborate on this or share with us sources of that information, I really love to learn.

I am pleased to have asked a question that has opened a technical discussion. We all agree on creating forwarders and personally using https://nsp-forwarder.n8.io/ is the best solution. As for the self-installing retroroms usually provided by remote servers through tinfoil I didn't want to talk about piracy, of course, but I was referring to the possibility of installing these retroroms, I'm talking for example about some games for nes that I'm fond of and that fortunately I own the original cartridge. It would be a shame not to implement the portion of code that allows this, so I wonder, in the future sys-patch compiled by you, will it allow this convenience?

svoc · Saturday at 4:48 PM

impeeza said:
It's python, runs everywhere!

Post automatically merged: Saturday at 1:16 PM

Any update? Any source?

Sadly the hacktool crashes every time it can't create the the file because it is missing the module submodule and the one the can be installed on android does not work with it so can't use it oh well android sucks for programming

bth · Saturday at 5:16 PM

svoc said:
Sadly the hacktool crashes every time it can't create the the file because it is missing the module submodule and the one the can be installed on android does not work with it so can't use it oh well android sucks for programming

hactoolnet (which mariko_keygen.py uses, not hactool) is indeed not available for android.

NotUsingAnAltAccount · Saturday at 5:20 PM

You need a PC, Android is not an OS for something like this. Just get a cheap 10” Windows tablet from China. Even something with this old Atom CPU would be more than enough https://www.aliexpress.com/item/1005007252104950.html

Still, I would recommend something with for example N5100 or N100 CPU nowadays and minimum 6/8GB, but you can do simple stuff on the cheapest ones.

svoc · Saturday at 5:20 PM

bth said:
hactoolnet (which mariko_keygen.py uses, not hactool) is indeed not available for android.

My bad autocorrect on hactoolnet

Post automatically merged: Saturday at 5:22 PM

NotUsingAnAltAccount said:
You need a PC, Android is not an OS for something like this. Just get a cheap 10” Windows tablet from China. Even something with this old Atom CPU would be more than enough https://www.aliexpress.com/item/1005007252104950.html

Still, I would recommend something with for example N5100 or N100 CPU noawadays and minimum 6/8GB, but you can do simple stuff on the cheapest ones.

One day I will format the hard drives of the stack of laptops I have and put windows or Linux on them but just don't care or have time for PCs with work and kids my phone and work vm is all I need for now

impeeza · Saturday at 8:54 PM

LuigiGad said:
I'm talking for example about some games for nes that I'm fond of and that fortunately I own the original cartridge. It would be a shame not to implement the portion of code that allows this, so I wonder, in the future sys-patch compiled by you, will it allow this convenience?

bth said:
https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/mariko_keygen.py

requirements: python3, hactoolnet, firmware files such as from https://github.com/THZoria/NX_Firmware/
usage:
1. git clone https://github.com/borntohonk/Switch-Ghidra-Guides.git
2. enter Switch-Ghidra-Guides folder
3. create folder named firmware, put .nca's from firmware dump inside of folder named firmware
4. python scripts/mariko_keygen.py

keys for whatever version firmware files you just processed got made. (regardless of how new or old)

There's no reason to use lockpick anymore, it requires maintenance and manual addition of master_kek_sources.

You can in other words, fully generate all keys on pc, just by using mariko_keygen.py and having firmware files.

copypasted from my README.md on the subject

* It will obtain the key source referred to as "mariko_master_kek_source_%%" from the firmware files you've provided, and output to prod.keys or a file location you've designated with -k or --keys.
* This script eliminates the need for "lockpick" of any kind, as long as the user provides firmware files.
* This script works by first extracting the nca containing package1 with master_key_00, then extracting "package1" with the "mariko_bek" (obtainable with the release.nfo for scene release of "Marvel's Spider-Man: Miles Morales" by BigBlueBox), and then proceeds in finding "mariko_master_kek_source_%%", And then transforms "mariko_master_kek_source_%%" using "mariko_kek" to become "master_kek" and subsequently sets off the key derivation chain, using the tool "hactoolnet".
* Usage: do "python scripts/mariko_keygen.py -f folder -k prod.keys" with firmware files present in a folder called firmware, or as supplied with -f or --firmware, or store the keys at another location as supplied with -k or --keys

Wow master, thanks a lot, will try it this night, but with this method you can get the «generic» keys only, you can not extract the console unique ones, Am I right?

Post automatically merged: Saturday at 8:56 PM

LuigiGad said:
I'm talking for example about some games for nes that I'm fond of and that fortunately I own the original cartridge. It would be a shame not to implement the portion of code that allows this, so I wonder, in the future sys-patch compiled by you, will it allow this convenience?

I got lost, how is not possible to run those games?

For Nintendo if you «OWN» an old cartridge or an old digital copy, that DO NOT ALLOW YOU to emulate on newer systems/consoles because for they emulation is piracy, and yes, they sell old titles on new consoles using emulation, the incoherence!!!

draftguy123 · Saturday at 10:18 PM

Just tried the mariko_keygen.py script, it generates all generic keys except master_kek_source_12.
(FW 19.0.x)

For an Erista V1 switch I assume this key is not needed if all other xxx_12 keys are generated.(?)

impeeza · Saturday at 10:27 PM

draftguy123 said:
Just tried the mariko_keygen.py script, it generates all generic keys except master_kek_source_12.
(FW 19.0.x)

For an Erista V1 switch I assume this key is not needed if all other xxx_12 keys are generated.(?)

you are right the «mariko_master_kek_source_12» is generated, but «master_kek_source_12» was not generated.

The keys do not generated by the script but generated by LockPick on my V1 console are:

bis_key_00 =
bis_key_01 =
bis_key_02 =
bis_key_03 =

device_key =
device_key_4x =
eticket_rsa_kek =
eticket_rsa_kek_source =
eticket_rsa_kekek_source =
eticket_rsa_keypair =

keyblob_00 =
keyblob_01 =
keyblob_02 =
keyblob_03 =
keyblob_04 =
keyblob_05 =
keyblob_key_00 =
keyblob_key_01 =
keyblob_key_02 =
keyblob_key_03 =
keyblob_key_04 =
keyblob_key_05 =

keyblob_mac_key_00 =
keyblob_mac_key_01 =
keyblob_mac_key_02 =
keyblob_mac_key_03 =
keyblob_mac_key_04 =
keyblob_mac_key_05 =

master_kek_00 =
master_kek_01 =
master_kek_02 =
master_kek_03 =
master_kek_04 =

master_kek_source_12 =

package1_key_00 =
package1_key_01 =
package1_key_02 =
package1_key_03 =
package1_key_04 =
package1_key_05 =

save_mac_key =

sd_seed =
secure_boot_key =
ssl_rsa_kek =
ssl_rsa_kek_source =
ssl_rsa_kekek_source =
ssl_rsa_key =

tsec_key =
tsec_root_key_02 =

The ones generated by the script but no by LockPick

bis_key_source_03 =

mariko_bek =
mariko_kek =

master_kek_06 =
master_kek_07 =

save_mac_key_source_00 = (is generated by lockpick as save_mac_key_source)
save_mac_key_source_01 =

save_mac_sd_card_key =

tsec_auth_signature_00 =
tsec_auth_signature_01 =
tsec_auth_signature_02 =

bth · 2024-11-03T10:49:04+0000

I made an entirely python based keygen, provided one fills in mariko_kek, though it suffers same fate as lockpick_rcm in that new master_kek_sources have to be added whenever key revision increases.

https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/aes_sample.py

with https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/aes128.py as a requirement import

Hacking Sigpatches for Atmosphere (Hekate, fss0, fusee & package3)

¡Kabito!

Member

Active Member

Member

¡Kabito!

Well-Known Member

Active Member

Member

Well-Known Member

Active Member

¡Kabito!

Well-Known Member

¡Kabito!

Member

Similar threads

Popular threads in this forum