Toggle sidebar

Front-page Hacking RELEASE  Updated

Lockpick_RCM payload - Official Thread


Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage
  • Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
  • Upon completion, keys will be saved to /switch/prod.keys on SD
  • If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)
Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues
  • Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly
 

Attachments

  • AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    11.2 KB · Views: 0
Last edited by shchmue,
  • Like
Reactions: FanNintendo, Deleted member 753700, DefenderOfHyrule and 77 others
Click to expand...
impeeza said:
I only have a Erista console and with that I was able to dump 260 Keys includeing 15 ones
Click to expand...
lol. Just dumped it on my erista, and got all 260 keys. And I haven't updated my erista yet at all. sys OR emu...

And reboot to RCM works. No idea what Codi1138 is talking about. Thinks it crashed because it was a black screen? That's what happens when you reboot to RCM, and the system is waiting for a payload (insert dongle or send with tegraRCMsmash, etc...)
 
Last edited by urherenow,
  • Love
Reactions: impeeza
impeeza said:
@Zoria Look at this code, on the file HOS.H you and me have some keys different from the Firmwares 20 and 21 and I just rechecked the values from Atmosphère code and seems yours are mistaken
View attachment 562891
Click to expand...

So are you saying something is wrong with the build you were referencing (which is the same as latest 1.9.19 from his git)? If so, then which proper release to use? It gets confusing for me when there's the Zoria git, the Kofyag git, and your 'DecScots' git & they all seem to have different commits/changes.
Post automatically merged:

@impeeza @Zoria

Comments please, on my above post? To me it appears Impeeza though something is not correct with Zorias keys for FW 20 and 21. So which release from the mentioned gits is 'proper'?
 
Last edited by VioletRose,
VioletRose said:
So are you saying something is wrong with the build you were referencing (which is the same as latest 1.9.19 from his git)? If so, then which proper release to use? It gets confusing for me when there's the Zoria git, the Kofyag git, and your 'DecScots' git & they all seem to have different commits/changes.
Post automatically merged:

@impeeza @Zoria

Comments please, on my above post? To me it appears Impeeza though something is not correct with Zorias keys for FW 20 and 21. So which release from the mentioned gits is 'proper'?
Click to expand...
I usually use Impeeza's Descots fork. If you want to verify if keys are being generated correctly, the place to look (in the absence of having an e-shop title built with the latest key) is the Atmosphere source. That's what most of us non-devs use to update Lockpick on our own, when being impatient.
 
  • Love
  • Like
Reactions: VioletRose and impeeza
Zoria said:
If there are any errors in my source code, feel free to fix them.
I don't have much time right now to work on this project.
I only have time to work on SwitchTools a little bit.
Click to expand...
Submitted a pull request for the fix. I hope you have time to merge because I don't really feel comfortable having a fork of a DMCAd project under my name. I want to delete it as soon as it's merged.
 
  • Like
  • Haha
Reactions: Zoria, impeeza and Blythe93
urherenow said:
Submitted a pull request for the fix. I hope you have time to merge because I don't really feel comfortable having a fork of a DMCAd project under my name. I want to delete it as soon as it's merged.
Click to expand...
I'm really sorry for the lack of time I've been able to devote to LockPick. I'm short on time, and given what's been going on in the scene lately, I'd rather be doing something else.
I've merged the PR :)
 
  • Like
Reactions: Tyvar1, urherenow, Blythe93 and 2 others
For lockpick would it be possible to dump prod and title keys from a newer firmware 22.1 switch and place them on a older firmware switch like 20.5 where the files are normally located to run newer games without updating?
 
cvskid said:
For lockpick would it be possible to dump prod and title keys from a newer firmware 22.1 switch and place them on a older firmware switch like 20.5 where the files are normally located to run newer games without updating?
Click to expand...
the keys dump have two types of keys on it, generic ones, which are the same for all consoles ever made and console specific ones which are needed to read console's own encrypted filesystem.
 
  • Like
Reactions: Tyvar1, Blythe93 and cvskid
cvskid said:
For lockpick would it be possible to dump prod and title keys from a newer firmware 22.1 switch and place them on a older firmware switch like 20.5 where the files are normally located to run newer games without updating?
Click to expand...
The keys aren't what makes a game require newer firmware. It's just a setting that most installers can alter when you install them. If you run the latest lockpick without updating your firmware, you'd still get all of the latest keys. They are derived, not embedded (lockpick doesn't extract them directly from the firmware, it calculates them, and the updated numbers it uses to calculate them, is what gets embedded into lockpick... thus your firmware version doesn't matter for "dumping" keys).

The only time a newer game would ACTUALLY require a newer firmware, is when it uses new syscalls that don't exist on the older firmware. So all you need most of the time is to make your installer alter the minimum firmware setting, and have your sigpatches working.
 
Last edited by urherenow,
  • Love
  • Like
Reactions: cvskid and impeeza

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Is it fixable

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Hacking Emulation  Switch Prod Keys downloading from sites okay?