Toggle sidebar

Front-page Hacking RELEASE  Updated

Lockpick_RCM payload - Official Thread


Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage
  • Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
  • Upon completion, keys will be saved to /switch/prod.keys on SD
  • If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)
Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues
  • Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly
 

Attachments

  • AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    11.2 KB · Views: 0
Last edited by shchmue,
  • Like
Reactions: SnowStormAkikaze, FanNintendo, Deleted member 753700 and 78 others
Click to expand...
bth said:
I've decided to see if I cannot add a new key derivation path similar to my other projects into lockpick_rcm;

what this does differently compared to what lockpick_rcm did before, is it reads and decrypts the nca headers, identifies system update and the fat32 filesystem nca;
then checks the key revision used in the system update (as FS always master key 0), and compares it against what lockpick already knows about.

if it's lower or equal, lockpick does nothing new.

if it's higher, it attempts to decrypt the FS .nca, finding /nx/package1, decrypts it (hovi kek tsec keygen has also been added because of this), searches for magic to find where master_kek_source is stored;

then processes the new keys for that keygen revision using the master kek source found.


the intent of this change is for lockpick rcm to be able to get the newest keys without lockpick rcm requiring an update to do so, however updating lets the keys generated into prod.keys have example:

_15
_16
_17

instead of lacking updates and a hypothetical list (essentially a gap):

_15
_17

https://github.com/borntohonk/Lockpick_RCMaster/releases/download/test/Lockpick_RCM_current.bin
https://github.com/borntohonk/Lockpick_RCMaster/releases/download/test/Lockpick_RCM_subtracted.bin (latest generation commented out)


I have these two binaries, which needs testing on an actual system, because i'm bit unsure if the codepath is triggered as it currently is, or if i need to add a +1

https://github.com/borntohonk/Lockpick_RCMaster/commit/35f2dd852f3266aa40b0dde77eb8b9e82887f884
Click to expand...
Wow mate, great work.

I just propposed a PR with some minor format changes and the addition of 1TB+ sd cards support.
 
impeeza said:
Wow mate, great work.

I just propposed a PR with some minor format changes and the addition of 1TB+ sd cards support.
Click to expand...
i have zero intention of maintaining lockpick, the intention behind the commit/work done so far is to produce a version which no longer needs to be manually updated.

i will be sending a PR upstream to thzoria master and a duplicate PR to lockpick PRO after someone has tested and verified if it emits it or not:
https://github.com/borntohonk/Lockpick_RCMaster/releases/download/test/Lockpick_RCM_current.bin
https://github.com/borntohonk/Lockpick_RCMaster/releases/download/test/Lockpick_RCM_subtracted.bin (latest generation commented out)


basically, if it prints:
"Key generation up to date."
or
"New keys derived for master_key_%02x"


if both versions say "New keys derived for master_key_%02x" then i have to add a +1.

and if the prod.keys output has master_key_15 (especially for "Lockpick_RCM_subtracted.bin" as that one has the hardcoded key sources commented out)

(obviously test console needs a firmware version of 22.0.0 or higher, as i only commented out the latest key generation)

C: 
    new_gen_keys_t new_keys = {0};
    int new_gen_mkr = 0;
    int key_gen_result = extract_new_gen_keys(keys, &new_keys, &new_gen_mkr);
    if (key_gen_result > 0) {
        gfx_printf("%kNew keys derived for master_key_%02x\n", colors[(color_idx++) % 6], new_gen_mkr);
        if (new_gen_mkr > CURRENT_KEY_GENERATION + 1)
            EPRINTFARGS("Warning: master_kek_source missing for revisions %02x-%02x.", CURRENT_KEY_GENERATION + 1, new_gen_mkr - 1);
    } else if (key_gen_result == 0) {
        gfx_printf("%kKey generation up to date.\n", colors[(color_idx++) % 6]);
    }
 
Last edited by bth,
  • Like
Reactions: Tyvar1 and impeeza
duckbill007 said:
Am I right that HOS contains only last (current) master kek source? In that case how does it derives older keys?
Click to expand...
if i get a confirmation that this works, i will be refactoring lockpick's key derivation process

but the tl:dr is lockpick (currently, wont after refactor) gets the tsec root key from the keyslot after running the atmosphere tsec keygen payload, and uses that root key (tsec_root_key_02) with key for all keys above 0A (with the master_kek_sources)

it only needs to decrypt one key that way (tsec_root_key + master_kek_source)

it then uses that derived master_kek with master_key_source to get master_key_0a,

then decrypts these, that lockpick calls vectors, which is just the previous master key encrypted by the current master key, then it recursively decrypts down to _00


basically, this change of mine is to make new keys appear even if no update was made to lockpick, and the gap as i explained if not maintained


https://github.com/borntohonk/Lockpick_RCMaster/blob/main/source/keys/key_sources.inl#L60-L80

here's the logic in my crypto example
https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/crypto.py#L319-L352

and the full populated master key list
https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/crypto.py#L206-L211


tl:dr lockpick uses the embedded master_kek_sources, nothing from HOS currently.
 
Last edited by bth,
  • Love
Reactions: impeeza
forgotten-865 said:
Which option should I use for EmuMMC, Dump from SysNAND or Dump from EmuNAND ?

Another thing, is there any difference between versions of locjpick? I'm using this

https://github.com/THZoria/Lockpick_RCMaster
Click to expand...
For the side of the production keys booth should be the same, the difference should be on the installed games keys, each *NAND has a different set of keys.
 
  • Like
Reactions: forgotten-865

Site & Scene News

Go to forum More news

Popular threads in this forum

Feedback Homebrew  Essential Homebrew

Homebrew Homebrew game  GTA: Chinatown Wars - Switch port

Homebrew Homebrew game  Lego Star Wars: The Complete Saga · Switch Port

Homebrew Homebrew game  Half Life 2 (Source Engine) - Switch Port

Homebrew Homebrew game Project  So... Dan didn't want to reveal his Vulkan, so I made mine.

running 20.5 Is it worth upgrading my firmware...?

Homebrew Homebrew game  Final Fantasy IV 3D Remake - Switch port

Hacking Hardware Misc  Yo chat! I'm I cooked?