Hacking RELEASE CertNXtractionPack - Get your Switch cert from a NAND dump!

SocraticBliss · Sep 14, 2018

Which key is which?

Code:

rsa_private_kek_generation_source = uhx('EF2CXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
master_key_00 = uhx('C2CAAXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
key_x = uhx('7F5BXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
key_y = uhx('9A38XXXXXXXXXXXXXXXXXXXXXXXXXXXX')

rsa_private_kek_generation_source = aes_kek_generation_source ??
master_key_00 = master_key_00 ??
key_x = ??
key_y = ??

In file keys.txt by hekate_ctcaer_4.0

Code:

secure_boot_key =
tsec_key =
keyblob_mac_key_source =
keyblob_key_source_00 =
master_key_source =
keyblob_key_source_01 =
keyblob_key_source_02 =
keyblob_key_source_03 =
keyblob_key_source_04 =
keyblob_key_00 =
keyblob_key_01 =
keyblob_key_02 =
keyblob_key_03 =
keyblob_key_04 =
keyblob_mac_key_00 =
keyblob_mac_key_01 =
keyblob_mac_key_02 =
keyblob_mac_key_03 =
keyblob_mac_key_04 =
keyblob_00 =
keyblob_01 =
keyblob_02 =
keyblob_04 =
master_key_00 =
master_key_01 =
master_key_02 =
master_key_03 =
master_key_04 =
package1_key_00 =
package1_key_01 =
package1_key_02 =
package1_key_03 =
package1_key_04 =
package2_key_source =
aes_kek_generation_source =
titlekek_source =
package2_key_00 =
package2_key_01 =
package2_key_02 =
package2_key_03 =
package2_key_04 =
titlekek_00 =
titlekek_01 =
titlekek_02 =
titlekek_03 =
titlekek_04 =
aes_key_generation_source =
key_area_key_application_source =
key_area_key_ocean_source =
key_area_key_system_source =
sd_card_kek_source =
sd_card_save_key_source =
sd_card_nca_key_source =
header_kek_source =
header_key_source =
encrypted_header_key =
header_key =
key_area_key_application_00 =
key_area_key_application_01 =
key_area_key_application_02 =
key_area_key_application_03 =
key_area_key_application_04 =
key_area_key_ocean_00 =
key_area_key_ocean_01 =
key_area_key_ocean_02 =
key_area_key_ocean_03 =
key_area_key_ocean_04 =
key_area_key_system_00 =
key_area_key_system_01 =
key_area_key_system_02 =
key_area_key_system_03 =
key_area_key_system_04 =

Only master_key_00 is in that list

The others aren't in that list, google the names of the keys for a hint...

shchmue · Sep 14, 2018

Rikikoo said:
Well I assume inputted keys are correct, so I don't need to check hashes.
Although come to think of it, one could probably use the built-in INI-file parser.

it has the hashes because it actually extracts the keys from the binaries where they reside. it scans the whole file, hashing everything until it finds them. just saying it also uses dicts.

joe rawket · Sep 15, 2018

This is all great work!

I used your latest scripts and have 3 files: certificate.pem, privatekey.pem and nx_tls_client_cert.pfx.

So how do I get nx_tls_client_cert.pem from this? Do I just rename one of these files?

SocraticBliss · Sep 15, 2018

joe rawket said:
This is all great work!

I used your latest scripts and have 3 files: certificate.pem, privatekey.pem and nx_tls_client_cert.pfx.

So how do I get nx_tls_client_cert.pem from this? Do I just rename one of these files?

Crap... maybe I should not delete that file... okay, just edit the .cmd and remove the line that deletes that file at the end

joe rawket · Sep 15, 2018

That worked! Thanks! CDNSP here I come!

SocraticBliss said:
Crap... maybe I should not delete that file... okay, just edit the .cmd and remove the line that deletes that file at the end

SocraticBliss · Sep 15, 2018

joe rawket said:
That worked! Thanks! CDNSP here I come!

Glad you found it useful!

EDIT: I have fixed up the keys implementation and added something similar to @Rikikoo's comment! Thanks again!

EDIT: Refer to latest update

NEO-BAHAMUT- · Sep 15, 2018

Can someone give me a quick noob tutorial how to use this?

NEO-BAHAMUT- · Sep 16, 2018

So I now have my ProdInfo.bin partition. Can someone explain how I get the certs from it?

magico29 · Sep 16, 2018

do you read Spanish? if yes take a look at this,if not get a translator.
you wont find anything like that.

xzena · Sep 21, 2018

i've been trying for whole night and always got same error "master_key_00 was not found in keys.txt!" can u make cert file for me? i will send you my PRODINFO.bin

SocraticBliss · Sep 21, 2018

xzena said:
i've been trying for whole night and always got same error "master_key_00 was not found in keys.txt!" can u make cert file for me? i will send you my PRODINFO.bin

Did you replace the 32 F's with the proper master_key_00? You have to do that before running the script...

xzena · Sep 21, 2018

SocraticBliss said:
Did you replace the 32 F's with the proper master_key_00? You have to do that before running the script...

yes i do it exactly like your tutorial

Nakhalyptus · Sep 26, 2018

when i open the 00, it closes automatically..

Laja X · Sep 26, 2018

Hi guys. I try to figure this out, using the latest package, that is need only keys.txt and prodinfo.bin.
I got keys.txt from latest kezplez on fw ver 6.0, and a prodinfo from nand with the latest Hekate CTCaer.
Im stuck in first, when Im need editing keys.txt with my keys... :/
Looks like my latest dumps not enough to generate my certification.cert.

SocraticBliss · Sep 26, 2018

Laja X said:
Hi guys. I try to figure this out, using the latest package, that is need only keys.txt and prodinfo.bin.
I got keys.txt from latest kezplez on fw ver 6.0, and a prodinfo from nand with the latest Hekate CTCaer.
Im stuck in first, when Im need editing keys.txt with my keys... :/
Looks like my latest dumps not enough to generate my certification.cert.

kezplez doesn't generate these keys, you would have to get it from somewhere else, I would suggest google...

Otherwise, maybe I could create another version that generates these keys if you provide the required seeds... it's something I could think about

Laja X · Sep 26, 2018

SocraticBliss said:
kezplez doesn't generate these keys, you would have to get it from somewhere else, I would suggest google...

Otherwise, maybe I could create another version that generates these keys if you provide the required seeds... it's something I could think about

I will follow your tutorial, how to dump my keys with bisdump. My prodinfo dump is usable from Hekate?
Thanks in advance.

SocraticBliss · Sep 26, 2018

Laja X said:
I will follow your tutorial, how to dump my keys with bisdump. My prodinfo dump is usable from Hekate?
Thanks in advance.

Dump your NAND with Hekate.
Open your NAND backup in HacDiskMount.
Double-click on PRODINFO.
Input your BIS Keys.
Click Save then Test.
Dump to File the PRODINFO.bin to your working directory (where the python script and cmd script is).
Ensure your keys.txt file is updated.
Double-click on the cmd script.

13javier · Sep 27, 2018

I just finish to create my file, but the result when I tried to use it is a need a new certificate. How is that possible?

Thanks in advance.

Laja X · Sep 27, 2018

I spend more of 6 hour to read this 15 page, over and over again.
Im got the proper PRODINFO.bin, all the bis keys, but how to hell obtain proper keys.txt to finaly run down the -cmd?
Some sort of 32 binary Hactool output, but the corresponding exe just run down, and closing.
Any help please?

SocraticBliss · Sep 27, 2018

Laja X said:
I spend more of 6 hour to read this 15 page, over and over again.
Im got the proper PRODINFO.bin, all the bis keys, but how to hell obtain proper keys.txt to finaly run down the -cmd?
Some sort of 32 binary Hactool output, but the corresponding exe just run down, and closing.
Any help please?

http://lmgtfy.com/?q=Nintendo+Switch+keys.txt+hactool+file

Hacking RELEASE CertNXtractionPack - Get your Switch cert from a NAND dump!

Well-Known Member

Developer

Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

New Member

Well-Known Member

New Member

Member

Active Member

Well-Known Member

Active Member

Well-Known Member

New Member

Active Member

Well-Known Member

Similar threads

Popular threads in this forum