Lockpick_RCM payload - Official Thread


Description

Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage
  • Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
  • Upon completion, keys will be saved to /switch/prod.keys on SD
  • If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)
Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues
  • Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly
 

Attachments

  • AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    11.2 KB · Views: 0
Last edited by shchmue,

Masana

Well-Known Member
Member
Joined
Aug 12, 2016
Messages
108
Trophies
0
XP
2,212
Country
France
Hello,
thank you very much for this payload,
i wanted to know, i get an error when launching tinfoild: BAD KEY HASH: master key 07 etc. can you help me please correct this error?
thanks in advance

--------------------- MERGED ---------------------------

I wanted to clarify that I am in 7.01 I got 126 key with the payload
 
  • Like
Reactions: Deleted User

shchmue

Developer
OP
Developer
Joined
Dec 23, 2013
Messages
791
Trophies
1
XP
2,367
Country
United States
Hello,
thank you very much for this payload,
i wanted to know, i get an error when launching tinfoild: BAD KEY HASH: master key 07 etc. can you help me please correct this error?
thanks in advance

--------------------- MERGED ---------------------------

I wanted to clarify that I am in 7.01 I got 126 key with the payload
that is a problem with that program, not Lockpick. make sure it's up to date, if it still fails check with the maintainer.
 
  • Like
Reactions: natkoden

starburst

Well-Known Member
Member
Joined
Apr 15, 2017
Messages
158
Trophies
0
XP
286
Country
Spain
yes that's the count for 7.x

though I'd caution generally not to be too focused on key count as long as you have those you need. for example, consoles on 6.2.0 can dump a master kek and tsec root key that can't be dumped on any other firmware but those are just intermediate calculations and aren't as important as their result for anyone using this software
Thank you for this application.
I just dumped my keys on 6.2.0 / Atmosphere 0.8.5 and the application informed that 126 keys had been obtained (no error messages were displayed.) Upon opening the prod.keys file, it contains 122 lines. though.
Per your message, I assume that the count is correct. I understand that purpose is more important than count, but I do not even know what keys to look for, I only got them for safety.
 
Last edited by starburst,

shchmue

Developer
OP
Developer
Joined
Dec 23, 2013
Messages
791
Trophies
1
XP
2,367
Country
United States
Thank you for this application.
I just dumped my keys on 6.2.0 / Atmosphere 0.8.5 and the application informed that 126 keys had been obtained (no error messages were displayed.) Upon opening the prod.keys file, it contains 122 lines. though.
Per your message, I assume that the count is correct. I understand that purpose is more important than count, but I do not even know what keys to look for, I only got them for safety.
that's weird, it only increments the key counter if it successfully writes the key to the buffer hrrmmmm
 

starburst

Well-Known Member
Member
Joined
Apr 15, 2017
Messages
158
Trophies
0
XP
286
Country
Spain
that's weird, it only increments the key counter if it successfully writes the key to the buffer hrrmmmm
For different reasons, I decided to start over and restored the console to its factory settings and formatted the SD card. After my first boot, I ran Lockpick RCM; this time it printed that 122 keys had been acquired and the text file indeed consists of 122 lines.
 
  • Like
Reactions: shchmue

ChaosEnergy

Well-Known Member
Member
Joined
Jul 11, 2009
Messages
201
Trophies
0
XP
215
Country
Gambia, The
hi
i m using sx os (please no complaints,was the easiest way for an old man)
i know they have a payload option, and i read not to use it

but i have a dongle with several folders to inject paylaods..
will this be fine?
 

Muxi

Well-Known Member
Member
Joined
Jun 1, 2016
Messages
605
Trophies
0
Age
52
XP
2,091
Country
Germany
hi
i m using sx os (please no complaints,was the easiest way for an old man)
i know they have a payload option, and i read not to use it

but i have a dongle with several folders to inject paylaods..
will this be fine?
The magic word is Argon-NX or Payload Launcher! If you use SX OS 2.6.1, you can copy the folders from the attachment to your SD card and reboot from the album into the payload of your choice!
 

Attachments

  • Reboot_Ultimate-Pack.zip
    2.8 MB · Views: 292
Last edited by Muxi,

markmcrobie

Well-Known Member
Member
Joined
May 24, 2008
Messages
623
Trophies
0
XP
1,247
I've used WebFuseeLauncher and TegraRCMSmash to inject Lockpick_RCM.bin, and I have the sept folder on root of my SD, but as soon as it says Payload successfully injected, nothing happens. Switch screen stays blank, and when I take out the SD and look, there's no prod.keys generated.

I'm on 7.0.1
 

shchmue

Developer
OP
Developer
Joined
Dec 23, 2013
Messages
791
Trophies
1
XP
2,367
Country
United States
I've used WebFuseeLauncher and TegraRCMSmash to inject Lockpick_RCM.bin, and I have the sept folder on root of my SD, but as soon as it says Payload successfully injected, nothing happens. Switch screen stays blank, and when I take out the SD and look, there's no prod.keys generated.

I'm on 7.0.1
Try putting Lockpick_RCM.bin on SD in bootloader/payloads and chainload it from Hekate
 

EmeraldB

Member
Newcomer
Joined
Sep 8, 2016
Messages
17
Trophies
0
Age
34
XP
94
Country
United States
When I launch the payload using Hecate, it just shows this screen and freezes and doesn't give me any keys.
 

Attachments

  • IMG_20190412_170150.jpg
    IMG_20190412_170150.jpg
    1.5 MB · Views: 230

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • ZeroT21 @ ZeroT21:
    it wasn't a question, it was fact
  • BigOnYa @ BigOnYa:
    He said he had 3 different doctors apt this week, so he prob there. Something about gerbal extraction, I don't know.
    +1
  • ZeroT21 @ ZeroT21:
    bored, guess i'll spread more democracy
  • LeoTCK @ LeoTCK:
    @K3Nv2 one more time you say such bs to @BakerMan and I'll smack you across the whole planet
  • K3Nv2 @ K3Nv2:
    Make sure you smack my booty daddy
    +1
  • LeoTCK @ LeoTCK:
    telling him that my partner is luke...does he look like someone with such big ne
    eds?
  • LeoTCK @ LeoTCK:
    do you really think I could stand living with someone like luke?
  • LeoTCK @ LeoTCK:
    I suppose luke has "special needs" but he's not my partner, did you just say that to piss me off again?
  • LeoTCK @ LeoTCK:
    besides I had bigger worries today
  • LeoTCK @ LeoTCK:
    but what do you know about that, you won't believe me anyways
  • K3Nv2 @ K3Nv2:
    @BigOnYa can answer that
  • BigOnYa @ BigOnYa:
    BigOnYa already left the chat
  • K3Nv2 @ K3Nv2:
    Biginya
  • BigOnYa @ BigOnYa:
    Auto correct got me, I'm on my tablet, i need to turn that shit off
  • K3Nv2 @ K3Nv2:
    With other tabs open you perv
  • BigOnYa @ BigOnYa:
    I'm actually in my shed, bout to cut 2-3 acres of grass, my back yard.
  • K3Nv2 @ K3Nv2:
    I use to have a guy for that thanks richard
  • BigOnYa @ BigOnYa:
    I use my tablet to stream to a bluetooth speaker when in shed. iHeartRadio, FlyNation
  • K3Nv2 @ K3Nv2:
    While the victims are being buried
  • K3Nv2 @ K3Nv2:
    Grave shovel
  • BigOnYa @ BigOnYa:
    Nuh those goto the edge of the property (maybe just on the other side of)
  • K3Nv2 @ K3Nv2:
    On the neighbors side
    +1
  • BigOnYa @ BigOnYa:
    Yup, by the weird smelly green bushy looking plants.
    K3Nv2 @ K3Nv2: https://www.the-sun.com/news/10907833/self-checkout-complaints-new-target-dollar-general-policies...