Lockpick_RCM payload - Official Thread


Description

Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage
  • Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
  • Upon completion, keys will be saved to /switch/prod.keys on SD
  • If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)
Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues
  • Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly
 

Attachments

  • AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    11.2 KB · Views: 0
Last edited by shchmue,

shchmue

Developer
OP
Developer
Joined
Dec 23, 2013
Messages
791
Trophies
1
XP
2,366
Country
United States
Lockpick_RCM now supports firmware 9.1.0. Like in update 9.0.0, the root keys didn't change and so consoles on any version from 8.1.0-9.1.0 will dump all current keys.

Minerva should be updated on SD to use its performance benefits. If the old library is present, Minerva will not activate.

Also corrected bug where SD seed verification vector was being read from sysnand even when dumping keys from emunand.

https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.8.0
 

tomx86

Well-Known Member
Member
Joined
Jun 3, 2015
Messages
778
Trophies
0
Age
38
XP
2,163
Country
Poland
i really dont want to mess around with the sx emunand and mess things up. Any plans on making lockick rcm compatible with sx emunand too ?

Sidenote (and no complaint at all to you!): I really dont understand the hate for SX, every cfw or solution has is right for existence :)
Sure no developer must make their code/developments compatible with any of the choices out there. SX is working great for me as i only play on tv in stationary mode. SX has the advantage of plugging in an external usb drive, so i dont run out of free space on my sd card and i dont need to install stuff. As i said, every solution has is advantages or disadvantages, i just dont understand the hate. It seems people are salty only because you have to pay for it. Its not even expensive. I bought an rcm loader from xkit and only the license. If its good and you like it, then why not pay for it ? I mean you dont complain about ferrari that their cars are expensive or give them out for free right ? :)
Hey, I've had the same problem and I fixed it. I used "hekate 5.1.0" for this:
1. Copy "Lockpick_RCM.bin" to "SDroot/bootloader/payloads/"
2. Lunch hekate in RCM, go to "emuMMC", click on "Migrate emuMMC", and click continue.
3. Mount the switch microSD card to your pc, and create "Emutendo" folder.
4. Move everything from "SDroot/emuMMC/ER00/Nintendo/" to "Emutendo".
5. Copy "raw_based" file from "SDroot/emuMMC/ER00/" to "Emutendo".
6. Edit the "emummc.ini" file in "SDroot/emuMMC/":
from:
[emummc]
enabled=1
sector=0x2
path=emuMMC/ER00
id=0x0000
nintendo_path=emuMMC/ER00/Nintendo

to:
[emummc]
enabled=1
sector=0x2
path=Emutendo
id=0x0000
nintendo_path=Emutendo

7. Put the microSD card back to the console, and run hekate in RCM.
8. Go to "Payloads", chose "Lockpick_RCM", and now you should be able to dump keys from emuNAND, and SX emuNAND will still work.
PS. Don't forget to put the "sept" folder from "Atmosphere" on your microSD card.
 
  • Like
Reactions: SonGoku78

Angelo Spagnol

Well-Known Member
Newcomer
Joined
Jun 21, 2014
Messages
87
Trophies
0
Age
41
Location
Brasília, Brazil
XP
223
Country
Brazil
Guys, i´m in need of keys.txt to use with ChoiDujour PC.Ive ran Lockpick_RCM and it gave me the file prod.keys . That´s not exacly the file i want. Will i be able to get KEYS.TXT using this payload? Or the PROD.KEYS is a file used to get KEYS.TXT? I´m confused.
 

Angelo Spagnol

Well-Known Member
Newcomer
Joined
Jun 21, 2014
Messages
87
Trophies
0
Age
41
Location
Brasília, Brazil
XP
223
Country
Brazil
It's the same file.

Strange because when i try the following command in Choidujour i got all sort of errors:

ChoiDujour.exe --keyset=prod.keys fw

as shown in image bellow:

2dqyKxC


--------------------- MERGED ---------------------------

Well, the image post didnt worked, but basicly the errors are "Failed to match key "bis_key_00","
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
23,207
Trophies
4
Location
Space
XP
13,730
Country
Norway
Strange because when i try the following command in Choidujour i got all sort of errors:

ChoiDujour.exe --keyset=prod.keys fw

as shown in image bellow:

2dqyKxC


--------------------- MERGED ---------------------------

Well, the image post didnt worked, but basicly the errors are "Failed to match key "bis_key_00","
A bunch of the keys have to be removed from the file because some software is badly coded and doesn't know to ignore keys it doesn't need.
 

mways345

Member
Newcomer
Joined
Dec 12, 2019
Messages
6
Trophies
0
Age
34
XP
75
Country
United States
Hello,

When running the latest Lockpick_RCM, I get the following error after trying to dump from SysNAND:
[FatFS] Error: NOFAT
Unable to mount system partition.

I'm not sure what I'm doing wrong. I've been following the NH Switch guide. Everything seems to be running okay and the prods.keys file is saved to my SD card, but when I try to use any of the generated keys with HacDiskMount, they won't work.

I'm on firmware 9.1.0. If anyone could help me out, that would be great!
 

shchmue

Developer
OP
Developer
Joined
Dec 23, 2013
Messages
791
Trophies
1
XP
2,366
Country
United States
Hello,

When running the latest Lockpick_RCM, I get the following error after trying to dump from SysNAND:
[FatFS] Error: NOFAT
Unable to mount system partition.

I'm not sure what I'm doing wrong. I've been following the NH Switch guide. Everything seems to be running okay and the prods.keys file is saved to my SD card, but when I try to use any of the generated keys with HacDiskMount, they won't work.

I'm on firmware 9.1.0. If anyone could help me out, that would be great!
Can you do me a favor and send/attach your fuses dumped from hekate?
 

mways345

Member
Newcomer
Joined
Dec 12, 2019
Messages
6
Trophies
0
Age
34
XP
75
Country
United States
Can you do me a favor and send/attach your fuses dumped from hekate?

I'm not sure if you just wanted the fuses or the kfuses as well since I'm very much a newb at this, so I've attached all the fuses files. Thanks for taking a look at this!
 

Attachments

  • dumps.zip
    1.7 KB · Views: 86

shchmue

Developer
OP
Developer
Joined
Dec 23, 2013
Messages
791
Trophies
1
XP
2,366
Country
United States
I'm not sure if you just wanted the fuses or the kfuses as well since I'm very much a newb at this, so I've attached all the fuses files. Thanks for taking a look at this!
Heh, that's a dev unit isn't it? I'm not sure I can derive keys for those. You can try the attached build if you like, and let me know if it works. What should work though is booting Atmosphere, then using the keys it dumps in atmosphere/automatic_backups/<serial number>_BISKEYS.bin which are stored as binary data, so you'd need to copy the hex strings from a hex editor like HxD
 

Attachments

  • Lockpick_RCM.zip
    79 KB · Views: 148

shchmue

Developer
OP
Developer
Joined
Dec 23, 2013
Messages
791
Trophies
1
XP
2,366
Country
United States
oh, i was reading the wrong fuse file, heh. then i'm not really sure why it's not working. try the atmosphere file or see what Lockpick homebrew dumps for bis keys
 
  • Like
Reactions: mways345

mways345

Member
Newcomer
Joined
Dec 12, 2019
Messages
6
Trophies
0
Age
34
XP
75
Country
United States
oh, i was reading the wrong fuse file, heh. then i'm not really sure why it's not working. try the atmosphere file or see what Lockpick homebrew dumps for bis keys

My Switch is actually the Pokemon Let's Go edition one, but I'm not sure if that has anything to do with anything. The build you attached didn't work, I get the same error message. Lockpick homebrew version 1.2.6 works though and matches the Atmosphere file. As long as one of the Lockpicks works, I'm happy. Thank you again for your help!
 
  • Like
Reactions: shchmue

shchmue

Developer
OP
Developer
Joined
Dec 23, 2013
Messages
791
Trophies
1
XP
2,366
Country
United States
My Switch is actually the Pokemon Let's Go edition one, but I'm not sure if that has anything to do with anything. The build you attached didn't work, I get the same error message. Lockpick homebrew version 1.2.6 works though and matches the Atmosphere file. As long as one of the Lockpicks works, I'm happy. Thank you again for your help!
I just noticed my mistake, would you mind testing this build so I can make sure this gets the BIS keys correctly for others in the future?
 

Attachments

  • Lockpick_RCM.zip
    78.7 KB · Views: 161

mways345

Member
Newcomer
Joined
Dec 12, 2019
Messages
6
Trophies
0
Age
34
XP
75
Country
United States
I just noticed my mistake, would you mind testing this build so I can make sure this gets the BIS keys correctly for others in the future?

Both loading this through hekate and injecting it directly still gives me the system partition error and incorrect keys. Is there a preferred way to launch this?
 

pLaYeR^^

Doctor Switch
Member
Joined
Sep 18, 2014
Messages
3,151
Trophies
1
Age
26
Location
Austria
XP
3,845
Country
Austria
I wanted to dump the keys of my SysNAND (2.1.0) and it says "key generation 0". When I dump, I get keys up to master key 5 but no title keys.
 

shchmue

Developer
OP
Developer
Joined
Dec 23, 2013
Messages
791
Trophies
1
XP
2,366
Country
United States
Both loading this through hekate and injecting it directly still gives me the system partition error and incorrect keys. Is there a preferred way to launch this?
hrm. Would you be willing to connect on Discord to help me get this working?
I wanted to dump the keys of my SysNAND (2.1.0) and it says "key generation 0". When I dump, I get keys up to master key 5 but no title keys.
Yes, that all sounds fine. Do you have any games installed? If not, you have no titlekeys to dump. If you want newer keys, you have to have newer firmware installed.
 
  • Like
Reactions: pLaYeR^^

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Sicklyboy @ Sicklyboy:
    maaaaan that's so awesome but I also don't want to fork over a hundo for it
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
    SylverReZ @ SylverReZ: Its OUR products to begin with lol.