Lockpick_RCM payload - Official Thread

mways345 · Dec 16, 2019

shchmue said:
hrm. Would you be willing to connect on Discord to help me get this working?

Sure, just let me know where I need to go to connect.

cheesyPOOF5 · Dec 20, 2019

I'm having the same issue as the guy in the most recent release thread.

On firmware 9.1.0, sending the payload directly or through Hekate causes an indefinite black screen. I'm available on discord to debug if needed
Thanks for all your work.

EDIT: Formatting my SD card with TegraExplorer seemed to fix this.

djricekcn · Dec 26, 2019

I can't seem to get this work. tried two sd cards, on 9.1 and using sxos. keep getting black screen only even after injected.. tried old fashioned tegrasmash

shchmue · Dec 30, 2019

Fixed mways' issues with new console derivation for BIS keys and titlekeys!
https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.8.1

reman · Jan 1, 2020

Nice.I am looking for this.Thanks for this.

Ozbarnee · Jan 1, 2020

I am also getting the Black Screen when I boot into the Lockpick_RCM. I have tried both the v1.8.0 and 1.8.1 releases, but no luck. Has anyone got any suggestions on things I can try? Would any logs be generated to the SD card? I am running NS-Atmosphere and Hekatev5.0.2. I have also tried getting the keys via Hekate Cosnsole Info -> TSEC Keys and get the message Found pkg1 ('20191021113848') Unknown pkg1 version for reading TSEC Firmware!

Ozbarnee · Jan 1, 2020

Ozbarnee said:
I am also getting the Black Screen when I boot into the Lockpick_RCM. I have tried both the v1.8.0 and 1.8.1 releases, but no luck. Has anyone got any suggestions on things I can try? Would any logs be generated to the SD card? I am running NS-Atmosphere and Hekatev5.0.2. I have also tried getting the keys via Hekate Cosnsole Info -> TSEC Keys and get the message Found pkg1 ('20191021113848') Unknown pkg1 version for reading TSEC Firmware!

My Apologies. I thought I was on the latest hekate version... but I wasn't... All works as expected now.

Manurocker95 · Jan 10, 2020

shchmue said:
Fixed mways' issues with new console derivation for BIS keys and titlekeys!
https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.8.1

I can extract my keys fine. However, they don't seem to work with the new Pokémon Mystery Dungeon. In addition, the generated modification date is 1/1/2020 instead of today, 10/1/2020. Any clues?

9.0.0 keys worked just fine. The problem is with 9.1.0 keys. AMS 0.10.

shchmue · Jan 10, 2020

Manurocker95 said:
I can extract my keys fine. However, they don't seem to work with the new Pokémon Mystery Dungeon. In addition, the generated modification date is 1/1/2020 instead of today, 10/1/2020. Any clues?

9.0.0 keys worked just fine. The problem is with 9.1.0 keys. AMS 0.10.

that game isn’t out yet. you can’t get the titlekey for it until it releases

Manurocker95 · Jan 11, 2020

shchmue said:
that game isn’t out yet. you can’t get the titlekey for it until it releases

You can for the demo. Patching the nsp for 9.0.0 firmware and using that keys, work

shchmue · Jan 11, 2020

Manurocker95 said:
You can for the demo. Patching the nsp for 9.0.0 firmware and using that keys, work

are you saying you’re missing master key 0a? if so you need to update sept

Manurocker95 · Jan 11, 2020

shchmue said:
are you saying you’re missing master key 0a? if so you need to update sept

It is weird because my update is the official one (idc about fuses). When trying 9.1.0 keys i’m getting the mismatch error but using old ones work. I have latest ams and latest sigpatches btw

hiroakihsu · Mar 3, 2020

Sorry for the noobish question but...Now that firmware 9.2 is out, do we need to wait for a new version of Lockpick_RCM to dump keys? Just wanted to make sure before I update...Thx!

shchmue · Mar 5, 2020

There are no new keys, 9.2.0 only increased a numerical session limit in the kernel.

shchmue · Apr 16, 2020

10.0.0 support and bugfix release is ready. There are no new keys past 0a but it is required to dump on 10.0.0
https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.8.2

magico29 · Apr 26, 2020

shchmue said:
Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads

Upon completion, keys will be saved to /switch/prod.keys on SD

If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

i followed the guide and i edited to txt file and opened it, its all empty.

lestat_11 · Apr 26, 2020

Is there a way to dump keys from sxos emunand visible partition on the sd card
As it's running the latest firmware and my system nand is running an old firmware

shchmue · Apr 26, 2020

magico29 said:
i followed the guide and i edited to txt file and opened it, its all empty.

the file you found at switch/prod.keys was empty?

lestat_11 said:
Is there a way to dump keys from sxos emunand visible partition on the sd card
As it's running the latest firmware and my system nand is running an old firmware

i don't know what the repercussions of this are, but i think if you use hekate and choose migrate emunand it'll create the necessary config for lockpick_rcm to proceed

magico29 · Apr 26, 2020

i fixed, thank you very much!!! i supposed to decode my keys first and then create the txt file via notepad.
i flashed the switch and then reinstall everything from 0. Very long and painful process, 90 minutes process. I really appreciate your help, thank you again.

n3o33 · May 2, 2020

hi guys ,
is there a problem with newest lockpick rmc 1.8.2 and switch firmware 10.0.2 ?
after injecting the payload i got a black screen and nothing happens ...

version 1.8.1 will boot and i get the menu , but it failed to extract the keys due to incompatibility with fw 10.0.2

anybody else has the same issue ?

Attachments

Member

Well-Known Member

Well-Known Member

Developer

Member

New Member

New Member

Game Developer & Pokémon Master

Developer

Game Developer & Pokémon Master

Developer

Game Developer & Pokémon Master

SUPREME LURKER OF THE WORLD

Developer

Developer

Well-Known Member

Member

Developer

Well-Known Member

Member

Similar threads

Popular threads in this forum