Tutorial How to get Switch Keys for Hactool/XCI Decrypting

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,202
Trophies
1
Location
127.0.0.1
Website
pragma.pw
XP
4,799
Country
Ireland
This thread is deprecated
For a faster, easier and more up-to-date way of getting keys use Lockpick_RCM by shchmue
If you still want to follow this tutorial and end up with less keys, continue reading the Thread.


WARNING
  • DO NOT GIVE OUT ANY OF YOUR KEYS TO ANYONE! I CANNOT STRESS THAT ENOUGH!
  • DO NOT SHARE YOUR KEYS BETWEEN MULTIPLE SWITCHES THAT YOU DO/DON'T OWN! SOME ARE CONSOLE-UNIQUE
  • DO NOT ASK ME FOR KEYS


LEGEND
  • SBK
    SecureBootKey
  • TSEC
    Tegra Security Co-processor Key
  • eMMC
    Embedded MultiMediaCard (Switch's Onboard Storage)


GOAL
End up with 83+ keys including SBK and TSEC keys. Get Master Key's 0-5. (Master Keys 6 onwards is not done in this tutorial)
Reminder, if you want more up-to-date and much more convenient way to get your Switch's Keys, use Lockpick by shchmue (available in nx-appstore/homebrew store)


Tutorial — (Outdated for Switch's on firmware 6.x or newer)


#1 - Dumping System Keys (Biskeydump)#2 - Dumping Required Files#3 - Hactool Preparation#4 - Dumping KeysFinal WordsTroubleshooting


  1. We need to get your Secure Boot Key (SBK) and Tegra Security Co-processor Key (TSEC) before we can get the main keys.
    These are 100% console unique.

    1. Download and extract biskeydump.bin from biskeydumpvx.zip
      - Follow this tutorial but instead of using CTCaer's Hekate Mod .bin file, use the biskeydump.bin file
      - If the QR Code is Blue, Scan the QR Code with your Phone, Laptop e.t.c
      - If you cant find a device you can scan with, type them out into your PC/Laptop (Its highly recommended to scan the QR Code, as a lot of characters can look like another, O0, Il, rn can look like m, e.t.c)
    2. Once you have the biskeydump of your System, store all the keys you received somewhere safe, I recommend a secure cloud storage aswell as a USB Stick, perhaps even print it.
      - Don't give this to ANYONE, Seriously.

    If you get any errors please go to the Troubleshooting Tab.


    1. Follow this tutorial AGAIN but this time use CTCaer's Hekate Mod.
      - "Tools" -> "Backup..." -> "Backup eMMC BOOT0/1"
      - "Tools" -> "Backup..." -> "Backup eMMC SYS"
      - Back all the way to the first menu, and choose "Power off"
    2. Take the microSD Card out of your Switch and into your PC.
    3. Copy both "BOOT0" and "BCPKG2-1-Normal-Main" from "sd:/backup/xxxxxx/" (xxxxxx is different for everyone) to "hactool" on your Desktop (create the "hactool" folder)
      - Rename them with .bin at the end, "BOOT0.bin", "BCPKG2-1-Normal-Main.bin"

    1. Download and install Python 2.7.x - NOT Python 3.x.x
      When installing, it will ask you what features you want installed, scroll to the bottom and make sure "Add Python to Path" has "Entire Feature Installed to HDD" option chose (No Red X Icon), otherwise the scripts wont find Python and WILL fail
    2. Download and extract hactool TO THE DESKTOP AND NAME THE FOLDER "hactool"
      On Linux/MacOS: clone and build hactool manually
    3. Right-click this (script originally by tesnos6921, patched by shadowninja108, jakibaki and shchmue)
      - Click "Save link as" / "save as"
      - Set "Save as type" to "All Files"
      - Name it "keys.py"
      And finally save it to the hactool folder you placed in the Desktop.
      NOTICE TO GBATEMP STAFF: The "keys" inside this file, are NOT keys, they are SHA digest hashes used to search through files to find text that matches, which would be the keys.

    1. Press WIN(Btn)+R to open "Run", type "cmd" and press Ctrl+Shift then Enter to open Command Prompt as an Administrator
    2. Type (in order) or Copy the following and paste into Command Prompt (Some Windows Versions use Right Click to Paste, some use CTRL+C)
      python -m pip install --upgrade pip
      pip install lz4
      cd Desktop/hactool

      python keys.py SBK_Here_From_Biskeydump TSEC_Here_From_Biskeydump
    3. It should say: "Now you can do hactool --keyset=keys.txt to use them!", if it does, and there's no warning messages, you're good to go! :O
    If you get any errors please go to the Troubleshooting Tab.

  2. You now have a keys.txt file with your console-specific keys inside.
    Rename as needed by any software that requires a different name or file extension, it doesn't matter.
    Though I highly recommend renaming it to prod.keys as this filename for Key file's is becoming a popular choice with other software
    There may be more keys, as the Switch's lifecycle goes on, more and more keys will be needed as the firmwares grow and grow.
    • The Hactool warning:
      Code:
      [WARN] prod.keys does not exist.
      can be safely ignored.
      - if you want to place your "keys.txt" file their, put "keys.txt" on your Desktop and run the following with Administrator Command Prompt (Step #4.1 for instructions):
      Code:
      mkdir -p %USERPROFILE%\.switch
      move "%USERPROFILE%\Desktop\keys.txt" "%USERPROFILE%\.switch\prod.keys"

  3. #1 ISSUES:
    • Code:
      Red QR Code Outline
      - The reasons this can occur is quite a rarity, all I can say is to keep rebooting and trying again.
      - If there's a new version of biskeydump out, try using the newer biskeydump.bin
    • Code:
      QR Code not being scanned by your Reader
      - Align your QR Code Readers alignment overlay with the Blue Square's Corners/Edges, NOT the QR Code's Corners/Edges.
      - Clean your camera lens
      - Be in a bright room

    #4 ISSUES:
    • Code:
      File "keys.py", line ...
      print message
      ^
      SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?
      - You didn't place SBK and TSEC in the 4th line of the Command in Step #4.2
      - You installed Python 3.x.x when you must use 2.7.x, uninstall python, logout of windows (important it removes python from PATH) and follow Step #3.2 then move back to #4.1
    • Code:
      import lz4.block
      File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
      from ._version import ( # noqa: F401
      ImportError: DLL load failed: The specified module could not be found.
      - The 2nd line of the Command in Step #4.2 failed without you noticing. Try running the 1st line to upgrade pip and if that goes successfully run the 2nd line to install lz4 and see if it successfully installs.
 
Last edited by shchmue,

evans112682

Active Member
Newcomer
Joined
Mar 30, 2009
Messages
26
Trophies
0
Age
39
XP
518
Country
United States
@RISEofProBB I followed the tutorial but your instructions on the keys.ini file are incomplete. Read over everything and it does not say what is supposed to be in the .ini file. Also when I tried to execute the command it gives me an error for LZ4. I see @Haugh645 mentions it needs installed but can you link the file and how to install it on Windows. Thanks
 

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,202
Trophies
1
Location
127.0.0.1
Website
pragma.pw
XP
4,799
Country
Ireland
when you install python make sure to also pip install lz4 or it wont work.
Forgot, updated, Thanks.

--------------------- MERGED ---------------------------

@RISEofProBB I followed the tutorial but your instructions on the keys.ini file are incomplete. Read over everything and it does not say what is supposed to be in the .ini file. Also when I tried to execute the command it gives me an error for LZ4. I see @Haugh645 mentions it needs installed but can you link the file and how to install it on Windows. Thanks
I updated the tutorial and keys.ini you never have to mess with, the keys.py creates the keys.txt then u just change it to an .ini, done.
 

evans112682

Active Member
Newcomer
Joined
Mar 30, 2009
Messages
26
Trophies
0
Age
39
XP
518
Country
United States
@RISEofProBB I was referring to the keys.ini file you refer to in "Step 3 - File Preparation". Step 6 of that section says to put the keys.ini file next to hactool.exe. if we do not have that file until the final output than how are we supposed to add it in this step?

Also how do we install LZ4 in Windows? What file do we need?
 

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,202
Trophies
1
Location
127.0.0.1
Website
pragma.pw
XP
4,799
Country
Ireland
@RISEofProBB I was referring to the keys.ini file you refer to in "Step 3 - File Preparation". Step 6 of that section says to put the keys.ini file next to hactool.exe. if we do not have that file until the final output than how are we supposed to add it in this step?

Also how do we install LZ4 in Windows? What file do we need?
My bad, removed, skip that step.
 

Tommy084

Well-Known Member
Member
Joined
Feb 24, 2013
Messages
124
Trophies
0
Age
23
XP
1,088
Country
Norway
Also how do we install LZ4 in Windows? What file do we need?

Type in «pip install lz4» in cmd

i get this error tho
Using BOOT0.bin to get keys from package1...
Could not find keyblob_key_source_xx! Please check the integrity of the data used in the current stage!
Windows 10 32 bit
Switch 2.3.0

Your boot0 is probably corrupt in some way or you didnt rename it to .bin

Thanks for reply, but after dumping boot0 with ctchekate 2.3 and renameing it, still the same error.
Gonna try with fat32 formated sd and dump again
 
Last edited by Tommy084,

Davelo

Well-Known Member
Newcomer
Joined
Feb 10, 2018
Messages
50
Trophies
0
Age
27
XP
739
Country
Bahrain
I have a problem where i did "pip install lz4" but still get the lz4 error message

Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
ModuleNotFoundError: No module named 'lz4'

any solution?
 

SirNapkin1334

Renound Aritst
Member
Joined
Aug 20, 2017
Messages
1,665
Trophies
0
XP
964
Country
United States
Are there any console-unique keys besides TSEC and SBK? If so, does this dump them?

--------------------- MERGED ---------------------------

I have a problem where i did "pip install lz4" but still get the lz4 error message

Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
ModuleNotFoundError: No module named 'lz4'

any solution?
Try sudo pip install lz4
Also try (can’t sure if this is correct, might be off) py -mpip instal lz4
I haven’t used pip in a long time but if i remember correctly that might work.
 
  • Like
Reactions: Endlessclouds

Davelo

Well-Known Member
Newcomer
Joined
Feb 10, 2018
Messages
50
Trophies
0
Age
27
XP
739
Country
Bahrain
Are there any console-unique keys besides TSEC and SBK? If so, does this dump them?

--------------------- MERGED ---------------------------


Try sudo pip install lz4
Also try (can’t sure if this is correct, might be off) py -mpip instal lz4
I haven’t used pip in a long time but if i remember correctly that might work.
It worked somehow but now i get these errors

Using BOOT0.bin to get keys from package1...
Deriving keys...
Traceback (most recent call last):
File "keys.py", line 374, in <module>
stage0_results = subprocess.check_output([HACTOOL_PATH, "--keyset=keys.txt", "--intype=keygen", "BOOT0.bin"])
File "/usr/lib/python2.7/subprocess.py", line 212, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File "/usr/lib/python2.7/subprocess.py", line 390, in __init__
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1024, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
 

Clydefrosch

Well-Known Member
Member
Joined
Jan 2, 2009
Messages
5,915
Trophies
1
XP
4,234
Country
Germany
just to be sure, the keys this generates, are they unique in any way, or are they the same ones you can find with a google search?
 

PRAGMA

Well-Known Member
OP
Member
Joined
Dec 29, 2015
Messages
2,202
Trophies
1
Location
127.0.0.1
Website
pragma.pw
XP
4,799
Country
Ireland
I have a problem where i did "pip install lz4" but still get the lz4 error message

Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
ModuleNotFoundError: No module named 'lz4'

any solution?
Then you didnt install lz4 properly.

--------------------- MERGED ---------------------------

Are there any console-unique keys besides TSEC and SBK? If so, does this dump them?

--------------------- MERGED ---------------------------


Try sudo pip install lz4
Also try (can’t sure if this is correct, might be off) py -mpip instal lz4
I haven’t used pip in a long time but if i remember correctly that might work.
Realistically all the keys are derived from the SBK, TSEC and Master Key 0-4, so realistically all of them are, but arent.

--------------------- MERGED ---------------------------

just to be sure, the keys this generates, are they unique in any way, or are they the same ones you can find with a google search?
There are no keys on google. Those are SHA digests used to find the keys in files. They are NOT keys.
 

kevandkkim

Well-Known Member
Newcomer
Joined
Nov 22, 2016
Messages
64
Trophies
0
Age
25
XP
535
Country
United States
Im not sure how else to install lz4? requirements say it is good for 2.7.

Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
File "C:\Python27\lib\site-packages\lz4\__init__.py", line 11, in <module>
from ._version import ( # noqa: F401
ImportError: DLL load failed: The specified module could not be found.
 

LordVe

Member
Newcomer
Joined
May 28, 2018
Messages
22
Trophies
0
Age
42
XP
534
Country
United States
Question: Does this derive the SDSeed key for NAX0 decrypting? That is the only key I haven't a clue how to get...
 

strangequark

New Member
Newbie
Joined
May 15, 2018
Messages
2
Trophies
0
Age
21
XP
54
Country
United States
It worked somehow but now i get these errors

Using BOOT0.bin to get keys from package1...
Deriving keys...
Traceback (most recent call last):
File "keys.py", line 374, in <module>
stage0_results = subprocess.check_output([HACTOOL_PATH, "--keyset=keys.txt", "--intype=keygen", "BOOT0.bin"])
File "/usr/lib/python2.7/subprocess.py", line 212, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File "/usr/lib/python2.7/subprocess.py", line 390, in __init__
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1024, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory

I also got this problem, can someone help?
 

SirNapkin1334

Renound Aritst
Member
Joined
Aug 20, 2017
Messages
1,665
Trophies
0
XP
964
Country
United States
Then you didnt install lz4 properly.

--------------------- MERGED ---------------------------


Realistically all the keys are derived from the SBK, TSEC and Master Key 0-4, so realistically all of them are, but arent.

--------------------- MERGED ---------------------------


There are no keys on google. Those are SHA digests used to find the keys in files. They are NOT keys.
Actually, they are on Google, you just know what to search for (found a file containing every single key, not the SHAs).
 

dfsfds2

Active Member
Newcomer
Joined
Apr 7, 2018
Messages
28
Trophies
0
XP
134
Country
China
The following error occurred while using the "python keys.py <SBKSecureBootKey> <TSEC>" command
 

Attachments

  • error.jpg
    error.jpg
    77.5 KB · Views: 2,549
General chit-chat
Help Users
  • No one is chatting at the moment.
    KenniesNewName @ KenniesNewName: Sweet blue man group is performing in my city this weekend