How to get Switch Keys for Hactool/XCI Decrypting

Discussion in 'Switch - Tutorials' started by PRAGMA, Jun 10, 2018.

  1. PRAGMA
    OP

    PRAGMA GBAtemp Advanced Maniac

    Member
    11
    Dec 29, 2015
    Ireland
    127.0.0.1

    IMPORTANT:
    • DO NOT GIVE OUT ANY OF YOUR KEYS TO ANYONE! I CANNOT STRESS THAT ENOUGH!
    • DO NOT SHARE YOUR KEYS BETWEEN MULTIPLE SWITCHES THAT YOU DO/DON'T OWN! SOME ARE CONSOLE-UNIQUE
    • DO NOT ASK ME FOR KEYS


    NOTES:
    • This currently results in 83 keys including SBK and TSEC as of firmware 6.x release.
      While this will do for most decryption, you MIGHT need more keys for some titles.
      Source
    • This does give you Master Key 0-5.
    • If you prefer to get keys within homebrew, try kezplez-nx by tesnos, updated by shchmue. Another easy PC tool alternative is HACGUI by shadowninja108.


    Tutorial — RISEofProBB



    • We need to get your Secure Boot Key (SBK) and Tegra Security Co-processor Key (TSEC) before we can get the main keys.
      These are 100% console unique.

      1. Download and extract biskeydump.bin from biskeydumpvx.zip
        - Follow this tutorial but instead of using CTCaer's Hekate Mod .bin file, use the biskeydump.bin file
        - If the QR Code is Blue, Scan the QR Code with your Phone, Laptop e.t.c
        - If you cant find a device you can scan with, type them out into your PC/Laptop (Its highly recommended to scan the QR Code, as a lot of characters can look like another, O0, Il, rn can look like m, e.t.c)
      2. Once you have the biskeydump of your System, store all the keys you received somewhere safe, I recommend a secure cloud storage aswell as a USB Stick, perhaps even print it.
        - Don't give this to ANYONE, Seriously.

      If you get any errors please go to the Troubleshooting Tab.


      1. Follow this tutorial AGAIN but this time use CTCaer's Hekate Mod.
        - "Tools" -> "Backup..." -> "Backup eMMC BOOT0/1"
        - "Tools" -> "Backup..." -> "Backup eMMC SYS"
        - Back all the way to the first menu, and choose "Power off"
      2. Take the microSD Card out of your Switch and into your PC.
      3. Copy both "BOOT0" and "BCPKG2-1-Normal-Main" from "sd:/backup/xxxxxx/" (xxxxxx is different for everyone) to "hactool" on your Desktop (create the "hactool" folder)
        - Rename them with .bin at the end, "BOOT0.bin", "BCPKG2-1-Normal-Main.bin"

      1. Go here and right-click > save as > save as type - All Files > Name keys.py > Save. (script by tesnos6921, patched by shadowninja108, jakibaki and shchmue)
        NOTICE TO GBATEMP STAFF: The "keys" inside this file, are NOT keys, they are SHA digest hashes used to search through files to find text that matches, which would be the keys.
      2. Download and install Python 2.7.x - NOT Python 3.x.x
        When installing, it will ask you what features you want installed, scroll to the bottom and make sure "Add Python to Path" has "Entire Feature Installed to HDD" option chose (No Red X Icon), otherwise the scripts wont find Python and WILL fail
      3. Download and extract hactool TO THE DESKTOP AND NAME THE FOLDER "hactool"
        On Linux/MacOS: clone and build hactool manually
      4. Right-click this (script originally by tesnos6921, patched by shadowninja108, jakibaki and shchmue)
        - Click "Save link as" / "save as"
        - Set "Save as type" to "All Files"
        - Name it "keys.py"
        And finally save it to the hactool folder you placed in the Desktop.
        NOTICE TO GBATEMP STAFF: The "keys" inside this file, are NOT keys, they are SHA digest hashes used to search through files to find text that matches, which would be the keys.

      1. Press WIN(Btn)+R to open "Run", type "cmd" and press Ctrl+Shift then Enter to open Command Prompt as an Administrator
      2. Type (in order) or Copy the following and paste into Command Prompt (Some Windows Versions use Right Click to Paste, some use CTRL+C)
        python -m pip install --upgrade pip
        pip install lz4
        cd Desktop/hactool

        python keys.py SBK_Here_From_Biskeydump TSEC_Here_From_Biskeydump
      3. It should say: "Now you can do hactool --keyset=keys.txt to use them!", if it does, and there's no warning messages, you're good to go! :O
      If you get any errors please go to the Troubleshooting Tab.

    • You now have a keys.txt file with your console-specific keys inside.
      Rename as needed by any software that requires a different name or file extension, it doesn't matter.
      There may be more keys, as the Switch's lifecycle goes on, more and more keys will be needed as the firmwares grow and grow.
      • The Hactool warning:
        Code:
        [WARN] prod.keys does not exist.
        can be safely ignored.
        - if you want to place your "keys.txt" file their, put "keys.txt" on your Desktop and run the following with Administrator Command Prompt (Step #4.1 for instructions):
        Code:
        mkdir -p %USERPROFILE%\.switch
        move "%USERPROFILE%\Desktop\keys.txt" "%USERPROFILE%\.switch\prod.keys"
        

    • #1 ISSUES:
      • Code:
        Red QR Code Outline
        - The reasons this can occur is quite a rarity, all I can say is to keep rebooting and trying again.
        - If there's a new version of biskeydump out, try using the newer biskeydump.bin
      • Code:
        QR Code not being scanned by your Reader
        - Align your QR Code Readers alignment overlay with the Blue Square's Corners/Edges, NOT the QR Code's Corners/Edges.
        - Clean your camera lens
        - Be in a bright room

      #4 ISSUES:
      • Code:
        File "keys.py", line ...
        print message
        ^
        SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?
        - You didn't place SBK and TSEC in the 4th line of the Command in Step #4.2
        - You installed Python 3.x.x when you must use 2.7.x, uninstall python, logout of windows (important it removes python from PATH) and follow Step #3.2 then move back to #4.1
      • Code:
        import lz4.block
        File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
        from ._version import ( # noqa: F401
        ImportError: DLL load failed: The specified module could not be found.
        - The 2nd line of the Command in Step #4.2 failed without you noticing. Try running the 1st line to upgrade pip and if that goes successfully run the 2nd line to install lz4 and see if it successfully installs.
     
    Last edited by PRAGMA, Nov 17, 2018 at 4:24 AM
  2. Haugh645

    Haugh645 Member

    Newcomer
    2
    Jul 12, 2011
    United States
    when you install python make sure to also pip install lz4 or it wont work.
     
  3. xXxSwagnemitexXx

    xXxSwagnemitexXx meme machine

    Member
    5
    Dec 7, 2016
    United Kingdom
    New Donk City
    nice use of tabs and information boxes

    i may use this turorial in the future
     
  4. evans112682

    evans112682 Member

    Newcomer
    3
    Mar 30, 2009
    United States
    @RISEofProBB I followed the tutorial but your instructions on the keys.ini file are incomplete. Read over everything and it does not say what is supposed to be in the .ini file. Also when I tried to execute the command it gives me an error for LZ4. I see @Haugh645 mentions it needs installed but can you link the file and how to install it on Windows. Thanks
     
  5. PRAGMA
    OP

    PRAGMA GBAtemp Advanced Maniac

    Member
    11
    Dec 29, 2015
    Ireland
    127.0.0.1
    Forgot, updated, Thanks.

    — Posts automatically merged - Please don't double post! —

    I updated the tutorial and keys.ini you never have to mess with, the keys.py creates the keys.txt then u just change it to an .ini, done.
     
  6. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    21
    Oct 27, 2002
    France
    Engine room, learning
    Nice to see users start using tabs for better tutorials layout :)
    Tables have been added recently too.
     
    Last edited by Cyan, Jun 11, 2018
  7. evans112682

    evans112682 Member

    Newcomer
    3
    Mar 30, 2009
    United States
    @RISEofProBB I was referring to the keys.ini file you refer to in "Step 3 - File Preparation". Step 6 of that section says to put the keys.ini file next to hactool.exe. if we do not have that file until the final output than how are we supposed to add it in this step?

    Also how do we install LZ4 in Windows? What file do we need?
     
  8. PRAGMA
    OP

    PRAGMA GBAtemp Advanced Maniac

    Member
    11
    Dec 29, 2015
    Ireland
    127.0.0.1
    My bad, removed, skip that step.
     
    evans112682 likes this.
  9. Tommy084

    Tommy084 GBAtemp Regular

    Member
    2
    Feb 24, 2013
    Norway
    Type in «pip install lz4» in cmd

    i get this error tho
    Using BOOT0.bin to get keys from package1...
    Could not find keyblob_key_source_xx! Please check the integrity of the data used in the current stage!
    Windows 10 32 bit
    Switch 2.3.0

    Thanks for reply, but after dumping boot0 with ctchekate 2.3 and renameing it, still the same error.
    Gonna try with fat32 formated sd and dump again
     
    Last edited by Tommy084, Jun 11, 2018
  10. PRAGMA
    OP

    PRAGMA GBAtemp Advanced Maniac

    Member
    11
    Dec 29, 2015
    Ireland
    127.0.0.1
    Your boot0 is probably corrupt in some way or you didnt rename it to .bin
     
    Tommy084 likes this.
  11. Davelo

    Davelo Advanced Member

    Newcomer
    2
    Feb 10, 2018
    Bahrain
    I have a problem where i did "pip install lz4" but still get the lz4 error message

    Traceback (most recent call last):
    File "keys.py", line 25, in <module>
    import lz4.block
    ModuleNotFoundError: No module named 'lz4'

    any solution?
     
  12. SirNapkin1334

    SirNapkin1334 Renound Aritst

    Member
    6
    Aug 20, 2017
    United States
    Crap Mountain
    Are there any console-unique keys besides TSEC and SBK? If so, does this dump them?

    — Posts automatically merged - Please don't double post! —

    Try sudo pip install lz4
    Also try (can’t sure if this is correct, might be off) py -mpip instal lz4
    I haven’t used pip in a long time but if i remember correctly that might work.
     
    Endlessclouds likes this.
  13. Davelo

    Davelo Advanced Member

    Newcomer
    2
    Feb 10, 2018
    Bahrain
    It worked somehow but now i get these errors

    Using BOOT0.bin to get keys from package1...
    Deriving keys...
    Traceback (most recent call last):
    File "keys.py", line 374, in <module>
    stage0_results = subprocess.check_output([HACTOOL_PATH, "--keyset=keys.txt", "--intype=keygen", "BOOT0.bin"])
    File "/usr/lib/python2.7/subprocess.py", line 212, in check_output
    process = Popen(stdout=PIPE, *popenargs, **kwargs)
    File "/usr/lib/python2.7/subprocess.py", line 390, in __init__
    errread, errwrite)
    File "/usr/lib/python2.7/subprocess.py", line 1024, in _execute_child
    raise child_exception
    OSError: [Errno 2] No such file or directory
     
  14. Clydefrosch

    Clydefrosch GBAtemp Psycho!

    Member
    10
    Jan 2, 2009
    Germany
    just to be sure, the keys this generates, are they unique in any way, or are they the same ones you can find with a google search?
     
  15. PRAGMA
    OP

    PRAGMA GBAtemp Advanced Maniac

    Member
    11
    Dec 29, 2015
    Ireland
    127.0.0.1
    Then you didnt install lz4 properly.

    — Posts automatically merged - Please don't double post! —

    Realistically all the keys are derived from the SBK, TSEC and Master Key 0-4, so realistically all of them are, but arent.

    — Posts automatically merged - Please don't double post! —

    There are no keys on google. Those are SHA digests used to find the keys in files. They are NOT keys.
     
  16. kevandkkim

    kevandkkim Member

    Newcomer
    2
    Nov 22, 2016
    United States
    Im not sure how else to install lz4? requirements say it is good for 2.7.

    Traceback (most recent call last):
    File "keys.py", line 25, in <module>
    import lz4.block
    File "C:\Python27\lib\site-packages\lz4\__init__.py", line 11, in <module>
    from ._version import ( # noqa: F401
    ImportError: DLL load failed: The specified module could not be found.
     
  17. LordVe

    LordVe Member

    Newcomer
    2
    May 28, 2018
    United States
    Question: Does this derive the SDSeed key for NAX0 decrypting? That is the only key I haven't a clue how to get...
     
  18. strangequark

    strangequark Newbie

    Newcomer
    1
    May 15, 2018
    United States
    I also got this problem, can someone help?
     
  19. SirNapkin1334

    SirNapkin1334 Renound Aritst

    Member
    6
    Aug 20, 2017
    United States
    Crap Mountain
    Actually, they are on Google, you just know what to search for (found a file containing every single key, not the SHAs).
     
  20. dfsfds2

    dfsfds2 Member

    Newcomer
    2
    Apr 7, 2018
    China
    The following error occurred while using the "python keys.py <SBKSecureBootKey> <TSEC>" command
     

    Attached Files:

Loading...