Tutorial How to get Switch Keys for Hactool/XCI Decrypting

Zaybokk

Well-Known Member
Member
Joined
Jan 28, 2014
Messages
333
Trophies
0
Location
FÓDLAN
XP
340
Country
United Kingdom
Could you add a tutorial for your kezplez-nx too ?
I read the readme, but it doesn't tell where to put the fuses and tsec keys file. Do I put them on root? or does it find them in backup/<nand id>/dumps/ as it only says dump with hekate?
what is kezplez-nx.nacp file? it's not always provided with new releases. they work with all nro ?

is it still useful to do the SBK/TSec biskey steps from current guide? is SBK inside fuses.bin ? could you generate a text file or binary with extracted BSK/Tsec key like the QRCode?

cyan , to my understanding they don't like to talk about this for some odd reason paranoid I believe??, not sure either way, far as I been gathering on this main issue here, because im still trying to downgrade myself, learning by the second(s), what you do is put all them keys txt files inside the hactool folder, then run cmd ( ***AFTER***) in folder entry on top where the folder directory is example: C:\Users\YOUR_USER_HERE\Desktop\hactool**, them keys.txt file(s) go inside it, along with fuses.bin and tsec_keys.bin, and yes your right it does indeed contain your keys within it them fuses.bin and tsec one, its just scrambled into ascII or something like or just maybe an hex editor also may show it?.. https://www.sdsetup.com/biskeygen ,
Upload Hekate fuses.bin
Upload Hekate tsec_keys.bin

  1. https://github.com/SciresM/hactool/releases
  2. hactool-1.2.2 its been updated to support deriving the latest 6.2.0+ keys to my understanding..
  3. you can now use hactool --keyset=keys.txt"
  4. Last but not least -> python keys.py <YOUR SBKSecureBootKey here> <YOUR TSEC key here> BUT without the <> !!!
    example -> python keys.py 0XXXX7777XXXX767 111111111111111111
 
Last edited by Zaybokk,

Cyan

GBATemp's lurking knight
Former Staff
Joined
Oct 27, 2002
Messages
23,512
Trophies
2
Age
43
Location
Engine room, learning
XP
14,755
Country
France
thank you for the help and updated procedure.
I used shchmue's homebrew branch to get all the keys on my 4.1 (I suppose it's missing master keys from above firmwares as they were unknown on 4.1).
to get 6.2 keys it would require an update to 6.2, dump nand, then downgrade back to cfw compatible firmware (or wait for a 6.2 cfw). then use hacktool on 6.2 dumps.

edit:
thinking about it, it might not be located in the dump, as it's now done by the cpu, and the cpu might be required to do it, a dump alone without the cpu is therefore not possible.
 
  • Like
Reactions: TiMeBoMb4u2

Zaybokk

Well-Known Member
Member
Joined
Jan 28, 2014
Messages
333
Trophies
0
Location
FÓDLAN
XP
340
Country
United Kingdom
absolutely none of the new 6.2.0 keys are obtainable yet, even using new hactool, until some of the new keys/methods are public, neither will any current key software work on a 6.2.0 dump


so is downgrading from 6.2.0 to 6.1.0 even possible then??.. because I have my keys -- *ALL OF THEM*-- master keys, bis keys, tsec key, and my sbk/secure key.. and yet nothing works, tried renaming folder(s) and all , still yet nothing works, followed guide to the **T** , yet they claim you can downgrade without nand backup, but I don't believe it, unless I'm literally missing the most obvious thing or something?.. you ask me, only person **THAT ACTUALLY DOWNGRADED**, was someone that already had a fully working nand backup prior to this update..??
 
Last edited by Zaybokk,

Zaybokk

Well-Known Member
Member
Joined
Jan 28, 2014
Messages
333
Trophies
0
Location
FÓDLAN
XP
340
Country
United Kingdom
I've encountered a similar issue before (gets stuck at Nintendo logo, Switch in RCM isn't detected and doesn't show up as an APX device on anything, whether on lsusb/dmesg on Linux, OSX System Information - USB section, or Windows' Device Manager with the proper libusb drivers).
And it also happened after playing that Switch for quite a bit and then walking away for a while. Except it wasn't even a hacked Switch, never even ran any CFW, and I was using a legit gamecart. And no 3rd party docks.
It was some sort of hardware chip failing supposedly, something some Switches supposedly suffer from. You playing Smash was probably all but a coincidence.
I don't think there exists a bricking method that can prevent you from entering RCM (since the current one only overwrites PRODINFO). Although you can supposedly control voltages completely from within code and cause hardware damage, there haven't been any actual sightings of such intentionally malicious code (although I've heard some homebrew coders managed to damage their Switches accidentally in the past through that, it wasn't intentional).
So yeah, tl;dr:
the "can't enter RCM, stuck at Nintendo logo" issue exists, I've encountered it. But it was a hardware chip failing. Playing Smash was probably entirely coincidental,


well , because i have noticed and also did research on the switch lately and they do indeed have a failing chip
in them after so long play time on them and probably fuse count fails in them?, on some switch's even not doing CFW on them and such, most likely the case with them.. this one dude i know has been working on many many switchs lately and recently, and there is indeed a certain failing chip with in certain batch or just random ones possibly, on lots of them out there.. will just go out sometimes causing randomly or when overheating or video going out or just simply freezing or getting stuck on the boot screen, and this must be why there making new switch next year, oh btw it's either before or after making and releasing **new true pokemon core** game on new switch, you doubt me?.. its true, just like nintendo did same thing with there system prior to the switch, which was the new 3ds xl and new 2ds xl right before ultra moon and ultra sun came out to utilize the new hardware and features and power on the newer systems , just saying - same thing going on here ;-) , just a way for nintendo to get more customers more or less lol , but hey even then i would be happy to get there new switch next year! :D , hell - maybe even two of them :P ..
 

jaderocc

Well-Known Member
Member
Joined
Nov 21, 2016
Messages
113
Trophies
0
Age
29
XP
363
Country
United States
alright yall i need BIG HELP... lol... updated to 6.2 accidentally while mashing a to reset in lets go the other night. today i started the downgrade process, however when i was reading the guide i noticed it said if you had a working nand backup from before 6.2 you could just restore it. so i did that, attempting to restore my 6.1 nand backup. the guide didn't mention anything about boot0/boot1 so i didn't bother making any backups other than the previously existing rawnand i made when first setting cfw up on the switch. after doing that i'm getting the blue screen on boot from both ofw and cfw. i then was directed by google searches/scouring through a handful of threads that were almost all pointing to this guide with the goal of trying to recreate a boot0/boot1, which if i understand correctly means that if i could restore them i would be able to boot normally again. i was able to dump my hwi/sbk keys using biskeydump but i get an error on the tsec key (error getting tsec key retVal -11). this is where i'm getting stuck at - i saw people in this thread saying they got a keys.ini that solved this issue from that bins site, but when i connect to their ftp server i am unable to locate any keys.ini or keys anything in general. i'm super confused at this point on what i can/should do here. any suggestions are super appreciated. thanks in advance!
 
Last edited by jaderocc,
  • Like
Reactions: Zaybokk

shchmue

Developer
Developer
Joined
Dec 23, 2013
Messages
785
Trophies
0
XP
2,209
Country
United States
alright yall i need BIG HELP... lol... updated to 6.2 accidentally while mashing a to reset in lets go the other night. today i started the downgrade process, however when i was reading the guide i noticed it said if you had a working nand backup from before 6.2 you could just restore it. so i did that, attempting to restore my 6.1 nand backup. the guide didn't mention anything about boot0/boot1 so i didn't bother making any backups other than the previously existing rawnand i made when first setting cfw up on the switch. after doing that i'm getting the blue screen on boot from both ofw and cfw. i then was directed by google searches/scouring through a handful of threads that were almost all pointing to this guide with the goal of trying to recreate a boot0/boot1, which if i understand correctly means that if i could restore them i would be able to boot normally again. i was able to dump my hwi/sbk keys using biskeydump but i get an error on the tsec key (error getting tsec key retVal -11). this is where i'm getting stuck at - i saw people in this thread saying they got a keys.ini that solved this issue from that bins site, but when i connect to their ftp server i am unable to locate any keys.ini or keys anything in general. i'm super confused at this point on what i can/should do here. any suggestions are super appreciated. thanks in advance!
are you using v7 of biskeydump? what you need is this guide https://gbatemp.net/threads/how-to-...nofficially-without-burning-any-fuses.507461/
 
  • Like
Reactions: jaderocc

LemonScented

Member
Newcomer
Joined
Nov 27, 2018
Messages
10
Trophies
0
Age
26
Location
Western NY
XP
43
Country
United States
I am getting this error "Could not find keyblob_mac_key_source! Please check the integrity of the data used in the current stage!" when trying to dump the keys.
 

LemonScented

Member
Newcomer
Joined
Nov 27, 2018
Messages
10
Trophies
0
Age
26
Location
Western NY
XP
43
Country
United States
  • Like
Reactions: Zaybokk

TiMeBoMb4u2

Well-Known Member
Member
Joined
Oct 25, 2008
Messages
1,550
Trophies
0
Location
Hyrule
XP
1,197
Country
United States
6.2
If you cant dump the keys on 6.2 how is one supposed to follow the 6.2 downgrade guide from (Homebrew Guide)
Is there another way to get a fully populated "hactool keys.txt file"?
 
  • Like
Reactions: Zaybokk

Zaybokk

Well-Known Member
Member
Joined
Jan 28, 2014
Messages
333
Trophies
0
Location
FÓDLAN
XP
340
Country
United Kingdom
alright yall i need BIG HELP... lol... updated to 6.2 accidentally while mashing a to reset in lets go the other night. today i started the downgrade process, however when i was reading the guide i noticed it said if you had a working nand backup from before 6.2 you could just restore it. so i did that, attempting to restore my 6.1 nand backup. the guide didn't mention anything about boot0/boot1 so i didn't bother making any backups other than the previously existing rawnand i made when first setting cfw up on the switch. after doing that i'm getting the blue screen on boot from both ofw and cfw. i then was directed by google searches/scouring through a handful of threads that were almost all pointing to this guide with the goal of trying to recreate a boot0/boot1, which if i understand correctly means that if i could restore them i would be able to boot normally again. i was able to dump my hwi/sbk keys using biskeydump but i get an error on the tsec key (error getting tsec key retVal -11). this is where i'm getting stuck at - i saw people in this thread saying they got a keys.ini that solved this issue from that bins site, but when i connect to their ftp server i am unable to locate any keys.ini or keys anything in general. i'm super confused at this point on what i can/should do here. any suggestions are super appreciated. thanks in advance!

sounds like a true -brick-(BSOD), similarly to same thing on the 3DS console , which same thing happen to me on the 3DS console years back attempting to CFW the console... , then of course finding out later on , it was a true brick of course...
https://forum.lowyat.net/topic/3128470/all
Picture description: The 3DS blue screen of death. Also known as the bricked screen.
BOOTROM 8046
ERRCODE: 00F800EE
FFFFFFFFF FFFFFFFFF
0000000 00000000

6.2

If you cant dump the keys on 6.2 how is one supposed to follow the 6.2 downgrade guide from (Homebrew Guide)
Is there another way to get a fully populated "hactool keys.txt file"?
exaaactly... my question as well stuck on same error/issue(s) on time being.. i don't think the downgrade works i tried everything as well... nothing but error(s) and stuff , nothing works....
 

Attachments

  • post-418493-1392139329.jpg
    post-418493-1392139329.jpg
    40.5 KB · Views: 312

jaderocc

Well-Known Member
Member
Joined
Nov 21, 2016
Messages
113
Trophies
0
Age
29
XP
363
Country
United States
that's weird, i responded to this earlier but i must've missed the post reply button or something. anyway, thanks for the response, i actually fell asleep last night after getting stuck trying to follow this guide that you linked lol. i got up to step 6 (ACQUIRE A FULLY POPULATED hactool KEYS file) and am completely lost - where does one obtain this populated hactools key file? i saw other people mentioning keys.txt and keys.ini files from the bins site server but i couldn't find anything when i actually got connected to it. any chance you could pm me a link or how to get that key? i really appreciate it. thanks again.

@Zaybokk i sure hope not lmaooo... i read a handful of other threads that people posted about having done the same thing and being able to recreate their boot0/boot1 and things being back to normal, or at least bootable into atmosphere after that, so hopefully i didn't BRICK brick :~)
 
Last edited by jaderocc,
  • Like
Reactions: Zaybokk

Zaybokk

Well-Known Member
Member
Joined
Jan 28, 2014
Messages
333
Trophies
0
Location
FÓDLAN
XP
340
Country
United Kingdom
that's weird, i responded to this earlier but i must've missed the post reply button or something. anyway, thanks for the response, i actually fell asleep last night after getting stuck trying to follow this guide that you linked lol. i got up to step 6 (ACQUIRE A FULLY POPULATED hactool KEYS file) and am completely lost - where does one obtain this populated hactools key file? i saw other people mentioning keys.txt and keys.ini files from the bins site server but i couldn't find anything when i actually got connected to it. any chance you could pm me a link or how to get that key? i really appreciate it. thanks again.


tried everything as well nothing works.. if you guys can get also, the *FULLY POPULATED Hactool keys file* please let me know as well , i tried everything as well, can't seem to get past that part either.. seems like i'm not the only one :P ..
 
  • Like
Reactions: jaderocc

LemonScented

Member
Newcomer
Joined
Nov 27, 2018
Messages
10
Trophies
0
Age
26
Location
Western NY
XP
43
Country
United States
"Tweet" ..


Hmmm I'm not to sure what that means. I have the hactool folder on my desktop with the latest release. Directory looks like

BCPKG2-1-Normal-Main
BOOT0
hactool
keys
Name keys
package1
package2

When I try to dump the keys using "python keys py 00000000000000 0000000000000000" I get this error.
"Could not find keyblob_mac_key_source! Please check the integrity of the data used in the current stage!"​

What other ways can I use to go about getting a fully populated hactool keys txt file

I am ultimately trying to downgrade from 6.2 to 6.0 by following the guide on Homebrew Guide
 
Last edited by LemonScented,
  • Like
Reactions: Zaybokk

TiMeBoMb4u2

Well-Known Member
Member
Joined
Oct 25, 2008
Messages
1,550
Trophies
0
Location
Hyrule
XP
1,197
Country
United States
that's weird, i responded to this earlier but i must've missed the post reply button or something. anyway, thanks for the response, i actually fell asleep last night after getting stuck trying to follow this guide that you linked lol. i got up to step 6 (ACQUIRE A FULLY POPULATED hactool KEYS file) and am completely lost - where does one obtain this populated hactools key file? i saw other people mentioning keys.txt and keys.ini files from the bins site server but i couldn't find anything when i actually got connected to it. any chance you could pm me a link or how to get that key? i really appreciate it. thanks again.

@Zaybokk i sure hope not lmaooo... i read a handful of other threads that people posted about having done the same thing and being able to recreate their boot0/boot1 and things being back to normal, or at least bootable into atmosphere after that, so hopefully i didn't BRICK brick :~)

tried everything as well nothing works.. if you guys can get also, the *FULLY POPULATED Hactool keys file* please let me know as well , i tried everything as well, can't seem to get past that part either.. seems like i'm not the only one :P ..

If you are on FW v6.2.0, the "Fully Populated 'keys' File" is not possible, unless you have some secret inside connections.
 

LemonScented

Member
Newcomer
Joined
Nov 27, 2018
Messages
10
Trophies
0
Age
26
Location
Western NY
XP
43
Country
United States
If you are on FW v6.2.0, the "Fully Populated 'keys' File" is not possible, unless you have some secret inside connections.
before I accidently updated to 6.2 I thought I created a nand backup but I actually only backed up "eMMC RAW GPP". I did not backup BOOT0/1. Is there any way I can use that backup to downgrade or is it useless without the BOOT0/1?
 

jaderocc

Well-Known Member
Member
Joined
Nov 21, 2016
Messages
113
Trophies
0
Age
29
XP
363
Country
United States
If you are on FW v6.2.0, the "Fully Populated 'keys' File" is not possible, unless you have some secret inside connections.
so i'm stuck with this switch on blue screen until someone puts those keys out? or are they console specific?

edit: i was on 6.2, had a rawnand backup from 6.1 but no boot0/boot1, tried to restore that nand backup and got blue screen, just so you know lol
 
Last edited by jaderocc,
  • Like
Reactions: Zaybokk

Zaybokk

Well-Known Member
Member
Joined
Jan 28, 2014
Messages
333
Trophies
0
Location
FÓDLAN
XP
340
Country
United Kingdom
Hmmm I'm not to sure what that means. I have the hactool folder on my desktop with the latest release. Directory looks like

BCPKG2-1-Normal-Main
BOOT0
hactool
keys
Name keys
package1
package2

When I try to dump the keys using "python keys py 00000000000000 0000000000000000" I get this error.
"Could not find keyblob_mac_key_source! Please check the integrity of the data used in the current stage!"​

What other ways can I use to go about getting a fully populated hactool keys txt file

I am ultimately trying to downgrade from 6.2 to 6.0 by following the guide on Homebrew Guide

same here.. stuck on same point as well.. no one has yet to explain/come forward with further details on this issue(s) we are having bro.. hmm. makes me even wonder if that downgrade* guide-*https://guide.sdsetup.com/#/manual620downgrade*- is even legit or for people-(like us) without a prior nand backup that it will even help us downgrade...

so i'm stuck with this switch on blue screen until someone puts those keys out? or are they console specific?
to my knowledge.. sadly they are console specific-(to us anyways).. but at same time i have read somewhere , on a separate post or site.. that there does exist universal keys-(sadly this usually will never be released to us plebs, until next gen console-*history proves this*).. because anyone that knows computers or programming will always tell you -THERE ALWAYS-exists Universal/Master keys for any system to gain access, how computer tech's or technicians access the console without prior knowledge of the console(s) unique keys.., honestly you want my opinion.. the people behind atmosphere and other ones, most likely have there hands on these universal/master keys to these systems based on model number(s) , no question in my opinion.. without master key(s) to console(s) = NO MASS- PRODUCTION to consumers , simple logic..
 
Last edited by Zaybokk,
  • Like
Reactions: LemonScented
General chit-chat
Help Users
    KennieDaMeanie @ KennieDaMeanie: https://www.cdkeys.com/star-wars-jedi-fallen-order-origin-pc?utm_source=facebook.com&utm_medium=s...