This thread is deprecated
For a faster, easier and more up-to-date way of getting keys use Lockpick_RCM by shchmue
If you still want to follow this tutorial and end up with less keys, continue reading the Thread.

WARNING

• DO NOT GIVE OUT ANY OF YOUR KEYS TO ANYONE! I CANNOT STRESS THAT ENOUGH!
• DO NOT SHARE YOUR KEYS BETWEEN MULTIPLE SWITCHES THAT YOU DO/DON'T OWN! SOME ARE CONSOLE-UNIQUE
• DO NOT ASK ME FOR KEYS

LEGEND

• SBK
  SecureBootKey
• TSEC
  Tegra Security Co-processor Key
• eMMC
  Embedded MultiMediaCard (Switch's Onboard Storage)

GOAL
End up with 83+ keys including SBK and TSEC keys. Get Master Key's 0-5. (Master Keys 6 onwards is not done in this tutorial)
Reminder, if you want more up-to-date and much more convenient way to get your Switch's Keys, use Lockpick by shchmue (available in nx-appstore/homebrew store)

Tutorial — (Outdated for Switch's on firmware 6.x or newer)

#1 - Dumping System Keys (Biskeydump)#2 - Dumping Required Files#3 - Hactool Preparation#4 - Dumping KeysFinal WordsTroubleshooting

1. 
   We need to get your Secure Boot Key (SBK) and Tegra Security Co-processor Key (TSEC) before we can get the main keys.
   These are 100% console unique.
   
   
   1. Download and extract biskeydump.bin from biskeydumpvx.zip
      - Follow this tutorial but instead of using CTCaer's Hekate Mod .bin file, use the biskeydump.bin file
      - If the QR Code is Blue, Scan the QR Code with your Phone, Laptop e.t.c
      - If you cant find a device you can scan with, type them out into your PC/Laptop (Its highly recommended to scan the QR Code, as a lot of characters can look like another, O0, Il, rn can look like m, e.t.c)
   2. Once you have the biskeydump of your System, store all the keys you received somewhere safe, I recommend a secure cloud storage aswell as a USB Stick, perhaps even print it.
      - Don't give this to ANYONE, Seriously.
   
   If you get any errors please go to the Troubleshooting Tab.
   
2. 
   
   1. Follow this tutorial AGAIN but this time use CTCaer's Hekate Mod.
      - "Tools" -> "Backup..." -> "Backup eMMC BOOT0/1"
      - "Tools" -> "Backup..." -> "Backup eMMC SYS"
      - Back all the way to the first menu, and choose "Power off"
   2. Take the microSD Card out of your Switch and into your PC.
   3. Copy both "BOOT0" and "BCPKG2-1-Normal-Main" from "sd:/backup/xxxxxx/" (xxxxxx is different for everyone) to "hactool" on your Desktop (create the "hactool" folder)
      - Rename them with .bin at the end, "BOOT0.bin", "BCPKG2-1-Normal-Main.bin"
3. 
   
   1. Download and install Python 2.7.x - NOT Python 3.x.x
      When installing, it will ask you what features you want installed, scroll to the bottom and make sure "Add Python to Path" has "Entire Feature Installed to HDD" option chose (No Red X Icon), otherwise the scripts wont find Python and WILL fail
   2. Download and extract hactool TO THE DESKTOP AND NAME THE FOLDER "hactool"
      On Linux/MacOS: clone and build hactool manually
   3. Right-click this (script originally by tesnos6921, patched by shadowninja108, jakibaki and shchmue)
      - Click "Save link as" / "save as"
      - Set "Save as type" to "All Files"
      - Name it "keys.py"
      And finally save it to the hactool folder you placed in the Desktop.
      NOTICE TO GBATEMP STAFF: The "keys" inside this file, are NOT keys, they are SHA digest hashes used to search through files to find text that matches, which would be the keys.
4. 
   
   1. Press WIN(Btn)+R to open "Run", type "cmd" and press Ctrl+Shift then Enter to open Command Prompt as an Administrator
   2. Type (in order) or Copy the following and paste into Command Prompt (Some Windows Versions use Right Click to Paste, some use CTRL+C)
      python -m pip install --upgrade pip
      pip install lz4
      cd Desktop/hactool
      python keys.py SBK_Here_From_Biskeydump TSEC_Here_From_Biskeydump
   3. It should say: "Now you can do hactool --keyset=keys.txt to use them!", if it does, and there's no warning messages, you're good to go!
   If you get any errors please go to the Troubleshooting Tab.
   
5. 
   You now have a keys.txt file with your console-specific keys inside.
   Rename as needed by any software that requires a different name or file extension, it doesn't matter.
   Though I highly recommend renaming it to prod.keys as this filename for Key file's is becoming a popular choice with other software
   There may be more keys, as the Switch's lifecycle goes on, more and more keys will be needed as the firmwares grow and grow.
   
   • The Hactool warning:

     [WARN] prod.keys does not exist.

     can be safely ignored.
     - if you want to place your "keys.txt" file their, put "keys.txt" on your Desktop and run the following with Administrator Command Prompt (Step #4.1 for instructions):
     

     mkdir -p %USERPROFILE%\.switch
     move "%USERPROFILE%\Desktop\keys.txt" "%USERPROFILE%\.switch\prod.keys"

6. 
   #1 ISSUES:
   

   • Red QR Code Outline

     - The reasons this can occur is quite a rarity, all I can say is to keep rebooting and trying again.
     - If there's a new version of biskeydump out, try using the newer biskeydump.bin

   • QR Code not being scanned by your Reader

     - Align your QR Code Readers alignment overlay with the Blue Square's Corners/Edges, NOT the QR Code's Corners/Edges.
     - Clean your camera lens
     - Be in a bright room
   
   #4 ISSUES:
   

   • File "keys.py", line ...
     print message
     ^
     SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?

     - You didn't place SBK and TSEC in the 4th line of the Command in Step #4.2
     - You installed Python 3.x.x when you must use 2.7.x, uninstall python, logout of windows (important it removes python from PATH) and follow Step #3.2 then move back to #4.1

   • import lz4.block
     File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
     from ._version import ( # noqa: F401
     ImportError: DLL load failed: The specified module could not be found.

     - The 2nd line of the Command in Step #4.2 failed without you noticing. Try running the 1st line to upgrade pip and if that goes successfully run the 2nd line to install lz4 and see if it successfully installs.

 

[Haki]

Nice tutorial. I followed it twice, to the same result both times. There are no errors thrown, but as mentioned at least twice in this forum:




this doesn't seem to create all the master keys. In fact, I only got 0 and 4. I did not receive 1-3. I'm not sure what to do here. When I try to decrypt an xci all I get is a romfs.bin file. That doesn't seem right. I'm pretty sure there is supposed to be an exefs folder, but it never makes one whatever xci I decrypt. Posted below is a redacted screenshot I took of the process and key names given. Can anyone figure out what's going wrong here?

Spoiler

View attachment 132484

Names of keys dumped:
header_key_source
key_area_key_system_00
tsec_key
key_area_key_system_04
titlekek_04
aes_key_generation_source
sd_card_nca_key_source
titlekek_00
key_area_key_system_source
master_key_00
keyblob_mac_key_00
master_key_04
keyblob_mac_key_04
aes_kek_generation_source
encrypted_header_key
keyblob_mac_key_source
sd_card_kek_source
keyblob_04
key_area_key_ocean_00
keyblob_00
key_area_key_ocean_04
key_area_key_application_source
package1_key_00
package2_key_source
package1_key_04
key_area_key_application_04
key_area_key_ocean_source
key_area_key_application_00
sd_card_save_key_source
header_kek_source
secure_boot_key
header_key
titlekek_source
keyblob_key_04
keyblob_key_source_04
keyblob_key_00
keyblob_key_source_00
master_key_source
package2_key_00
package2_key_04

Just google the rest of the master keys and add them to the keys.txt after that all the apps worked

 

[BlastedGuy9905]

This does give you Master Key 0-4

False. It gives you 0 and 4, but not 1, 2 or 3. This also applies TO EVERY OTHER KEY that has a number at the end.

 

[SykoLogic]

I used to get that error, so I tried what someone else recommended. Uninstall Python 2.7.15, delete the python27 folder from C, RESTART COMPUTER, go back to Python download site, pick Windows x86 MSI installer and not Windows x86-64 MSI installer, and then repeat steps from the beginning. Restarting is required after uninstall.

Thank you so much! This fixed the issue!!!!

 

[pedrohos42]

If anybody else is having this error I fixed it by copying all hactool files to the same folder of keys.py.

Using BOOT0.bin to get keys from package1...
Deriving keys...
Traceback (most recent call last):
File "keys.py", line 374, in <module>
stage0_results = subprocess.check_output([HACTOOL_PATH, "--keyset=keys.txt", "--intype=keygen", "BOOT0.bin"])
File "C:\Program Files\Python27\lib\subprocess.py", line 216, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File "C:\Program Files\Python27\lib\subprocess.py", line 394, in __init__
errread, errwrite)
File "C:\Program Files\Python27\lib\subprocess.py", line 644, in _execute_child
startupinfo)

 

[darkfires]

I saw a couple other people in this thread with this same issue on firmware v2.3.0....
C:\nsw\tools\hactool>python keys.py XXXXXXXX XXXXXXX
Using BOOT0.bin to get keys from package1...
Could not find keyblob_key_source_xx! Please check the integrity of the data used in the current stage!

Obviously keys.py doesn't support lower firmware... is there a solution to this beyond buying a game with a newer firmware update on it and updating?

 

[Arithmatics]

For those having the DLL issue ImportError: DLL load failed: The specified module could not be found

This fixes it. you need to install the x86 version of python 2.7.15. : direct link: https://www.python.org/ftp/python/2.7.15/python-2.7.15.msi

I used to get that error, so I tried what someone else recommended. Uninstall Python 2.7.15, delete the python27 folder from C, RESTART COMPUTER, go back to Python download site, pick Windows x86 MSI installer and not Windows x86-64 MSI installer, and then repeat steps from the beginning. Restarting is required after uninstall.

Im not sure how else to install lz4? requirements say it is good for 2.7.

Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
File "C:\Users\-------\Desktop\hactool\lib\site-packages\lz4\__init__.py", lin
e 11, in <module>
from ._version import ( # noqa: F401
ImportError: DLL load failed: The specified module could not be found..

Same problem. Have you found any fix?

I had this error on my laptop, no matter what I did.

Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
File "C:\Python27\lib\site-packages\lz4\__init__.py", line 11, in <module>
from ._version import ( # noqa: F401
ImportError: DLL load failed: The specified module could not be found.

thanks, but now im getting an error
Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
File "C:\Python27\lib\site-packages\lz4\__init__.py", line 11, in <module>
from ._version import ( # noqa: F401
ImportError: DLL load failed: The specified module could not be found.

Same problem, any solution for this?

Help Using Python 2.7.15 get the following error:

C:\Users\-------\Desktop\hactool>python keys.py ReplaceMeWithSBK ReplaceMeWithTS
EC
Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
File "C:\Users\-------\Desktop\hactool\lib\site-packages\lz4\__init__.py", lin
e 11, in <module>
from ._version import ( # noqa: F401
ImportError: DLL load failed: The specified module could not be found.

*/SOLVED/*

I've found the solution, you've got to install the 32bit version of python and not the x64

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Like others, I've got the DLL load error when launching the keys.pi script (with my own keys as arguments, python 2.7.15 and lz4 installed).

Anyone has a solution?

View attachment 131719

Ive got this error:

"Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
File "C:\Python27\lib\site-packages\lz4\__init__.py", line 11, in <module>
from ._version import ( # noqa: F401
ImportError: DLL load failed: No se puede encontrar el m¾dulo especificado."

Whats happen? :/

yes, im having this same problem

--------------------- MERGED ---------------------------


i have this tooooo

 

[kevandkkim]

Thank you fixed it by uninstalling 3.6

 

[Duhasst0]

I saw a couple other people in this thread with this same issue on firmware v2.3.0....
C:\nsw\tools\hactool>python keys.py XXXXXXXX XXXXXXX
Using BOOT0.bin to get keys from package1...
Could not find keyblob_key_source_xx! Please check the integrity of the data used in the current stage!

Obviously keys.py doesn't support lower firmware... is there a solution to this beyond buying a game with a newer firmware update on it and updating?

Will you do me a favor, while in the directory for hactool will you run hactool --info BOOT.bin --sbk= key --tseckey= key , and let me know what the output is.

 

[Hausi91]

whats wrong

Using BOOT0.bin to get keys from package1...
Deriving keys...
[ WARN ] Keyblob MAC 00 is invalid. Are SBK/TSEC key correct?
[ WARN ] Keyblob MAC 04 is invalid. Are SBK/TSEC key correct?
Decrypting package1...
Failed to decrypt PK11! Is correct key present?
Using Secure_Monitor.bin to get keys to decrypt package2...
Traceback (most recent call last):
File "keys.py", line 391, in <module>
TZ_f = open("package1/Secure_Monitor.bin", "rb")
IOError: [Errno 2] No such file or directory: 'package1/Secure_Monitor.bin'

 

[Kazalber]

Successful!
Thanks for the guide!

 

[Hausi91]

now i get it too thank you guys^^

 

[Calevala]

Will you do me a favor, while in the directory for hactool will you run hactool --info BOOT.bin --sbk= key --tseckey= key , and let me know what the output is.

Have a same problem on Switch 1.0.0. I used your command

Invalid NCA header! Are keys correct?
Done!

 

[Duhasst0]

Have a same problem on Switch 1.0.0. I used your command

Invalid NCA header! Are keys correct?
Done!

Word, I'm not sure why it's happening. I know that someone was able to get me keys but I couldn't retrieve them on 2 different PC's. I am thinking it's user error but not sure where my mistake is. I know there are a few people out there that have updated there switches on older fw so I'm wondering if they were having issues a well, but I doubt it and wonder what they did differently.

 

[jellybeangreen2]

NA

 

[riyan1215]

i got this error
C:\hactool>python keys.py ReplaceMeWithSBK ReplaceMeWithTSEC
Using BOOT0.bin to get keys from package1...
Deriving keys...
Key (ReplaceMeWithTSEC) must be 32 hex digits!
Traceback (most recent call last):
File "keys.py", line 374, in <module>
stage0_results = subprocess.check_output([HACTOOL_PATH, "--keyset=keys.txt", "--intype=keygen", "BOOT0.bin"])
File "C:\Python27\lib\subprocess.py", line 223, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['hactool', '--keyset=keys.txt', '--intype=keygen', 'BOOT0.bin']' returned non-zero exit status 1

 

[Kazalber]

i got this error
C:\hactool>python keys.py ReplaceMeWithSBK ReplaceMeWithTSEC
Using BOOT0.bin to get keys from package1...
Deriving keys...
Key (ReplaceMeWithTSEC) must be 32 hex digits!
Traceback (most recent call last):
File "keys.py", line 374, in <module>
stage0_results = subprocess.check_output([HACTOOL_PATH, "--keyset=keys.txt", "--intype=keygen", "BOOT0.bin"])
File "C:\Python27\lib\subprocess.py", line 223, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['hactool', '--keyset=keys.txt', '--intype=keygen', 'BOOT0.bin']' returned non-zero exit status 1

You have to actually replace those parts with YOUR keys. Both are 32 digits each.

 

[Greg0]

Hello when i click DECRYPT XCI it says that my "keys.ini" isnt located next to the .exe when it actually is...
Edit: okay problem solved but now it says that the game.xci has to be next to exe when again, it is

 

[Kazalber]

Hello when i click DECRYPT XCI it says that my "keys.ini" isnt located next to the .exe when it actually is...
Edit: okay problem solved but now it says that the game.xci has to be next to exe when again, it is

Same thing kept happening to me, so I used hactool directly instead.
It is a little bit more complicated, but everything went great and now I'm playing backups

 

[kokoxp]

Hello,

I saw a couple other people in this thread with this same issue on firmware v2.3.0....
C:\nsw\tools\hactool>python keys.py XXXXXXXX XXXXXXX
Using BOOT0.bin to get keys from package1...
Could not find keyblob_key_source_xx! Please check the integrity of the data used in the current stage!

Obviously keys.py doesn't support lower firmware... is there a solution to this beyond buying a game with a newer firmware update on it and updating?

Have a same problem on Switch 1.0.0. I used your command

Invalid NCA header! Are keys correct?
Done!

I have had the same problem, and I think I have solved it.

The problem is in the script, which tries to find keys "keyblob_key_source_xx" from higher versions of the firm, and if it does not find them it gives the error: "Could not find keyblob_key_source_xx! Please check the integrity of the data used in the current stage!".

keyblob_key_source_00 is for master_key_00, which is the firmware version 1.0.0-2.3.0, the others keyblob_key_source_xx do not exist in these firmware versions.

More information about the keys: "https: //gist. github. com /roblabla/d8358ab058bbe3b00614740dcba4f208" (delete spaces)


The quick solution (only for versions 1.0.0-2.3.0),

comment the following lines (366 and 367):

keyblob_key_source_id, keyblob_key_source_xx = checkfound(find_via_hashset(PKG11_data, KEY_HASHES["keyblob_key_sources"], KEY_SIZES["keyblob_key_sources"]), "keyblob_key_source_xx")
keyz[keyblob_key_source_id] = keyblob_key_source_xx

result:

#keyblob_key_source_id, keyblob_key_source_xx = checkfound(find_via_hashset(PKG11_data, KEY_HASHES["keyblob_key_sources"], KEY_SIZES["keyblob_key_sources"]), "keyblob_key_source_xx")
#keyz[keyblob_key_source_id] = keyblob_key_source_xx

Bye.

 

[darkfortedx]

Hello,






I have had the same problem, and I think I have solved it.

The problem is in the script, which tries to find keys "keyblob_key_source_xx" from higher versions of the firm, and if it does not find them it gives the error: "Could not find keyblob_key_source_xx! Please check the integrity of the data used in the current stage!".

keyblob_key_source_00 is for master_key_00, which is the firmware version 1.0.0-2.3.0, the others keyblob_key_source_xx do not exist in these firmware versions.

More information about the keys: "https: //gist. github. com /roblabla/d8358ab058bbe3b00614740dcba4f208" (delete spaces)


The quick solution (only for versions 1.0.0-2.3.0),

comment the following lines (366 and 367):

keyblob_key_source_id, keyblob_key_source_xx = checkfound(find_via_hashset(PKG11_data, KEY_HASHES["keyblob_key_sources"], KEY_SIZES["keyblob_key_sources"]), "keyblob_key_source_xx")
keyz[keyblob_key_source_id] = keyblob_key_source_xx

result:

#keyblob_key_source_id, keyblob_key_source_xx = checkfound(find_via_hashset(PKG11_data, KEY_HASHES["keyblob_key_sources"], KEY_SIZES["keyblob_key_sources"]), "keyblob_key_source_xx")
#keyz[keyblob_key_source_id] = keyblob_key_source_xx

Bye.

This still doesnt work for me and im on 2.3.0