Homebrew RELEASE Lockpick - Switch key derivation homebrew

jorgesd

Well-Known Member
Member
Joined
Dec 28, 2018
Messages
208
Trophies
0
Age
43
XP
521
Country
East Timor
hi, i got the error Get Tegra keys.... Error: "Warning: Saving limited keyset. Dump Tegra keys with payload and run again to get all keys." and Dumping tittlekeys... No titlekeys found. Either you've never played or installed a game or dump failed." when opening lockip version 1.2. I print TSEC and Fuse info into my sd card with 4.8 hetake. My sd is not corrupt since i can do everthing normally. ams 8.4 with firmware 7.0.1 | 8 fuses burned. Dumps are in the carpet backup
 
Last edited by jorgesd,

KaruzoHikari

New Member
Newbie
Joined
Feb 24, 2019
Messages
1
Trophies
0
XP
1,219
Country
Spain
I had the Tegra keys and title keys issue with the latest version (v1.2), and no matter what I did it just wouldn't work. But after trying with the v1.1 it worked just fine
 

xfighter11

Well-Known Member
Newcomer
Joined
Oct 18, 2015
Messages
78
Trophies
0
Age
42
XP
616
Country
Gambia, The
Also have the same problem with current version. Maybe it needs to be updated for 7.0.1? I dumped Fuse + TSEC with Hekate 4.8.

/EDiT: Strange, I downgraded to 6.2 but still not possible :(
 
Last edited by xfighter11,

MrAttraction

Member
Newcomer
Joined
Feb 9, 2019
Messages
6
Trophies
0
Age
25
Location
São Paulo
XP
62
Country
Brazil
On my switch I can dump all keys fine but on my brother's console I'm getting this Tegra keys error

I updated mine offline to 7.0.1 via ChoiDujourNX and he updated his switch accidentally when it asked, but I don't think that would be the reason to this error.. weird
 
Last edited by MrAttraction,

huma_dawii

Well-Known Member
Member
Joined
Apr 3, 2014
Messages
3,883
Trophies
1
Age
32
Location
Planet Earth
XP
4,083
Country
United States
On my switch I can dump all keys fine but on my brother's console I'm getting this Tegra keys error

I updated mine offline to 7.0.1 via ChoiDujourNX and he updated his switch accidentally when it asked, but I don't think that would be the reason to this error.. weird

Everybody, use THIS payload to get your KEYS, hekate is not working to get the keys for some reason.

https://files.sshnuke.net/biskeydumpv8.zip after your do that you should get 113 keys, I cant get more that that :(
 
  • Like
Reactions: xfighter11

huma_dawii

Well-Known Member
Member
Joined
Apr 3, 2014
Messages
3,883
Trophies
1
Age
32
Location
Planet Earth
XP
4,083
Country
United States
Is there a tutorial for it? And does Lockpick work with the keys keys biskeydump?
Yes it does, I tried it myself, just put the biskeydump inside SD/bootloader/payloads/biskeydump.bin

then run hekate, and launch the payload via the payload menu and it will launch biskeydump, it will open and you will press - to dump the keys, then the switch will turn off. Done
 

test0000

Active Member
Newcomer
Joined
Feb 24, 2019
Messages
28
Trophies
0
Age
58
XP
92
Country
Switzerland
This is because Lockpick is expecting a tsec_keys.bin file of 48 bytes long but hekate 4.8 generates a file of 32 bytes.

Line 188 in common.cpp:

else if (!tsec.found() && (p.file_size() == 0x30) &&


This can be worked around easily by adding 16 bytes to tsec_keys.bin file using an hexadecimal editor.

According to source code, only the first 32 bytes seem to be used anyway: (line 194)

fread(temp_key.data(), 0x10, 1, tsec_file);

tsec = Key("tsec_key", 0x10, temp_key);

fread(temp_key.data(), 0x10, 1, tsec_file);


I did that and Lockpick was able to extract 113 keys.


But tinfoil and goldleaf are making atmosphere crash when loading a nsp and Zerotwoxci is returning an error.

Don't know if it is linked to keys or other apps...
 
Last edited by test0000,

xfighter11

Well-Known Member
Newcomer
Joined
Oct 18, 2015
Messages
78
Trophies
0
Age
42
XP
616
Country
Gambia, The
I dumped my keys with biskeydump.bin but Lockpick don't seem to like its key format. Any help? Do I need to format something?
 

notimp

Well-Known Member
Member
Joined
Sep 18, 2007
Messages
5,782
Trophies
1
XP
4,405
Country
Laos
Everybody, use THIS payload to get your KEYS, hekate is not working to get the keys for some reason.

https://files.sshnuke.net/biskeydumpv8.zip after your do that you should get 113 keys, I cant get more that that :(
This is the easiest workaround so far.

Here are detailed steps (to be used with atmosphere 0.8.4+):
- rename reboot_payload.bin in the atmosphere folder to 2reboot_payload.bin
- rename biskeydump.bin to reboot_payload.bin and put it in the atmosphere folder
- use the reboot to rcm nro to reboot into this payload
- follow on screen instructions to write the file to the disk
- shut down the switch, and reboot it with your payload injector
- launch atmosphere and then run lockpick again - this time it should work
- delete reboot_payload.bin from the atmosphere folder and rename 2reboot_payload.bin to reboot_payload.bin again

Use the most current version of Lockpick.

Thats it. Thank you for finding this workaround.
 
Last edited by notimp,

xfighter11

Well-Known Member
Newcomer
Joined
Oct 18, 2015
Messages
78
Trophies
0
Age
42
XP
616
Country
Gambia, The
This is the easiest workaround so far.

Here are detailed steps (to be used with atmosphere 0.8.4+):
- rename reboot_payload.bin in the atmosphere folder to 2reboot_payload.bin
- rename biskeydump.bin to reboot_payload.bin and put it in the atmosphere folder
- use the reboot to rcm nro to reboot into this payload
- follow on screen instructions to write the file to the disk
- shut down the switch, and reboot it with your payload injector
- run lockpick again - this time it should work
- delete reboot_payload.bin from the atmosphere folder and rename 2reboot_payload.bin to reboot_payload.bin again

Use the most current version of Lockpick.

Thats it. Thank you for finding this workaround.

This guide it totally useless I guess. Did you even try it? First of all it won't work with AutoRCM enabled (what the most people are using). Furthermore Lockpick won't find any with biskeydump generated keys since they are stored in a different format on a different location on the SD card. Pls let me know if I'm wrong.
 

test0000

Active Member
Newcomer
Joined
Feb 24, 2019
Messages
28
Trophies
0
Age
58
XP
92
Country
Switzerland
This guide it totally useless I guess. Did you even try it? First of all it won't work with AutoRCM enabled (what the most people are using). Furthermore Lockpick won't find any with biskeydump generated keys since they are stored in a different format on a different location on the SD card. Pls let me know if I'm wrong.

You can try what I posted juste above. Adding 16 bytes (all 0) to tsec_keys.bin is very easy. You can use Frhed editor for example.
 

notimp

Well-Known Member
Member
Joined
Sep 18, 2007
Messages
5,782
Trophies
1
XP
4,405
Country
Laos
I have Autorcm enabled. Thats not an issue.
Also, I've wrote the 'guide' after I did all of the steps myself.

Atmosphere boots into the reboot_payload.bin firmware - when you use the reboot to rcm nro. Thats part of its featureset.

This allows you to reboot into the biskeydumpv8 payload once renamed.

This allows you to write the device.keys file to the sdcard.

After the next reboot into atmosphere, lockpick worked for me.

(Had generated both fuse info and TSEC keys - with hekate before)
--

If this is another case of "lockpick suddently working" - then I apologize, but this is what worked for me on my second try with Lockpick. When on the first try (just with hekate dumping fuse info and TSEC) it didn't work. FW: 7.0.1
--

As for the "totally useless part" - everything worked as described. There are NO issues with autorcm. You'd have known that if you had read atmosphere changelogs for the past few releases. And all of this worked. No path issues - nothing.

If this should turn out to be a case of Lockpick suddenly working for no reason, as it did for one other user - thats not my fault. But I presume it was biskeydumpv8 at work, that made Lockpick work afterwards.
 
Last edited by notimp,

xfighter11

Well-Known Member
Newcomer
Joined
Oct 18, 2015
Messages
78
Trophies
0
Age
42
XP
616
Country
Gambia, The
You can try what I posted juste above. Adding 16 bytes (all 0) to tsec_keys.bin is very easy. You can use Frhed editor for example.

I could, yes. But I guess something is fishy with the Hekate dumped keys. Maybe those are incomplete. So I doubt it will work :(

--------------------- MERGED ---------------------------

If this is another case of "lockpick suddently working" - then I appologise, but this is what worked for me on my second try with Lockpick. When on the first try (just with hekate dumping fuse info and TSEC) didn't work.

Yeah, I think it is another case of spontaneous working. If I understand everything correctly Lockpick is only scanning the keys in the backup folder dumped by Hekate. So it doesn't even touch the device.keys dumped by biskeydump.
 

test0000

Active Member
Newcomer
Joined
Feb 24, 2019
Messages
28
Trophies
0
Age
58
XP
92
Country
Switzerland
I could, yes. But I guess something is fishy with the Hekate dumped keys. Maybe those are incomplete. So I doubt it will work :(

As I said, Lockpick code is only using 32 bytes out of 48, so it should not be an issue.
I guess hekate developers just removed the extra bytes for consistency. Next version of Lockpick will align for sure.

But is Lockpick extracting the correct keys for 7.0.x ? Let's wait for shchmue's confirmation
 
Last edited by test0000,

shchmue

Developer
OP
Developer
Joined
Dec 23, 2013
Messages
790
Trophies
0
XP
2,321
Country
United States
Error: "Warning: Saving limited keyset. Dump Tegra keys with payload and run again to get all keys."
  • Reason: Lockpick can't find your TSEC and SBK dump files
    • Cause 1: you viewed the TSEC and fuse info in Hekate but didn't save both to SD card
    • Cause 2: your SD card has corrupt sectors and needs reformatting
    • Cause 3: your SD card is counterfeit and acts like it's saving files but isn't

Where does the TSEC and SBK need to be dumped to? Root, same folder as lockpick?
we spoke on Discord but for those playing at home, i'll be pushing a fix for Lockpick not finding TSEC keys dumped with Hekate 4.8, i had a strict file size check in place and Hekate rightfully changed the file size for it.
 
General chit-chat
Help Users
    K3N1 @ K3N1: Zelda transforms into link