Homebrew RELEASE Lockpick - Switch key derivation homebrew

[uludag]

Awesome! Thank you very much!
Works like a charm

 

[Cyan]

Thank you for your release.
you talked about it few weeks ago, I'm glad you finally completed it

I guess tools requiring keys could use lockpick as library to get all keys in real time instead of needing user's prod.key file? less than 1 second to get everything on the fly.
at least if they are on the correct firmware version with the required key.

I never polished the code, but here it is. system:/ is mapped to the raw bis system partition (not file system). Id give you more code but it would be useless to you as its too ingrained into my framework.

Thanks for sharing and the working together spirit to improve homebrew for everyone.

 

[Manurocker95]

It works like a charm. Awesome work <3

 

[Canna]

In the process of fixing kezplez earlier this year, I decided to do a ground-up rewrite with a lot of support from the community. It's heavily optimized and gets all possible keys in <1 second as of Firmware 6.2.0. It can also dump titlekeys! This may take longer, depending on how many titles you have installed.

Note that as of right now, the ES sysmodule has to be intentionally crashed to dump titlekeys, that's why it's optional - any games launched afterwards will crash until you reboot the console.

How to use:

1. Use Hekate to dump TSEC and fuses:
   1. Push hekate payload bin using TegraRCMSmash/TegraRCMGUI/modchip/injector
   2. Using the VOL and Power buttons to navigate, select "Console info..."
   3. Select "Print fuse info"
   4. Press Power to save fuse info to SD card
   5. Select "Print TSEC keys"
   6. Press Power to save TSEC keys to SD card
2. Launch CFW of choice
3. Open Homebrew Menu
4. Run Lockpick
5. Use the resulting prod.keys file as needed and rename if required

You may instead use biskeydump and dump to SD to get all keys prior to the 6.2.0 generation - all keys up to those ending in 05. This will dump all keys up to that point regardless which firmware it's run on.

Notes:

• To get keys ending in 06, you must have firmware 6.2.0 installed
• No one knows package1_key_06, it's derived and erased fully within the encrypted TSEC payload. While there's a way to extricate tsec_root_key due to the way it's used, this is unfortunately not true of the package1 key
• If for some reason you dump TSEC keys on 6.2.0 and not fuses (secure_boot_key) you will still get everything except any of the package1 or keyblob keys (without SBK, you can't decrypt keyblobs and that's where package1 keys live)

Screenshots:

View attachment 151390 View attachment 151391

Source: https://github.com/shchmue/Lockpick
Release: https://github.com/shchmue/Lockpick/releases

GBATemp download center xref: https://gbatemp.net/download/lockpick.35298/

Great work shchmue as always,This shall be added to my guide thanks for your hard work.

 

[shchmue]

Thank you for your release.
you talked about it few weeks ago, I'm glad you finally completed it

I guess tools requiring keys could use lockpick as library to get all keys in real time instead of needing user's prod.key file? less than 1 second to get everything on the fly.
at least if they are on the correct firmware version with the required key.


Thanks for sharing and the working together spirit to improve homebrew for everyone.

Indeed, you could merge it into another project, it would still carry the same requirement to dump TSEC and SBK from payload though.

 

[jaysea]

I am wondering if this doesn't work on < 6.2.0 at all or that you just do not get the 06 keys? It is not clear to me by reading the OP.

--------------------- MERGED ---------------------------

it is possible, and probably easier to do that yes.

Is there a public release of anything which does that?

 

[shchmue]

I am wondering if this doesn't work on < 6.2.0 at all or that you just do not get the 06 keys? It is not clear to me by reading the OP.

--------------------- MERGED ---------------------------


Is there a public release of anything which does that?

it works on every firmware, it just can only get 06 keys on 6.2.0.

a payload-only solution is actually pretty tedious; there's key derivation code in most payloads of course, and i don't know much about the environment but the impression i get is that ram and cpu speed are very limited and you actually have to do more work to do stuff like decrypt package1 and 2 and decompress the kips. to get it to work it might still be very slow, and i wanted this solution to be fast

there's a script that runs on computer using dumps elsewhere on the forum that hasn't been updated for 6.2.0 yet (it'll probably fall to me to do that, i'll get around to it eventually) and there's HACGUI which also runs on computer and is awesome and should be updated for 6.2.0 soon, but is Windows-only i believe

 

[jaysea]

So basicaly this is kezplex which gives the keys for 6.2.0 aswell and is really fast.
Meaning that it should replace kezplex all the way

 

[shadoom]

Make an obvious political statement in software
Delete every message as off-topic that talks about it.
If you didn't want anyone to talk about it, adding it might be have been the wrong decision

 

[JaapDaniels]

Make an obvious political statement in software
Delete every message as off-topic that talks about it.
If you didn't want anyone to talk about it, adding it might be have been the wrong decision

why are you so afraid? it isn't political, it's a love statement.
and it's against rules to change subject here or take over.
if you got a problem go make your own thread!

 

[shchmue]

So basicaly this is kezplex which gives the keys for 6.2.0 aswell and is really fast.
Meaning that it should replace kezplex all the way

well, sort of, kezplez basically dumps stuff needed to set up hactool and uses its key derivation repeatedly. it duplicates an algorithm that's made to run on a computer. Lockpick takes full advantage of running on a console so it's a ground-up rewrite.

 

[Deleted User]

What's with all the shitlords in this thread complaining about colours and statements? Either use the tool or don't. Nobody is forcing you to use it.

Keep up the good work OP, this scene would be dead without people like you.

 

[Huntereb]

Either use the tool or don't. Nobody is forcing you to use it.

This is true. It can also be forked and turned into whatever you'd like, to support any cause you wish. The power of open source!

 

[palantine]

Why was discussion about my fork deleted?

 

[iTz_Renzokuken]

i'm newbie on haxing/homebrew, i managed to dump my keys, but i need the "keyblob_mac_key_source" for nscbuilder to work, how i can get/find this one?
thx in advance

 

[shchmue]

i'm newbie on haxing/homebrew, i managed to dump my keys, but i need the "keyblob_mac_key_source" for nscbuilder to work, how i can get/find this one?
thx in advance

that will end up in the /switch/prod.keys file no matter what

 

[iTz_Renzokuken]

sry, pls some mod delete my post, i found it

 

[hippy dave]

a payload-only solution is actually pretty tedious; ... and i don't know much about the environment but the impression i get is that ram and cpu speed are very limited

Faster since ctcaer released minerva.

Why was discussion about my fork deleted?

Probably because you were just doing it to be a dick.

 

[iTz_Renzokuken]

that will end up in the /switch/prod.keys file no matter what

thank you for your quick response, i found it, shame on me -_-

 

[shchmue]

Faster since ctcaer released minerva.

yeah probably! i'm happy to help answer questions about key derivation for anyone who wants to attempt payload dumping but i'm not up for learning about the preboot env right now to do it myself