RELEASE Lockpick_RCM payload - Official Thread

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by shchmue, Mar 4, 2019.

  1. miss_nakano

    miss_nakano GBAtemp Regular

    Member
    4
    Feb 27, 2016
    Australia
    First of all, shchmue, I want say thanks to you for this amazing tool! I am still a newbie..I have a few questions for you regarding this tool.

    1)After running lockpick_RCM, I get prod.keys in the /switch folder. It said it found 140 keys. Regarding title keys, it additionaly said "invalid public exponent" and finally it said "found through master_key_09". Did I do everything right? Are those message supposed to be normal?

    2) According to your github page, you said that it is recommended to put minerva. But where do I find it?

    3)According to your github page, it is said that "Upon completion, keys will be saved to /switch/prod.keys and titlekeys to /switch/title.keys on SD" but I only had prod.keys generated and no title.keys at all. Is this because the invalid message above?

    4) how exactly do I use this? Or is this just for back up purpose, since I did this after backing up nand or can you use this prod.keys somewhere for certain other purpose?

    My firmware is 8.10, hekate 5.02, AMS 0.9.4.

    Thank you very much.
     
    Last edited by miss_nakano, Oct 14, 2019 - Reason: Forgot to mention my system details
  2. OrGoN3

    OrGoN3 GBAtemp Addict

    Member
    9
    Apr 23, 2007
    United States
    1. You probably have nothing installed. Don't worry about it.

    2. From hekate (https://github.com/CTCaer/hekate/releases). If you booted with Hekate, like you mentioned, then minerva is already where it is supposed to be. Plus, that's only for titlekeys, so who cares?

    3. Do you have any games/apps installed? If not, then there is nothing to dump.

    4. You save a backup copy of your prod.keys and keep the prod.keys on your SD card. If any homebrew requires them, you'll have them. However, once you update to 8.x.x or 9.x.x you'll have to run the tool [Lockpick_RCM] again to get the latest keys.
     
    miss_nakano likes this.
  3. miss_nakano

    miss_nakano GBAtemp Regular

    Member
    4
    Feb 27, 2016
    Australia
    1)Actually I have around 14 games installed. Now that you mention it, I actually I just started fresh by copying the newest SD files to my SD and deleting everything except for nintendo folder. I also update my ns atmosphere dongle payload to the newest hekate of 5.02. Since I just did it, I havent run the installed game or any homebrew apps after starting fresh and only have been messing up with hekate because I thought I am stuck in this "lockpick rcm" step till this post.

    2)So it is supposed to be included already by running the hekate 5.02 payload?

    3)I have things installed but I havent run them at all since I started fresh and want to finish the important things to do with hekate(back up, lockpick etc) first. I have the nintendo folder though.

    4)I see.. you have to get the keys every time you update..so the purpose of this key is for homebrew? How do I use this then? Where do I put it?

    Thanks again.
     
  4. OrGoN3

    OrGoN3 GBAtemp Addict

    Member
    9
    Apr 23, 2007
    United States
    2. Hekate is the payload. The release contains files for your SD card as well. If you didn't update your sd card with those files, then please do so.

    3. Are they installed to SD card or nand?

    4. I already told you what to do with your keys and where to put them. I don't know what else you can be meaning.
     
    miss_nakano likes this.
  5. miss_nakano

    miss_nakano GBAtemp Regular

    Member
    4
    Feb 27, 2016
    Australia
    1) yes, I know hekate is the payload. I used ns programmer thing from the ns atmoaphere dongle website to overwrite the obsolete hekate version to the 5.02 one. I did copy the newest sd files that contain the updated ams and homebrews. Thanks for your concern.

    2)the games and homebrew are all in the sd card(the games are in nintendo folder in sd card). I didnt even know you could Install things in NAND.

    3) sorry if i wasnt being clear. Maybe an example would be better. Let's say goldleaf and edizon need this prod.keys. So, where do you put the prod.keys in order for goldlead/edizon to be able to use it?

    Thanks again :)
     
  6. OrGoN3

    OrGoN3 GBAtemp Addict

    Member
    9
    Apr 23, 2007
    United States
    1. Thanks for your patience and kindness. Both are very much appreciated and often not shown. :)

    1. Just making sure. Minerva is under sdcard://bootloader/sys/libsys_minerva.bso

    2. You can install to nand, it's just not recommended.

    3. Again, if Homebrew needed it, it would look under sdcard://switch/prod.keys, then sdcard://switch/keys.txt. that is where lockpick_rcm puts the file. No need to move it aside from backing it up.
     
    miss_nakano likes this.
  7. miss_nakano

    miss_nakano GBAtemp Regular

    Member
    4
    Feb 27, 2016
    Australia
    1) Thank you, I'll check if it is there.

    2)it is not recommended, huh? I suppose this is why I never really hear about installing things to NAND. Thanks.

    3)Now this is the information I want! Thanks for explaining it so clearly! Just one more question, where do the keys.txt come from? I only have prod.keys in the switch folder.

    Thanks again :)
     
  8. OrGoN3

    OrGoN3 GBAtemp Addict

    Member
    9
    Apr 23, 2007
    United States
    You can rename prod.keys to keys.txt. I'm not sure where the different names stem from.

    Well I mean you can install to nand. Just realize it'll fill up quickly. Also if you're using emunand/emummc then it's installing to SD card no matter what. Just install everything to sd and you'll be good.

    You're welcome. :D
     
    miss_nakano likes this.
  9. miss_nakano

    miss_nakano GBAtemp Regular

    Member
    4
    Feb 27, 2016
    Australia
    So that's how you get the keys.txt! About the installing things to the nand , I think I'll stick to sd card installing for more safety.

    Thanks again for everything, OrGoN3! I look forward for your helps again in the future! :)
     
    OrGoN3 likes this.
  10. shchmue
    OP

    shchmue Developer

    pip Developer
    8
    Dec 23, 2013
    United States
    that’s odd. it means your prodinfo decrypted successfully and it derived eticket_rsa_kek but the result of decrypting the keypair was off. huh. yes, that’s why there’s no title.keys file

    minerva is part of the hekate release package in the sd files

    some programs require keys. they’ll include instructions if so. as far as i know, homebrew doesn’t require keys anymore as there are ways they can get keys they need during runtime. these are mostly required by programs that run off console.
     
    miss_nakano likes this.
  11. miss_nakano

    miss_nakano GBAtemp Regular

    Member
    4
    Feb 27, 2016
    Australia
    Thank you very much for answering my questions!

    So something was wrong after all..
    .actually I suspect it is my weird switch. My switch was made in 2019(supposed to be ipatched) and its serial number is in the "certainly patched" category like the one here:

    https://gbatemp.net/threads/my-switch-is-a-2019-v6-2-0-xaj4008278-unpatched-unit.546996/

    Just like his switch, mine is probably an anomaly as well. But it is really unpatched though since I can use autorcm. It's just that I dont understand what "invalid public exponent" meant. I wonder what can be done with the keys.txt not being generated..

    Thanks again shchmue for your amazing tools!
     
  12. shchmue
    OP

    shchmue Developer

    pip Developer
    8
    Dec 23, 2013
    United States
    oh! interesting. could you leave the prod.keys file where it is and try running Lockpick homebrew and see if that is able to get your titlekeys?

    — Posts automatically merged - Please don't double post! —

    incidentally, bugfix release. this doesn't address anything you're dealing with though.

    Catch uncommon errors reading Sept files. Also added a few new SD Save keys that aren't really useful to anyone except researchers. See LibHac for usage. Reduced size of large module for future expansion.
    edit: fixed the fix
    https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.6.3
     
    Last edited by shchmue, Oct 15, 2019
    hausa51 and miss_nakano like this.
  13. SMVB64

    SMVB64 Now your playing with power! Super power!

    Member
    4
    Feb 13, 2013
    Canada
    Hello all,

    I have an issue using Lock pick RCM.
    it does find the keys but is unable to save them
    The error I am getting is "unable to create /switch folder on SD"

    Thanks,
    SM
     
  14. shchmue
    OP

    shchmue Developer

    pip Developer
    8
    Dec 23, 2013
    United States
    yeah i fixes that but didn’t post it
    https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.6.4
     
    miss_nakano, hausa51 and SMVB64 like this.
  15. SMVB64

    SMVB64 Now your playing with power! Super power!

    Member
    4
    Feb 13, 2013
    Canada
    shchmue likes this.
  16. miss_nakano

    miss_nakano GBAtemp Regular

    Member
    4
    Feb 27, 2016
    Australia
    Thank you very much for your amazing 1.6.4 fix!
     
  17. shchmue
    OP

    shchmue Developer

    pip Developer
    8
    Dec 23, 2013
    United States
    https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.7.0 Zoom update

    Lockpick_RCM now parses the ES save files correctly for much quicker Titlekey extraction, ie linear in number of titlekeys rather than checking the whole save container

    Huge thanks to @minibar for an excellent source of truth on save parsing in the form of https://github.com/Thealexbarney/LibHac/ and for answering so many questions about it on top of all the hard work reversing FS and constantly improving LibHac

    Also corrected a major bug in Hekate's heap code (please do the same if you use Hekate code in your own projects! ref https://github.com/CTCaer/hekate/pull/300 ) and eliminated a few of my own memory leaks, both guaranteed and potential
     
    Last edited by shchmue, Oct 28, 2019
    hippy dave and ChaosEternal like this.
  18. shchmue
    OP

    shchmue Developer

    pip Developer
    8
    Dec 23, 2013
    United States
    renanbianchi, hippy dave and hausa51 like this.
  19. renanbianchi

    renanbianchi Member

    Newcomer
    3
    Jun 19, 2008
    Brazil
    I'm getting an error "unable to derive Package2 key". Is there something i can do?

    Edit: I'm using 1.7.1
     
    Last edited by renanbianchi, Nov 1, 2019
  20. shchmue
    OP

    shchmue Developer

    pip Developer
    8
    Dec 23, 2013
    United States
    What firmware version? Does your console boot? Sysnand or Emunand?
     
    renanbianchi likes this.
Quick Reply
Draft saved Draft deleted
Loading...