Lockpick_RCM payload - Official Thread


Description

Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage
  • Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
  • Upon completion, keys will be saved to /switch/prod.keys on SD
  • If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)
Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues
  • Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly
 

Attachments

  • AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    11.2 KB · Views: 0
Last edited by shchmue,

spix

Member
Newcomer
Joined
Oct 28, 2024
Messages
23
Trophies
0
Age
45
XP
59
Country
Italy
same error version 1.9.13
on hekate v6.2.1.
I think that depend on OFW that is clean after systemwipe
 
Last edited by spix,

Hayato213

Newcomer
Member
Joined
Dec 26, 2015
Messages
20,885
Trophies
1
XP
22,639
Country
United States
I have an error after launch lockpick, during the creation of file.

Common... Error: Save header is invalid.
Failed to process es save


Can you help me?
Note: OFW is clean no games or others installed systemwipe was performed

Might have to do with you using systemwipe
 
  • Like
Reactions: Blythe93

impeeza

¡Kabito!
Member
Joined
Apr 5, 2011
Messages
8,290
Trophies
4
Age
46
Location
At my chair.
XP
28,809
Country
Colombia
I have an error after launch lockpick, during the creation of file.

Common... Error: Save header is invalid.
Failed to process es save


Can you help me?
Note: OFW is clean no games or others installed systemwipe was performed

Might have to do with you using systemwipe
You problem is about Title keys, you have some invalid savegames and/or title tickets, the good news is your prod.keys are extracted ok. use a homebrew like TinWoo, Goldleaf or DBI to remove unused tickets or reinstall all your titles.
 
  • Like
Reactions: Blythe93

spix

Member
Newcomer
Joined
Oct 28, 2024
Messages
23
Trophies
0
Age
45
XP
59
Country
Italy
You problem is about Title keys, you have some invalid savegames and/or title tickets, the good news is your prod.keys are extracted ok. use a homebrew like TinWoo, Goldleaf or DBI to remove unused tickets or reinstall all your titles.
Thank you for supporting.
SYSMMC launch:
I have proceed with dbi and used clean orphan and this not help me.
Now with goldleaf i look inside memory of NAND -system i found 3 folders
1) Contents
2) Save- inside about 65 file
3)saveMeta- one folder inside, but seems empty.

Can you explain better what's can i do?
Where is folders for this save?
Could be that not find correct folders for common and personalized?

Thanks for all
 
Last edited by spix,

spix

Member
Newcomer
Joined
Oct 28, 2024
Messages
23
Trophies
0
Age
45
XP
59
Country
Italy
I restored old nand backup.

Now errors are not present, but system OFW not start black screen after official logo. I tried to go in maintenance mode but after logo always black screen.

Thank you for any support or suggestions
 

Attachments

  • IMG_20241103_120559.jpg
    IMG_20241103_120559.jpg
    3.5 MB · Views: 14

petspeed

Well-Known Member
Member
Joined
Nov 13, 2009
Messages
1,257
Trophies
1
Age
50
XP
2,150
Country
Denmark
I restored old nand backup.

Now errors are not present, but system OFW not start black screen after official logo. I tried to go in maintenance mode but after logo always black screen.

Thank you for any support or suggestions
You may have too many burned fuses for the version you restored to.
What fw version did you have before restoring your backup?
What fw version did you restore to?
What is your fuse count? (Check with Hekate)
 

impeeza

¡Kabito!
Member
Joined
Apr 5, 2011
Messages
8,290
Trophies
4
Age
46
Location
At my chair.
XP
28,809
Country
Colombia
I restored old nand backup.

Now errors are not present, but system OFW not start black screen after official logo. I tried to go in maintenance mode but after logo always black screen.

Thank you for any support or suggestions
Hope you made a backup of the system before restoring, restore that backup and start the cfw (Atmosphère) on it and factory clean the current system using settings. Start over with title installation
 
  • Like
Reactions: Blythe93

spix

Member
Newcomer
Joined
Oct 28, 2024
Messages
23
Trophies
0
Age
45
XP
59
Country
Italy
You may have too many burned fuses for the version you restored to.
What fw version did you have before restoring your backup?
What fw version did you restore to?
What is your fuse count? (Check with Hekate)
18.0.1, 18.0.1, burnt fuse count 19
 
  • Like
Reactions: impeeza

jkyoho

Well-Known Member
Member
Joined
Sep 2, 2020
Messages
1,626
Trophies
3
Website
form.jotform.com
XP
2,689
Country
Canada
18.0.1, 18.0.1, burnt fuse count 19
try emmchacgen rebuild system partition files with your own prod.key and use nxnandmanager to wipe/delete system & user partitions instead of tegraexplorer script.

I used to have sysnand clean/rebuild with tegraexplorer wipe script but they are slow and might have issue, so I switch to emmchacgen rebuild path
 
Last edited by jkyoho,

spix

Member
Newcomer
Joined
Oct 28, 2024
Messages
23
Trophies
0
Age
45
XP
59
Country
Italy
try emmchacgen rebuild system partition files with your own prod.key and use nxnandmanager to wipe/delete system & user partitions instead of tegraexplorer script.

I used to have sysnand clean/rebuild with tegraexplorer wipe script but they are slow and might have issue, so I switch to emmchacgen rebuild path
At the moment i use emmchacgen.
Format fat32 both and after i copied 18.0.1. exfat from emmchacgen, system and user.
Safe folder? What about it? Do i need to format32 and copy emmchacgen?
 

spix

Member
Newcomer
Joined
Oct 28, 2024
Messages
23
Trophies
0
Age
45
XP
59
Country
Italy
Solved!
After i restore my dump, i have proceed with delete 8000000000000120 in System/save and replace with same file from a-18.0.1_exFAT generated with my prod.key and emmuchacc and obviously fw 18.0.1 thank you for every advice or support.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    SylverReZ @ SylverReZ: @Vetusomaru, Fine thanks