Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

• Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
• Upon completion, keys will be saved to /switch/prod.keys on SD
• If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

• Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

 

[Zoria]

You won me for a hair of a frog!! ha ha hah a

39 degrees fever, I don't know what I'm doing here xD

 

[impeeza]

39 degrees fever, I don't know what I'm doing here xD

wow, hope you get well very soon. fever is a b***h

 

[Zoria]

Yes, I just quickly made the patch for one of my tools that needed it.

 

[Blythe93]

Thank you for the quick update, Zoria! Get well soon!

 

[NotUsingAnAltAccount]

39 degrees fever, I don't know what I'm doing here xD

Thank you and get better soon. Drink a lot of water!

 

[OrGoN3]

Here is the source code for LockPick_RCM corrected for 21.0.0, as well as the compiled binary for recovering master key 14.

I'm unable to open either, says corrupted. Anybody else having this issue?

Edit: but the links through the download section worked.

Thanks and feel better!!!!

 

[impeeza]

I'm unable to open either, says corrupted. Anybody else having this issue?

Edit: but the links through the download section worked.

Thanks and feel better!!!!

No problem at all with the @zhoria 's links.

 

[urherenow]

Is the unc one needed by anything? Why include it in the zip? Just wondering.

 

[impeeza]

Is the unc one needed by anything? Why include it in the zip? Just wondering.

Is included just because is generated as an artifact automatically by GitHub actions. But it's not needed at all

 

[OrGoN3]

No problem at all with the @zhoria 's links.

Odd. I just tried to download them again from their post and both files are corrupt. They're also not the close to the correct sizes that are available through the Downloads section.

 

[alcab]

Use WINRAR (or 7-zip, which is better).

 

[urherenow]

Use WINRAR.

blech. Use 7-zip. It works for almost everything. And right-click the downloaded file, go to properties, and unblock it. The issue is likely an AV/anti-malware program messing with it.

 

[impeeza]

blech. Use 7-zip. It works for almost everything. And right-click the downloaded file, go to properties, and unblock it. The issue is likely an AV/anti-malware program messing with it.

7Zip. Rocks!

The "Unblock" is a Window feature, Microsoft insist on mark as "dangerous" anything what do not get pay to being marked "safe".

If you download anything from the internet and the publisher did not pay to microsoft, the file will have a NTFS Stream indicating what the file is from the Internet and should be considered "Dangerous"

you can remove the mark using the file properties or the tool Streams from sysinternals.

By example I just download this three files and they are marked down:

whit the command streams -d they can be deleted

 

[OrGoN3]

blech. Use 7-zip. It works for almost everything. And right-click the downloaded file, go to properties, and unblock it. The issue is likely an AV/anti-malware program messing with it.

I'm using Android. No antivirus. I've never had an issue with a correctly packed zip file.

Post automatically merged: Nov 13, 2025

7Zip. Rocks!

The "Unblock" is a Window feature, Microsoft insist on mark as "dangerous" anything what do not get pay to being marked "safe".

If you download anything from the internet and the publisher did not pay to microsoft, the file will have a NTFS Stream indicating what the file is from the Internet and should be considered "Dangerous"

you can remove the mark using the file properties or the tool Streams from sysinternals.

By example I just download this three files and they are marked down:
View attachment 538320

whit the command streams -d they can be deleted

View attachment 538322

It's literally called the Mark of the Web.

 

[pofehof]

Here is the source code for LockPick_RCM corrected for 21.0.0, as well as the compiled binary for recovering master key 14.

Is this actually for 21.0.0 on the original Switch? I'm getting an "Unable to derive master keys for prod/dev" error near the top when I run it.

 

[impeeza]

Is this actually for 21.0.0 on the original Switch? I'm getting an "Unable to derive master keys for prod/dev" error near the top when I run it.

I have not a Mariko unit to test. please share a screenshot of your error for the developers to test it.

 

[pofehof]

I have not a Mariko unit to test. please share a screenshot of your error for the developers to test it.

I'm not on Mariko, I'm on Switch V1 as well. I have attached the screenshot with the error.

 

[impeeza]

I'm not on Mariko, I'm on Switch V1 as well. I have attached the screenshot with the error.

this screenshot shows a totally fine run of LockPick and found all keys.

 

[OLineGuy]

this screenshot shows a totally fine run of LockPick and found all keys.

mine says same but the output is missing a bunch of the keys

 

[pofehof]

this screenshot shows a totally fine run of LockPick and found all keys.

Still has the error I mentioned near the top, and as 0LineGuy mentioned, it seems to be missing a good amount of keys.