Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

• Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
• Upon completion, keys will be saved to /switch/prod.keys on SD
• If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

• Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

 

[romsenin]

I'm not expert and i know it's not the best way to do the job. This is why i haven't made a PR.

 

[zebrone]

Ive dumped all the key with hekate( 8.1 fw).
Now when i launch lockpick with sx os it appears this: why?
How can i dump the keys with sx os?

 

[romsenin]

Ive dumped all the key with hekate( 8.1 fw).
Now when i launch lockpick with sx os it appears this: why?
How can i dump the keys with sx os?

You must have the "sept/*" files from Atmosphere CWF. And so lockpick will be able to boot in sept mode.

 

[bakedbeans]

I'm not expert and i know it's not the best way to do the job. This is why i haven't made a PR.

Although hardcoding filepath will fail for file based structures like X:\emuMMC\SD01\eMMC\00-07,
Would you mind pushing a compiled release for it?

 

[zebrone]

You must have the "sept/*" files from Atmosphere CWF. And so lockpick will be able to boot in sept mode.

where download it?

 

[hippy dave]

where download it?

https://github.com/Atmosphere-NX/Atmosphere/releases

 

[romsenin]

Although hardcoding filepath will fail for file based structures like X:\emuMMC\SD01\eMMC\00-07,
Would you mind pushing a compiled release for it?

I made a quick patch (bad code but it's works for me) for lockpick_rcm to support emuMMC (RAW1) on GitHub : Frogomeli/Lockpick_RCM

And no i don't release any bin and so the user can change raw1 in rawX. It is so easy to build a payload. Google it

 

[Emixman]

I've got the same issue at sushi4u.

Tegrasmash and payload loader both freeze when I try to use the emummc lockpick rcm app.

*edit* I'll add some more information. I'm on 3.0 stock and 8.1/Atmos 0.9.3 for emummc. Running the regular lockpick_rcm works to get my 3.0 keys, the file you posted above for retrieving emummc keys does not. I set up the partition on my SD card from the guide to do so, used hekate to copy over stock FW to emummc, then updated to 8.1 with choidujournx. I'm a bit surprised no one else has run into this issue but sushi4u and myself.

Same problem. Stock 4.1, Emu 8.0.1.

 

[shchmue]

Still need to finish the emummc option version, but here's the latest that will dump keys from 9.0.0 sysnand. Because TSEC firmware didn't change, and because of how Sept handles it, it'll also dump the latest keys on firmware 8.1.0 with up to date Sept files.

https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.4.0

 

[shchmue]

Now lets you choose to dump from emunand or sysnand, and a fix for bis generation on newer consoles

https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.5.0

 

[Emixman]

Now lets you choose to dump from emunand or sysnand, and a fix for bis generation on newer consoles

Working great, thanks

 

[sushi4u]

Now lets you choose to dump from emunand or sysnand, and a fix for bis generation on newer consoles

Thanks a bunch shchmue.

This worked perfectly for my sys 2.3.0 and 8.1.0 emummc.

 

[SonGoku78]

Now lets you choose to dump from emunand or sysnand, and a fix for bis generation on newer consoles

https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.5.0

Hey shchmue, i tried lockpick rcm today, but it didnt detect my sx os emunand, i am using exfat and emunand as file. Am i doing anything wrong ?

 

[SonGoku78]

Now lets you choose to dump from emunand or sysnand, and a fix for bis generation on newer consoles

https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.5.0

Hey shchmue, i tried lockpick rcm today, but it didnt detect my sx os emunand, i am using exfat and emunand as file. Am i doing anything wrong ?

 

[shchmue]

I don't know anything about sx emunand, this is for the one that hekate recognizes. If it's compatible, you can migrate it within Nyx then Lockpick_RCM should be able to see it. not sure if that messes anything up though or if it's a compatible format

 

[SonGoku78]

I don't know anything about sx emunand, this is for the one that hekate recognizes. If it's compatible, you can migrate it within Nyx then Lockpick_RCM should be able to see it. not sure if that messes anything up though or if it's a compatible format

i really dont want to mess around with the sx emunand and mess things up. Any plans on making lockick rcm compatible with sx emunand too ?

Sidenote (and no complaint at all to you!): I really dont understand the hate for SX, every cfw or solution has is right for existence
Sure no developer must make their code/developments compatible with any of the choices out there. SX is working great for me as i only play on tv in stationary mode. SX has the advantage of plugging in an external usb drive, so i dont run out of free space on my sd card and i dont need to install stuff. As i said, every solution has is advantages or disadvantages, i just dont understand the hate. It seems people are salty only because you have to pay for it. Its not even expensive. I bought an rcm loader from xkit and only the license. If its good and you like it, then why not pay for it ? I mean you dont complain about ferrari that their cars are expensive or give them out for free right ?

 

[shchmue]

paid closed source code that contains or used to contain GPL code from atmosphere? that's scummy as hell

sure show me the source code and I'll look into adding support Hekate had easy to use calls for emunand, I barely had to change anything. for SX I'd have to figure out their formats and write it all from scratch. no thanks

 

[SonGoku78]

paid closed source code that contains or used to contain GPL code from atmosphere? that's scummy as hell

sure show me the source code and I'll look into adding support Hekate had easy to use calls for emunand, I barely had to change anything. for SX I'd have to figure out their formats and write it all from scratch. no thanks

yes that makes sense, and its also not ok that they use/used code from athmo. I remember someone in their forums asked them for making it possible to have lockpick become compatible with their emunand , hope they will cave in.
But anyway many thanks for answering, much appreciated. Sorry for my silly questions though, i am a total noob when it comes to understand the stuff behind the curtains (aka coding etc) Didnt even think about closed source while asking for sx emunand support lol, my bad

 

[shchmue]

Titlekey dumping is here! Also added a key generation display to the main menu. Happy weekend!

https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.6.0

 

[shchmue]

oop, bugfix release 1.6.1. 1.6.0 probably generated a lot of corrupt prod.keys files. Sorry everyone.

https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.6.1