Front-page Hacking RELEASE  Updated

Lockpick_RCM payload - Official Thread


Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage
  • Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
  • Upon completion, keys will be saved to /switch/prod.keys on SD
  • If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)
Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues
  • Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly
 

Attachments

  • AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    11.2 KB · Views: 0
Last edited by shchmue,
  • Like
Reactions: NotUsingAnAltAccount, BigOnYa, Blythe93 and 74 others
Click to expand...
Slluxx

Slluxx

GBATemp Mayor
Developer
Level 10
Joined
Jul 17, 2019
Messages
607
Trophies
0
XP
2,150
Country
Germany
OperationNT said:
Great to see this confirmation. ;)

By the way, is there any "easy method to follow" in order to update those files?
https://github.com/Slluxx/Picklock_RCM/blob/main/source/keys/crypto.h
https://github.com/Slluxx/Picklock_RCM/blob/main/source/keys/key_sources.inl
Click to expand...
Deriving the keys from your console is tricky. I am not going to talk about that though because I don't think its smart to do if we don't want a billion lockpick forks, all doing the same thing. I also hope that the people who do know keep it to themselves for the same reason (at least for now).
 
Slluxx

Slluxx

GBATemp Mayor
Developer
Level 10
Joined
Jul 17, 2019
Messages
607
Trophies
0
XP
2,150
Country
Germany
oresterosso said:
But this is confusing! if it works in RCM mode and not in firmware mode then it doesn't make sense to add in GitHub that "Works with firmware 16.0.2" 🤷‍♂️
Click to expand...
Because i had not yet access to 16.0.3 nor had i the time to check the keys. Also, it does make sense because it means that it works at least until 16.0.2. Nothing prevented you from just testing the payload on your switch. These questions/statements in here are killing me sometimes.
 
linuxares

linuxares

The inadequate, autocratic beast!
Global Moderator
Level 26
Joined
Aug 5, 2007
Messages
13,392
Trophies
2
XP
18,327
Country
Sweden
Slluxx said:
Because i had not yet access to 16.0.3 nor had i the time to check the keys. Also, it does make sense because it means that it works at least until 16.0.2. Nothing prevented you from just testing the payload on your switch. These questions/statements in here are killing me sometimes.
Click to expand...
Wut you don't hack Nintendo getting their firmwares before everyone else? /s
 
  • Like
  • Haha
Reactions: oresterosso and Slluxx
oresterosso

oresterosso

Active Member
Newcomer
Level 6
Joined
May 21, 2015
Messages
41
Trophies
0
Age
48
Website
www.dsitaly.it
XP
894
Country
Italy
Slluxx said:
Because i had not yet access to 16.0.3 nor had i the time to check the keys. Also, it does make sense because it means that it works at least until 16.0.2. Nothing prevented you from just testing the payload on your switch. These questions/statements in here are killing me sometimes.
Click to expand...
I'm not creating controversy, actually I thank you for taking over the project by putting you firsthand 😀.
I'm simply trying to figure out the future of picklock.
Now that you have answered my question by explaining the reasons in detail, everything is clearer.
 
  • Like
Reactions: Slluxx
mrdude

mrdude

Developer
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,238
Topken said:
I heard rumbling of Nintendo doing something "anti-lockpick".
Click to expand...
And where exactly did you hear this? Did a friend of a friends cousin let it slip or did you read it from some dark place on the internet? Or do you have a mate that works in the inner circles in the NSW security team? Or is it just specultaion? which I imagine it is.

TBH I am sure that no matter what the case may be, files will still be decrypted and keys will still find their way on to the internet and patches will still be made, so don't worry too much about it as you are worrying over nothing.
 
Last edited by mrdude,
  • Like
Reactions: Tyvar1, peteruk, oresterosso and 1 other person
ShadowOne333

ShadowOne333

QVID PRO QVO
Editorial Team
Level 37
Joined
Jan 17, 2013
Messages
12,246
Trophies
2
XP
34,915
Country
Mexico
Slluxx said:
Deriving the keys from your console is tricky. I am not going to talk about that though because I don't think its smart to do if we don't want a billion lockpick forks, all doing the same thing. I also hope that the people who do know keep it to themselves for the same reason (at least for now).
Click to expand...
Not to be harsh or anything, but keeping information from the public can be counterproductive in a bad way for the community. It's better to have the information on how to do it and how to update them when a new firmware releases to the community, and they can do the back-lifting. That way Nintendo wouldn't even know when or where to attack, since the information once out is permanent and will forever be accessible. After that, I'm sure a couple creators will jump in and centralize it, but with all the info still public.
One clear example to this is the signature patches, which I'm sure mrdude can abide for. He basically had to do a lot of the research to figure out how the sigpatches were being made in order to generate them after the GitHub repository from iTotalJustice got nuked by DMCA (sounds familiar, doesn't it?).

After that, mrdude worked on both an in-console software and PC software that could both auto-generate the patches based on the newest Atmosphere version and firmware version too. Possibly something similar would be the best option to tackle here just so Nintendo can fuck off once and for all with the keys stuff.
 
  • Like
Reactions: peteruk, Roxas420, Tyvar1 and 2 others
Slluxx

Slluxx

GBATemp Mayor
Developer
Level 10
Joined
Jul 17, 2019
Messages
607
Trophies
0
XP
2,150
Country
Germany
ShadowOne333 said:
Not to be harsh or anything, but keeping information from the public can be counterproductive in a bad way for the community. It's better to have the information on how to do it and how to update them when a new firmware releases to the community can do the back-lifting. That way Nintendo wouldn't even know when or where to attack, since the information once out is permanent and will forever be accessible. After that, I'm sure a couple creators will jump in and centralize it, but with all the info still public.
One clear example to this is the signature patches, which I'm sure mrdude can abide for. He basically had to do a lot of the research to figure out how the sigpatches were being made in order to generate them after the GitHub repository from iTotalJustice got nuked by DMCA (sounds familiar, doesn't it?).

After that, mrdude worked on both an in-console software and PC software that could both auto-generate the patches based on the newest Atmosphere version and firmware version too. Possibly something similar would be the best option to tackle here just so Nintendo can fuck off once and for all with the keys stuff.
Click to expand...
I see where you are coming from and thought about that too but i still disagree. I don't mind letting anyone know how they can their hands on the keys themselves or even getting something to work that can auto generate the keys. However for the scene as a whole i think its better to not inflate it with a ton of forks that are all maintained by different people with different skillsets and for different amounts of timespans. That will create even more confusion than there already is.

i will happily share everything i have after the next firmware update.

That way Nintendo wouldn't even know when or where to attack, since the information once out is permanent and will forever be accessible.
Click to expand...
The information will not be lost, even if they are behind the DMCA strikes and will strike my repo too. If they do, i can still tell the world. Its not like i want to take this to my grave. The people skilled enough to work on something like lockpick already know how the key stuff work anyway.

I don't want to discuss this any further either. The next firmware update will come probably rather sooner than later and then everyone gets their answers.
 
  • Like
Reactions: josete2k, Tyvar1, hausa51 and 2 others
mrdude

mrdude

Developer
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,238
Slluxx said:
I see where you are coming from and thought about that too but i still disagree. I don't mind letting anyone know how they can their hands on the keys themselves or even getting something to work that can auto generate the keys. However for the scene as a whole i think its better to not inflate it with a ton of forks that are all maintained by different people with different skillsets and for different amounts of timespans. That will create even more confusion than there already is.

i will happily share everything i have after the next firmware update.


The information will not be lost, even if they are behind the DMCA strikes and will strike my repo too. If they do, i can still tell the world. Its not like i want to take this to my grave. The people skilled enough to work on something like lockpick already know how the key stuff work anyway.

I don't want to discuss this any further either. The next firmware update will come probably rather sooner than later and then everyone gets their answers.
Click to expand...
I know where to get the keys from a certain git and use those to update lockpic_rmc, but I don't know where certain devs get the keys from, do you? If so I wouldn't mind learning about that.
 
Last edited by mrdude,
  • Like
Reactions: peteruk
Adran_Marit

Adran_Marit

Walküre's Hacker
Member
Level 14
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,568
Country
Australia
Slluxx said:
I see where you are coming from and thought about that too but i still disagree. I don't mind letting anyone know how they can their hands on the keys themselves or even getting something to work that can auto generate the keys. However for the scene as a whole i think its better to not inflate it with a ton of forks that are all maintained by different people with different skillsets and for different amounts of timespans. That will create even more confusion than there already is.

i will happily share everything i have after the next firmware update.


The information will not be lost, even if they are behind the DMCA strikes and will strike my repo too. If they do, i can still tell the world. Its not like i want to take this to my grave. The people skilled enough to work on something like lockpick already know how the key stuff work anyway.

I don't want to discuss this any further either. The next firmware update will come probably rather sooner than later and then everyone gets their answers.
Click to expand...

from my understanding there is a way to autogen the keys but it way above my head 🙃
Post automatically merged:

mrdude said:
I know where to get the keys from Atmosphere git and use those to update lockpic_rmc, but I don't know where Atmosphere devs get the keys from, do you? If so I wouldn't mind learning about that.
Click to expand...

something something, mkek sources in trustzone and that's about all I know
 
caitsith2

caitsith2

Well-Known Member
Member
Level 11
Joined
Jan 16, 2004
Messages
350
Trophies
2
Age
43
Location
a secret location 93 million miles from the sun
Website
www.caitsith2.com
XP
2,477
Country
Canada
And it seems github just got a DMCA notice for Picklock_RCM and all of its forks. I know this because I recently forked this to see when it would inevitably happen.

Hi CaitSith2,

GitHub Trust & Safety is contacting you because we've received a DMCA takedown notice regarding the following content:

https://github.com/CaitSith2/Picklock_RCM

You can see the DMCA takedown notice that we received here, which includes the complainant's requested changes to your repository:

https://github.zendesk.com/attachments/token/2Qmq3lV9vLgjkZ50kozhqRcjJ/?name=2023-05-18-nintendo.rtf
Click to expand...
 
giovany86

giovany86

Well-Known Member
Member
Level 8
Joined
Oct 31, 2016
Messages
117
Trophies
0
XP
1,471
Country
France
caitsith2 said:
And it seems github just got a DMCA notice for Picklock_RCM and all of its forks. I know this because I recently forked this to see when it would inevitably happen.
Click to expand...
Instantly re-upped it to Archive.org under a temp account. Guess we're up for a mouse & cat game again.
 
mrdude

mrdude

Developer
Developer
Level 19
Joined
Dec 11, 2015
Messages
3,071
Trophies
1
Age
56
XP
8,238
Slluxx said:
Yep, got a DMCA notice but im going to fight it
Click to expand...
I still think as soon as ninty update the firmware and certain CFW is released, you'll see a bin file and keys available - even if every github page in the world is removed from public view. PS you can make a new git and make it non public and it won't get DMCA'd.
 
  • Like
Reactions: peteruk and Slluxx
Slluxx

Slluxx

GBATemp Mayor
Developer
Level 10
Joined
Jul 17, 2019
Messages
607
Trophies
0
XP
2,150
Country
Germany
mrdude said:
I still think as soon as ninty update the firmware and certain CFW is released, you'll see a bin file and keys available - even if every github page in the world is removed from public view. PS you can make a new git and make it non public and it won't get DMCA'd.
Click to expand...
Yeah, i have a private mirror repo that i will use in case.
 
  • Like
Reactions: Tyvar1, ELY_M, peteruk and 3 others

Site & Scene News

Go to forum More news

Popular threads in this forum

Paper Mario TTYD 60fps patch?

Paper Mario Thousand Year Door got leaked

Hacking Misc Tutorial  Eiyuden Chronicle Hundred Heroes save editing

TTYD patch for AMD black screen sewer issue?

Hacking  Weird findings from that DQ trilogy switch port

Help a noob with if I need to update CFW to 18.0 or not

Paper Mario TTYD Resolution Patch?

Is there any point upgrading to 18.0?

General chit-chat
Help Users
  • BigOnYa @ BigOnYa:
    Lol
  • mthrnite tempBOT: @ mthrnite
    smacks Sicklyboy around a bit with a large leech
  • Sicklyboy @ Sicklyboy:
    Howdy @mthrnite , great to see you :D
  • mthrnite @ mthrnite:
    hola mi hermano
  • cearp @ cearp:
    @Sicklyboy - the comparison would be forgiving all medical debt, not making healthcare illegal!
  • cearp @ cearp:
    Although I still don't agree, medical debt is rarely a choice, whereas enrolling in university is certainly a choice
  • mthrnite @ mthrnite:
    we need more smart cats tho for reals
  • Sicklyboy @ Sicklyboy:
    College costs, college loans, book prices, the entire thing is predatory, oft touted as essential to a successful life for my generation and the ones since, and completely unaffordable without putting you through an insane financial hardship for literal decades in many situations.
     +1
  • Sicklyboy @ Sicklyboy:
    Many of the same issues can be seen for the insanely predatory healthcare and health insurance system in the US
     +1
  • mthrnite @ mthrnite:
    ^this
  • Sicklyboy @ Sicklyboy:
    It's important for society to be healthy and educated. If those things can't happen because all of the institutions that prop up those industries make it unattainable for all but a small portion of society, then your society is largely going to be disease ridden, dying, and uneducated in very short order.
  • K3Nv2 @ K3Nv2:
    Issue is it's too rich of a coperation already with bad sugar diets causing diabetes and killing teeth a new set of teeth around 90k
  • cearp @ cearp:
    I agree it's not easy for the average American, let alone the ones below that average. Free / cheaper healthcare is much more important I think than free university education.
    Of course like @mthrnite said, why not both. But I doubt both will get solved at once, and surely healthcare is top priority.
     +1
  • mthrnite @ mthrnite:
    they go hand in hand unless you want a plumber performing your triple bypass
  • K3Nv2 @ K3Nv2:
    Everyone should be Medicaid elegable for implants at the most
  • Sicklyboy @ Sicklyboy:
    If it's needed to keep you healthy it shouldn't cost you $90k. The fact that it does is an enormous problem
  • mthrnite @ mthrnite:
    but yeah, affordable is all i'm asking for
  • mthrnite @ mthrnite:
    i'd be happy with affordable dentures
  • K3Nv2 @ K3Nv2:
    With my old dentist he even encouraged switching insurance every quarter
  • Sicklyboy @ Sicklyboy:
    And if the concern is that "well we can't trust the government to intervene for this because the government can't do anything right and wastes tons of money" then holy shit push for a better government. I'm certainly trying to. Don't throw your hands up and go "we've tried nothing and we're all out of ideas"
  • K3Nv2 @ K3Nv2:
    Plus technology cost iirc even a water jet drill is 1k per
  • cearp @ cearp:
    @K3Nv2 that's crazily expensive. how long will that take to pay off?

    Although diet is largely education, people don't need to go to university to learn what's healthy and what's not,
    it's the whole country, big corporations and advertising that is to blame for leading most of the population to believe that poptarts and froot loops are healthy to feed a child
  • mthrnite @ mthrnite:
    i would think the population knows better but with food deserts and abject poverty, sometimes a poptart gonna have to do.
  • mthrnite @ mthrnite:
    it's a big ol complicated world innit
     +1
  • Sicklyboy @ Sicklyboy:
    As someone who went through the grade school system in the US some time within the past 30 or so years, not nearly enough is done to promote and educate on how to eat healthy in a way that is feasible to do on a regular basis and also affordable. Eating healthy is, comparatively, fucking expensive. So is eating unhealthy, but in many cases eating unhealthy is more affordable than eating healthy
    Sicklyboy @ Sicklyboy: As someone who went through the grade school system in the US some time within the past 30 or so...