Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

• Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
• Upon completion, keys will be saved to /switch/prod.keys on SD
• If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

• Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

 

[nomadic69]

anyone has a copy? of the lockpick_RCM.bin cant find it anywhere
also hi new to switch

 

[Dust2dust]

anyone has a copy? of the lockpick_RCM.bin cant find it anywhere
also hi new to switch

Could it be that you forgot to look for it in this thread?
https://gbatemp.net/threads/lockpick_rcm-payload-official-thread.532916/post-10178111

 

[nomadic69]

Could it be that you forgot to look for it in this thread?
https://gbatemp.net/threads/lockpick_rcm-payload-official-thread.532916/post-10178111

THANK YOU

 

[Hassal]

What does this error mean?

[FatFS] Error: NOFAT
unable to mount system paritition

These switches have their ORIGINAL eMMC never been swapped out yet every time I try to dump keys I end up having this error. This happens on multiple occasions not only one device. Both OFW+CFW work fine no issues whatsoever.

 

[mrdude]

What does this error mean?

[FatFS] Error: NOFAT
unable to mount system paritition

These switches have their ORIGINAL eMMC never been swapped out yet every time I try to dump keys I end up having this error. This happens on multiple occasions not only one device. Both OFW+CFW work fine no issues whatsoever.

It means your micro sd card has been formatted as exfat.

 

[Hassal]

It means your micro sd card has been formatted as exfat.

Then this error should indicate an issue with the SD card which isn't. I have it in FAT32 which hekate itself formatted and partitioned.

 

[Hayato213]

Then this error should indicate an issue with the SD card which isn't. I have it in FAT32 which hekate itself formatted and partitioned.

Try to init your sd card.


That means deleting the partition and wiping and initializing MBR.
You can do this via diskpart commands in windows.

 

[linuxares]

Then this error should indicate an issue with the SD card which isn't. I have it in FAT32 which hekate itself formatted and partitioned.

GPT partition?

https://github.com/CTCaer/hekate/issues/278

 

[Hassal]

Try to init your sd card.


That means deleting the partition and wiping and initializing MBR.
You can do this via diskpart commands in windows.

I remember messing around with one card and fixing this error but I don't know exactly what fixed it.

Post automatically merged: Aug 3, 2023

GPT partition?

https://github.com/CTCaer/hekate/issues/278

That is related to the SD card, this one "unable to mount system partition" which is what is puzzling me.

 

[Hayato213]

I remember messing around with one card and fixing this error but I don't know exactly what fixed it.

Load up minitool partition wizard see if it is under GPT, you may as well reformat the card as FAT32, 32kb, primary partition under minitool partition wizard again.

 

[linuxares]

Load up minitool partition wizard see if it is under GPT, you may as well reformat the card as FAT32, 32kb, primary partition under minitool partition wizard again.

I just recommend going with GUIFormat. It seem to always work :3

 

[linuxares]

https://gbatemp.net/threads/keyblob-0-to-5-corrupted.548659/post-8986585 - did you put in another eMMC?

 

[mrdude]

Then this error should indicate an issue with the SD card which isn't. I have it in FAT32 which hekate itself formatted and partitioned.

Well maybe you installed exfat firmware on sysnand or emunand then, TBH it doesn't matter as long as your switch is working and can read the sd card, That error is just telling you it can't mount a fat file system, most likely because lockpic is reading from an exfat partition.

 

[Hassal]

Well maybe you installed exfat firmware on sysnand or emunand then, TBH it doesn't matter as long as your switch is working and can read the sd card, That error is just telling you it can't mount a fat file system, most likely because lockpic is reading from an exfat partition.

I figured that might be the issue of updating the system to support exfat but I don't know how that relate to reverting the current file system partition.

The problem here is I cannot properly dump the keys to decrypt files.

 

[Hayato213]

I figured that might be the issue of updating the system to support exfat but I don't know how that relate to reverting the current file system partition.

The problem here is I cannot properly dump the keys to decrypt files.

How come you can't dump your keys?

 

[Hassal]

How come you can't dump your keys?

I can dump the keys but they are useless to decrypt file as Nand Manager reports them as bad decryption keys

 

[Hayato213]

I can dump the keys but they are useless to decrypt file as Nand Manager reports them as bad decryption keys

You using Sysnand or Emunand to dump the keys?

 

[Hassal]

You using Sysnand or Emunand to dump the keys?

Both of them

 

[Hayato213]

Both of them

Both of them report back as bad keys?

 

[Hassal]

Both of them report back as bad keys?

Correct and that's what is puzzling me.