Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

• Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
• Upon completion, keys will be saved to /switch/prod.keys on SD
• If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

• Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

 

[impeeza]

is it hosted on github?

Why not learn the lesson and keep going to GitHub?

¿?

is it hosted on github?
Has the developer taken the DMCA issue into account?

Nop, Was, hosted, and obviously was DMCA

Why not learn the lesson and keep going to GitHub?

Because the scene has been using GitHub for more than 10 years, and yes, people are looking for alternatives.

 

[urherenow]

Wait... how was lockpick updated before Atmosphere? I know how to update it, but I need Atmosphere source to get the relevant changes. Whomever did the update... TEACH ME!!!

 

[impeeza]

Wait... how was lockpick updated before Atmosphere? I know how to update it, but I need Atmosphere source to get the relevant changes. Whomever did the update... TEACH ME!!!

Yeah, some people on Discord got the numbers, normally we waited to the Atmosphere code teach us about that codes but well is on the air now.

 

[urherenow]

Yeah, some people on Discord got the numbers, normally we waited to the Atmosphere code teach us about that codes but well is on the air now.

where on discord? Can you DM an invite to the channel? Or is it even explained how it's done?

 

[J4115]

Needing some help here. It seems like my sdcard got corrupted and I'm trying to use lockpick to get the keys to use nandmanager to recover some saves before trying to format it.

This is what happens, it seems that the sdcard does not allow modifying its contents, I keep getting this error

[FatFS] error: WLIO
Unable to save keys to SD

Does anyone know if there is any way to fix this?

 

[duckbill007]

Does anyone know if there is any way to fix this?

Get working sd card.

 

[urherenow]

Needing some help here. It seems like my sdcard got corrupted and I'm trying to use lockpick to get the keys to use nandmanager to recover some saves before trying to format it.

This is what happens, it seems that the sdcard does not allow modifying its contents, I keep getting this error

[FatFS] error: WLIO
Unable to save keys to SD

Does anyone know if there is any way to fix this?

IMMEDIATELY try to copy the contents to your PC. If you use a RAW partition for emummc, you can use win32diskimager (Imagewriter: https://sourceforge.net/projects/win32diskimager/) to copy that, but may need to use widows disk management to assign a drive letter to the partition (and ignore Windows' requests to format it).

From there, you can either try to format with nyx, then copy everything back, or use a new card. It's highly recommended to use a new card.

Were you using exFAT?

 

[J4115]

I formatted it to fat32 before starting the hacking process.

I will try that later and communicate the results but I have no idea if it will work, I still have many doubts about this case.

Anyway thanks for the help.

 

[NotUsingAnAltAccount]

Did you make a test of your micrsd card in Hekate?

 

[impeeza]

Needing some help here. It seems like my sdcard got corrupted and I'm trying to use lockpick to get the keys to use nandmanager to recover some saves before trying to format it.

This is what happens, it seems that the sdcard does not allow modifying its contents, I keep getting this error

[FatFS] error: WLIO
Unable to save keys to SD

Does anyone know if there is any way to fix this?

Your card is corrupted, Backup all files on your SD card on your pc, format it to fat 32 using fat32 format (https://gbatemp.net/download/gui-format.33869/) or Hekate; then test your sd card using H2Testw (https://www.heise.de/download/product/h2testw-50539)

IMMEDIATELY try to copy the contents to your PC. If you use a RAW partition for emummc, you can use win32diskimager (Imagewriter: https://sourceforge.net/projects/win32diskimager/) to copy that, but may need to use widows disk management to assign a drive letter to the partition (and ignore Windows' requests to format it).

From there, you can either try to format with nyx, then copy everything back, or use a new card. It's highly recommended to use a new card.

Were you using exFAT?

Also EmuTool https://github.com/TheyKilledKenny/Emutool/releases allows you to backup/convert your RAW Partition EmuNAND to files, then you can use the set of files to create the Raw Partition on another SD Card or use these files for File Based EmuNAND.

 

[hetop]

https://github.com/Decscots/Lockpick_RCM/releases/tag/v1.9.12

Support firmware 18.0.0

Thank you for that, @Tyvar1, but it seems that the Github is gone now. I found a snapshot of the site on Archive.org from almost a week ago (september 21st), and it was still there then, so it seems I'm just a tiny bit too late. I couldn't seem to be able to download the latest release from the archive, though.

https://git.gdm.rocks/Mirror/Lockpick_RCM

Luckily, @Slluxx posted this, so I was able to get it anyway. Thank you very much for that!


Rentry's SwitchHackingIsEasy (https://rentry.org/SwitchHackingIsEasy) also seems to have removed all their content as of September 14th, because of a copyright strike from some certain ninjas about SigPatch references, so that might have something to do with LockPick_RCM now disappearing from Github. Thankfully Archive.org comes to my rescue again, and I'm able to use the site as it looked on September 6th.

EDIT: Fixed a typo.

 

[scandal_uk]

It was mad stuff - one of my repos was also in the same takedown list. I formally replied and in the end they agreed to leave the repo on github so long as I removed the binaries/releases. So at least my code is there for people to compile themselves

 

[impeeza]

Thank you for that, @Tyvar1, but it seems that the Github is gone now. I found a snapshot of the site on Archive.org from almost a week ago (september 21st), and it was still there then, so it seems I'm just a tiny bit too late. I couldn't seem to be able to download the latest release from the archive, though.


Luckily, @Slluxx posted this, so I was able to get it anyway. Thank you very much for that!


Rentry's SwitchHackingIsEasy (https://rentry.org/SwitchHackingIsEasy) also seems to have removed all their content as of September 14th, because of a copyright strike from some certain ninjas about SigPatch references, so that might have something to do with LockPick_RCM now disappearing from Github. Thankfully Archive.org comes to my rescue again, and I'm able to use the site as it looked on September 6th.

EDIT: Fixed a typo.

so far the best switch guides are
https://web.archive.org/web/20240906214157/https://rentry.org/SwitchHackingIsEasy
https://switch.hacks.guide/

 

[hetop]

so far the best switch guides are
https://web.archive.org/web/20240826040302/https://rentry.org/SwitchHackingIsEasy
https://switch.hacks.guide/

Thank you, but Instead of the first link you posted, https://web.archive.org/web/20240826040302/https://rentry.org/SwitchHackingIsEasy, I would recommend this one: https://web.archive.org/web/20240906214157/https://rentry.org/SwitchHackingIsEasy

When using your link and going to "3. Update CFW & FW" a little down on the page it says "Edit: 25 Jan 2023 09:51 UTC", but when using the link I posted and going to "3. Update CFW & FW" a little down on the page it says "Edit: 11 Sep 2024 13:14 UTC". The newest Archive link should default to the other newest links, but that sometimes can cause the button that says " Go Back " to send you to the page that was archived on September 15th and says it's been removed. So when I think about it, a combination of both links would be good to use.

Thank you for posting the second link, though, I was not aware of that and though Rentry's was the only one. I'm glad we have other options, at least while it still lasts.

 

[GamerMan8010]

Thank you for that, @Tyvar1, but it seems that the Github is gone now. I found a snapshot of the site on Archive.org from almost a week ago (september 21st), and it was still there then, so it seems I'm just a tiny bit too late. I couldn't seem to be able to download the latest release from the archive, though.


Luckily, @Slluxx posted this, so I was able to get it anyway. Thank you very much for that!


Rentry's SwitchHackingIsEasy (https://rentry.org/SwitchHackingIsEasy) also seems to have removed all their content as of September 14th, because of a copyright strike from some certain ninjas about SigPatch references, so that might have something to do with LockPick_RCM now disappearing from Github. Thankfully Archive.org comes to my rescue again, and I'm able to use the site as it looked on September 6th.

EDIT: Fixed a typo.

Is the git.gdm.rocks site vulnerable to copyright takedown? Hopefully not as I just found out that Nintendo released system update 19.0.0 which will most likely break the current version of Lockpick & that the github page by Decscots probably suffered that fate. Will need to have that site or an alternative one available for when AMS is updated & Lockpick (hopefully) being updated shortly after.

Until then, my Switch remains in Airplane mode.

 

[Zoria]

LockPick modified for firmware 19.0.0

https://cdn.discordapp.com/attachme...871417d2cfd4526a6f34a44a74215286c63aeb7b7ccc&

 

[jkyoho]

LockPick modified for firmware 19.0.0

https://cdn.discordapp.com/attachme...871417d2cfd4526a6f34a44a74215286c63aeb7b7ccc&

Thanks, master_key_12 dump working

 

[Deleted member 719522]

Hopefully the OP can update the first post with the checksums for each release. It's easy for some cunt out there to post a modified version of lockpick online containing brick code.

 

[Zoria]

Hopefully the OP can update the first post with the checksums for each release. It's easy for some cunt out there to post a modified version of lockpick online containing brick code.

Honestly, I used this commit to modify the LockPick source code.
https://github.com/Atmosphere-NX/At...mits/4bce7efec739552c58694956eb7d6ee2a95cc3de

Source code : https://cdn.discordapp.com/attachme...83737f4353260a9e1a50536cf86267291e9668ce01ec&

 

[impeeza]

Honestly, I used this commit to modify the LockPick source code.
https://github.com/Atmosphere-NX/At...mits/4bce7efec739552c58694956eb7d6ee2a95cc3de

Source code : https://cdn.discordapp.com/attachme...83737f4353260a9e1a50536cf86267291e9668ce01ec&

I tried to learn on the last 18 conundrum how to translate from atmosphere to lockpick and my C knowledge is short for that task.

Post automatically merged: Oct 8, 2024

Honestly, I used this commit to modify the LockPick source code.
https://github.com/Atmosphere-NX/At...mits/4bce7efec739552c58694956eb7d6ee2a95cc3de

Source code : https://cdn.discordapp.com/attachme...83737f4353260a9e1a50536cf86267291e9668ce01ec&

Thanks a lot