Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

• Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
• Upon completion, keys will be saved to /switch/prod.keys on SD
• If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

• Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

 

[spix]

same error version 1.9.13
on hekate v6.2.1.
I think that depend on OFW that is clean after systemwipe

 

[Hayato213]

I have an error after launch lockpick, during the creation of file.

Common... Error: Save header is invalid.
Failed to process es save

Can you help me?
Note: OFW is clean no games or others installed systemwipe was performed

Might have to do with you using systemwipe

 

[impeeza]

I have an error after launch lockpick, during the creation of file.

Common... Error: Save header is invalid.
Failed to process es save

Can you help me?
Note: OFW is clean no games or others installed systemwipe was performed

Might have to do with you using systemwipe

You problem is about Title keys, you have some invalid savegames and/or title tickets, the good news is your prod.keys are extracted ok. use a homebrew like TinWoo, Goldleaf or DBI to remove unused tickets or reinstall all your titles.

 

[spix]

You problem is about Title keys, you have some invalid savegames and/or title tickets, the good news is your prod.keys are extracted ok. use a homebrew like TinWoo, Goldleaf or DBI to remove unused tickets or reinstall all your titles.

Thank you for supporting.
SYSMMC launch:
I have proceed with dbi and used clean orphan and this not help me.
Now with goldleaf i look inside memory of NAND -system i found 3 folders
1) Contents
2) Save- inside about 65 file
3)saveMeta- one folder inside, but seems empty.

Can you explain better what's can i do?
Where is folders for this save?
Could be that not find correct folders for common and personalized?

Thanks for all

 

[spix]

Other advice?

 

[spix]

There is any folder about title keys that can I rebuild?

 

[impeeza]

There is any folder about title keys that can I rebuild?

no, you should to remove all your titles, clear unused and pending titles, and install them again

 

[spix]

no, you should to remove all your titles, clear unused and pending titles, and install them again

Where is the folder that i need to remove?

 

[impeeza]

Where is the folder that i need to remove?

IS NOT A FOLDER, ONE OF YOUR TITLES is corrupted, so the best is remove all titles and reinstall them

 

[spix]

IS NOT A FOLDER, ONE OF YOUR TITLES is corrupted, so the best is remove all titles and reinstall them

I tried but i don't find it. oFW is clean no game present. Please tell me every step i open dbi and after....

 

[spix]

I restored old nand backup.

Now errors are not present, but system OFW not start black screen after official logo. I tried to go in maintenance mode but after logo always black screen.

Thank you for any support or suggestions

 

[petspeed]

I restored old nand backup.

Now errors are not present, but system OFW not start black screen after official logo. I tried to go in maintenance mode but after logo always black screen.

Thank you for any support or suggestions

You may have too many burned fuses for the version you restored to.
What fw version did you have before restoring your backup?
What fw version did you restore to?
What is your fuse count? (Check with Hekate)

 

[impeeza]

I restored old nand backup.

Now errors are not present, but system OFW not start black screen after official logo. I tried to go in maintenance mode but after logo always black screen.

Thank you for any support or suggestions

Hope you made a backup of the system before restoring, restore that backup and start the cfw (Atmosphère) on it and factory clean the current system using settings. Start over with title installation

 

[spix]

You may have too many burned fuses for the version you restored to.
What fw version did you have before restoring your backup?
What fw version did you restore to?
What is your fuse count? (Check with Hekate)

18.0.1, 18.0.1, burnt fuse count 19

 

[jkyoho]

18.0.1, 18.0.1, burnt fuse count 19

try emmchacgen rebuild system partition files with your own prod.key and use nxnandmanager to wipe/delete system & user partitions instead of tegraexplorer script.

I used to have sysnand clean/rebuild with tegraexplorer wipe script but they are slow and might have issue, so I switch to emmchacgen rebuild path

 

[spix]

try emmchacgen rebuild system partition files with your own prod.key and use nxnandmanager to wipe/delete system & user partitions instead of tegraexplorer script.

I used to have sysnand clean/rebuild with tegraexplorer wipe script but they are slow and might have issue, so I switch to emmchacgen rebuild path

At the moment i use emmchacgen.
Format fat32 both and after i copied 18.0.1. exfat from emmchacgen, system and user.
Safe folder? What about it? Do i need to format32 and copy emmchacgen?

 

[jkyoho]

At the moment i use emmchacgen.
Format fat32 both and after i copied 18.0.1. exfat from emmchacgen, system and user.
Safe folder? What about it? Do i need to format32 and copy emmchacgen?

just mount and delete all files then copy emmchacgen files over

 

[spix]

just mount and delete all files then copy emmchacgen files over

Do You speak about safe folder?

 

[jkyoho]

Do You speak about safe folder?

NO, you dont need to touch any other folder/files except system and user in general.

 

[spix]

Solved!
After i restore my dump, i have proceed with delete 8000000000000120 in System/save and replace with same file from a-18.0.1_exFAT generated with my prod.key and emmuchacc and obviously fw 18.0.1 thank you for every advice or support.