Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

• Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
• Upon completion, keys will be saved to /switch/prod.keys on SD
• If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

• Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

 

[Rauamaak]

I don't have an Erista any more, but we're experiencing the same malfunction with community members.

View attachment 501828

I'm currently having the exact same issue on Mariko with latest Lockpick_RCM. Any solutions?

 

[chocofenix]

Hi, getting a very odd error. Using a 1.5tb micro sd card, i get errors using lockpick, switching back to smaller it works fine - identical setups except size (latest lockpick and firmware) anyone got any experience with LP and 1.5tb sd's? Thanks

 

[impeeza]

Hi, getting a very odd error. Using a 1.5tb micro sd card, i get errors using lockpick, switching back to smaller it works fine - identical setups except size (latest lockpick and firmware) anyone got any experience with LP and 1.5tb sd's? Thanks

Hello there, LockPick is heavily based on Hekate, and Hekate had to be recoded to support 1TB+ SD cards, As there is no actual coders for LockPick that code was never imported on latest LockPick; by now LockPick do not support 1TB+ sd cards.

Anyone interested on update the code, latest one is on: https://gbatemp.net/download/lockpick_rcm-1-9-15-fw-20-zoria-source.39130/

 

[chocofenix]

Thanks so much for confirming i was kind of expecting / hoping it'd be to do with the size as i'd tried the old sd and it was happy. I have a (bit beaten up) old one i can do my legit dumping on with a smaller sd in anyway so it's not a huge deal! Thanks again

 

[Artemis-Fowl]

Hey, if I'm right I should have all the necessary folders and files for lockpicking and my SD is ready but I'm not sure I can actually enter RMC-mode on my Switch. I want to be able to run commercial games too.

My Switch serial starts with XKJ . Will I be able to lockpick or am I screwed ? Is there any other way ?

 

[impeeza]

Hey, if I'm right I should have all the necessary folders and files for lockpicking and my SD is ready but I'm not sure I can actually enter RMC-mode on my Switch. I want to be able to run commercial games too.

My Switch serial starts with XKJ . Will I be able to lockpick or am I screwed ? Is there any other way ?

Lockpicking is not a thing for the console, in order to mod your console you need to be able to run payloads if you are completely sure what you can enter on RCM mode you already have everything to mod your console. If your console is patched you need a modchip

 

[Artemis-Fowl]

Lockpicking is not a thing for the console, in order to mod your console you need to be able to run payloads if you are completely sure what you can enter on RCM mode you already have everything to mod your console. If your console is patched you need a modchip

Can you explain why lockpicking isn't a thing on the console ? I'm a bit lost.

In order to run payloads I need to at least access RMC mode right ? Yes, I'm pretty sure my console is patched. Oh man now it's starting to get more complicated with the modchip. Alright thank you anyways!

 

[impeeza]

Can you explain why lockpicking isn't a thing on the console ? I'm a bit lost

You are stating what lockpicking is to mod your console AND IS NOT.

There is nothing called «lockpicking».

There is a homebrew called LockPick (the one for what this thread is) which allow you to dump the crypto keys of your console to a file, they ARE NOT NEEDED nor for mod your console nor to use non official software on your console, they are needed to decrypt content and do advanced things.

Again: in order to MOD your console (that is the name of made changes on your console is the short for Modify), you need to be able to run a payload. You can run a payload either, by entering on the RCM mode and use a vulnerability to inject a payload. Which is possible ONLY on consoles manufactured BEFORE 2018 period. After that all consoles has been patched so no RCM vulnerability, so you need a PHYSICAL MOD CHIP to inject a payload on boot, there is NO OTHER WAY to do it.

PLEASE IF YOU HAVE ANY OTHER QUESTION ABOUT MODIFYING YOUR CONSOLE GO TO THE CORRECT THREADS LIKE Noob Paradise and ask there, please DO NOT HIJACK THIS THREAD with unrelated content.

 

[Rauamaak]

may be a corrupted game.

Save header issues, etc were caused by corrupted NAND that was used to create emu. After using my own clean NAND backup, Lockpick now works without issues. Thanks!

 

[Geirty]

hii, i was asking if lockpick can work on 20.2.0. bc the github page only says that it currently have support for 19.0.0. (which is very old) so idk if that´s rlly true, or i need to download lockpick from other place or idk, so if anyone could tell me about this thx a lot

Post automatically merged: Jul 27, 2025

hii, i was asking if lockpick can work on 20.2.0. bc the github page only says that it currently have support for 19.0.0. (which is very old) so idk if that´s rlly true, or i need to download lockpick from other place or idk, so if anyone could tell me about this thx a lot

 

[petspeed]

hii, i was asking if lockpick can work on 20.2.0. bc the github page only says that it currently have support for 19.0.0. (which is very old) so idk if that´s rlly true, or i need to download lockpick from other place or idk, so if anyone could tell me about this thx a lot

Post automatically merged: Jul 27, 2025

hii, i was asking if lockpick can work on 20.2.0. bc the github page only says that it currently have support for 19.0.0. (which is very old) so idk if that´s rlly true, or i need to download lockpick from other place or idk, so if anyone could tell me about this thx a lot

Yes lockpick support 20.2.0. Download latest version here

Lockpick_RCM 1.9.15 (FW 20) Zoria

May 7, 2025

Lockpick_RCM 1.9.15

• impeeza
• Soft mods & Loaders

 

[Muxi]

Atmosphére is currently broken by FW version 20.3.0. Is it already known whether there are new keys under FW 20.3.0, which consequently require a new Lockpick_RCM version?

 

[duckbill007]

No it is just a version check that prevents atmo from run.

 

[josete2k]

Same as 20.2.0... just update the version check.

 

[impeeza]

Same as 20.2.0... just update the version check.

That checks are made on the files:
libraries/libstratosphere/include/stratosphere/hos/hos_types.hpp
libraries/libvapours/include/vapours/ams/ams_target_firmware.h

or any else places?

 

[josete2k]

That checks are made on the files:
libraries/libstratosphere/include/stratosphere/hos/hos_types.hpp
libraries/libvapours/include/vapours/ams/ams_target_firmware.h

or any else places?

Nothing else...


Well, you can bump the AMS version too:

libraries/libvapours/include/vapours/ams/ams_api_version.h

 

[Earthshine]

That checks are made on the files:
libraries/libstratosphere/include/stratosphere/hos/hos_types.hpp
libraries/libvapours/include/vapours/ams/ams_target_firmware.h

or any else places?

Also things like this need to be edited for 20.3.0? I don't see 20.2.0 listed in that file either. Or perhaps nothing changed for USB 3.0 since 20.1.0/20.1.1?

https://github.com/Atmosphere-NX/Atmosphere/commit/d8a37b4b7184b80ba979bcceb98365b8365a1c3a

 

[duckbill007]

nothing changed for USB 3.0 since 20.1.0/20.1.1?

Just check build id of USB title

 

[Earthshine]

Just check build id of USB title

i don't even know what that means. lol. I just changed the other files to include 20.3.0. it's building now. time will tell. don't even know why I do this. boredom perhaps. or just to try learning how to build things. if it works i always just replace it with the official release when available anyway.

can someone elaborate or explain, "check build id of USB title"?

 

[RealYoti]

Just check build id of USB title

NCA name also same.