Toggle sidebar

Front-page Hacking RELEASE  Updated

Lockpick_RCM payload - Official Thread


Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage
  • Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
  • Upon completion, keys will be saved to /switch/prod.keys on SD
  • If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)
Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues
  • Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly
 

Attachments

  • AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    11.2 KB · Views: 0
Last edited by shchmue,
  • Like
Reactions: FanNintendo, Deleted member 753700, DefenderOfHyrule and 77 others
Click to expand...
same issue here.

"Unable to derive master keys for prod"
"Unable to derive master keys for dev"
at top of screen
A LOT of keys missing.

nut is basically unusable at this point
 
I'm also getting the errors on the top as well. I've been trying to update emuMMC for the past two days, but Daybreak kept giving me a 0x00007889 error. I'm starting to believe the firmware that I dumped in sysMMU is corrupted due to the prod.key missing key components.
 

Attachments

BooshinatorAbdou said:
I get the same error in Daybreak. I noticed that there are differences between the keys that I get in LockpickRCM and LockpickRCM Pro. Here are the two screenshots side by side.
View attachment 541089
View attachment 541090
Click to expand...
i do notice that pro "finds" up to master_key_13 and non pro "finds" through master_key_14

the top part where it cannot derive keys is whats concerning to me
 
Ok, so it seems Lockpick RCM Pro is unable to find newer masterkeys...

But I don´t see any errors in those screenshots?
Masterkey 14 is the latest key (FW21.0.0)

This is Lockpick RCM on my V1 Switch

lockpick_rcm.jpg
 
Last edited by draftguy123,
  • Like
Reactions: Blythe93
draftguy123 said:
Ok, so it seems Lockpick RCM Pro is unable to find newer masterkeys...

But I don´t see any errors in those screenshots?
Masterkey 14 is the latest key (FW21.0.0)
Click to expand...
1763933514693.png

This is the error I get in Daybreak. I didn't post it in my initial reply because I thought you only wanted to see the output from Lockpick RCM Pro
 
Joonboi said:
same issue here.

"Unable to derive master keys for prod"
"Unable to derive master keys for dev"
at top of screen
A LOT of keys missing.

nut is basically unusable at this point
Click to expand...
i was able to get all my keys using the hekate lockpick for whatever reason in the downloads section
 
Last edited by draftguy123,
  • Like
Reactions: impeeza and draftguy123
impeeza said:
That is the binary used by Tegra to run lockpick.
Click to expand...
Odd. When I tried to run it, it told me that Lockpick_RCM was missing. When I put the one Zoria provided in post #899 in the payloads, then launched it that way, it simply launched Lockpick_RCM as usual and resulted in the same error that I mentioned before.

Edit: Not sure if I mentioned it before, but I'm having this issue on my V1 Switch.
 
OLineGuy said:
yeah, for some reason the lockpick rcm bin didnt update properly but i got it sorted and got an output with all my keys
Click to expand...
Didn't realize that the link you posted had a download that was different from the one posted in post #899. Just tried out that link and can confirm that it worked!
 
When I go to download it has me pick between two. What is the difference?

Lockpick_RCM_1.9.16.zip
Lockpick_RCM_1.9.16_Hekate.zip
 
Earthshine said:
When I go to download it has me pick between two. What is the difference?

Lockpick_RCM_1.9.16.zip
Lockpick_RCM_1.9.16_Hekate.zip
Click to expand...
The «Lockpick_RCM_1.9.16_Hekate.zip» have the folder structure to be copied to your SD Card and allows to NYX (Hekate GUI) to run LockPick from the tools menu.

The other file just have the bin file for you to use as you like, but booth are the same file.
 
  • Like
Reactions: Tyvar1, Blythe93 and Earthshine

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Is it fixable

Hacking Emulation  Switch Prod Keys downloading from sites okay?