Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

• Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
• Upon completion, keys will be saved to /switch/prod.keys on SD
• If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

• Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

 

[Rikua]

So I dumped my keys and got a prod.keys, title.keys, and dev.keys. However, the application XCI_NCA_NSP_v2 asks for a Keys.dat? What exactly is that file?

EDIT: Never mind, figured out I can just make a copy of my prod.keys and rename the copy to keys.dat.

 

[BaamAlex]

What exactly is that file?

Rename the prod.keys to keys.dat. That should do the trick.

 

[Dfox44]

Does this need an update again for 13.1.0 for games like animal crossings new update? I know I couldn't dump the latest update with NXDumpTool and unsure the issue. It mentioned using lockpick_rcm which I did.

 

[shchmue]

Does this need an update again for 13.1.0 for games like animal crossings new update? I know I couldn't dump the latest update with NXDumpTool and unsure the issue. It mentioned using lockpick_rcm which I did.

no, there are no new keys. that must be an issue with nxdumptool

 

[Dfox44]

no, there are no new keys. that must be an issue with nxdumptool

Ah yeah, I just figured it out. Thanks for taking the time to read this!

 

[shchmue]

Lockpick_RCM has been updated to dump firmware 14.0.0's new keys!
You don't need to update to dump them, just run the latest Lockpick_RCM.

https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.9.7

 

[shchmue]

Lockpick_RCM now supports dumping the key_retail.bin file for Amiibo crypto. The Mariko partial dump feature was also moved to the main menu with a warning about needing to reboot after running it!

https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.9.8

 

[simbin]

Fixed thanks

 

[mathew77]

Patiently awaiting for FW 15.0.0 version update.

 

[mrdude]

Patiently awaiting for FW 15.0.0 version update.

Try this, although the source on the git has been updated (Thanks shchmue) so you could have compiled this yourself: https://github.com/shchmue/Lockpick_RCM

 

[shchmue]

Sorry for the wait! Lockpick_RCM v1.9.9 is here with 15.0.0 keys and SSL key dumping:
https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.9.9

 

[shchmue]

16.0.0 keys are here, grab v1.9.10 today: https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.9.10

 

[WallsAreLiquid]

Hello! I have an Erista with 16.0.0 HOS and 1.5.1 Atmosphere, no emuNAND, only sysNAND usage. LockpickRCM 1.9.10 finds 0 title keys, and I have not enough knowledge is it okay, or is it a sign of some issue. I've dumped keys with previous HOS and LockpickRCM versions, and title.keys from them have a lot of records.

 

[GDF]

hi
can i use this on a Markio v2 patched switch, latest 16.01 hos and Hekate 6.02 running both Sys Nand and EmmuNand . this used to brick V2 units but asking before i try

 

[Hayato213]

hi
can i use this on a Markio v2 patched switch, latest 16.01 hos and Hekate 6.02 running both Sys Nand and EmmuNand . this used to brick V2 units but asking before i try

What chip you have?

 

[GDF]

What chip you have?

think its a SX Core

 

[Hayato213]

think its a SX Core

According to this no

https://gbatemp.net/threads/sx-core-sx-lite-list-of-compatible-homebrew-updated-regularly.573353/

 

[teady]

okay so every time i try to tap on my Lockpick_RCM my screen goes dark and nothing happens it just turns off and thats it what should i do?

 

[GDF]

I opened it via hekate payloads
https://i.postimg.cc/m2QsHTVs/switch-lockpick-rcm-prod-keys-title-backup-menu.jpg

Use volume up/down and power button to select,
How you accessing it

Post automatically merged: Apr 28, 2023

okay so every time i try to tap on my Lockpick_RCM my screen goes dark and nothing happens it just turns off and thats it what should i do?

I'd suggest you watch a video of how-to use it

 

[Manurocker95]

okay so every time i try to tap on my Lockpick_RCM my screen goes dark and nothing happens it just turns off and thats it what should i do?

you just need to load it via tegraRCM like any other payload, there's nothing to tap (?)