Hacking Sigpatches for Atmosphere (Hekate, fss0, fusee & package3)

bth

Active Member
Newcomer
Joined
Jan 10, 2024
Messages
33
Trophies
0
Age
28
XP
190
Country
Norway
Did not think to see if new lockpick was out thought it was discontinued a while back but good to know where to look now

https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/mariko_keygen.py



requirements: python3, hactoolnet, firmware files such as from https://github.com/THZoria/NX_Firmware/
usage:
1. git clone https://github.com/borntohonk/Switch-Ghidra-Guides.git
2. enter Switch-Ghidra-Guides folder
3. create folder named firmware, put .nca's from firmware dump inside of folder named firmware
4. python scripts/mariko_keygen.py

keys for whatever version firmware files you just processed got made. (regardless of how new or old)

There's no reason to use lockpick anymore, it requires maintenance and manual addition of master_kek_sources.


You can in other words, fully generate all keys on pc, just by using mariko_keygen.py and having firmware files.


copypasted from my README.md on the subject

* It will obtain the key source referred to as "mariko_master_kek_source_%%" from the firmware files you've provided, and output to prod.keys or a file location you've designated with -k or --keys.
* This script eliminates the need for "lockpick" of any kind, as long as the user provides firmware files.
* This script works by first extracting the nca containing package1 with master_key_00, then extracting "package1" with the "mariko_bek" (obtainable with the release.nfo for scene release of "Marvel's Spider-Man: Miles Morales" by BigBlueBox), and then proceeds in finding "mariko_master_kek_source_%%", And then transforms "mariko_master_kek_source_%%" using "mariko_kek" to become "master_kek" and subsequently sets off the key derivation chain, using the tool "hactoolnet".
* Usage: do "python scripts/mariko_keygen.py -f folder -k prod.keys" with firmware files present in a folder called firmware, or as supplied with -f or --firmware, or store the keys at another location as supplied with -k or --keys
 
Last edited by bth,

svoc

Active Member
Newcomer
Joined
Oct 12, 2024
Messages
40
Trophies
0
Age
29
XP
37
Country
United States
https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/mariko_keygen.py



requirements: python3, hactoolnet, firmware files such as from https://github.com/THZoria/NX_Firmware/
usage:
1. git clone https://github.com/borntohonk/Switch-Ghidra-Guides.git
2. enter Switch-Ghidra-Guides folder
3. create folder named firmware, put .nca's from firmware dump inside of folder named firmware
4. python scripts/mariko_keygen.py

keys for whatever version firmware files you just processed got made. (regardless of how new or old)

There's no reason to use lockpick anymore, it requires maintenance and manual addition of master_kek_sources.


You can in other words, fully generate all keys on pc, just by using mariko_keygen.py and having firmware files.


copypasted from my README.md on the subject

* It will obtain the key source referred to as "mariko_master_kek_source_%%" from the firmware files you've provided, and output to prod.keys or a file location you've designated with -k or --keys.
* This script eliminates the need for "lockpick" of any kind, as long as the user provides firmware files.
* This script works by first extracting the nca containing package1 with master_key_00, then extracting "package1" with the "mariko_bek" (obtainable with the release.nfo for scene release of "Marvel's Spider-Man: Miles Morales" by BigBlueBox), and then proceeds in finding "mariko_master_kek_source_%%", And then transforms "mariko_master_kek_source_%%" using "mariko_kek" to become "master_kek" and subsequently sets off the key derivation chain, using the tool "hactoolnet".
* Usage: do "python scripts/mariko_keygen.py -f folder -k prod.keys" with firmware files present in a folder called firmware, or as supplied with -f or --firmware, or store the keys at another location as supplied with -k or --keys
That is cool but can't use it unless it runs on android no PC never needed one I use my phones desktop mode at home to get remote work done and that is I ever needed
 

SHAM_UAE

Member
Newcomer
Joined
Oct 17, 2024
Messages
12
Trophies
1
Age
31
XP
30
Country
United Arab Emirates
Hi all, i download ps1 games from tinfoil and installed already RetoArch.

when i try to launch the game there is message appear to me saying unable to start software, it was work before with old CFW
 

impeeza

¡Kabito!
Member
Joined
Apr 5, 2011
Messages
8,204
Trophies
4
Age
46
Location
At my chair.
XP
28,136
Country
Colombia
That is cool but can't use it unless it runs on android no PC never needed one I use my phones desktop mode at home to get remote work done and that is I ever needed
It's python, runs everywhere!
Post automatically merged:

atmosphere=1 isn't needed.
You shouldn't be being usb3 enabled all the time. There are reasons why it's disabled by default.
Any update? Any source?
 
Last edited by impeeza,

LuigiGad

Well-Known Member
Member
Joined
May 7, 2023
Messages
263
Trophies
0
Age
56
XP
745
Country
Italy
because that version of SYS-Patch was built with another branch of the code which have some additional code, that code is not for everybody use, that is why I removed the binary, now we have very convenient ways to create forwarders which can work on any Atmosphère version there is no point to add extra patches to sys-patch.

you can create such forwarders using https://github.com/mrdude2478/NRO-Forwarder or https://nsp-forwarder.n8.io/.

about tinfoil and Super Mario 64 NSP they are more piracy than homebrew, so no too mucho support is provided. you can switch to alternatives, for tinfoil you can use TinWoo https://github.com/mrdude2478/TinWoo/releases and for super Mario 64 you can create a NRO in a legal way following the instructions on https://gbatemp.net/threads/building-sm64-for-nintendo-switch-from-sm64ex-alo-repository.652092
Post automatically merged:


Hello there, can you please elaborate on this or share with us sources of that information, I really love to learn.
I am pleased to have asked a question that has opened a technical discussion. We all agree on creating forwarders and personally using https://nsp-forwarder.n8.io/ is the best solution. As for the self-installing retroroms usually provided by remote servers through tinfoil I didn't want to talk about piracy, of course, but I was referring to the possibility of installing these retroroms, I'm talking for example about some games for nes that I'm fond of and that fortunately I own the original cartridge. It would be a shame not to implement the portion of code that allows this, so I wonder, in the future sys-patch compiled by you, will it allow this convenience?
 
  • Like
Reactions: impeeza

svoc

Active Member
Newcomer
Joined
Oct 12, 2024
Messages
40
Trophies
0
Age
29
XP
37
Country
United States
It's python, runs everywhere!
Post automatically merged:


Any update? Any source?
Sadly the hacktool crashes every time it can't create the the file because it is missing the module submodule and the one the can be installed on android does not work with it so can't use it oh well android sucks for programming
 
  • Wow
Reactions: impeeza

bth

Active Member
Newcomer
Joined
Jan 10, 2024
Messages
33
Trophies
0
Age
28
XP
190
Country
Norway
Sadly the hacktool crashes every time it can't create the the file because it is missing the module submodule and the one the can be installed on android does not work with it so can't use it oh well android sucks for programming
hactoolnet (which mariko_keygen.py uses, not hactool) is indeed not available for android.
 
  • Sad
Reactions: impeeza

NotUsingAnAltAccount

Well-Known Member
Member
Joined
Dec 7, 2023
Messages
108
Trophies
0
Age
54
XP
367
Country
Iceland
You need a PC, Android is not an OS for something like this. Just get a cheap 10” Windows tablet from China. Even something with this old Atom CPU would be more than enough https://www.aliexpress.com/item/1005007252104950.html

Still, I would recommend something with for example N5100 or N100 CPU nowadays and minimum 6/8GB, but you can do simple stuff on the cheapest ones.
 

svoc

Active Member
Newcomer
Joined
Oct 12, 2024
Messages
40
Trophies
0
Age
29
XP
37
Country
United States
hactoolnet (which mariko_keygen.py uses, not hactool) is indeed not available for android.
My bad autocorrect on hactoolnet
Post automatically merged:

You need a PC, Android is not an OS for something like this. Just get a cheap 10” Windows tablet from China. Even something with this old Atom CPU would be more than enough https://www.aliexpress.com/item/1005007252104950.html

Still, I would recommend something with for example N5100 or N100 CPU noawadays and minimum 6/8GB, but you can do simple stuff on the cheapest ones.
One day I will format the hard drives of the stack of laptops I have and put windows or Linux on them but just don't care or have time for PCs with work and kids my phone and work vm is all I need for now
 

impeeza

¡Kabito!
Member
Joined
Apr 5, 2011
Messages
8,204
Trophies
4
Age
46
Location
At my chair.
XP
28,136
Country
Colombia
I'm talking for example about some games for nes that I'm fond of and that fortunately I own the original cartridge. It would be a shame not to implement the portion of code that allows this, so I wonder, in the future sys-patch compiled by you, will it allow this convenience?

https://github.com/borntohonk/Switch-Ghidra-Guides/blob/master/scripts/mariko_keygen.py



requirements: python3, hactoolnet, firmware files such as from https://github.com/THZoria/NX_Firmware/
usage:
1. git clone https://github.com/borntohonk/Switch-Ghidra-Guides.git
2. enter Switch-Ghidra-Guides folder
3. create folder named firmware, put .nca's from firmware dump inside of folder named firmware
4. python scripts/mariko_keygen.py

keys for whatever version firmware files you just processed got made. (regardless of how new or old)

There's no reason to use lockpick anymore, it requires maintenance and manual addition of master_kek_sources.


You can in other words, fully generate all keys on pc, just by using mariko_keygen.py and having firmware files.


copypasted from my README.md on the subject

* It will obtain the key source referred to as "mariko_master_kek_source_%%" from the firmware files you've provided, and output to prod.keys or a file location you've designated with -k or --keys.
* This script eliminates the need for "lockpick" of any kind, as long as the user provides firmware files.
* This script works by first extracting the nca containing package1 with master_key_00, then extracting "package1" with the "mariko_bek" (obtainable with the release.nfo for scene release of "Marvel's Spider-Man: Miles Morales" by BigBlueBox), and then proceeds in finding "mariko_master_kek_source_%%", And then transforms "mariko_master_kek_source_%%" using "mariko_kek" to become "master_kek" and subsequently sets off the key derivation chain, using the tool "hactoolnet".
* Usage: do "python scripts/mariko_keygen.py -f folder -k prod.keys" with firmware files present in a folder called firmware, or as supplied with -f or --firmware, or store the keys at another location as supplied with -k or --keys
Wow master, thanks a lot, will try it this night, but with this method you can get the «generic» keys only, you can not extract the console unique ones, Am I right?
Post automatically merged:

I'm talking for example about some games for nes that I'm fond of and that fortunately I own the original cartridge. It would be a shame not to implement the portion of code that allows this, so I wonder, in the future sys-patch compiled by you, will it allow this convenience?
I got lost, how is not possible to run those games?


For Nintendo if you «OWN» an old cartridge or an old digital copy, that DO NOT ALLOW YOU to emulate on newer systems/consoles because for they emulation is piracy, and yes, they sell old titles on new consoles using emulation, the incoherence!!!
 

draftguy123

Well-Known Member
Member
Joined
Jul 1, 2023
Messages
219
Trophies
0
XP
606
Country
Germany
Just tried the mariko_keygen.py script, it generates all generic keys except master_kek_source_12.
(FW 19.0.x)

For an Erista V1 switch I assume this key is not needed if all other xxx_12 keys are generated.(?)
 

impeeza

¡Kabito!
Member
Joined
Apr 5, 2011
Messages
8,204
Trophies
4
Age
46
Location
At my chair.
XP
28,136
Country
Colombia
Just tried the mariko_keygen.py script, it generates all generic keys except master_kek_source_12.
(FW 19.0.x)

For an Erista V1 switch I assume this key is not needed if all other xxx_12 keys are generated.(?)
you are right the «mariko_master_kek_source_12» is generated, but «master_kek_source_12» was not generated.



The keys do not generated by the script but generated by LockPick on my V1 console are:

bis_key_00 =
bis_key_01 =
bis_key_02 =
bis_key_03 =

device_key =
device_key_4x =
eticket_rsa_kek =
eticket_rsa_kek_source =
eticket_rsa_kekek_source =
eticket_rsa_keypair =

keyblob_00 =
keyblob_01 =
keyblob_02 =
keyblob_03 =
keyblob_04 =
keyblob_05 =
keyblob_key_00 =
keyblob_key_01 =
keyblob_key_02 =
keyblob_key_03 =
keyblob_key_04 =
keyblob_key_05 =

keyblob_mac_key_00 =
keyblob_mac_key_01 =
keyblob_mac_key_02 =
keyblob_mac_key_03 =
keyblob_mac_key_04 =
keyblob_mac_key_05 =

master_kek_00 =
master_kek_01 =
master_kek_02 =
master_kek_03 =
master_kek_04 =

master_kek_source_12 =

package1_key_00 =
package1_key_01 =
package1_key_02 =
package1_key_03 =
package1_key_04 =
package1_key_05 =

save_mac_key =

sd_seed =
secure_boot_key =
ssl_rsa_kek =
ssl_rsa_kek_source =
ssl_rsa_kekek_source =
ssl_rsa_key =

tsec_key =
tsec_root_key_02 =





The ones generated by the script but no by LockPick

bis_key_source_03 =

mariko_bek =
mariko_kek =

master_kek_06 =
master_kek_07 =

save_mac_key_source_00 = (is generated by lockpick as save_mac_key_source)
save_mac_key_source_01 =

save_mac_sd_card_key =

tsec_auth_signature_00 =
tsec_auth_signature_01 =
tsec_auth_signature_02 =
 
Last edited by impeeza,

bth

Active Member
Newcomer
Joined
Jan 10, 2024
Messages
33
Trophies
0
Age
28
XP
190
Country
Norway

Gam3Refix

New Member
Newbie
Joined
Oct 5, 2024
Messages
3
Trophies
0
Age
19
XP
21
Country
Malta
I dont know if this is the right thread but im having issues on my modded nintendo switch OLED. for some reason games arent working as they keep trying to access an internet connection but of course they are blocked and then i get an error code 21558007 (dont remember what it said exactly). may i point out that this system has had a motherboard swap and then i installed the modchip on the new motherboard. i have also set the console as the primary console on OFW before creating emummc. any ideas what could be the issue?
 

impeeza

¡Kabito!
Member
Joined
Apr 5, 2011
Messages
8,204
Trophies
4
Age
46
Location
At my chair.
XP
28,136
Country
Colombia
In this case, how can I edit the image?

Edit the hekate_ipl.ini file


Code:
[CFW (EMUMMC)]
id=EMUNAND
emummcforce=1
fss0=atmosphere/package3
atmosphere=1
logopath=bootloader/YOURLOGO.bmp                    <-MODIFY THIS LINE POINTING TO YOUR IMAGE FOR SPLASH

icon=bootloader/res/payload_hue_nobox.bmp
kip1patch=nosigchk
usb3force=1
 
  • Like
Reactions: Blythe93

Reecey

Mario 64 (favorite game of all time)
Member
Joined
Mar 7, 2010
Messages
5,881
Trophies
2
Location
At Home :)
XP
4,616
Country
In this case, how can I edit the image?
You don’t even need hekate get rid of it. All you need is the bootloader folder with the hekate.ini and patches files that’s it everyone assumes using hekate for emunand is the saviour for a ban, it won’t
 

tassietigermaniac

New Member
Newbie
Joined
Mar 25, 2017
Messages
4
Trophies
0
Age
33
XP
70
Country
Hey there, I'm brand new to trying to get this to work. I'm trying to get a Pokemon Violet randomizer working but I cannot seem to. I got the CFW working today (unpatched switch, nightly Atmosphere and newest Hekate) and can load Tinfoil and DBI but I cannot get the NSP to run, I keep getting ticket errors. I believe it will be because of issues with the sigpatches. I've tried downloading the latest from both sigmapatches and this thread. Is this broken currently? If not I've probably just set something up incorrectly.

Atmosphere is atmosphere-1.8.0-prerelease
Firmware is... 19. Weird, when I launch the stock rom it's listed as 18.1

Maybe that's the issue?
 

Blythe93

The Treasure Tracker
Member
Joined
Oct 19, 2022
Messages
1,543
Trophies
2
XP
3,655
Country
Serbia, Republic of
Hey there, I'm brand new to trying to get this to work. I'm trying to get a Pokemon Violet randomizer working but I cannot seem to. I got the CFW working today (unpatched switch, nightly Atmosphere and newest Hekate) and can load Tinfoil and DBI but I cannot get the NSP to run, I keep getting ticket errors. I believe it will be because of issues with the sigpatches. I've tried downloading the latest from both sigmapatches and this thread. Is this broken currently? If not I've probably just set something up incorrectly
Try sys-patch instead if you are on the latest firmware and see if that fixes the issue. Make sure to reboot afterwards for changes to take effect.
 

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
    kijetesantakalu042 @ kijetesantakalu042: Sneak this into the holiday playlist for me please: https://www.youtube.com/watch?v=9-96YTHPlgU