RELEASE Switch 7.0 key derivation: Lockpick_RCM payload

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by shchmue, Mar 4, 2019.

  1. c0013r

    c0013r Newbie

    Newcomer
    1
    Apr 28, 2019
    Russia
    Yes, using this tool in "payload" mode (Lockpick-RCM v1.1.1) gives error "ERROR FFFFFFFF dumping TSEC"

    Trying to dump TSEC with Hekate (latest version) gives such strings:

    Found pkg1 (`20181107105733`)
    TSEC key: ERROR FFFFFFFF.

    Some "history" of my switch.

    - Used SX OS from the start
    - From 5.1 to 6.2 was updated with saved fuses (now I have 6 burnt, update was done with ChoiDujourNX through atmosphere)
    - I have Auto-RCM from ChoiDujourNX
    - Now I want to move to atmosphere, but can't launch (want TSEC keys)
    - Other "dumps" from Hekate working good
    - SX OS working without errors now

    P.S. I don't use emunand
     
    Last edited by c0013r, Apr 28, 2019
  2. shchmue
    OP

    shchmue GBAtemp Advanced Fan

    Member
    7
    Dec 23, 2013
    United States
    Are you chainloading hekate/lockpick_rcm from SX injector or whatever their software is? IIRC they do something like leave CCPLEX enabled in their hardware init code that makes it impossible to query the TSEC again in subsequent payloads. If that's the case, try injecting directly, if not, let me know.
     
  3. mattytrog

    mattytrog You don`t want to listen to anything I say.

    Member
    12
    Apr 27, 2018
    United Kingdom
    I really really hope you don`t mind but a while ago, I integrated your brilliant payload into my Hekate mod that I use for modchips.

    I never even thought to double-check it was OK with you. Sorry about that! I`ve credited you obviously.
     
    Last edited by mattytrog, Apr 28, 2019
  4. c0013r

    c0013r Newbie

    Newcomer
    1
    Apr 28, 2019
    Russia
    It works! Thank you! :-)
     
  5. IMnoob

    IMnoob Newbie

    Newcomer
    1
    May 2, 2019
    Singapore
    does Lockpick-RCM v1.1.1 support to dum key for 8.0.1 to get lastestkey ( Key 8 )?
     
    Last edited by IMnoob, May 2, 2019
  6. Unleanone999

    Unleanone999 GBAtemp Advanced Fan

    Member
    5
    May 15, 2018
    Togo
    Yes ver 1.1.1 works.
     
    IMnoob likes this.
  7. IMnoob

    IMnoob Newbie

    Newcomer
    1
    May 2, 2019
    Singapore
    just try dump. no master key 8, i just got only masterkey 7 on 8.0.1 with lockpick rcm 1.1.1
     
  8. Raugo

    Raugo GBAtemp Fan

    Member
    5
    Nov 22, 2014
    Doesn't exist master_key_08, the latest key is master_key_07
     
    IMnoob likes this.
  9. IMnoob

    IMnoob Newbie

    Newcomer
    1
    May 2, 2019
    Singapore
    aaah so that's why i can't get masterkey 8.. thank you
     
  10. shchmue
    OP

    shchmue GBAtemp Advanced Fan

    Member
    7
    Dec 23, 2013
    United States
    7.0.0-8.0.1 have the same keys :)
     
    IMnoob likes this.
  11. almmiron

    almmiron GBAtemp Regular

    Member
    3
    Jan 9, 2012
    Brazil
    my console is 8.0.1, never hacked before, and I was told to come here. I have rcm loader, and with my switch on rcm mode it wont load any payload, still black screen. I inserted lockPick, renamed to payload.bin as rcm loader says, have the proper files on sd, but nothing happens. only black screen

    EDIT
    dumbest thing: the usb-c was not properly connected.
     
    Last edited by almmiron, May 5, 2019
  12. peteruk

    peteruk GBAtemp Addict

    Member
    12
    Jun 26, 2015
    What is the correct location to store our prod.keys ? Is it the root of the card or in the Switch folder ?

    Also should it be renamed keys.dat ?

    Sorry but I'm seeing different people saying different things, so wanted to get it clarified please... also seen some people suggesting the keys file needs to be inside tinfoil & goldleaf folders too

    If somebody could clear this all up I'd appreciate it - thank you ! Just trying to tidy up my sd card
     
  13. Draxzelex

    Draxzelex GBAtemp Guru

    Member
    18
    Aug 6, 2017
    United States
    New York City
    Prod.keys is usually needed for hactool which is used on your computer. Less and less Switch applications are requiring keys and for good reason; because the keys are already in the console. Neither tinfoil nor Goldleaf require keys in order to function so I'm not sure where you got that idea from. And different applications will require the keys to be in different places. Not only that, some tools use different names. So it doesn't matter where you put it or what you name it.
     
    peteruk likes this.
  14. peteruk

    peteruk GBAtemp Addict

    Member
    12
    Jun 26, 2015

    Thanks for replying, you're always helpful without being condescending and it's very much appreciated.

    I picked most of it up from reading various threads over the course of the expanding homebrew scene and have ended up with keys files in almost every folder and 2 files on the root (keys.txt and prod.keys).

    I suppose as I'm ditching sxos the most important one will be if Atmosphere requires a keys file or not ? Id yes will it be prod.keys or keys.txt and should it be placed in the Atmosphere folder ?
     
  15. Draxzelex

    Draxzelex GBAtemp Guru

    Member
    18
    Aug 6, 2017
    United States
    New York City
    Atmosphere doesn't require keys either.
     
    peteruk likes this.
  16. peteruk

    peteruk GBAtemp Addict

    Member
    12
    Jun 26, 2015
    thank you as ever, have a great weekend :)
     
    Draxzelex likes this.
  17. shchmue
    OP

    shchmue GBAtemp Advanced Fan

    Member
    7
    Dec 23, 2013
    United States
Loading...