RELEASE Switch 7.0 key derivation: Lockpick_RCM payload

Discussion in 'Switch - Exploits, Custom Firmwares & Soft Mods' started by shchmue, Mar 4, 2019.

  1. henkp

    henkp Advanced Member

    Newcomer
    4
    Mar 19, 2007
    Netherlands
    Yeah well i kinda found out the hard way... but after keeping my switch at 4.1 for about a year, playing nothing but zelda, mario vs rabbids, mario and puyo puyo tetris, it hits me with the supernag. Time to sell this one after all :-(
     
  2. Draxzelex

    Draxzelex GBAtemp Guru

    Member
    18
    Aug 6, 2017
    United States
    New York City
    Use Gag-Order which was specifically designed to remove the supernag on firmware versions 4.1 and lower. Setup DNS settings before using Gag-Order to avoid redownloading the supernag.
     
  3. ZachyCatGames

    ZachyCatGames GBAtemp Advanced Maniac

    Member
    8
    Jun 19, 2018
    United States
    Hell
    How can they use Gag-Order if they are on a patched unit which can only use browserhax (which the supernag blocks) to access homebrew :/
     
  4. Draxzelex

    Draxzelex GBAtemp Guru

    Member
    18
    Aug 6, 2017
    United States
    New York City
    Whoops, messed up the order of events. Guess right now they can update to 5.X with a cartridge and wait for Deja Vu on 5.X
     
  5. ganons

    ganons GBAtemp Addict

    Member
    7
    Jun 12, 2005
    Doesnt seem to work on SX OS on 7.0.1?
     
  6. shchmue
    OP

    shchmue GBAtemp Advanced Fan

    Member
    7
    Dec 23, 2013
    United States
    did you launch the payload directly instead of chainloading from the SX menu
     
  7. hippy dave

    hippy dave BBMB

    Member
    15
    Apr 30, 2012
    United Kingdom
    If they only just got the super nag, then their Switch probably knows about 8.x, so 5.x might not clear the nag? I know this stuff is still being worked out, but it sounded like that's how it works.
     
  8. ganons

    ganons GBAtemp Addict

    Member
    7
    Jun 12, 2005
    Yes directly. How do you chainload?
     
  9. Sack148

    Sack148 Newbie

    Newcomer
    1
    Jul 26, 2019
    Germany
    Hey,
    one question regarding lockpick and emuNAND (Atmosphere/KOSMOS):
    My OFW is currently on 3.0.1 and i want to keep it there in case someone finds a way for a cold boot exploit.
    To be able to play newer games I've upgraded in emunand to 8.1 with ChoiDujourNX. Now I am facing the issue that I need the newer keys to convert XCI to NSP.
    Now it looks like that i am only able to extract the keys from my real NAND (up to master key 05).

    Is there any way to get the newer keys? Unforunately I cannot find any answer online. (What might mean that it's not possible...)
     
  10. shchmue
    OP

    shchmue GBAtemp Advanced Fan

    Member
    7
    Dec 23, 2013
    United States
    here's a version that only derives keys from emummc, i haven't worked out how i want to do an interface option to choose and i've been working on trying to integrate Lockpick with Nyx and running into some roadblocks so sorry everyone. here it is in the meantime
     

    Attached Files:

    eliboa, Sack148 and hippy dave like this.
  11. ataraxis

    ataraxis Member

    Newcomer
    4
    Aug 3, 2007
    Malaysia
    Thanks for the release. Would like to know if this needs to be chain loaded in hekate or can straight inject using tegraRCM?
     
  12. shchmue
    OP

    shchmue GBAtemp Advanced Fan

    Member
    7
    Dec 23, 2013
    United States
    both work
     
  13. ataraxis

    ataraxis Member

    Newcomer
    4
    Aug 3, 2007
    Malaysia
    Thanks :)
     
  14. sushi4u

    sushi4u Newbie

    Newcomer
    1
    Aug 26, 2008
    United States

    I have a question.
    I tried both chain loading the Lockpick_RCM Emummc and running it through Tegra.

    Unfortunatly when i ran tegra it just freezes my switch.
    When i run it through the payloader option off hekate its says

    Firmware 7.x or higher detected.
    Renamed /sept/payload.bin to /sept/payload.bak
    Copied self to /sept/payload/bin.
    Press power or vol +/- to Reboot to Sept...

    Then when i press power. It shows a sept atmosphere splash screen. Then black screen.

    Any idea what i am doing wrong.

    Thanks
     
  15. shchmue
    OP

    shchmue GBAtemp Advanced Fan

    Member
    7
    Dec 23, 2013
    United States
    does the regular payload work? if so there might be something up with your emunand
     
  16. sushi4u

    sushi4u Newbie

    Newcomer
    1
    Aug 26, 2008
    United States
    Thanks for replying back.

    Yes. Running clean 2.3 sysnand and created a partition for emunand and updated to 8.1.0 with ChoiDujour.

    I am able to get keys no problem on stock 2.3 with lockpick_rcm. Also able to run lockpick.nro off the homebrew channel as well when on emmunand. But fails to get the new keys cause it’s not lockpick_rcm.

    So I am pretty stumped. Not sure if I should just recreate a new emummc with hekate and see if that fixes it.
     
  17. xmatr1x

    xmatr1x Newbie

    Newcomer
    1
    Thursday
    United States
    I've got the same issue at sushi4u.

    Tegrasmash and payload loader both freeze when I try to use the emummc lockpick rcm app.

    *edit* I'll add some more information. I'm on 3.0 stock and 8.1/Atmos 0.9.3 for emummc. Running the regular lockpick_rcm works to get my 3.0 keys, the file you posted above for retrieving emummc keys does not. I set up the partition on my SD card from the guide to do so, used hekate to copy over stock FW to emummc, then updated to 8.1 with choidujournx. I'm a bit surprised no one else has run into this issue but sushi4u and myself.
     
    Last edited by xmatr1x, Aug 23, 2019 at 12:48 AM
Loading...