Lockpick v1.2.5 Released

Lockpick v1.2.5 Released


shchmue has updated the legacy Lockpick which is a homebrew application for the Nintendo Switch that will dump the encrypted system keys that are unique to your console to a file for use with utilities like hactool which allow for the manipulation of game data (per say for modding games and decrypting content). Lockpick v1.2.4 adds support for Hekate v5.0.x key extraction.

What's New?

*  Support Hekate v5 fuse dump format
*  Make names consistent with libnx v2.2.0
*  Adjust text alignment and coloring in Lockpick_RCM note

Description

Lockpick is a homebrew application for the Nintendo Switch that will dump the encrypted system keys that are unique to your console to a file for use with utilities like hactool which allow for the manipulation of game data (per say for modding games and decrypting content). Lockpick works on all firmware versions, but you will need to use the Lockpick RCM Payload to dump the v7.0.x keys.

Features

What this software does differently

    Dumps titlekeys
    Dumps 6.2.0 keys
    Uses the superfast xxHash instead of sha256 when searching exefs for keys for a ~5x speed improvement
    Gets all possible keys from running process memory - this means no need to decrypt Package2 at all, let alone decompress KIPs
    Gets header_key without tsec, sbk, master_key_00 or aes sources - which may or may not be the same way ChoiDujourNX does it eyes (and I'm gonna issue a challenge to homebrew title installers to implement similar code so you don't need your users to use separate software like this stuck_out_tongue_winking_eye it's up to you to figure out if the same can be done for key_area_keys if needed)
Instructions

Usage

    Use Hekate v4.5+ to dump TSEC and fuses:
        Push hekate payload bin using TegraRCMSmash/TegraRCMGUI/modchip/injector
        Using the VOL and Power buttons to navigate, select Console info...
        Select Print fuse info
        Press Power to save fuse info to SD card
        Select Print TSEC keys
        Press Power to save TSEC keys to SD card
    Launch CFW of choice
    Open Homebrew Menu
    Run Lockpick
    Use the resulting prod.keys file as needed and rename if required

You may instead use biskeydump and dump to SD to get all keys prior to the 6.2.0 generation - all keys up to those ending in 05. This will dump all keys up to that point regardless which firmware it's run on.

Notes

    To get keys ending in 06, you must have firmware 6.2.0 installed

    No one knows package1_key_06, it's derived and erased fully within the encrypted TSEC payload. While there's a way to extricate tsec_root_key due to the way it's used, this is unfortunately not true of the package1 key

    If for some reason you dump TSEC keys on 6.2.0 and not fuses (secure_boot_key) you will still get everything except any of the package1 or keyblob keys (without secure_boot_key, you can't decrypt keyblobs and that's where package1 keys live)

Changelog

v1.2.5

*   Support Hekate v5 fuse dump format
*   Make names consistent with libnx v2.2.0
*   Adjust text alignment and coloring in Lockpick_RCM note

v1.2.4

*   Support new emunand FS memory layout
*   No longer save header_key if empty

v1.2.3

*   Remove mbedtls dependency in favor of new libnx crypto library
*   Remove libnx 1.6.0 support since crypto requires later commit
*   Skip contradictory messaging if skipping keyfile save

v1.2.2

*   Do not overwrite existing keyfile that contains master_key_07
*   Read eticket_rsa_kek from existing keyfile in case user is only running this for titlekeys
*   Create /switch folder if needed

v1.2.1

*   Generate bis keys without master keys
*   Update file size check to support Hekate v4.8 TSEC dump
*   Fixed prod.keys alphabetization error
*   Fixed build warning for ff.c
*   Added in-app disclaimer about which keys can be dumped

v1.2

*   Update for libnx v2.0.0 compatibility and still runs when built with v1.6.0
    *   The binary got even smaller!
*   Accelerate finding FS keys
    *   No longer find BIS sources as they're hardcoded (whoops)
    *   Find all keys on first pass hashing FS instead of hashing the whole thing from the beginning repeatedly (*whoops*)

v1.1.1

Prevent from trying to dump SD seed and ES keys on 1.0.0 as they're not available until 2.0.0

v1.1

Changed titlekey dump methodology
 No longer crashes sysmodule, reboot no longer needed
 Queries ES to verify ticket list is accurate
 May take slightly longer than before on systems with hundreds of tickets
Now dumps SD seed
Reorganized and clarified UI text
 Now indicates if no titles are installed to dump titlekeys from
Swapped C++ stream functions for C I/O to reclaim some speed and binary size
Tightened up dependencies
Links & Downloads
https://github.com/shchmue/Lockpick/releases/tag/v1.2.5

Post a Comment

0 Comments