Lockpick RCM v1.6.1 Released - Update Now!
Lockpick RCM has been updated to fix a critical bug fix that popped up in the previous version that resulted in the keys being produced by the tool being wrong. If you'd like to get your actual valid Switch keys you'll want to use this fixed version. Discard any keys created with 1.6.0.
Lockpick RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS. This new version features titlekey dumping.
Quote: shchmue
When I added Minerva and titlekey dumping I moved the key save text buffer from a zero-initialized stack array to the heap, and forgot to zero-initialize, followed by many perilous calls to strlen on the buffer which wasn't guaranteed any nulls to terminate! This resulted in a hang while saving keys and/or corrupt key files.
Firmware 9.0.0 Warning
Link
Due to changes in the way firmware 9.0.0 handles user input homebrew will have to be recompiled to function correctly using this firmware. Read the changelog to make sure the homebrew you're using has been updated to work on 9.0.0 if you're using firmware 9.0.0 or newer.
Link
Due to changes in the way firmware 9.0.0 handles user input homebrew will have to be recompiled to function correctly using this firmware. Read the changelog to make sure the homebrew you're using has been updated to work on 9.0.0 if you're using firmware 9.0.0 or newer.
Instructions
* Launch Lockpick_RCM.bin using your favorite payload injector
* Upon completion, keys will be saved to `/switch/prod.keys` on SD
* If the console has Firmware 7.x, the `/sept/` folder from [Atmosphère](https://github.com/Atmosphere-NX/Atmosphere/releases) or [Kosmos](https://github.com/AtlasNX/Kosmos/releases) release zip containing both `sept-primary.bin` and `sept-secondary.enc` must be present on SD or else only keyblob master key derivation is possible (ie. up to `master_key_05` only)
Credits
Massive Thanks to CTCaer! - This software is heavily based on Hekate. Beyond that, CTCaer was exceptionally helpful in the development of this project, lending loads of advice, expertise, and humor.
Changelog
v1.6.1Links & Downloads
* When I added Minerva and titlekey dumping I moved the key save text buffer from a zero-initialized stack array to the heap, and forgot to zero-initialize, followed by many perilous calls to strlen on the buffer which wasn't guaranteed any nulls to terminate! This resulted in a hang while saving keys and/or corrupt key files.
v1.6.0
* Added titlekey dumping! With CTCaer's Minerva it runs in 20-25s depending on sys/emunand, or 40-50s without.
* Also added key generation number display to main menu to help guide your sysnand/emunand dumping decision.
v1.5.0
* Now lets users choose whether to dump keys from sysNAND or emuMMC. Also a fix for BIS key generation on consoles released after firmware 5.0.0 (presently it's rare that these have code execution, but eventually this will apply to more).
https://github.com/shchmue/Lockpick_RCM/releases/tag/v1.6.1
0 Comments