Lockpick RCM v1.9.0 Released

Lockpick RCM v1.9.0

shchmue has just put online a new version of Lockpick_RCM which now supports Switch Mariko models, and therefore quite logically the patched Erista models. The Lockpick RCM payload provides the keys that can be used in applications such as hactool, hactoolnet / LibHac, ChoiDujour and many others.
shchmue tells us that this is a major release of Lockpick_RCM, since you can now dump on patched Mariko and Erista, he also wishes to thank CTCaer, SciresM, Shadów, balika011 and averne for their information, advice and help in testing this version.

To get your SBK or the Mariko specific keys, you will need to use the /switch/partialaes.keys file along with a brute forcing tool such as https://files.sshnuke.net/PartialAesKeyCrack.zip. I will test out a userland homebrew for this purpose soon. The contents of this file are the keyslot number followed by the result of that keyslot encrypting 16 null bytes. With the tool linked above, enter them in sequence for a given keyslot you want the contents of, for example: PartialAesKeyCrack.exe <num1> <num2> <num3> <num4> with the --numthreads = N where N is the number of threads you can dedicate to the brute force.

The keyslots are as follows:
12 - Mariko KEK (this is used for master key derivation)
13 - Mariko BEK (this is used for package1 decryption)
14 - SBK single console (this isn't needed for further key derivation)
15 - SSK single console (this is used on dev only)

Download: Lockpick RCM v1.9.0

Post a Comment