This thread is deprecated
For a faster, easier and more up-to-date way of getting keys use Lockpick_RCM by shchmue
If you still want to follow this tutorial and end up with less keys, continue reading the Thread.

WARNING

• DO NOT GIVE OUT ANY OF YOUR KEYS TO ANYONE! I CANNOT STRESS THAT ENOUGH!
• DO NOT SHARE YOUR KEYS BETWEEN MULTIPLE SWITCHES THAT YOU DO/DON'T OWN! SOME ARE CONSOLE-UNIQUE
• DO NOT ASK ME FOR KEYS

LEGEND

• SBK
  SecureBootKey
• TSEC
  Tegra Security Co-processor Key
• eMMC
  Embedded MultiMediaCard (Switch's Onboard Storage)

GOAL
End up with 83+ keys including SBK and TSEC keys. Get Master Key's 0-5. (Master Keys 6 onwards is not done in this tutorial)
Reminder, if you want more up-to-date and much more convenient way to get your Switch's Keys, use Lockpick by shchmue (available in nx-appstore/homebrew store)

Tutorial — (Outdated for Switch's on firmware 6.x or newer)

#1 - Dumping System Keys (Biskeydump)#2 - Dumping Required Files#3 - Hactool Preparation#4 - Dumping KeysFinal WordsTroubleshooting

1. 
   We need to get your Secure Boot Key (SBK) and Tegra Security Co-processor Key (TSEC) before we can get the main keys.
   These are 100% console unique.
   
   
   1. Download and extract biskeydump.bin from biskeydumpvx.zip
      - Follow this tutorial but instead of using CTCaer's Hekate Mod .bin file, use the biskeydump.bin file
      - If the QR Code is Blue, Scan the QR Code with your Phone, Laptop e.t.c
      - If you cant find a device you can scan with, type them out into your PC/Laptop (Its highly recommended to scan the QR Code, as a lot of characters can look like another, O0, Il, rn can look like m, e.t.c)
   2. Once you have the biskeydump of your System, store all the keys you received somewhere safe, I recommend a secure cloud storage aswell as a USB Stick, perhaps even print it.
      - Don't give this to ANYONE, Seriously.
   
   If you get any errors please go to the Troubleshooting Tab.
   
2. 
   
   1. Follow this tutorial AGAIN but this time use CTCaer's Hekate Mod.
      - "Tools" -> "Backup..." -> "Backup eMMC BOOT0/1"
      - "Tools" -> "Backup..." -> "Backup eMMC SYS"
      - Back all the way to the first menu, and choose "Power off"
   2. Take the microSD Card out of your Switch and into your PC.
   3. Copy both "BOOT0" and "BCPKG2-1-Normal-Main" from "sd:/backup/xxxxxx/" (xxxxxx is different for everyone) to "hactool" on your Desktop (create the "hactool" folder)
      - Rename them with .bin at the end, "BOOT0.bin", "BCPKG2-1-Normal-Main.bin"
3. 
   
   1. Download and install Python 2.7.x - NOT Python 3.x.x
      When installing, it will ask you what features you want installed, scroll to the bottom and make sure "Add Python to Path" has "Entire Feature Installed to HDD" option chose (No Red X Icon), otherwise the scripts wont find Python and WILL fail
   2. Download and extract hactool TO THE DESKTOP AND NAME THE FOLDER "hactool"
      On Linux/MacOS: clone and build hactool manually
   3. Right-click this (script originally by tesnos6921, patched by shadowninja108, jakibaki and shchmue)
      - Click "Save link as" / "save as"
      - Set "Save as type" to "All Files"
      - Name it "keys.py"
      And finally save it to the hactool folder you placed in the Desktop.
      NOTICE TO GBATEMP STAFF: The "keys" inside this file, are NOT keys, they are SHA digest hashes used to search through files to find text that matches, which would be the keys.
4. 
   
   1. Press WIN(Btn)+R to open "Run", type "cmd" and press Ctrl+Shift then Enter to open Command Prompt as an Administrator
   2. Type (in order) or Copy the following and paste into Command Prompt (Some Windows Versions use Right Click to Paste, some use CTRL+C)
      python -m pip install --upgrade pip
      pip install lz4
      cd Desktop/hactool
      python keys.py SBK_Here_From_Biskeydump TSEC_Here_From_Biskeydump
   3. It should say: "Now you can do hactool --keyset=keys.txt to use them!", if it does, and there's no warning messages, you're good to go!
   If you get any errors please go to the Troubleshooting Tab.
   
5. 
   You now have a keys.txt file with your console-specific keys inside.
   Rename as needed by any software that requires a different name or file extension, it doesn't matter.
   Though I highly recommend renaming it to prod.keys as this filename for Key file's is becoming a popular choice with other software
   There may be more keys, as the Switch's lifecycle goes on, more and more keys will be needed as the firmwares grow and grow.
   
   • The Hactool warning:

     [WARN] prod.keys does not exist.

     can be safely ignored.
     - if you want to place your "keys.txt" file their, put "keys.txt" on your Desktop and run the following with Administrator Command Prompt (Step #4.1 for instructions):
     

     mkdir -p %USERPROFILE%\.switch
     move "%USERPROFILE%\Desktop\keys.txt" "%USERPROFILE%\.switch\prod.keys"

6. 
   #1 ISSUES:
   

   • Red QR Code Outline

     - The reasons this can occur is quite a rarity, all I can say is to keep rebooting and trying again.
     - If there's a new version of biskeydump out, try using the newer biskeydump.bin

   • QR Code not being scanned by your Reader

     - Align your QR Code Readers alignment overlay with the Blue Square's Corners/Edges, NOT the QR Code's Corners/Edges.
     - Clean your camera lens
     - Be in a bright room
   
   #4 ISSUES:
   

   • File "keys.py", line ...
     print message
     ^
     SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?

     - You didn't place SBK and TSEC in the 4th line of the Command in Step #4.2
     - You installed Python 3.x.x when you must use 2.7.x, uninstall python, logout of windows (important it removes python from PATH) and follow Step #3.2 then move back to #4.1

   • import lz4.block
     File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
     from ._version import ( # noqa: F401
     ImportError: DLL load failed: The specified module could not be found.

     - The 2nd line of the Command in Step #4.2 failed without you noticing. Try running the 1st line to upgrade pip and if that goes successfully run the 2nd line to install lz4 and see if it successfully installs.

 

[mcmrc1]

Sadly, i've already tried everything you said...


pip install lz4 results in this:
C:\Users\fakeusername\Desktop\hactool>pip install lz4
Requirement already satisfied: lz4 in c:\python27\lib\site-packages (2.0.0)
Requirement already satisfied: future in c:\python27\lib\site-packages (from lz4) (0.16.0)

Same here, using Python 2 and putting the correct SBK and TSECKey but still got the same error with boot0.bin and key not matched :/

Hmmm ok iam no python expert but maybe you have installed the wrong python version. There is a 32 Bit and a 64 Bit version...
Test the version who fits to your system...

 

[DJT1M/T1MLPD3]

maybe wrong hactool version? happened to me first, updated to 1.1.0, worked

 

[z10m]

Any idea what the problem might be here.?

 

[mcmrc1]

Any idea what the problem might be here.?

Looks like you are using the wrong keys -> try without "" "" -> maybe you reversed the keys ?

python keys.py <SBKSecureBootKey> <TSEC>

 

[aigochamaloh]

I had this error on my laptop, no matter what I did.

Traceback (most recent call last):
File "keys.py", line 25, in <module>
import lz4.block
File "C:\Python27\lib\site-packages\lz4\__init__.py", line 11, in <module>
from ._version import ( # noqa: F401
ImportError: DLL load failed: The specified module could not be found.

Installed on my desktop, worked fine, but would not find any matches in keys. Updated to hactool 1.1.0 and found keys just fine. Interesting the differences between switches though.

5.0.2 switch found the keys ok, gave me keys 0 and 4.

3.0.2 switch found the keys ok, gave me keys 0 and 2.

2.2.0 switch errored out and could not run, maybe a bad dump of the system packages through hekate.

What part of the key dump is supposed to be console unique? Because some of the output is exactly the same between my 5.0.2 and 3.0.2 switch, and googling them brings up results from other sites with retail keys.

edit: now that i dumped everything into an excel spreadsheet and sorted alphabetically, everything in the output, except my tsec and sbk can be found online.

 

[z10m]

Looks like you are using the wrong keys -> try without "" "" -> maybe you reversed the keys ?

python keys.py <SBKSecureBootKey> <TSEC>

double and triple checked and the keys are in the right order and also tried without "" with the same resoult..

will try 64bit python now and maybe different hacktool version.

 

[Phenj]

Fuck this fucking piece of horseshit, i've spent too much time on this. Looks like i'm buttfucked until i CHANGE fucking PC maybe? No one had luck until they literally used another computer to do this.
Fuck this and fuckity fuck everything

 

[AlphaSapphire]

I cant get passed step 4

 

[z10m]

ok it worked after updating hactool to 1.10 and installing python 64bit..

 

[LightOffPro]

C:\Users\Jorge\Desktop\hactool>pip install lz4
Collecting lz4
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/lz4/
Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/lz4/
Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/lz4/
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/lz4/
Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/lz4/
Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/lz4/
Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/lz4/
Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/lz4/
Could not find a version that satisfies the requirement lz4 (from versions: )
No matching distribution found for lz4

C:\Users\Jorge\Desktop\hactool>



Its giving me this error. What do?

 

[tesnos6921]

Haha wow this thing keeps making the rounds, I thought for sure somebody would write a better script by now

 

[mcmrc1]

C:\Users\Jorge\Desktop\hactool>pip install lz4
Its giving me this error. What do?

Seems you have no intenet connection ? Or Run as administrator ? Newest hactool ? the correct 64 or 32 bit python 2.7 with checbox for path support ? ?

 

[LightOffPro]

Seems you have no intenet connection ? Or Run as administrator ? Newest hactool ? the correct 64 or 32 bit python 2.7 with checbox for path support ? ?

I have an internet connection. Hactool is the latest, python 2.7.15 with path support.

 

[AlphaSapphire]

Seems you have no intenet connection ? Or Run as administrator ? Newest hactool ? the correct 64 or 32 bit python 2.7 with checbox for path support ? ?

mine says that its not a command

 

[z10m]

so guys should this method extract
master_key_01 =
master_key_02 =
master_key_03 =

??

because hacktool seem to require those but I cant find them in the created keys.txt

 

[LightOffPro]

After a quick reboot, i progressed a bit but the same problem happens.

C:\Users\Jorge\Desktop\hactool>pip install lz4
Collecting lz4
Downloading https://files.pythonhosted.org/pack...1b165ed4f60a47/lz4-2.0.0-cp27-cp27m-win32.whl (141kB)
100% |################################| 143kB 492kB/s
Collecting future (from lz4)
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/future/
Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/future/
Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/future/
Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/future/
Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProtocolError('Connection aborted.', error(10054, 'Uma liga\xe7\xe3o existente foi for\xe7ada a fechar pelo anfitri\xe3o remoto'))': /simple/future/
Could not find a version that satisfies the requirement future (from lz4) (from versions: )
No matching distribution found for future (from lz4)

C:\Users\Jorge\Desktop\hactool>

Wat do?

--------------------- MERGED ---------------------------

Lmao i randomly retried and worked, seems legit.

 

[Nitsuka]

Ok guys, it completely works with Python 2.7.15 (64 bits) and hactool 1.1.0 (thanks z10m)
now stuck at hactool :
λ hactool.exe --keyset=keys.txt
unable to open : Invalid argument


EDIT : we don't have to use hactool.exe, the masterkey 0 and 4 are already in the keys.txt...
Thanks for the tutorial.

 

[AlphaSapphire]

Hi im having this error
Using BOOT0.bin to get keys from package1...
Deriving keys...
Key (TSEC) must be 32 hex digits!
Traceback (most recent call last):
File "keys.py", line 374, in <module>
stage0_results = subprocess.check_output([HACTOOL_PATH, "--keyset=keys.txt", "--intype=keygen", "BOOT0.bin"])
File "C:\Python27\lib\subprocess.py", line 223, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['hactool', '--keyset=keys.txt', '--intype=keygen', 'BOOT0.bin']' returned non-zero exit status 1

 

[rainbowkittypaw]

Does anyone have any idea as to what could be causing this?

File "keys.py", line 259
print message
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?

 

[Constipette]

Does anyone have any idea as to what could be causing this?

File "keys.py", line 259
print message
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?

Me too, anyone have solution ?