Hacking RELEASE CertNXtractionPack - Get your Switch cert from a NAND dump!

[IceTeaX]

• Now, add the required keydata into "00_generate_ssl_kek.py", then run it; this will output the ssl_kek.

Where do I get this keys from?
I have a list of Keys from my Switch but what now?

 

[Burki]

step 19: insert the keys within the quotations

Where do i get the other keys from in step 19?

 

[andijames]

Why are people panicking and getting their knickers in a twist here? You use a tool to download games from Nintendo's network you're running the risk of getting screwed over. That's pretty black and white to me.. it's your choice as adults if you use it. Just thank the OP for the tool and be grateful if you do wish to use it.

 

[Imancol]

Can I use this certificate in another console with possible ban?

 

[asper]

I got " module 'asn1' has no attribute 'Decoder' " error using "convert_to_der.py" script (I got clcert.der); any hint about how to solve ? (I only obtained clcert.der )

 

[SocraticBliss]

I got " module 'asn1' has no attribute 'Decoder' " error using "convert_to_der.py" script (I got clcert.der); any hint about how to solve ? (I only obtained clcert.der )

Was this using my scripts or the ones in the OP? I think my scripts tell you which pre-requisite python modules you may be missing... give it a shot.

 

[asper]

Was this using my scripts or the ones in the OP? I think my scripts tell you which pre-requisite python modules you may be missing... give it a shot.

Tested your one: it says pycrypto is missing but it is not the problem because the error is in asn1 module (pycrypto gets loaded before asn1 so I suppose the problem is in asn1 - i am using python3).

 

[SocraticBliss]

Tested your one: it says pycrypto is missing but it is not the problem because the error is in asn1 module (pycrypto gets loaded before asn1 so I suppose the problem is in asn1 - i am using python3).

If you're testing it from the first script, it's only trying to import Crypto.cipher from AES and Crypto.Util from Counter. So you either need pycrypto or pycryptodome.

Make sure you have the Visual Studio 2017 Python Build Tools installed, you are probably missing this...

 

[asper]

If you're testing it from the first script, it's only trying to import Crypto.cipher from AES and Crypto.Util from Counter. So you either need pycrypto or pycryptodome.

Make sure you have the Visual Studio 2017 Python Build Tools installed, you are probably missing this...

I finally managed to get the proper cert (reinstall python3 under linux); now I get a .nca file from the cdn, i decrypted it using hactool and now I have a .istorage file... how can I decrypt it assuming I have the correct title key ? Can someone show me the hactool command to extract it ?

 

[ZeroFX]

No, no, no!!!
That's completely incorrect.
Assuming you're on 5.0.2, find "F5D06292E093C651E67AA7C1A93B3880.nca" then decrypt and extract it in hactool.
Open the main file in a hex editor, then search for the hint bytes I gave in the script. Both are 16-bytes (32 characters) long.

And for 5.1? i cant find this file on SYSTEM partition.

 

[ElyosOfTheAbyss]

Traceback (most recent call last):
File "00_generate_ssl_kek.py", line 3, in <module>
from Crypto.Cipher import AES
ImportError: No module named Crypto.Cipher

Tried to run the first script but was greeted to this error. I did instal pycrypto and also tried pycryptodome.

 

[SocraticBliss]

Tried to run the first script but was greeted to this error. I did instal pycrypto and also tried pycryptodome.

EDIT: Here, I made it easier for you, if you have a keys.txt file in the same directory (in the hactool format, ie. key = 32 digit hex value), it will automatically use the key, so you don't have to edit the script at all!

EDIT: I have added @JupiterJesus 's commit!

EDIT: Refer to latest post

 

[einfuchsdrache]

Hey, how can I turn my PRODINFO into a PRODINFO.bin? I have everything dumped but it seems to be encrypted or something because it doesn't have the .bin extension.

 

[SocraticBliss]

Hey, how can I turn my PRODINFO into a PRODINFO.bin? I have everything dumped but it seems to be encrypted or something because it doesn't have the .bin extension.

1) Open your RawNand.bin dump in HacDiskMount
2) Double-Click on PRODINFO
3) Enter the BIS Key 0 values for Upper and Lower
4) Click the Test/Save buttons
6) Dump to File (with the bin extension...)

 

[ElyosOfTheAbyss]

Try the zip posted below and let me know how it goes...

https://gbatemp.net/threads/certnxt...t-from-a-nand-dump.503844/page-3#post-7974932

I get a syntax error.

File "CertNXtractionPack.py", line 18
['key_x', (Key Removed), '69A08E62E0AE507BB5DA0E65179AE3BE051FED3C49941DF4EF2956D36D30110C'],
^
SyntaxError: invalid syntax

 

[SocraticBliss]

I get a syntax error.

Lines 16-19 don't need to be modified, here they are again in case you deleted them/overwrote them...

keys = [['rsa_private_kek_generation_source', rsa_private_kek_generation_source, 'F3A68FC81509A41372EC479FD79019FE719A6DA7804B5557432A78F27DD74E49'],
        ['master_key_00', master_key_00,                                         '0EE359BE3C864BB0782E1D70A718A0342C551EED28C369754F9C4F691BECF7CA'],
        ['key_x', key_x,                                                         '69A08E62E0AE507BB5DA0E65179AE3BE051FED3C49941DF4EF2956D36D30110C'],
        ['key_y', key_y,                                                         '1C86F363265417D499229EB1C4ADC7479B2A15F931261F31EE6776AEB4C76542']]

You only have to edit lines 11, 12, 13, 14 with the hex key values...

For example, replace EF2C with all 32 digits (16 bytes) of the hex key.

 

[hellogbatemp]

you think it will be possible to add a new certificate from another switch in the nand and restore it?

 

[Djchubby]

I should add it in a new thread. So avoid that the last messages like this are not read and keep asking how to do it.

Sorry if I'm writing to You, I followed Your guide on each step and I have obtained prodinfo file, but now I arrived at step 19 and You tell to insert some keys into the python script, but You do not tell which keys to put into and how to put them into the script: I have my personal console keys and master keys from 00 to 04!
I'm asking which keys to put into and if notepad is good to modify the python scripts of the certnxtraction pack!
Thank You very much!

 

[Undi]

Alright guys, I made a version that I think handles a lot of the errors encountered thus far, it won't auto install dependencies or anything crazy, so I suggest opening cmd.exe and doing the following commands first...

pip install pycrypto
pip install enum34
pip install future
pip install asn1

Then do the following...

• Download the attached zip and extract it to your Desktop.
• Dump your SYSNAND (via hekate).
• Decrypt (BIS 0 Key) and Extract your PRODINFO.bin to your working directory (via BisKeyDump and HacDiskMount).
• Insert the 4 required keys in the top of the CertNXtractionPack.py script.
• Run CertNXtractionPack.cmd

Let me know if you guys run into any problems (so I can quickly fix it!)

FUCK THIS SHIT DUDE...
Trying to extract my cert for like 2 hours and nothing work here, shit.
What am I doing wrong???

Python 2.7:

Spoiler

Python 3.7:

Spoiler

 

[SocraticBliss]

FUCK THIS SHIT DUDE...
Trying to exctract my cert for like 2 hours and nothing work here, shit.
What am I doing wrong???

Python 2.7:

Spoiler

Python 3.7:

Spoiler

1) Interesting, try this file and see what dependency you are "missing"

https://gist.github.com/SocraticBliss/ee41a7fabe35230ed54b9e1b1e2080b5

2) Can't run it like that in python 3...