This thread is deprecated
For a faster, easier and more up-to-date way of getting keys use Lockpick_RCM by shchmue
If you still want to follow this tutorial and end up with less keys, continue reading the Thread.

WARNING

• DO NOT GIVE OUT ANY OF YOUR KEYS TO ANYONE! I CANNOT STRESS THAT ENOUGH!
• DO NOT SHARE YOUR KEYS BETWEEN MULTIPLE SWITCHES THAT YOU DO/DON'T OWN! SOME ARE CONSOLE-UNIQUE
• DO NOT ASK ME FOR KEYS

LEGEND

• SBK
  SecureBootKey
• TSEC
  Tegra Security Co-processor Key
• eMMC
  Embedded MultiMediaCard (Switch's Onboard Storage)

GOAL
End up with 83+ keys including SBK and TSEC keys. Get Master Key's 0-5. (Master Keys 6 onwards is not done in this tutorial)
Reminder, if you want more up-to-date and much more convenient way to get your Switch's Keys, use Lockpick by shchmue (available in nx-appstore/homebrew store)

Tutorial — (Outdated for Switch's on firmware 6.x or newer)

#1 - Dumping System Keys (Biskeydump)#2 - Dumping Required Files#3 - Hactool Preparation#4 - Dumping KeysFinal WordsTroubleshooting

1. 
   We need to get your Secure Boot Key (SBK) and Tegra Security Co-processor Key (TSEC) before we can get the main keys.
   These are 100% console unique.
   
   
   1. Download and extract biskeydump.bin from biskeydumpvx.zip
      - Follow this tutorial but instead of using CTCaer's Hekate Mod .bin file, use the biskeydump.bin file
      - If the QR Code is Blue, Scan the QR Code with your Phone, Laptop e.t.c
      - If you cant find a device you can scan with, type them out into your PC/Laptop (Its highly recommended to scan the QR Code, as a lot of characters can look like another, O0, Il, rn can look like m, e.t.c)
   2. Once you have the biskeydump of your System, store all the keys you received somewhere safe, I recommend a secure cloud storage aswell as a USB Stick, perhaps even print it.
      - Don't give this to ANYONE, Seriously.
   
   If you get any errors please go to the Troubleshooting Tab.
   
2. 
   
   1. Follow this tutorial AGAIN but this time use CTCaer's Hekate Mod.
      - "Tools" -> "Backup..." -> "Backup eMMC BOOT0/1"
      - "Tools" -> "Backup..." -> "Backup eMMC SYS"
      - Back all the way to the first menu, and choose "Power off"
   2. Take the microSD Card out of your Switch and into your PC.
   3. Copy both "BOOT0" and "BCPKG2-1-Normal-Main" from "sd:/backup/xxxxxx/" (xxxxxx is different for everyone) to "hactool" on your Desktop (create the "hactool" folder)
      - Rename them with .bin at the end, "BOOT0.bin", "BCPKG2-1-Normal-Main.bin"
3. 
   
   1. Download and install Python 2.7.x - NOT Python 3.x.x
      When installing, it will ask you what features you want installed, scroll to the bottom and make sure "Add Python to Path" has "Entire Feature Installed to HDD" option chose (No Red X Icon), otherwise the scripts wont find Python and WILL fail
   2. Download and extract hactool TO THE DESKTOP AND NAME THE FOLDER "hactool"
      On Linux/MacOS: clone and build hactool manually
   3. Right-click this (script originally by tesnos6921, patched by shadowninja108, jakibaki and shchmue)
      - Click "Save link as" / "save as"
      - Set "Save as type" to "All Files"
      - Name it "keys.py"
      And finally save it to the hactool folder you placed in the Desktop.
      NOTICE TO GBATEMP STAFF: The "keys" inside this file, are NOT keys, they are SHA digest hashes used to search through files to find text that matches, which would be the keys.
4. 
   
   1. Press WIN(Btn)+R to open "Run", type "cmd" and press Ctrl+Shift then Enter to open Command Prompt as an Administrator
   2. Type (in order) or Copy the following and paste into Command Prompt (Some Windows Versions use Right Click to Paste, some use CTRL+C)
      python -m pip install --upgrade pip
      pip install lz4
      cd Desktop/hactool
      python keys.py SBK_Here_From_Biskeydump TSEC_Here_From_Biskeydump
   3. It should say: "Now you can do hactool --keyset=keys.txt to use them!", if it does, and there's no warning messages, you're good to go!
   If you get any errors please go to the Troubleshooting Tab.
   
5. 
   You now have a keys.txt file with your console-specific keys inside.
   Rename as needed by any software that requires a different name or file extension, it doesn't matter.
   Though I highly recommend renaming it to prod.keys as this filename for Key file's is becoming a popular choice with other software
   There may be more keys, as the Switch's lifecycle goes on, more and more keys will be needed as the firmwares grow and grow.
   
   • The Hactool warning:

     [WARN] prod.keys does not exist.

     can be safely ignored.
     - if you want to place your "keys.txt" file their, put "keys.txt" on your Desktop and run the following with Administrator Command Prompt (Step #4.1 for instructions):
     

     mkdir -p %USERPROFILE%\.switch
     move "%USERPROFILE%\Desktop\keys.txt" "%USERPROFILE%\.switch\prod.keys"

6. 
   #1 ISSUES:
   

   • Red QR Code Outline

     - The reasons this can occur is quite a rarity, all I can say is to keep rebooting and trying again.
     - If there's a new version of biskeydump out, try using the newer biskeydump.bin

   • QR Code not being scanned by your Reader

     - Align your QR Code Readers alignment overlay with the Blue Square's Corners/Edges, NOT the QR Code's Corners/Edges.
     - Clean your camera lens
     - Be in a bright room
   
   #4 ISSUES:
   

   • File "keys.py", line ...
     print message
     ^
     SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?

     - You didn't place SBK and TSEC in the 4th line of the Command in Step #4.2
     - You installed Python 3.x.x when you must use 2.7.x, uninstall python, logout of windows (important it removes python from PATH) and follow Step #3.2 then move back to #4.1

   • import lz4.block
     File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
     from ._version import ( # noqa: F401
     ImportError: DLL load failed: The specified module could not be found.

     - The 2nd line of the Command in Step #4.2 failed without you noticing. Try running the 1st line to upgrade pip and if that goes successfully run the 2nd line to install lz4 and see if it successfully installs.

 

[4mir]

please update keys.py to get all the keys most games require master key 2 and 3

 

[tyler004]

an update probably won`t help, u can add master keys 1-3 yourself just make sure its not just one giant line separate all codes and place them at the bottom they're on google

 

[damiano2712]

please update keys.py to get all the keys most games require master key 2 and 3

And where do I get the updated script?

--------------------- MERGED ---------------------------

an update probably won`t help, u can add master keys 1-3 yourself just make sure its not just one giant line separate all codes and place them at the bottom they're on google

In that case, where do I take the keys from to add them myself?
Edit: nvm, I think I've found them.

 

[tyler004]

And where do I get the updated script?

--------------------- MERGED ---------------------------


In that case, where do I take the keys from to add them myself?
Edit: nvm, I think I've found them.

the txt file or ini keys file it generated with keys.py

 

[damiano2712]

the txt file or ini keys file it generated with keys.py

So I've searched the three master keys that I was missing (1 to 3), I've added them to the keys.txt file and this time Xci Explorer reads the Owlboy file, but Xci2TitleConverter still gives me an error.

 

[JoelRL11]

Hi, Im getting a problem where when I try to dump the BOOT0 it gets stuck in this screen with a moving gray bar that just goes up and down. Any ideas what could cause this? I cant turn off the switch or do anything its just stuck at that screen.

Edit: Solved! I just had to use the newest version of Hekate. Hope this helps someone!

 

[dark_samus3]

Much improved keys.py (rename forum attachment to keys.py)

It: will take the name of BOOT0 and BCPK2-1-Normal-Main from the command-line, if desired (old names are still used if they aren't passed). Will automatically put the keyfile into the correct directory so hactool can just use it without passing "keyset=keys.txt" every time, and has improvements so it won't error on 1.0-2.3 consoles. I spent several hours trying to get this tool to work properly for me, and I had tons of problems, so I figured I'd make it easier for everyone else (hopefully).

if passing the names of BOOT0 and BCPK2-1-Normal-Main, they should be passed after the SBK and TSEC keys, and in the order: BOOT0, then BCPK2-1-Normal-Main. (so, something like: python keys.py [SBK] [TSEC] [BOOT0 path] [BCPK2-1-Normal-Main path] ) hopefully this helps.

 

[damiano2712]

Much improved keys.py (rename forum attachment to keys.py)

It: will take the name of BOOT0 and BCPK2-1-Normal-Main from the command-line, if desired (old names are still used if they aren't passed). Will automatically put the keyfile into the correct directory so hactool can just use it without passing "keyset=keys.txt" every time, and has improvements so it won't error on 1.0-2.3 consoles. I spent several hours trying to get this tool to work properly for me, and I had tons of problems, so I figured I'd make it easier for everyone else (hopefully).

if passing the names of BOOT0 and BCPK2-1-Normal-Main, they should be passed after the SBK and TSEC keys, and in the order: BOOT0, then BCPK2-1-Normal-Main. (so, something like: python keys.py [SBK] [TSEC] [BOOT0 path] [BCPK2-1-Normal-Main path] ) hopefully this helps.

I'm gonna try it now, brb.
Edit: I don't know if I understood this right, I have to type in order: SBK TSEC and then the directories of BOOT0 and BCPK2, right? Because for me it doesn't work. That's probably because I'm an idiot.

 

[dark_samus3]

I'm gonna try it now, brb.
Edit: I don't know if I understood this right, I have to type in order: SBK TSEC and then the directories of BOOT0 and BCPK2, right? Because for me it doesn't work. That's probably because I'm an idiot.

The easiest way to do it is: type in keyz, then drag your boot0 file from the file manager window into the cmd window, as well as BCPK2 into the window (making sure theres proper spaces between everything)

 

[RazorX2014]

Much improved keys.py (rename forum attachment to keys.py)

It: will take the name of BOOT0 and BCPK2-1-Normal-Main from the command-line, if desired (old names are still used if they aren't passed). Will automatically put the keyfile into the correct directory so hactool can just use it without passing "keyset=keys.txt" every time, and has improvements so it won't error on 1.0-2.3 consoles. I spent several hours trying to get this tool to work properly for me, and I had tons of problems, so I figured I'd make it easier for everyone else (hopefully).

if passing the names of BOOT0 and BCPK2-1-Normal-Main, they should be passed after the SBK and TSEC keys, and in the order: BOOT0, then BCPK2-1-Normal-Main. (so, something like: python keys.py [SBK] [TSEC] [BOOT0 path] [BCPK2-1-Normal-Main path] ) hopefully this helps.

using this keys.py i get the following error:

Traceback (most recent call last):
File "keys.py", line 334, in <module>
keys_path = (get_keys_dir() + "/.switch")
File "keys.py", line 311, in get_keys_dir
if os.environ['HOME']:
File "C:\Python27\lib\os.py", line 425, in __getitem__
return self.data[key.upper()]
KeyError: 'HOME'

 

[dark_samus3]

using this keys.py i get the following error:

Traceback (most recent call last):
File "keys.py", line 334, in <module>
keys_path = (get_keys_dir() + "/.switch")
File "keys.py", line 311, in get_keys_dir
if os.environ['HOME']:
File "C:\Python27\lib\os.py", line 425, in __getitem__
return self.data[key.upper()]
KeyError: 'HOME'

Here, try this version:

 

[RazorX2014]

Here, try this version:

i thought that did it for a sec but then i get this:

Using BOOT0.bin to get keys from package1...
Deriving keys...
Key (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) must be 6
4 hex digits!
Traceback (most recent call last):
File "keys.py", line 400, in <module>
stage0_results = subprocess.check_output([HACTOOL_PATH, ("--keyset=" + keys_
path), "--intype=keygen", BOOT0_path])
File "C:\Python27\lib\subprocess.py", line 573, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['hactool', '--keyset=C:\\Users\\RazorX/
.switch/prod.keys', '--intype=keygen', 'BOOT0.bin']' returned non-zero exit stat
us 1


i tried with the version on the OP and that worked but when i tried decrypting both portal knights or breath of the wild all i end up with is a romfs.bin, .cert and a .tik file and no exefs folder (i'm on 5.1.0)

 

[dark_samus3]

i thought that did it for a sec but then i get this:

Using BOOT0.bin to get keys from package1...
Deriving keys...
Key (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) must be 6
4 hex digits!
Traceback (most recent call last):
File "keys.py", line 400, in <module>
stage0_results = subprocess.check_output([HACTOOL_PATH, ("--keyset=" + keys_
path), "--intype=keygen", BOOT0_path])
File "C:\Python27\lib\subprocess.py", line 573, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['hactool', '--keyset=C:\\Users\\RazorX/
.switch/prod.keys', '--intype=keygen', 'BOOT0.bin']' returned non-zero exit stat
us 1


i tried with the version on the OP and that worked but when i tried decrypting both portal knights or breath of the wild all i end up with is a romfs.bin, .cert and a .tik file and no exefs folder (i'm on 5.1.0)

Hm. Not getting that error on my end...

 

[RazorX2014]

Hm. Not getting that error on my end...

i'm on windows 7 if that makes any difference.
as i said above i tried with the version on the OP and that worked but when i tried decrypting both portal knights or breath of the wild all i end up with is a romfs.bin, .cert and a .tik file and no exefs folder (i'm on 5.1.0)

 

[dark_samus3]

i'm on windows 7 if that makes any difference.
as i said above i tried with the version on the OP and that worked but when i tried decrypting both portal knights or breath of the wild all i end up with is a romfs.bin, .cert and a .tik file and no exefs folder (i'm on 5.1.0)

try deleting this file: C:\Users\RazorX\.switch\prod.keys for me, then running again please

 

[RazorX2014]

try deleting this file: C:\Users\RazorX\.switch\prod.keys for me, then running again please

yeah that did it, now can you tell me why when trying to decrypt portal knights all i end up with is just a romfs.bin file now and nothing else

this is the bat output:
d8888b. d8888b. .d8b. d888b .88b d88. .d8b.
88 `8D 88 `8D d8' `8b 88' Y8b 88'YbdP`88 d8' `8b
88oodD' 88oobY' 88ooo88 88 88 88 88 88ooo88
88~~~ 88`8b 88~~~88 88 ooo 88 88 88 88~~~88
88 88 `88. 88 88 88. ~8~ 88 88 88 88 88
88 88 YD YP YP Y888P YP YP YP YP YP
- XCI to Decrypted XCI v2.1
https://gbatemp.net/threads/506954

:: Decrypting .xci's NCA files and finding the biggest NCA...
:: Decrypting Biggest .NCA's romfs to romfs.bin and all exefs files to /exefs...
This may take a while...
!! === If it says section 0 is corrupt, then you need to obtain more keys than w
hat you already have
:: Deleting ncas as we dont need them anymore
DONE! You should have a folder: xciDecrypted
xciDecrypted should contain an exefs folder and a romfs.bin. It should NOT conta
in anything else.

 

[dark_samus3]

yeah that did it, now can you tell me why when trying to decrypt portal knights all i end up with is just a romfs.bin file now and nothing else

this is the bat output:
d8888b. d8888b. .d8b. d888b .88b d88. .d8b.
88 `8D 88 `8D d8' `8b 88' Y8b 88'YbdP`88 d8' `8b
88oodD' 88oobY' 88ooo88 88 88 88 88 88ooo88
88~~~ 88`8b 88~~~88 88 ooo 88 88 88 88~~~88
88 88 `88. 88 88 88. ~8~ 88 88 88 88 88
88 88 YD YP YP Y888P YP YP YP YP YP
- XCI to Decrypted XCI v2.1
https://gbatemp.net/threads/506954

:: Decrypting .xci's NCA files and finding the biggest NCA...
:: Decrypting Biggest .NCA's romfs to romfs.bin and all exefs files to /exefs...
This may take a while...
!! === If it says section 0 is corrupt, then you need to obtain more keys than w
hat you already have
:: Deleting ncas as we dont need them anymore
DONE! You should have a folder: xciDecrypted
xciDecrypted should contain an exefs folder and a romfs.bin. It should NOT conta
in anything else.

Not really sure what's up with that, I don't use any xcis or any of the tools associated with them for anything, I'm mostly trying to get this improved keys.py working right (so people don't encounter errors)

 

[RazorX2014]

Not really sure what's up with that, I don't use any xcis or any of the tools associated with them for anything, I'm mostly trying to get this improved keys.py working right (so people don't encounter errors)

fair enough, i will keep tinkering XD

 

[Silent002]

Thanks for all the help you guys have been providing in this thread, it's managed to get me most of the way through setup however I've come across an error that I haven't been able to fix for the last couple hours and I have absolutely no idea what is causing it.
After getting my keys.txt generated from running keys.py (the one linked in the OP) I get "If there were no warnings, we found all the keys! Now you can do hactool --keyset=keys.txt to use them!" but when I try running hactool --keyset=keys.txt I receive the error "unable to open : Invalid argument".

I've tried just about everything I can do, renamed the file, wrote it as "keyset keys.txt" (with and without quotes), restarted my machine, reran keys.py, ran CMD in administrator, ran it not in administrator, ran it in PowerShell (admin and non-admin), specified the full address of the file, created \.switch\prod.keys in the hactool folder with the data from keys.txt but every time I run keyset I get the above error, and trying to run hactool results in the "Invalid NCA header! Are keys correct?" error (as expected, I guess).

I see that the same issue was posted a couple times earlier in the thread (#56 and #77) but I couldn't see any replies that helped. It seems like I'm missing something obvious, does anyone have any idea what's going on?

 

[dark_samus3]

Thanks for all the help you guys have been providing in this thread, it's managed to get me most of the way through setup however I've come across an error that I haven't been able to fix for the last couple hours and I have absolutely no idea what is causing it.
After getting my keys.txt generated from running keys.py (the one linked in the OP) I get "If there were no warnings, we found all the keys! Now you can do hactool --keyset=keys.txt to use them!" but when I try running hactool --keyset=keys.txt I receive the error "unable to open : Invalid argument".

I've tried just about everything I can do, renamed the file, wrote it as "keyset keys.txt" (with and without quotes), restarted my machine, reran keys.py, ran CMD in administrator, ran it not in administrator, ran it in PowerShell (admin and non-admin), specified the full address of the file, created \.switch\prod.keys in the hactool folder with the data from keys.txt but every time I run keyset I get the above error, and trying to run hactool results in the "Invalid NCA header! Are keys correct?" error (as expected, I guess).

I see that the same issue was posted a couple times earlier in the thread (#56 and #77) but I couldn't see any replies that helped. It seems like I'm missing something obvious, does anyone have any idea what's going on?

Type "hactool keyset=" then drag your keys.txt into the cmd window from the file explorer. Alternatively, "mkdir %userprofile%/.switch" then "copy" drag keys.txt into the cmd window, then "%userprofile%/.switch/prod.keys" then you don't have to use --keyset= ever again.
Also, hactool expects an input file