This thread is deprecated
For a faster, easier and more up-to-date way of getting keys use Lockpick_RCM by shchmue
If you still want to follow this tutorial and end up with less keys, continue reading the Thread.

WARNING

• DO NOT GIVE OUT ANY OF YOUR KEYS TO ANYONE! I CANNOT STRESS THAT ENOUGH!
• DO NOT SHARE YOUR KEYS BETWEEN MULTIPLE SWITCHES THAT YOU DO/DON'T OWN! SOME ARE CONSOLE-UNIQUE
• DO NOT ASK ME FOR KEYS

LEGEND

• SBK
  SecureBootKey
• TSEC
  Tegra Security Co-processor Key
• eMMC
  Embedded MultiMediaCard (Switch's Onboard Storage)

GOAL
End up with 83+ keys including SBK and TSEC keys. Get Master Key's 0-5. (Master Keys 6 onwards is not done in this tutorial)
Reminder, if you want more up-to-date and much more convenient way to get your Switch's Keys, use Lockpick by shchmue (available in nx-appstore/homebrew store)

Tutorial — (Outdated for Switch's on firmware 6.x or newer)

#1 - Dumping System Keys (Biskeydump)#2 - Dumping Required Files#3 - Hactool Preparation#4 - Dumping KeysFinal WordsTroubleshooting

1. 
   We need to get your Secure Boot Key (SBK) and Tegra Security Co-processor Key (TSEC) before we can get the main keys.
   These are 100% console unique.
   
   
   1. Download and extract biskeydump.bin from biskeydumpvx.zip
      - Follow this tutorial but instead of using CTCaer's Hekate Mod .bin file, use the biskeydump.bin file
      - If the QR Code is Blue, Scan the QR Code with your Phone, Laptop e.t.c
      - If you cant find a device you can scan with, type them out into your PC/Laptop (Its highly recommended to scan the QR Code, as a lot of characters can look like another, O0, Il, rn can look like m, e.t.c)
   2. Once you have the biskeydump of your System, store all the keys you received somewhere safe, I recommend a secure cloud storage aswell as a USB Stick, perhaps even print it.
      - Don't give this to ANYONE, Seriously.
   
   If you get any errors please go to the Troubleshooting Tab.
   
2. 
   
   1. Follow this tutorial AGAIN but this time use CTCaer's Hekate Mod.
      - "Tools" -> "Backup..." -> "Backup eMMC BOOT0/1"
      - "Tools" -> "Backup..." -> "Backup eMMC SYS"
      - Back all the way to the first menu, and choose "Power off"
   2. Take the microSD Card out of your Switch and into your PC.
   3. Copy both "BOOT0" and "BCPKG2-1-Normal-Main" from "sd:/backup/xxxxxx/" (xxxxxx is different for everyone) to "hactool" on your Desktop (create the "hactool" folder)
      - Rename them with .bin at the end, "BOOT0.bin", "BCPKG2-1-Normal-Main.bin"
3. 
   
   1. Download and install Python 2.7.x - NOT Python 3.x.x
      When installing, it will ask you what features you want installed, scroll to the bottom and make sure "Add Python to Path" has "Entire Feature Installed to HDD" option chose (No Red X Icon), otherwise the scripts wont find Python and WILL fail
   2. Download and extract hactool TO THE DESKTOP AND NAME THE FOLDER "hactool"
      On Linux/MacOS: clone and build hactool manually
   3. Right-click this (script originally by tesnos6921, patched by shadowninja108, jakibaki and shchmue)
      - Click "Save link as" / "save as"
      - Set "Save as type" to "All Files"
      - Name it "keys.py"
      And finally save it to the hactool folder you placed in the Desktop.
      NOTICE TO GBATEMP STAFF: The "keys" inside this file, are NOT keys, they are SHA digest hashes used to search through files to find text that matches, which would be the keys.
4. 
   
   1. Press WIN(Btn)+R to open "Run", type "cmd" and press Ctrl+Shift then Enter to open Command Prompt as an Administrator
   2. Type (in order) or Copy the following and paste into Command Prompt (Some Windows Versions use Right Click to Paste, some use CTRL+C)
      python -m pip install --upgrade pip
      pip install lz4
      cd Desktop/hactool
      python keys.py SBK_Here_From_Biskeydump TSEC_Here_From_Biskeydump
   3. It should say: "Now you can do hactool --keyset=keys.txt to use them!", if it does, and there's no warning messages, you're good to go!
   If you get any errors please go to the Troubleshooting Tab.
   
5. 
   You now have a keys.txt file with your console-specific keys inside.
   Rename as needed by any software that requires a different name or file extension, it doesn't matter.
   Though I highly recommend renaming it to prod.keys as this filename for Key file's is becoming a popular choice with other software
   There may be more keys, as the Switch's lifecycle goes on, more and more keys will be needed as the firmwares grow and grow.
   
   • The Hactool warning:

     [WARN] prod.keys does not exist.

     can be safely ignored.
     - if you want to place your "keys.txt" file their, put "keys.txt" on your Desktop and run the following with Administrator Command Prompt (Step #4.1 for instructions):
     

     mkdir -p %USERPROFILE%\.switch
     move "%USERPROFILE%\Desktop\keys.txt" "%USERPROFILE%\.switch\prod.keys"

6. 
   #1 ISSUES:
   

   • Red QR Code Outline

     - The reasons this can occur is quite a rarity, all I can say is to keep rebooting and trying again.
     - If there's a new version of biskeydump out, try using the newer biskeydump.bin

   • QR Code not being scanned by your Reader

     - Align your QR Code Readers alignment overlay with the Blue Square's Corners/Edges, NOT the QR Code's Corners/Edges.
     - Clean your camera lens
     - Be in a bright room
   
   #4 ISSUES:
   

   • File "keys.py", line ...
     print message
     ^
     SyntaxError: Missing parentheses in call to 'print'. Did you mean print(message)?

     - You didn't place SBK and TSEC in the 4th line of the Command in Step #4.2
     - You installed Python 3.x.x when you must use 2.7.x, uninstall python, logout of windows (important it removes python from PATH) and follow Step #3.2 then move back to #4.1

   • import lz4.block
     File "C:\Python27\lib\site-packages\lz4\__init__.py", line 17, in <module>
     from ._version import ( # noqa: F401
     ImportError: DLL load failed: The specified module could not be found.

     - The 2nd line of the Command in Step #4.2 failed without you noticing. Try running the 1st line to upgrade pip and if that goes successfully run the 2nd line to install lz4 and see if it successfully installs.

 

[Silent002]

Type "hactool keyset=" then drag your keys.txt into the cmd window from the file explorer. Alternatively, "mkdir %userprofile%/.switch" then "copy" drag keys.txt into the cmd window, then "%userprofile%/.switch/prod.keys" then you don't have to use --keyset= ever again.
Also, hactool expects an input file

Thanks very much for the reply man I appreciate it, but it doesn't look like it worked. I used "hactool keyset=" as well as "hactool --keyset=" but neither seemed to set correctly. I've got a directory in my %userprofile% now, and although prod.keys is in there (and contains all the same keys from keys.txt exactly as they were output from the keys.py script, 40 keys in total) but it's still erroring out with "Invalid NCA Header" when I try to load an NCA. Could it be something wrong with keys.txt itself? Looking at other replies, it seems I've got all the right keys in there.

 

[dark_samus3]

Thanks very much for the reply man I appreciate it, but it doesn't look like it worked. I used "hactool keyset=" as well as "hactool --keyset=" but neither seemed to set correctly. I've got a directory in my %userprofile% now, and although prod.keys is in there (and contains all the same keys from keys.txt exactly as they were output from the keys.py script, 40 keys in total) but it's still erroring out with "Invalid NCA Header" when I try to load an NCA. Could it be something wrong with keys.txt itself? Looking at other replies, it seems I've got all the right keys in there.

It could be you're missing newer keys needed for the NCA or something. What system version are you on?

 

[Silent002]

It could be you're missing newer keys needed for the NCA or something. What system version are you on?

Ah that is a possibility, the system I took the keys from is running on version 5.1.0.

 

[dark_samus3]

Ah that is a possibility, the system I took the keys from is running on version 5.1.0.

Well, you're missing masterkeys 1-3 so it's possible.

 

[Silent002]

Well, you're missing masterkeys 1-3 so it's possible.

Okay, just added the three missing Master Keys, still the same error. Funny enough if I remove a character from any of the keys and save it, hactool tells me that key should be 32 characters - so it is at least reading the file. I can only assume I need some or all of the 40 (37?) keys that haven't been found so far. That's a shame. Thanks for your help anyway man, much appreciated!

 

[RazorX2014]

@dark_samus3 so how many keys does your newest keys.py get now?

 

[gameboy]

Here, try this version:

this worked for me.
nsw2.3.0 windows8.1
python2.7.15 86x

but was it supposed to generate a keys.txt? because i didnt get that in my hactool folder

 

[dark_samus3]

this worked for me.
nsw2.3.0 windows8.1
python2.7.15 86x

but was it supposed to generate a keys.txt? because i didnt get that in my hactool folder

actually, no, no need for keys.txt. It generates %userprofile%/.switch/prod.keys, which hactool will automatically check for, and load if present. So, no need to ever do "keyset=keys.txt" just use hactool without it

 

[medi01]

Guys I have a bit of a chicken and an egg problem.
I'm trying to install higher firmware without burning fuses.
Which, as far as I understand, means, that keys extracted from my console dumps won't be enough

Googling for more keys... does bring results, but hactool complains about "failed to match key" followed by "Invalid NCA Header"... :S

What am I doing wrong? :S

--------------------- MERGED ---------------------------

PS
Hmm, here is the log from obtaining keys:

Using BOOT0.bin to get keys from package1...
Deriving keys...
Decrypting package1...
Using Secure_Monitor.bin to get keys to decrypt package2...
Decrypting package2...
Decompressing spl.kip1 and FS.kip1...
Getting keys from spl...
Getting keys from FS...
Doing final key derivation...
If there were no warnings, we found all the keys!
Now you can do hactool --keyset=keys.txt to use them!

But then, even with XCI of Just Dance 2017 (which should be on FW lower than 3.0.2, from which I'm extracting the keys):

hactool.exe --keys=keys.txt "pathtojustdance2017.xci"
Invalid NCA header! Are keys correct?
Done!

 

[Seelbreaker]

So hi,

i've been trying now for straight 4 hours to get python running (while doing other stuff) but it just won't work, since i always get an invalid syntax error.

here are some outputs from python -v, pip install lz4 and python keys.py (wihtout the keys because the error is the same)

Spoiler

C:\Python>python.exe -v
# installing zipimport hook
import zipimport # builtin
# installed zipimport hook
# C:\Python\lib\site.pyc matches C:\Python\lib\site.py
import site # precompiled from C:\Python\lib\site.pyc
# C:\Python\lib\os.pyc matches C:\Python\lib\os.py
import os # precompiled from C:\Python\lib\os.pyc
import errno # builtin
import nt # builtin
# C:\Python\lib\ntpath.pyc matches C:\Python\lib\ntpath.py
import ntpath # precompiled from C:\Python\lib\ntpath.pyc
# C:\Python\lib\stat.pyc matches C:\Python\lib\stat.py
import stat # precompiled from C:\Python\lib\stat.pyc
# C:\Python\lib\genericpath.pyc matches C:\Python\lib\genericpath.py
import genericpath # precompiled from C:\Python\lib\genericpath.pyc
# C:\Python\lib\warnings.pyc matches C:\Python\lib\warnings.py
import warnings # precompiled from C:\Python\lib\warnings.pyc
# C:\Python\lib\linecache.pyc matches C:\Python\lib\linecache.py
import linecache # precompiled from C:\Python\lib\linecache.pyc
# C:\Python\lib\types.pyc matches C:\Python\lib\types.py
import types # precompiled from C:\Python\lib\types.pyc
# C:\Python\lib\UserDict.pyc matches C:\Python\lib\UserDict.py
import UserDict # precompiled from C:\Python\lib\UserDict.pyc
# C:\Python\lib\_abcoll.pyc matches C:\Python\lib\_abcoll.py
import _abcoll # precompiled from C:\Python\lib\_abcoll.pyc
# C:\Python\lib\abc.pyc matches C:\Python\lib\abc.py
import abc # precompiled from C:\Python\lib\abc.pyc
# C:\Python\lib\_weakrefset.pyc matches C:\Python\lib\_weakrefset.py
import _weakrefset # precompiled from C:\Python\lib\_weakrefset.pyc
import _weakref # builtin
# C:\Python\lib\copy_reg.pyc matches C:\Python\lib\copy_reg.py
import copy_reg # precompiled from C:\Python\lib\copy_reg.pyc
# C:\Python\lib\traceback.pyc matches C:\Python\lib\traceback.py
import traceback # precompiled from C:\Python\lib\traceback.pyc
# C:\Python\lib\sysconfig.pyc matches C:\Python\lib\sysconfig.py
import sysconfig # precompiled from C:\Python\lib\sysconfig.pyc
# C:\Python\lib\re.pyc matches C:\Python\lib\re.py
import re # precompiled from C:\Python\lib\re.pyc
# C:\Python\lib\sre_compile.pyc matches C:\Python\lib\sre_compile.py
import sre_compile # precompiled from C:\Python\lib\sre_compile.pyc
import _sre # builtin
# C:\Python\lib\sre_parse.pyc matches C:\Python\lib\sre_parse.py
import sre_parse # precompiled from C:\Python\lib\sre_parse.pyc
# C:\Python\lib\sre_constants.pyc matches C:\Python\lib\sre_constants.py
import sre_constants # precompiled from C:\Python\lib\sre_constants.pyc
import _locale # builtin
# C:\Python\lib\locale.pyc matches C:\Python\lib\locale.py
import locale # precompiled from C:\Python\lib\locale.pyc
import encodings # directory C:\Python\lib\encodings
# C:\Python\lib\encodings\__init__.pyc matches C:\Python\lib\encodings\__init__.py
import encodings # precompiled from C:\Python\lib\encodings\__init__.pyc
# C:\Python\lib\codecs.pyc matches C:\Python\lib\codecs.py
import codecs # precompiled from C:\Python\lib\codecs.pyc
import _codecs # builtin
# C:\Python\lib\encodings\aliases.pyc matches C:\Python\lib\encodings\aliases.py
import encodings.aliases # precompiled from C:\Python\lib\encodings\aliases.pyc
import operator # builtin
# C:\Python\lib\functools.pyc matches C:\Python\lib\functools.py
import functools # precompiled from C:\Python\lib\functools.pyc
import _functools # builtin
# C:\Python\lib\encodings\cp1252.pyc matches C:\Python\lib\encodings\cp1252.py
import encodings.cp1252 # precompiled from C:\Python\lib\encodings\cp1252.pyc
Python 2.7.15 (v2.7.15:ca079a3ea3, Apr 30 2018, 16:22:17) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>>

^C

C:\Python>pip install lz4
Requirement already satisfied: lz4 in c:\python\lib\site-packages (2.0.2)
Requirement already satisfied: future in c:\python\lib\site-packages (from lz4) (0.16.0)


C:\Python>python.exe keys.py
File "keys.py", line 29
def kip1_blz_decompress(compressed)
^
SyntaxError: invalid syntax

C:\Python>

I've got Win10 Version 10.0.17134.165

rcm with tegrasmash and everything is runnig as i have my own keydump created with briskeydump.

and in my Path Variables there is the Path for python included:
Path=C:\Python\;C:\Python\Scripts;

ofcourse i rebooted after adding the variable...

can any1 help me in getting the syntax working? like - environment variables should be fine right?.... ah yeah, i started cmd as an admin and not - uac is on default...


hactool.exe and the dll files are as well as boot0.bin and BCPKG2-1-Normal-Main.bin are in the C:\Python Folder.

Edit: i also copied hactool, the dll and the keys.py into Desktop\hactool - still invalid syntax


Installing 64-bit Python 2.7.15 didn't helped either

 

[medi01]

can any1 help me in getting the syntax working? like - environment variables should be fine right?...

If in doubt, Python offers you to add itself to the env variables (off by default).

My problem with it was that pip tool, needed to install additional libs wasn't installed automatically, so I had to manually fetch it executing this python script with admin rights (attached).

 

[Seelbreaker]

If in doubt, Python offers you to add itself to the env variables (off by default).

My problem with it was that pip tool, needed to install additional libs wasn't installed automatically, so I had to manually fetch it executing this python script with admin rights (attached).

unfortunately it didn't helped guess i need to somehow set up a linux and nfs mounts for this stuff :/

 

[medi01]

unfortunately it didn't helped guess i need to somehow set up a linux and nfs mounts for this stuff :/

You need to be more specific about errors you get.

 

[aos10]

1. Download and extract hactool TO THE DESKTOP AND NAME THE FOLDER "hactool"
2. Put the keys.py inside the folder for hactool, next to hactool.exe

when i run hactool.exe it runs fast and close then nothing
i downloaded the last version of hactool

 

[RazorX2014]

when i run hactool.exe it runs fast and close then nothing
i downloaded the last version of hactool

hactool on it's own has to be ran in cmd (command prompt)

 

[aos10]

hactool on it's own has to be ran in cmd (command prompt)

like that?

 

[RazorX2014]

like that?

if you're trying to dump your keys you need to put your BOOT0 and BCPKG2-1-Normal-Main in the same folder and rename them so they have .bin on the end and then run python keys.py <YOUR SBK> <YOUR TSEK> in the command prompt window, you get those keys by dumping your biskeys using the biskeydump.bin payload

 

[aos10]

if you're trying to dump your keys you need to put your BOOT0 and BCPKG2-1-Normal-Main in the same folder and rename them so they have .bin on the end and then run python keys.py <YOUR SBK> <YOUR TSEK> in the command prompt window, you get those keys by dumping your biskeys using the biskeydump.bin payload

oh, i have boot0 and boot1 only right now.

what is BCPKG2?

 

[RazorX2014]

oh, i have boot0 and boot1 only right now.

what is BCPKG2?

if i remember you dump the SYS and it should create a folder in Backups called Partitions and in that you will see:
BCPKG2-1-Normal-Main
BCPKG2-2-Normal-Sub
BCPKG2-3-SafeMode-Main
BCPKG2-4-SafeMode-Sub
BCPKG2-5-Repair-Main
BCPKG2-6-Repair-Sub
PRODINFO
PRODINFOF
SAFE
SYSTEM

 

[aos10]

if i remember you dump the SYS and it should create a folder in Backups called Partitions and in that you will see:
BCPKG2-1-Normal-Main
BCPKG2-2-Normal-Sub
BCPKG2-3-SafeMode-Main
BCPKG2-4-SafeMode-Sub
BCPKG2-5-Repair-Main
BCPKG2-6-Repair-Sub
PRODINFO
PRODINFOF
SAFE
SYSTEM

thanks, now i remember i've only backed up boot0 and 1.
doing all of them now including the NAND, this gonna take sometime, thanks again.

well be back if there new question.