Front-page Hacking RELEASE  Updated

Lockpick_RCM payload - Official Thread


Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage
  • Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
  • Upon completion, keys will be saved to /switch/prod.keys on SD
  • If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)
Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues
  • Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly
 

Attachments

  • AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    AB1248EA-8BB9-448B-83F5-FF68C2579FB1.jpeg
    11.2 KB · Views: 0
Last edited by shchmue,
  • Like
Reactions: NotUsingAnAltAccount, BigOnYa, Blythe93 and 74 others
Click to expand...
Adran_Marit

Adran_Marit

Walküre's Hacker
Member
Level 14
Joined
Oct 3, 2015
Messages
3,781
Trophies
1
Location
42*South
XP
4,557
Country
Australia
OriginalCopycat said:
I have a full NAND backup, but I've never been able to get the keys, and it sounds like the only way I can is to flash my modchip (which I don't want to do!).
Click to expand...

If lockpick_rcm wont launch from hekate (through the sx boot) then you need spacecraft which means flashing the chip so best of luck

p.s sx is also considered dead unless they release an update which I doubt
 
  • Like
Reactions: OriginalCopycat
T

theskid

Active Member
Newcomer
Level 2
Joined
May 6, 2009
Messages
32
Trophies
0
XP
191
Country
Hayato213 said:
You need to load from Hekate not SX OS bootloader menu. I believe it doesn't work with SX OS Pro Dongle either.
Click to expand...

okay i only have sx os dongle ,but im loading hekate from that via sx os load payloads
as i have atmosphere running from emunand on higher firmware,but still want to use sx os for xci support
but still using dongle
is there any other way i can do this?
i can try booting staight to hekate via a custom boot.dat see if that works(so not going through sx)(but just using dongle)

yes that method worked booting straight into hekate but still using sx os dongle to get there
 
Last edited by theskid,
Hayato213

Hayato213

Newcomer
Member
Level 28
Joined
Dec 26, 2015
Messages
20,039
Trophies
1
XP
21,158
Country
United States
theskid said:
okay i only have sx os dongle ,but im loading hekate from that via custom boot.dat
as i have atmosphere running from emunand on higher firmware
but still using dongle
is there any other way i can do this?
Click to expand...

If chain loading from SX OS bootloader menu into hekate loading lockpick_RCM doesn't work, then you would have to use another injection method like RCM loader one, NS Atmosphere or PC.
 
pinsen24

pinsen24

Member
Newcomer
Level 2
Joined
Dec 18, 2020
Messages
22
Trophies
0
Age
30
XP
192
Country
Indonesia
Screenshot_20210926-191152_Gallery.jpg

dumping key from sysnand resulting with this. any idea?

sx core mariko. boot with hekate through sx gear. then launch payload via launch menu.
 
Kallrkyle

Kallrkyle

Well-Known Member
Member
Level 3
Joined
Jul 23, 2021
Messages
211
Trophies
0
Age
52
XP
287
Country
Denmark
As far i remember from the TX days, there was some talk about that rcm version of Lockpick wasen't compatible with the Mariko Switch, and ppl was adviced to use Lockpick.nro
 
pcwizard7

pcwizard7

Well-Known Member
Member
Level 9
Joined
Aug 2, 2013
Messages
1,409
Trophies
0
XP
1,688
Country
Australia
you should get the following files as result

Partitalkeys.txt
prod
titlekeys.txt

The errors you see are markio specific are due to the nand being encrypted. But unless you're a dev you don't need this data, but you're still getting your masterkeys in prod.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Crosscode Hacking thread

Hacking  Weird findings from that DQ trilogy switch port

Migswitch backups without certificate files

Hacking Misc Tutorial  Eiyuden Chronicle Hundred Heroes save editing

switch change sd card, but android start fail

General chit-chat
Help Users
  • SylverReZ @ SylverReZ:
    https://youtu.be/GuyImR_dI6g
     +1
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, hi
     +2
  • SylverReZ @ SylverReZ:
    @Xdqwerty, Hello, my friend.
     +1
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, I lost an online friend today who i knew since 2021
  • SylverReZ @ SylverReZ:
    @Xdqwerty, I'm sorry to hear that.
     +1
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, He said that my actitude was "cutty" and that our friendship wasnt going anywhere
  • SylverReZ @ SylverReZ:
    @Xdqwerty, You're not like that. I see you as a really kind individual.
     +1
  • BigOnYa @ BigOnYa:
    Sounds like you are better off than having a petty friend like that anyways. You win today.
     +2
  • Xdqwerty @ Xdqwerty:
    @SylverReZ, thanks
     +1
  • Xdqwerty @ Xdqwerty:
    @BigOnYa, but both of us were fine yesterday
  • BakerMan @ BakerMan:
    ah well, at least you got us (sorry if this sounds like some cornball ass "power of friendship" stuff)
     +3
  • K3Nv2 @ K3Nv2:
    Kind of hyped about the new ally finally a portable with full m.2 support
  • BigOnYa @ BigOnYa:
    Kinda reminds me of a life lesson in the movie "Bronx Tale". Guy1 owes another, guy2 $10 and the guy2 keeps chasing guy1 around the city trying to get his money back, till someone tells him, "stop, you got off easy, its only $10. That guy will never bother you again or ask you for money again, so take it as a win."
     +1
  • K3Nv2 @ K3Nv2:
    Guy1 will continue to talk shit about you constantly as well
  • K3Nv2 @ K3Nv2:
    Because he knows what he did
  • BigOnYa @ BigOnYa:
    Speaking of which, where is my $10 Ken? And I heard you been talking crap bout me to my wife. Punk.
  • K3Nv2 @ K3Nv2:
    You were standing right there when we were talking should've said something then
     +1
  • BigOnYa @ BigOnYa:
    Lol
  • K3Nv2 @ K3Nv2:
    Fucking insurance gave me a migraine told me my dentist was in network now they're rejecting claims saying they aren't
  • BigOnYa @ BigOnYa:
    That's what they do the best, pass the buck.
  • Xdqwerty @ Xdqwerty:
    wut
  • K3Nv2 @ K3Nv2:
    Insurance is a thing adults have to blow off
  • Psionic Roshambo @ Psionic Roshambo:
    https://m.youtube.com/watch?v=c95QJXRKdIw&pp=ygUdcmFtYm8gMiBtaXNzaW9uIGFjY29tcGxpc2hlZCA=
  • BigOnYa @ BigOnYa:
    Insurance is one those things you pay all your life for, no questions asked, all is fine, they take your money. And as soon as you make a claim or something happens, they never want to payout or help, just fight you on everything if it cost them any of your money.
  • BigOnYa @ BigOnYa:
    I've never had a car accident, but I bet I've paid thousands/ million into car insurance that ill never see a dime of prob. Is crazy, but its the law.
    BigOnYa @ BigOnYa: I've never had a car accident, but I bet I've paid thousands/ million into car insurance that...