Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

• Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
• Upon completion, keys will be saved to /switch/prod.keys on SD
• If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

• Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

 

[shchmue]

how can I install XCI files using this ?

i don't know anything about XCI installers or converters, but if they require key files, this will dump what they need.

 

[Deleted User]

@shchmue is it worth me using this to dump my prod.keys again as I used the latest nro to dump them last time?

Config OFW 7.0.1 CFW Atmosphere 0.8.4

 

[8BitWonder]

@shchmue is it worth me using this to dump my prod.keys again as I used the latest nro to dump them last time?

Config OFW 7.0.1 CFW Atmosphere 0.8.4

The nro can only dump keys up to 06 (when on 6.2.0), this new payload can dump up to and including the newest 07 keys.
(It is worth it if you want the newest keys)

 

[Deleted User]

The nro can only dump keys up to 06 (when on 6.2.0), this new payload can dump up to and including the newest 07 keys.
(It is worth it if you want the newest keys)

Many Thanks Will do that tonight.

 

[Tutimane]

I'm so lost what is lockpick for? I'm on 7.1 and already hacked the switch. Can I delete the app?

 

[KuranKu]

I'm so lost what is lockpick for? I'm on 7.1 and already hacked the switch. Can I delete the app?

Lockpick is a tool to dump keys for multi porpose ..
Since latest update lockpick app cant dump keys of 7.x firmware do to system changes

So to dump 7.x keys LockpickRCM is the go .

 

[shchmue]

Lockpick homebrew can still dump titlekeys while this can't. I'm about to push a commit that checks and doesn't overwrite Lockpick_RCM's key file in case you want to dump titlekeys and you're on 7.

 

[Goffrier]

inb4 TX drops 7.x support and everyone go like oh no the cancer is still here xD

 

[8BitWonder]

inb4 TX drops 7.x support and everyone go like oh no the cancer is still here xD

This doesn't produce the necessary keys to boot 7.0.X.
TX still need to dump those themselves.

 

[Goffrier]

dont worry they will steal sept

 

[ZachyCatGames]

dont worry they will steal sept

yea. it’ll be funny seeing SX with the Atmosphere sept logo

 

[Goffrier]

but it will work™

--------------------- MERGED ---------------------------

i dont care if they are stealing i just wait their release for 7.x support

 

[chrisrlink]

if only we stole code from TX (XCI loader) cause i just bought a SATA3 to USB adapter for that

--------------------- MERGED ---------------------------

yea. it’ll be funny seeing SX with the Atmosphere sept logo

and you think ppl will care? (maybe team atmos not the end user) besides a feature i want is sxos exclusive i doubt any pro piracy dev would make an xci loader from scratch

 

[KuranKu]

There is XCI loader on PC...

 

[Deleted User]

@shchmue shall I await the next release since you are performing code and commits?

 

[shchmue]

@shchmue shall I await the next release since you are performing code and commits?

no i just had to update Lockpick homebrew, no updates for this planned at the moment

 

[Beegyoshi]

Hi shchmue,

I just started trying to install cfw to my switch so I'm still trying to understand the jargons used. I was unable to get my tegra keys and title.keys through the lockpick.nro and I thought this current method will aid me. However, i was only able to get the prod.keys and not the title.keys. I have previously installed and played games on my switch before and I'm sure my SD card is not corrupted but I'm still having trouble getting the title keys. My firmware is 7.0.0 and my switch serial is XAJ100XXXX. Do you have any idea what's going on? Thank you for any possible solutions.

 

[shchmue]

Hi shchmue,

I just started trying to install cfw to my switch so I'm still trying to understand the jargons used. I was unable to get my tegra keys and title.keys through the lockpick.nro and I thought this current method will aid me. However, i was only able to get the prod.keys and not the title.keys. I have previously installed and played games on my switch before and I'm sure my SD card is not corrupted but I'm still having trouble getting the title keys. My firmware is 7.0.0 and my switch serial is XAJ100XXXX. Do you have any idea what's going on? Thank you for any possible solutions.

you can run this then run Lockpick 1.2.2 to get both

 

[Beegyoshi]

Hi shchmue.

I have tried both methods and I got both title.keys and prod.keys. I followed your step and ran lockpick 1.2.2 on my switch. However, this error message appeared.

get Tegra keys failed. Warning: Saving limited keyset. Dump TSEC and Fuses with Hekate.

I was still able to obtain both keys at the end. Can this error message be ignored?

 

[ch1z69]

7.0.1 Keys are still failing on xci converter using lockpick rcm