Description
Lockpick_RCM is a bare metal Nintendo Switch payload that derives encryption keys for use in Switch file handling software like hactool, hactoolnet/LibHac, ChoiDujour, etc. without booting Horizon OS.

Source: https://github.com/shchmue/Lockpick_RCM
Payload: https://github.com/shchmue/Lockpick_RCM/releases

Due to changes imposed by firmware 7.0.0, Lockpick homebrew can no longer derive the latest keys. In the boot-time environment however, there are fewer limitations. That means the new keys are finally easy to dump!

Usage

• Launch Lockpick_RCM.bin using your favorite payload injector or chainload from Hekate by placing it in /bootloader/payloads
• Upon completion, keys will be saved to /switch/prod.keys on SD
• If the console has Firmware 7.x, the /sept/ folder from Atmosphère or Kosmos release zip containing both sept-primary.bin and sept-secondary.enc must be present on SD or else only keyblob master key derivation is possible (ie. up to master_key_05 only)

Big thanks to CTCaer
For Hekate and all the advice while developing this!

Known Issues

• Chainloading from SX will hang immediately due to quirks in their hwinit code, please launch payload directly

 

[Tyvar1]

And its gone rip

You can grab it here (for now)

https://github.com/Slluxx/Picklock_RCM/releases/tag/v1.9.10

 

[Blauhasenpopo]

Thx

 

[SirByte]

And its gone rip

You can grab it here (for now)

https://github.com/Slluxx/Picklock_RCM/releases/tag/v1.9.10

I don't think @shchmue can have anything to do with this, to prevent her whole account from being taken down so we'll have to see if there will ever be a v1.9.11 to support higher firmwares.

 

[gnmmarechal]

Ninty does what Ninty wants, I actually backed this repo up yesterday by complete coincidence.

 

[templeofhylia]

oh no, instead of people dumping their own keys from their own consoles that they paid for, they're going to have to resort to one of the several hundred links floating around online that totally aren't easy to find. they sure got us.

 

[EagleDelta1]

I don't think @shchmue can have anything to do with this, to prevent her whole account from being taken down so we'll have to see if there will ever be a v1.9.11 to support higher firmwares.

A DMCA takedown is not legal action. DMCA takedowns are almost always honored even if they are invalid takedown requests. This is because if Github (for example) refuses to issue the takedown and it is seen as a legit takedown, then Github would also be liable for copyright infringement. We'll have to wait and see if the takedown is appealed and if that takedown is honored.

I would argue that if it is see as an illegitimate takedown, then the people affected (not me since I didn't contribute sadly) need to fight it, otherwise the courts will see this as a precedent that can be honored.

 

[linuxares]

A DMCA takedown is a legal action indeed. It's the first step of "please do this or we will do this". It's just a settlement without any damages being paid.

 

[ELY_M]

I hope she is working on DMCA counter-notice

 

[pogisanpolo]

I hope she is working on DMCA counter-notice

Wouldn't be surprised if she isn't. I smell that Nintendo's going to fight it, claim that it's only use case is for circumventing security for piracy, then use every legal tactic to make the case stall out as long as possible.

At least it's open source, and I'm seeing mirrors being put up around the world.

 

[fille]

and its back,now under the name picklock,hahahaha

 

[EagleDelta1]

Wouldn't be surprised if she isn't. I smell that Nintendo's going to fight it, claim that it's only use case is for circumventing security for piracy, then use every legal tactic to make the case stall out as long as possible.

At least it's open source, and I'm seeing mirrors being put up around the world.

This is one of the single greatest benefits of git and open source. Once it's out there, no amount of DMCA requests will be able to get rid of it. There are likely now thousands of forks, clones, or copies of it under various names in both open source repos and private repos (like mine) to keep them from prying eyes

 

[pogisanpolo]

This is one of the single greatest benefits of git and open source. Once it's out there, no amount of DMCA requests will be able to get rid of it. There are likely now thousands of forks, clones, or copies of it under various names in both open source repos and private repos (like mine) to keep them from prying eyes

And you, be fruitful and multiply, increase greatly on the earth and multiply in it.” - Genesis 9:7

 

[oresterosso]

and its back,now under the name picklock,hahahaha

Picklock Rcm is only a provocation towards Nintendo.
if no one updates it this is unusable on new firmwares

 

[masagrator]

Picklock Rcm is only a provocation towards Nintendo.
if no one updates it this is unusable on new firmwares

16.0.0 keys were updated by someone else than author itself. So it's not like only author knows how to update it. Only revamping boot process at which keys are derived would make it useless, tsec_keygen works for years without issues as is.

 

[Mikolaj]

Picklock Rcm is only a provocation towards Nintendo.
if no one updates it this is unusable on new firmwares

Picklock is not a simple Lockpick reupload: md5 is different. While the source code might be exactly the same (but we can't check it anymore) it is at least obvious that it's a brand new compilation. And I'm not worrying too much: with the source code publicly available I guess almost any skillfull "amateur" programmer can update it with minimal efforts.

 

[Slluxx]

Picklock Rcm is only a provocation towards Nintendo.
if no one updates it this is unusable on new firmwares

16.0.0 keys were updated by someone else than author itself. So it's not like only author knows how to update it. Only revamping boot process at which keys are derived would make it useless, tsec_keygen works for years without issues as is.

Picklock is not a simple Lockpick reupload: md5 is different. While the source code might be exactly the same (but we can't check it anymore) it is at least obvious that it's a brand new compilation. And I'm not worrying too much: with the source code publicly available I guess almost any skillfull "amateur" programmer can update it with minimal efforts.

Addressing all of these at once.
I am able and willing to update Lockpick with the needed keys for as long as i can. If Shchmue ever decides to work on it again, i'll happily stop and hand over everything i have.

The MD5 may be different but the only changes so far is the name. The working sourcode is the same. I also restored all of Lockpicks commits to my repository, so you can see what changed and where. Its a little funky because i had to force push and rebase but it got the job done.

 

[mrdude]

Picklock is not a simple Lockpick reupload: md5 is different. While the source code might be exactly the same (but we can't check it anymore) it is at least obvious that it's a brand new compilation. And I'm not worrying too much: with the source code publicly available I guess almost any skillfull "amateur" programmer can update it with minimal efforts.

MD5 changes every time it's compiled due to the timestamp being different and also the compilation files may differ from one system to another - ie LINUX, Windows, C++ versions,installed libraries, etc... Even if the code base remains untouched.

 

[bilalhassan341]

oh no, instead of people dumping their own keys from their own consoles that they paid for, they're going to have to resort to one of the several hundred links floating around online that totally aren't easy to find. they sure got us.

IK but coctendo is losing their mind because of picofly the cheap mod chip to jailbreak switch. And it works the best I have three modded switches with picofly and it only costs 30 bucks for all three mod chip and 5 bucks for the mosfet. So, you can mod your switch with 15 bucks if you have proper soldering equipment and knowledge(how to solder without destroying switch).

 

[OperationNT]

I am able and willing to update Lockpick with the needed keys for as long as i can. If Shchmue ever decides to work on it again, i'll happily stop and hand over everything i have.

Great to see this confirmation.

By the way, is there any "easy method to follow" in order to update those files?
https://github.com/Slluxx/Picklock_RCM/blob/main/source/keys/crypto.h
https://github.com/Slluxx/Picklock_RCM/blob/main/source/keys/key_sources.inl

 

[Topken]

I heard rumbling of Nintendo doing something "anti-lockpick" in newer keys/firmware? So I was looking for confirmation of that here and yeah IF it doesn't get updated to "properly" support newer keys/firmware then newer games/updates are going to be broken for emulation purposes which is annoying. Also getting this removed does NOTHING for piracy reasons all it does is hurt the "emulation" scene which is pure garbage on Nintendo's side to begin with. All this software does is allow you to dump your keys for use with emulation and thus does NOT allow you to run "pirated" games on a hacked switch.