Edit Infobox Switch Homebrews: Lockpick Switch

Free text:

{{obsolete}} Lockpick is a ground-up C++17 rewrite of homebrew key derivation software, namely [[Kezplez-NX Switch|kezplez-nx]]. It also dumps titlekeys. This will dump all keys through <code>*_key_05</code> on firmwares below <code>6.2.0</code> and through <code>*_key_06</code> on <code>6.2.0</code>. It was showcased in the GBAtemp Switch Homebrew Bounty 2018 (Switch application). '''Note:''' Due to changes in firmware 7.0.0 dumping new keys from homebrew is infeasible. Check out the RCM payload that can dump the new keys, [[Lockpick_RCM Switch|Lockpick RCM]]. ==Features== *Dumps <code>titlekeys</code> and SD seed. *Dumps all keys through <code>6.2.0</code>. *Uses the superfast <code>xxHash</code> instead of <code>sha256</code> when searching exefs for keys for a ~5x speed improvement. *Gets all possible keys from running process memory - this means no need to decrypt <code>Package2</code> at all, let alone decompress <code>KIPs</code>. *Gets bis keys and <code>header_key</code> without <code>tsec</code>, <code>sbk</code>, <code>master_key_00</code> or <code>aes</code> sources. Shoutout to exelix11 for using this method in [[NXThemes Installer Switch|SwitchThemeInjector]]. Homebrew devs should be doing this instead of requiring users to provide key files. ==User guide== *Use Hekate v4.5+ to dump TSEC and fuses: **Push hekate payload bin using [[TegraRcmSmash Switch|TegraRCMSmash]]/[[TegraRcmGUI Switch|TegraRCMGUI]]/modchip/injector. **Using the VOL and Power buttons to navigate, select <code>Console info...</code> **Select <code>Print fuse info</code> (not <code>kfuse info</code>). **Press Power to save fuse info to SD card. **Select <code>Print TSEC keys</code>. **Press Power to save TSEC keys to SD card. *Launch CFW of choice. *Open Homebrew Menu. *Run Lockpick. *Use the resulting <code>/switch/prod.keys</code> file as needed and rename if required by any software you're using. You may instead use [https://github.com/rajkosto/biskeydump biskeydump] and dump to SD to get all keys prior to the 6.2.0 generation - all keys up to those ending in 05. Lockpick will dump all keys up to that point regardless which firmware it's run on. ===Notes=== *To get keys ending in 06, you must have firmware 6.2.0 installed *No one knows <code>package1_key_06</code>, it's derived and erased fully within the encrypted TSEC payload. While there's a way to extricate <code>tsec_root_key</code> due to the way it's used, this is unfortunately not true of the <code>package1</code> key *If for some reason you dump TSEC keys on 6.2.0 and not fuses (<code>secure_boot_key</code>) you will still get everything except any of the <code>package1</code> or keyblob keys (without <code>secure_boot_key</code>, you can't decrypt keyblobs and that's where <code>package1</code> keys live) ==Screenshots== https://dlhb.gamebrew.org/switchhomebrews/lockpicknx2.png https://dlhb.gamebrew.org/switchhomebrews/lockpicknx.png ==Compatibility== Support up to FW 6.2.0. ==Changelog== '''v1.2.6 2019/09/11''' *Fix bis key generation on newer hardware. '''v1.2.5 2019/07/10''' *Support Hekate v5 fuse dump format. *Make names consistent with libnx v2.2.0. *Adjust text alignment and coloring in Lockpick_RCM note. '''v1.2.4 2019/06/17''' *Support new emunand FS memory layout. *No longer save header_key if empty. '''v1.2.3 2019/04/16''' *Remove mbedtls dependency in favor of new libnx crypto library. *Remove libnx 1.6.0 support since crypto requires later commit. *Skip contradictory messaging if skipping keyfile save. '''v1.2.2 2019/03/06''' *Do not overwrite existing keyfile that contains master_key_07. *Read eticket_rsa_kek from existing keyfile in case user is only running this for titlekeys. *Create /switch folder if needed. '''v1.2.1 2019/02/26''' *Generate bis keys without master keys. *Update file size check to support Hekate v4.8 TSEC dump. *Fixed prod.keys alphabetization error. *Fixed build warning for ff.c. *Added in-app disclaimer about which keys can be dumped. '''v1.2 2019/01/05''' *Update for libnx v2.0.0 compatibility and still runs when built with v1.6.0. **The binary got even smaller. *Accelerate finding FS keys. **No longer find BIS sources as they're hardcoded (whoops). **Find all keys on first pass hashing FS instead of hashing the whole thing from the beginning repeatedly (whoops). '''v1.1.1 2019/01/01''' *Prevent from trying to dump SD seed and ES keys on 1.0.0 as they're not available until 2.0.0. '''v1.1 2018/12/29''' *Changed titlekey dump methodology. **No longer crashes sysmodule, reboot no longer needed. **Queries ES to verify ticket list is accurate. **May take slightly longer than before on systems with hundreds of tickets. *Now dumps SD seed. *Reorganized and clarified UI text. **Now indicates if no titles are installed to dump titlekeys from. *Swapped C++ stream functions for C I/O to reclaim some speed and binary size. *Tightened up dependencies. '''v1.0 2018/12/08''' *Initial release. *It's here. See readme for instructions. Huge shoutout to everyone who got the 6.2.0 CFW fixes out. ==Credits== Special Thanks: *tèsnos! For making [https://github.com/tesnos/kezplez-nx kezplez-nx], being an all-around cool and helpful person and open to my contributions, not to mention patient with my enthusiasm. kezplez taught me an absolute TON about homebrew. *SciresM for [https://github.com/SciresM/hactool hactool], containing to my knowledge the first public key derivation software, and for <code>get_titlekeys.py</code>. *roblabla for the original keys [https://gist.github.com/roblabla/d8358ab058bbe3b00614740dcba4f208 gist] and for believing in our habilities. *The folks in the [https://reswitched.team/ ReSwitched] Discord server for answering my innumerable questions while researching this (and having such a useful chat backlog!). *The memory reading code from jakibaki's [https://github.com/jakibaki/sys-netcheat sys-netcheat] was super useful for getting keys out of running process memory. *The System Save dumping methodology from Adubbz' [https://github.com/Adubbz/Compelled-Disclosure Compelled Disclosure]. *Shouts out to fellow key derivers: shadowninja108 for [https://github.com/shadowninja108/HACGUI HACGUI], Thealexbarney for [https://github.com/Thealexbarney/LibHac Libhac], and [https://github.com/rajkosto/ rajkosto]. *[https://github.com/misson20000 misson2000] for help with <code>std::invoke</code> to get the function timer working. *[https://github.com/simontime Simon] for the <code>eticket_rsa_kek</code> derivation method and for suggesting invoking <code>spl</code> for faster titlekey derivation. *[https://github.com/SciresM SciresM] for the libnx aes library. *The constantly-improving docs on [https://switchbrew.org/wiki/ Switchbrew wiki] and [https://switchbrew.github.io/libnx/files.html libnx]. *Literally the friends I made along the way! I came to the scene late and I've still managed to meet some wonderful people :) Thanks for all the help testing, making suggestions, and cheerleading. Licenses: *<code>es</code> ipc code is from [https://github.com/Adubbz/Tinfoil Tinfoil] licensed under [https://github.com/Adubbz/Tinfoil/blob/master/LICENSE MIT]. *<code>FatFs R0.13c</code> is located here and is licensed under its own [https://github.com/shchmue/Lockpick/blob/master/source/fatfs/LICENSE.txt BSD-style license]. *Simple <code>xxHash</code> implementation is from [https://github.com/stbrumme/xxhash stbrumme] licensed under [https://github.com/stbrumme/xxhash/blob/master/LICENSE MIT]. *Padlock icon is from [https://icons8.com/ Icons8] licensed under [https://creativecommons.org/licenses/by-nd/3.0/ Creative Commons Attribution-NoDerivs 3.0 Unported]. == External links == * GitHub - https://github.com/shchmue/Lockpick * GBAtemp - https://gbatemp.net/threads/lockpick-switch-key-derivation-homebrew.525575/ [[Category:GBAtemp Homebrew Bounty 2018]]