Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Lockpick Switch: Difference between revisions

From GameBrew
No edit summary
Line 14: Line 14:
}}
}}
{{obsolete}}
{{obsolete}}
Lockpick is a ground-up C++17 rewrite of homebrew key derivation software, namely [[Kezplez-NX Switch|kezplez-nx]]. It also dumps titlekeys. This will dump all keys through <code>*_key_05</code> on firmwares below <code>6.2.</code>0 and through <code>*_key_06</code> on <code>6.2.0</code>.
Lockpick is a ground-up C++17 rewrite of homebrew key derivation software, namely [[Kezplez-NX Switch|kezplez-nx]]. It also dumps titlekeys. This will dump all keys through <code>*_key_05</code> on firmwares below <code>6.2.0</code> and through <code>*_key_06</code> on <code>6.2.0</code>.


'''Note:''' Due to changes in firmware 7.0.0 dumping new keys from homebrew is infeasible. Check out the RCM payload that can dump the new keys, [[Lockpick_RCM Switch|Lockpick RCM]].
'''Note:''' Due to changes in firmware 7.0.0 dumping new keys from homebrew is infeasible. Check out the RCM payload that can dump the new keys, [[Lockpick_RCM Switch|Lockpick RCM]].
Line 48: Line 48:
https://dlhb.gamebrew.org/switchhomebrews/lockpicknx2.png
https://dlhb.gamebrew.org/switchhomebrews/lockpicknx2.png
https://dlhb.gamebrew.org/switchhomebrews/lockpicknx.png
https://dlhb.gamebrew.org/switchhomebrews/lockpicknx.png
==Compatibility==
Support up to FW 6.2.0.


==Changelog==
==Changelog==

Revision as of 06:54, 29 April 2023

Lockpick
Lockpicknx.png
General
Authorshchmue
TypeUtilities
Version1.2.6
LicenseGPL-2.0
Last Updated2019/09/19
Links
Download
Website
Source

Lockpick is a ground-up C++17 rewrite of homebrew key derivation software, namely kezplez-nx. It also dumps titlekeys. This will dump all keys through *_key_05 on firmwares below 6.2.0 and through *_key_06 on 6.2.0.

Note: Due to changes in firmware 7.0.0 dumping new keys from homebrew is infeasible. Check out the RCM payload that can dump the new keys, Lockpick RCM.

Features

  • Dumps titlekeys and SD seed.
  • Dumps all keys through 6.2.0.
  • Uses the superfast xxHash instead of sha256 when searching exefs for keys for a ~5x speed improvement.
  • Gets all possible keys from running process memory - this means no need to decrypt Package2 at all, let alone decompress KIPs.
  • Gets bis keys and header_key without tsec, sbk, master_key_00 or aes sources. Shoutout to exelix11 for using this method in SwitchThemeInjector. Homebrew devs should be doing this instead of requiring users to provide key files.

User guide

  • Use Hekate v4.5+ to dump TSEC and fuses:
    • Push hekate payload bin using TegraRCMSmash/TegraRCMGUI/modchip/injector.
    • Using the VOL and Power buttons to navigate, select Console info...
    • Select Print fuse info (not kfuse info).
    • Press Power to save fuse info to SD card.
    • Select Print TSEC keys.
    • Press Power to save TSEC keys to SD card.
  • Launch CFW of choice.
  • Open Homebrew Menu.
  • Run Lockpick.
  • Use the resulting /switch/prod.keys file as needed and rename if required by any software you're using.

You may instead use [https://github.com/rajkosto/biskeydump biskeydump and dump to SD to get all keys prior to the 6.2.0 generation - all keys up to those ending in 05. Lockpick will dump all keys up to that point regardless which firmware it's run on.

Notes

  • To get keys ending in 06, you must have firmware 6.2.0 installed
  • No one knows package1_key_06, it's derived and erased fully within the encrypted TSEC payload. While there's a way to extricate tsec_root_key due to the way it's used, this is unfortunately not true of the package1 key
  • If for some reason you dump TSEC keys on 6.2.0 and not fuses (secure_boot_key) you will still get everything except any of the package1 or keyblob keys (without secure_boot_key, you can't decrypt keyblobs and that's where package1 keys live)

Screenshots

lockpicknx2.png lockpicknx.png

Compatibility

Support up to FW 6.2.0.

Changelog

v1.2.6 2019/09/11

  • Fix bis key generation on newer hardware.

v1.2.5 2019/07/10

  • Support Hekate v5 fuse dump format.
  • Make names consistent with libnx v2.2.0.
  • Adjust text alignment and coloring in Lockpick_RCM note.

v1.2.4 2019/06/17

  • Support new emunand FS memory layout.
  • No longer save header_key if empty.

v1.2.3 2019/04/16

  • Remove mbedtls dependency in favor of new libnx crypto library.
  • Remove libnx 1.6.0 support since crypto requires later commit.
  • Skip contradictory messaging if skipping keyfile save.

v1.2.2 2019/03/06

  • Do not overwrite existing keyfile that contains master_key_07.
  • Read eticket_rsa_kek from existing keyfile in case user is only running this for titlekeys.
  • Create /switch folder if needed.

v1.2.1 2019/02/26

  • Generate bis keys without master keys.
  • Update file size check to support Hekate v4.8 TSEC dump.
  • Fixed prod.keys alphabetization error.
  • Fixed build warning for ff.c.
  • Added in-app disclaimer about which keys can be dumped.

v1.2 2019/01/05

  • Update for libnx v2.0.0 compatibility and still runs when built with v1.6.0.
    • The binary got even smaller.
  • Accelerate finding FS keys.
    • No longer find BIS sources as they're hardcoded (whoops).
    • Find all keys on first pass hashing FS instead of hashing the whole thing from the beginning repeatedly (whoops).

v1.1.1 2019/01/01

  • Prevent from trying to dump SD seed and ES keys on 1.0.0 as they're not available until 2.0.0.

v1.1 2018/12/29

  • Changed titlekey dump methodology.
    • No longer crashes sysmodule, reboot no longer needed.
    • Queries ES to verify ticket list is accurate.
    • May take slightly longer than before on systems with hundreds of tickets.
  • Now dumps SD seed.
  • Reorganized and clarified UI text.
    • Now indicates if no titles are installed to dump titlekeys from.
  • Swapped C++ stream functions for C I/O to reclaim some speed and binary size.
  • Tightened up dependencies.

v1.0 2018/12/08

  • Initial release.
  • It's here. See readme for instructions. Huge shoutout to everyone who got the 6.2.0 CFW fixes out.

Credits

Special Thanks:

  • tèsnos! For making kezplez-nx, being an all-around cool and helpful person and open to my contributions, not to mention patient with my enthusiasm. kezplez taught me an absolute TON about homebrew.
  • SciresM for hactool, containing to my knowledge the first public key derivation software, and for get_titlekeys.py.
  • roblabla for the original keys gist and for believing in our habilities.
  • The folks in the ReSwitched Discord server for answering my innumerable questions while researching this (and having such a useful chat backlog!).
  • The memory reading code from jakibaki's sys-netcheat was super useful for getting keys out of running process memory.
  • The System Save dumping methodology from Adubbz' Compelled Disclosure.
  • Shouts out to fellow key derivers: shadowninja108 for HACGUI, Thealexbarney for Libhac, and rajkosto.
  • misson2000 for help with std::invoke to get the function timer working.
  • Simon for the eticket_rsa_kek derivation method and for suggesting invoking spl for faster titlekey derivation.
  • SciresM for the libnx aes library.
  • The constantly-improving docs on Switchbrew wiki and libnx.
  • Literally the friends I made along the way! I came to the scene late and I've still managed to meet some wonderful people :) Thanks for all the help testing, making suggestions, and cheerleading.

Licenses:

External links

Advertising: