Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Hactool Switch

From GameBrew
Revision as of 02:59, 7 April 2023 by HydeWing (talk | contribs)
Hactool
File:Hactoolswitch.png
General
AuthorSciresM
TypePC Utilities
Version1.4.0
LicenseISC
Last Updated2020/06/02
Links
Download
Website
Source

Hactool is a software application that enables users to access information, decrypt, and extract popular file formats for the Nintendo Switch console, including Nintendo Content Archives. This tool draws significant inspiration from ctrtool.

Features

  • Support for reading plaintext Package2 files was added.
  • NPDM -> JSON conversion was added.
  • KIP1 -> JSON conversion was added.
  • Keygen can now be performed without passing a BOOT0 file.
  • Support for newer XCIs with a logo partition was added.
  • Support for pre-1.0.0 NCA0 files was added.
  • Support for uncompressing NSO0 and KIP1 files was added via --uncompressed=
  • Titlekeys can now be loaded from an external "title.keys" file, located in the same directory as prod.keys or dev.keys. -Titlekeys should be stored in the format hexadecimal_rights_id = hexadecimal_title_key.
  • Various [WARN]s were added when odd behavior is detected.
  • Added support for NAX0 (Nintendo Aes Xts File(system), SD Card content).
  • Added support for key derivation using EKS (keyblobs) and sbk/tsec key.
  • Support was added for pre-1.0.0 "NCA2" content.

The following Switch file formats are supported:

  • NCA
  • XCI
  • HFS0
  • PFS0
  • RomFS
  • NPDM
  • Package1 (PK11)
  • Package2 (PK21)
  • INI1
  • KIP1
  • NAX0
  • NSO0
  • Save files

Usage

Usage: hactool [options...] <file>
Options:
-i, --info        Show file info.
                      This is the default action.
-x, --extract     Extract data from file.
                      This is also the default action.
  -r, --raw          Keep raw data, don't unpack.
  -y, --verify       Verify hashes and signatures.
  -d, --dev          Decrypt with development keys instead of retail.
  -k, --keyset       Load keys from an external file.
  -t, --intype=type  Specify input file type [nca, xci, pfs0, romfs, hfs0, npdm, pk11, pk21, ini1, kip1, nax0, save, keygen]
  --titlekey=key     Set title key for Rights ID crypto titles.
  --contentkey=key   Set raw key for NCA body decryption.
  --disablekeywarns  Disables warning output when loading external keys.
NCA options:
  --plaintext=file   Specify file path for saving a decrypted copy of the NCA.
  --header=file      Specify Header file path.
  --section0=file    Specify Section 0 file path.
  --section1=file    Specify Section 1 file path.
  --section2=file    Specify Section 2 file path.
  --section3=file    Specify Section 3 file path.
  --section0dir=dir  Specify Section 0 directory path.
  --section1dir=dir  Specify Section 1 directory path.
  --section2dir=dir  Specify Section 2 directory path.
  --section3dir=dir  Specify Section 3 directory path.
  --exefs=file       Specify ExeFS file path. Overrides appropriate section file path.
  --exefsdir=dir     Specify ExeFS directory path. Overrides appropriate section directory path.
  --romfs=file       Specify RomFS file path. Overrides appropriate section file path.
  --romfsdir=dir     Specify RomFS directory path. Overrides appropriate section directory path.
  --listromfs        List files in RomFS.
  --baseromfs        Set Base RomFS to use with update partitions.
  --basenca          Set Base NCA to use with update partitions.
  --basefake         Use a fake Base RomFS with update partitions (all reads will return 0xCC).
  --onlyupdated      Ignore non-updated files in update partitions.
NPDM options:
  --json=file        Specify file path for saving JSON representation of program permissions to.
KIP1 options:
  --json=file        Specify file path for saving JSON representation of program permissions to.
  --uncompressed=f   Specify file path for saving uncompressed KIP1.
NSO0 options:
  --uncompressed=f   Specify file path for saving uncompressed NSO0.
PFS0 options:
  --pfs0dir=dir      Specify PFS0 directory path.
  --outdir=dir       Specify PFS0 directory path. Overrides previous path, if present.
  --exefsdir=dir     Specify PFS0 directory path. Overrides previous paths, if present for ExeFS PFS0.
RomFS options:
  --romfsdir=dir     Specify RomFS directory path.
  --outdir=dir       Specify RomFS directory path. Overrides previous path, if present.
  --listromfs        List files in RomFS.
HFS0 options:
  --hfs0dir=dir      Specify HFS0 directory path.
  --outdir=dir       Specify HFS0 directory path. Overrides previous path, if present.
  --exefsdir=dir     Specify HFS0 directory path. Overrides previous paths, if present.
XCI options:
  --rootdir=dir      Specify XCI root HFS0 directory path.
  --updatedir=dir    Specify XCI update HFS0 directory path.
  --normaldir=dir    Specify XCI normal HFS0 directory path.
  --securedir=dir    Specify XCI secure HFS0 directory path.
  --logodir=dir      Specify XCI logo HFS0 directory path.
  --outdir=dir       Specify XCI directory path. Overrides previous paths, if present.
Package1 options:
  --package1dir=dir  Specify Package1 directory path.
  --outdir=dir       Specify Package1 directory path. Overrides previous path, if present.
Package2 options:
  --package2dir=dir  Specify Package2 directory path.
  --outdir=dir       Specify Package2 directory path. Overrides previous path, if present.
  --extractini1      Enable INI1 extraction to default directory (redundant with --ini1dir set).
  --ini1dir=dir      Specify INI1 directory path. Overrides default path, if present.
INI1 options:
  --ini1dir=dir      Specify INI1 directory path.
  --outdir=dir       Specify INI1 directory path. Overrides previous path, if present.
  --saveini1json     Enable generation of JSON descriptors for all INI1 members.
NAX0 options:
  --sdseed=seed      Set console unique seed for SD card NAX0 encryption.
  --sdpath=path      Set relative path for NAX0 key derivation (ex: /registered/000000FF/cafebabecafebabecafebabecafebabe.nca).
Save data options:
  --outdir=dir       Specify save directory path.
  --listfiles        List files in save file.
Key Derivation options:
  --sbk=key          Set console unique Secure Boot Key for key derivation.
  --tseckey=key      Set console unique TSEC Key for key derivation.```

Usage of External Keys

To provide external keys, one can use the -k/--keyset argument followed by the filename of the keyset. These keysets are text files that contain keys written in the format "key_name = HEXADECIMALKEY". The case of the keys and the presence of whitespace doesn't matter.

Alternatively, if the -k/--keyset option is not set, hactool will search for a keyset file named prod.keys in $HOME/.switch/ directory (or dev.keys if -d/--dev is set) and automatically load it, if available.

Media

Decrypting Switch Firmwares with hactool: a tutorial - ((C)ode e(X)ecute)

Screenshots

hactoolswitch-01.png hactoolswitch-02.png

Changelog

(v.1.4.0)

  • Support was fixed for parsing save files (thanks @shchmue)!
  • Support was fixed for extracting package1 binaries newer than 4.0.0.
  • Support was added for performing mariko-specific key derivation.
  • Support was added for decrypting and extracting mariko package1 binaries.

(v.1.3.3)

  • Support was added for parsing Chinese game cards, which use a new hashing algorithm to validate HFS0 partitions.

(v.1.3.2)

  • Support was added for validating new NCA header fixed-keys (9.x+)
  • Romfs is now parsed via an iterative loop instead of recursion to prevent possible stack exhaustion.

(v.1.3.1)

  • Output was fixed for displaying certain SDK versions.
  • Support was added for validating new ACID keys (9.x+)

(v.1.3.0)

  • Support was fixed for new (8.0.0+) key generation.
  • Support was added for extracting 8.0.0+ Package2 binaries.
  • SVC and key generation names were updated to latest definitions.
  • Support was added for parsing and extracting save files (thanks @shchmue!)
  • Support was added for decrypting and parsing the encrypted XCI header area (thanks @jakcron!).
  • NPDM output was corrected when parsing the version field.
  • Support was added for suppressing output of sensitive/decrypted keys.
  • Support was added for only extracting NCAs if the content type is one specified.
  • Support was added for automatically appending the NCA section type to extracted section content paths if an option is specified.
  • Key derivation was fixed when deriving master keks from keyblobs.
  • title.keys content restrictions were made looser (non-key lines are now allowed).
  • Support was added for skipping output of invalid key warnings.
  • A bug was fixed that caused PFS0 file entry calculations to fail.

(v.1.2.2)

  • Support was added for 6.2.0+ new key derivation using tsec_root_key and master_kek_source_##.
  • 6.2.0 keydata will no longer be called "Unknown".
  • A bug was fixed involving argument violation to mbed_tls aes routines.

(v.1.2.1)

  • Update extraction support should no longer cause errors.
  • NPDM JSON output has been switched over to the new format.
  • 6.x keydata will no longer be called "Unknown".

(v.1.2.0)

  • NAX0 decryption failed when reading at unaligned offsets.
  • NCAs making use of AES-XTS crypto are no longer completely broken
  • Support for pre-1.0.0 NCA2 files was fixed, and now works properly
  • Getopt is no longer broken on arm-linux (thanks @jakibaki!)
  • Too many small ones to count :)
  • "encrypted_header_key" was changed in keyset loading to "header_key_source", in order to be consistent with other key names.

(v.1.1.0)

  • BKTR did not support the non-single bucket case, affecting games with huge patches (Splatoon 2, maybe others)
  • Too many small ones to count :)

(v.1.0.1)

  • Memory corruption when parsing some NPDMs
  • Invalid AES mode used for titlekey decryption
  • BKTR section validity unchecked before accessing decrypted data
  • Edge case in BKTR subsection layout would cause infinite recursion

(v.1.0)

  • First Release.

External links

Advertising: