Lockpick V1.2.5 Released

The shchmue developer has released a new update of Lockpick in version 1.2.5.Lockpick is a payload for Nintendo Switch that allows the extraction of encryption keys for use with software such as hactool, hactoolnet / LibHac, ChoiDujour, etc. without starting Horizon OS. Due to the changes imposed by the 7.0.0 firmware, Lockpick homebrew cannot extract the last keys. However, there are fewer limitations in the boot environment.

What this software does

  • Dump titlekeysand SD seeds
  • Download all the keys 6.2.0
  • Use the superfast search  xxHashinstead of  sha256the exef for the keys for a speed improvement of ~ 5 times
  • It gets all the possible keys from the execution of the process memory – this means that there is no need to decipher  Package2, let alone decompress KIPs
  • Gets the keys bis and header_keywithout  tsec,  sbk,  master_key_00or  aes. Shoutout to exelix11 for using this method in SwitchThemeInjector  ! Homebrew developers should do this instead of requiring users to provide key files!

use

  1. Use  Hekate v4.5 +  to download TSEC and fuses:
    1. Inject the hekate payload using TegraRCMSmash  /  TegraRCMGUI  / modchip / injector
    2. Using the VOLand  buttons  Powerto navigate, selectConsole info...
    3. Select  Print fuse info(  not kfuse info  )
    4. Press  Powerto save the fuse information on the SD card
    5. To select Print TSEC keys
    6. Press  Powerto save the TSEC keys on the SD card
  2. Start a CFW of your choice
  3. To open Homebrew Menu
  4. Start Lockpick
  5. Use the /switch/prod.keysresulting file  as needed and rename it if required by any software you are using

You can instead use  biskeydump  and dump on SD to get all the keys before the 6.2.0 generation – all keys up to those ending in 05. Lockpick will dump all the keys up to that point regardless of the firmware it runs on .

Notes

  • To get keys ending with 06, you need to have the firmware installed 6.2.0
  • No one knows that the  package1_key_06, is derived and deleted completely within the encrypted TSEC payload. While there is a way to disentangle  tsec_root_keybecause of the way it is used, this unfortunately is not true of the key package1
  • If for some reason you dump the TSEC keys  6.2.0and not the fuses (  secure_boot_key) you will still get everything except the  package1keyblob keys or (without it  secure_boot_key, you can’t decrypt the keyblobs and that’s where  package1the keys live)

Download

Lockpick.nro

Source
Github