mirror of
https://github.com/shchmue/Lockpick.git
synced 2024-12-22 19:25:41 +00:00
4.2 KiB
4.2 KiB
Lockpick
This is a ground-up C++17 rewrite of homebrew key derivation software, namely kezplez-nx. It also dumps titlekeys. This will dump all keys through *_key_05
on firmwares below 6.2.0 and through *_key_06
on 6.2.0 and above.
What this software does differently
- Dumps titlekeys
- Uses the superfast
xxHash
instead ofsha256
when searching exefs for keys for a ~5x speed improvement - Gets all possible keys from running process memory - this means no need to decrypt
Package2
at all, let alone decompressKIP
s - Gets
header_key
withouttsec
,sbk
,master_key_00
oraes
sources - which may or may not be the same wayChoiDujourNX
does it 👀 (and I'm gonna issue a challenge to homebrew title installers to implement similar code so you don't need your users to use separate software like this 😜 it's up to you to figure out if the same can be done forkey_area_keys
if needed)
Usage
- Use Hekate to dump TSEC and fuses:
- Push hekate payload bin using TegraRCMSmash/TegraRCMGUI/modchip/injector
- Using the
VOL
andPower
buttons to navigate, selectConsole info...
- Select
Print fuse info
- Press
Power
to save fuses to SD card - Select
Print TSEC keys
- Press
Power
to save TSEC to SD card
- Launch CFW of choice
- Open
Homebrew Menu
- Run
Lockpick
- Use the resulting
prod.keys
file as needed and rename if required
Building
Release built with libnx v1.6.0
.
Uses freetype
which comes with switch-portlibs
via devkitPro pacman
:
pacman -S libnx switch-portlibs
then run:
make
to build.
Special Thanks
- tèsnos! For making kezplez-nx, being an all-around cool and helpful person and open to my contributions, not to mention patient with my enthusiasm. kezplez taught me an absolute TON about homebrew.
- SciresM for hactool, containing to my knowledge the first public key derivation software, and for
get_titlekeys.py
- roblabla for the original keys gist and for believing in our habilities
- The folks in the ReSwitched Discord server for answering my innumerable questions while researching this (and having such a useful chat backlog!)
- The memory reading code from jakibaki's sys-netcheat was super useful for getting keys out of running process memory
- The System Save dumping methodology from Adubbz' Compelled Disclosure
- Shouts out to fellow key derivers: shadowninja108 for HACGUI, Thealexblarney for Libhac, and rajkosto 👀
- The constantly-improving docs on Switchbrew wiki and libnx
- mission2000 for help with
std::invoke
to get the function timer working - Literally the friends I made along the way! I came to the scene late and I've still managed to meet some wonderful people :) Thanks for all the help testing, making suggestions, and cheerleading!
Licenses
AES
functions are from mbedtls licensed under GPLv2)creport_debug_types
and fastsha256
implementation are from Atmosphère licensed under GPLv2- Simple
xxHash
implementation is from stbrumme licensed under MIT - Padlock icon is from Icons8 licensed under Creative Commons Attribution-NoDerivs 3.0 Unported