From 8307180850c2473878b14f4c16f596c2e43c6bdd Mon Sep 17 00:00:00 2001 From: Pika <15848969+ThatNerdyPikachu@users.noreply.github.com> Date: Sun, 16 Dec 2018 11:18:57 -0500 Subject: [PATCH] make it stop --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 452d25b..a25e0e7 100644 --- a/README.md +++ b/README.md @@ -4,21 +4,21 @@ This is a ground-up C++17 rewrite of homebrew key derivation software, namely [k What this software does differently = -* Dumps `titlekeys` -* Dumps `6.2.0` keys +* Dumps titlekeys +* Dumps 6.2.0 keys * Uses the superfast `xxHash` instead of `sha256` when searching exefs for keys for a ~5x speed improvement -* Gets all possible keys from running process memory - this means no need to decrypt `Package2` at all, let alone decompress `KIP`s -* Gets `header_key` without `tsec`, `sbk`, `master_key_00` or `aes` sources - which may or may not be the same way `ChoiDujourNX` does it :eyes: (and I'm gonna issue a challenge to homebrew title installers to implement similar code so you don't need your users to use separate software like this :stuck_out_tongue_winking_eye: it's up to you to figure out if the same can be done for `key_area_keys` if needed) +* Gets all possible keys from running process memory - this means no need to decrypt Package2 at all, let alone decompress KIPs +* Gets `header_key` without `tsec`, `sbk`, `master_key_00` or `aes` sources - which may or may not be the same way ChoiDujourNX does it :eyes: (and I'm gonna issue a challenge to homebrew title installers to implement similar code so you don't need your users to use separate software like this :stuck_out_tongue_winking_eye: it's up to you to figure out if the same can be done for `key_area_keys` if needed) Usage = 1. Use [Hekate v4.5+](https://github.com/CTCaer/hekate/releases) to dump TSEC and fuses: 1. Push hekate payload bin using [TegraRCMSmash](https://github.com/rajkosto/TegraRcmSmash)/[TegraRCMGUI](https://github.com/eliboa/TegraRcmGUI)/modchip/injector - 2. Using the `VOL` and `Power` buttons to navigate, select `Console info...` + 2. Using the VOL and Power buttons to navigate, select `Console info...` 3. Select `Print fuse info` - 4. Press `Power` to save fuse info to SD card + 4. Press Power to save fuse info to SD card 5. Select `Print TSEC keys` - 6. Press `Power` to save TSEC keys to SD card + 6. Press Power to save TSEC keys to SD card 2. Launch CFW of choice 3. Open `Homebrew Menu` 4. Run `Lockpick` @@ -28,9 +28,9 @@ You may instead use [biskeydump](https://github.com/rajkosto/biskeydump) and dum Notes = -* To get keys ending in 06, you must have firmware `6.2.0` installed -* No one knows `package1_key_06`, it's derived and erased fully within the encrypted TSEC payload. While there's a way to extricate `tsec_root_key` due to the way it's used, this is unfortunately not true of the `package1` key -* If for some reason you dump TSEC keys on `6.2.0` and not fuses (`secure_boot_key`) you will still get everything except any of the `package1` or keyblob keys (without `secure_boot_key`, you can't decrypt keyblobs and that's where `package1` keys live) +* To get keys ending in 06, you must have firmware 6.2.0 installed +* No one knows `package1_key_06`, it's derived and erased fully within the encrypted TSEC payload. While there's a way to extricate `tsec_root_key` due to the way it's used, this is unfortunately not true of the package1 key +* If for some reason you dump TSEC keys on 6.2.0 and not fuses (`secure_boot_key`) you will still get everything except any of the package1 or keyblob keys (without `secure_boot_key`, you can't decrypt keyblobs and that's where package1 keys live) Building = @@ -65,4 +65,4 @@ Licenses * `AES` functions are from [mbedtls](https://tls.mbed.org/) licensed under [GPLv2](https://www.gnu.org/licenses/old-licenses/gpl-2.0.html)) * `creport_debug_types` and fast `sha256` implementation are from [Atmosphère](https://github.com/atmosphere-NX/Atmosphere) licensed under [GPLv2](https://github.com/Atmosphere-NX/Atmosphere/blob/master/LICENSE) * Simple `xxHash` implementation is from [stbrumme](https://github.com/stbrumme/xxhash) licensed under [MIT](https://github.com/stbrumme/xxhash/blob/master/LICENSE) -* Padlock icon is from [Icons8](https://icons8.com/) licensed under [Creative Commons Attribution-NoDerivs 3.0 Unported](https://creativecommons.org/licenses/by-nd/3.0/) \ No newline at end of file +* Padlock icon is from [Icons8](https://icons8.com/) licensed under [Creative Commons Attribution-NoDerivs 3.0 Unported](https://creativecommons.org/licenses/by-nd/3.0/)