mirror/Lockpick
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

make it stop

Browse source
This commit is contained in:
Pika 2018-12-16 11:18:57 -05:00 committed by GitHub
parent 41c2604d9a
commit 8307180850
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
README.md
View file

@ -4,21 +4,21 @@ This is a ground-up C++17 rewrite of homebrew key derivation software, namely [k
What this software does differently
=
* Dumps `titlekeys`
* Dumps `6.2.0` keys
* Dumps titlekeys
* Dumps 6.2.0 keys
* Uses the superfast `xxHash` instead of `sha256` when searching exefs for keys for a ~5x speed improvement
* Gets all possible keys from running process memory - this means no need to decrypt `Package2` at all, let alone decompress `KIP`s
* Gets `header_key` without `tsec`, `sbk`, `master_key_00` or `aes` sources - which may or may not be the same way `ChoiDujourNX` does it :eyes: (and I'm gonna issue a challenge to homebrew title installers to implement similar code so you don't need your users to use separate software like this :stuck_out_tongue_winking_eye: it's up to you to figure out if the same can be done for `key_area_keys` if needed)
* Gets all possible keys from running process memory - this means no need to decrypt Package2 at all, let alone decompress KIPs
* Gets `header_key` without `tsec`, `sbk`, `master_key_00` or `aes` sources - which may or may not be the same way ChoiDujourNX does it :eyes: (and I'm gonna issue a challenge to homebrew title installers to implement similar code so you don't need your users to use separate software like this :stuck_out_tongue_winking_eye: it's up to you to figure out if the same can be done for `key_area_keys` if needed)
Usage
=
1. Use [Hekate v4.5+](https://github.com/CTCaer/hekate/releases) to dump TSEC and fuses:
1. Push hekate payload bin using [TegraRCMSmash](https://github.com/rajkosto/TegraRcmSmash)/[TegraRCMGUI](https://github.com/eliboa/TegraRcmGUI)/modchip/injector
2. Using the `VOL` and `Power` buttons to navigate, select `Console info...`
2. Using the VOL and Power buttons to navigate, select `Console info...`
3. Select `Print fuse info`
4. Press `Power` to save fuse info to SD card
4. Press Power to save fuse info to SD card
5. Select `Print TSEC keys`
6. Press `Power` to save TSEC keys to SD card
6. Press Power to save TSEC keys to SD card
2. Launch CFW of choice
3. Open `Homebrew Menu`
4. Run `Lockpick`
@ -28,9 +28,9 @@ You may instead use [biskeydump](https://github.com/rajkosto/biskeydump) and dum
Notes
=
* To get keys ending in 06, you must have firmware `6.2.0` installed
* No one knows `package1_key_06`, it's derived and erased fully within the encrypted TSEC payload. While there's a way to extricate `tsec_root_key` due to the way it's used, this is unfortunately not true of the `package1` key
* If for some reason you dump TSEC keys on `6.2.0` and not fuses (`secure_boot_key`) you will still get everything except any of the `package1` or keyblob keys (without `secure_boot_key`, you can't decrypt keyblobs and that's where `package1` keys live)
* To get keys ending in 06, you must have firmware 6.2.0 installed
* No one knows `package1_key_06`, it's derived and erased fully within the encrypted TSEC payload. While there's a way to extricate `tsec_root_key` due to the way it's used, this is unfortunately not true of the package1 key
* If for some reason you dump TSEC keys on 6.2.0 and not fuses (`secure_boot_key`) you will still get everything except any of the package1 or keyblob keys (without `secure_boot_key`, you can't decrypt keyblobs and that's where package1 keys live)
Building
=