Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This guide assumes you have previous experience with hactool and messing with your NAND.
- You aren't supposed to blindly copy commands in this, so read before pasting!
- Also, the Python sections require Python 2.7 and pycrypto.
- # Obtaining Your SD Seed
- 1. Open `sd:/Nintendo/contents/private` in a hex editor.
- 2. Copy the hex representation of it and put it somewhere for later.
- 3. Mount your NAND's SYSTEM partition.
- 4. Open `/save/8000000000000043` in a hex editor.
- 5. Search for the contents of `private`.
- 6. Copy the 16 bytes after that. This is your SD seed. Don't lose it!
- # Obtaining Your Title Keys
- 7. Replace `put_eticket_rsa_kek_here` in get_titlekeys.py with the actual eticket_rsa_kek.
- 8. Copy `/save/80000000000000e1` and `/save/80000000000000e2` to your computer.
- 9. Run both files using through get_ticketbins.py. This should give you a personal_ticketblob.bin and common_ticketblob.bin.
- ```
- python get_ticketbins.py 80000000000000e1
- python get_ticketbins.py 80000000000000e2
- ```
- 10. Run get_titlekeys.py with the first argument being a raw backup of your PRODINFO.bin and the second being a ticketblob.
- ```
- python get_titlekeys.py /path/to/PRODINFO.bin personal_ticketblob.bin
- python get_titlekeys.py /path/to/PRODINFO.bin common_ticketblob.bin
- ```
- 11. Save the outputs somewhere safe. These are your title keys! If you buy another title and want to dump it, you'll have to do these steps again.
- # Decrypting (the hard part)
- 12. Open `sd:/Nintendo/Contents/registered`. There should be a lot of folders with hexadecimal names. (e.g. 0000004C)
- 13. Use a tool like WizTree to find the sizes of each folder. This can help pinpoint what title you should dump. Taking a look at the creation dates can help, too.
- 14. Time for the part everyone messes up:
- Let's say the title you want to dump is at `F:/Nintendo/Contents/registered/00001337/cafebebecafebebecafebebecafebebe.nca/00`.
- The command you would write would look something like this:
- ```
- hactool -k path/to/your.keys -t nax0 --sdseed=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --sdpath="/registered/00001337/cafebebecafebebecafebebecafebebe.nca" --plaintext=game.nca "F:/Nintendo/Contents/registered/00001337/cafebebecafebebecafebebecafebebe.nca/00"
- ```
- If it works, great! If you get `Error: NAX0 key derivation failed. Check SD card seed and relative path?`, you probably messed up typing the command.
- On certain titles, hactool will complain about sectors as of version 1.1.0. A patch has been merged into the repo, but a release has yet to be made as of this guide.
- 15. It's not over yet! The dumped NCA is still title key encrypted. Run `hactool -k path/to/your.keys your.nca`. Since it's encrypted, hactool will complain about it being corrupted.
- 16. Check the output for the `Rights ID`. For example, Splatoon 2 USA would say `Rights ID: 01003BC0000A00000000000000000000`.
- 17. Look for the corresponding title key in your title key dump.
- 18. Finally, run this command:
- ```
- hactool -k path/to/your.keys game.nca --plaintext=game_decrypted.nca --titlekey=put_your_title_key_here
- ```
- 19. You're done! Now you can do whatever you want with that decrypted NCA.
- Shoutouts to ~~Simpleflips~~ whoever writes those python scripts. You guys are the best!
Add Comment
Please, Sign In to add comment