This guide assumes you have previous experience with hactool and messing with yo

1. This guide assumes you have previous experience with hactool and messing with your NAND.
2. You aren't supposed to blindly copy commands in this, so read before pasting!
3.  
4. Also, the Python sections require Python 2.7 and pycrypto.
5.  
6. # Obtaining Your SD Seed
7. 1. Open `sd:/Nintendo/contents/private` in a hex editor.
8. 2. Copy the hex representation of it and put it somewhere for later.
9. 3. Mount your NAND's SYSTEM partition.
10. 4. Open `/save/8000000000000043` in a hex editor.
11. 5. Search for the contents of `private`.
12. 6. Copy the 16 bytes after that. This is your SD seed. Don't lose it!
13.  
14. # Obtaining Your Title Keys
15. 7. Replace `put_eticket_rsa_kek_here` in get_titlekeys.py with the actual eticket_rsa_kek.
16. 8. Copy `/save/80000000000000e1` and `/save/80000000000000e2` to your computer.
17. 9. Run both files using through get_ticketbins.py. This should give you a personal_ticketblob.bin and common_ticketblob.bin.
18. ```
19. python get_ticketbins.py 80000000000000e1
20. python get_ticketbins.py 80000000000000e2
21. ```
22. 10. Run get_titlekeys.py with the first argument being a raw backup of your PRODINFO.bin and the second being a ticketblob.
23. ```
24. python get_titlekeys.py /path/to/PRODINFO.bin personal_ticketblob.bin
25. python get_titlekeys.py /path/to/PRODINFO.bin common_ticketblob.bin
26. ```
27. 11. Save the outputs somewhere safe. These are your title keys! If you buy another title and want to dump it, you'll have to do these steps again.
28.  
29. # Decrypting (the hard part)
30. 12. Open `sd:/Nintendo/Contents/registered`. There should be a lot of folders with hexadecimal names. (e.g. 0000004C)
31. 13. Use a tool like WizTree to find the sizes of each folder. This can help pinpoint what title you should dump. Taking a look at the creation dates can help, too.
32. 14. Time for the part everyone messes up:
33.  
34. Let's say the title you want to dump is at `F:/Nintendo/Contents/registered/00001337/cafebebecafebebecafebebecafebebe.nca/00`.
35.  
36. The command you would write would look something like this:
37.  
38. ```
39. hactool -k path/to/your.keys -t nax0 --sdseed=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --sdpath="/registered/00001337/cafebebecafebebecafebebecafebebe.nca" --plaintext=game.nca "F:/Nintendo/Contents/registered/00001337/cafebebecafebebecafebebecafebebe.nca/00"
40. ```
41. If it works, great! If you get `Error: NAX0 key derivation failed. Check SD card seed and relative path?`, you probably messed up typing the command.
42.  
43. On certain titles, hactool will complain about sectors as of version 1.1.0. A patch has been merged into the repo, but a release has yet to be made as of this guide.
44.  
45. 15. It's not over yet! The dumped NCA is still title key encrypted. Run `hactool -k path/to/your.keys your.nca`. Since it's encrypted, hactool will complain about it being corrupted.
46. 16. Check the output for the `Rights ID`. For example, Splatoon 2 USA would say `Rights ID: 01003BC0000A00000000000000000000`.
47. 17. Look for the corresponding title key in your title key dump.
48. 18. Finally, run this command:
49. ```
50. hactool -k path/to/your.keys game.nca --plaintext=game_decrypted.nca --titlekey=put_your_title_key_here
51. ```
52. 19. You're done! Now you can do whatever you want with that decrypted NCA.
53.  
54. Shoutouts to ~~Simpleflips~~ whoever writes those python scripts. You guys are the best!