So I always wanted a way to dump games without actually launching CFW on the switch itself but rather just running a payload or whatever, to decrease the chance of getting bans or whatever, and possibly even just dumping from the mSD to the PC, which allows to not not have any homebrew-related data on the mSD so it cannot be scanned, found and stupid stuff happening.
So I recently stumbled upon the SwitchSDTool, which does exactly that however the software has not been looked at for several years with the last commit being from November 2019 so it's all a bit outdated, and mentioned googling for keys that arent needed to be obtained that way. However nevertheless it still works after I experimented a good bit. And I wanted to share how it all works so others can try this too. especially as this may possibly (not yet tried) help dumping even if a firmware update is released for which you cannot get cfw dumping tools ready yet.
Preparation for the Switch
So first you need a few things to hack your Switch in the first place, and get the needed Data off the Switch, which is comparatively easy.
- a Switch that can be hacked, either by nature of being old enough, or a modchip
- a sufficiently large microSD card (I'll just write mSD from now on) (I recommend 64GB or more for making a backup)
- a way to connect certain contacts on the right joy-con rail to press a button that is not exactly exposed to the joycon, I personally just recommend a jig, which can be bought for less than 5€
- A way to send the payload to the switch, which can be a special device, your pc or even an android phone with the app Rekado, which even can recognize a Switch being connected and launch itself automatically).
- Hekate, the Bootloader's payload on the sending device, as well as the other data on the aforementioned mSD
- Lockpick-RCM, which is a key extractor for the Nintendo Switch on your payload sender
after collecting all the main pieces, onto dumping the needed stuff.
Dumping the Storage and Keys
first off we'll boot into Hekate and make a Backup of the storage, which not only can help in case something goes critically wrong, but also will be needed to extract some data later on. Right after that we'll go into LockpickRCM and dump from SysNand which will give us all the keys it can get from the Switch, it will be stored as switch/prod.keys on the mSD, as well as title.keys, which is not important for now.
after that we are basically done with the switch.
SwitchSDTool and its requirements
Once again a list of what we need.
- SwitchSDTool itself, obviously
- the prod.keys from Lockpick-RCM
- The Storage Backup
- HacDiskMount (or some equivalent)
- The mSD with your game downloads for obvious reasons
- Admin Permissions on your PC
- extract both SwitchSDTool and HacDiskMount to a convenient Location
- pull the prod.keys from the mSD you used to dump the Keys from your switch, and place it into the Folder you extracted SwitchSDTool to, and rename to keys.txt
- make a folder called SYSTEM in the SwitchSDTool folder
- open HacDiskMount and load your Backup file, select the System Partition
- It will ask you for the 2 halves of a specific Key for decrypting it (e.g. Bis Key 2). Open the keys.txt, find that key, you will need to get the first half of that key into the "upper" and the second into the "lower" text field (HacDiskMount is even older than SwitchSDTool and apparently back then the key halves were dumped seperately), make sure to test and save the key.
- Mount the System partition to any Drive Letter, also it's useful to set "Read Only" to not mess anything up
- Go to that drive letter and copy ALL contents into the SYSTEM folder we created in step 3, after that you can unmount the partition.
- choose the PRODINFO partition and equally enter the keys, then dump to a file called PRODINFO.bin and place that into the SwitchSDTool Folder.
- Open SwitchSDTool, use the 4 "select Folder/Path" buttons and point them to
- SD Folder: your SD card (just the drive letter is enough)
- System Path: your SYSTEM Folder
- Decryption Path: just make a folder in the SwitchSD folder, does not overly matter though, as it just contains files to cache the decrypted metadata files (NCA Files)
- NSP Output path: a folder to place your dumped NSPs to.
- Restart the Program, at least in my experience it at least sometimes needs a restart to see the path changes properly.
The Dumping Process
If everything went smoothly, you should be able to follow these steps without issue:
- Click Load RSA KEK, this changes the dropdown on the right to the Serial number of your Switch, and inputs a long hex-string into the text input below, which gets greyed out in the process, with the logs saying "RSA key successfully extracted from prodinfo.bin"
- click Decrypt NCAs
- This step is only needed the first time, and after you download new games or updates
- This will decrypt and store all the metadata of the games on your microSD
- Click Parse NCAs
- This will read the metadata from those files and put them into a neat list on the "games" tab, can take a bit if you have a lot of them
- in the games tab, look for the game you want, you can also expand to see what files specifically are on the mSD, There are 3 types you can generally find, base game, Updates and DLC, with the base game obviously missing if the game is physical, also in some cases some files are on the mSD and others the switch itself, so the moving menu on the switch can prove helpful if you are missing something.
- Alternatively, you can also just choose to dump everything but this WILL take a while.
- Click Pack selected NSP
- if you have chosen an entire game, it will dump all NSPs of that game, if you have expanded it and just chosen one specific package, it will only dump that NSP
That's basically the entire thing, it's not too hard if you remotely know what you are doing, doubly so if you hacked a Switch before.