diff --git a/source/keys/key_sources.inl b/source/keys/key_sources.inl
index effd947..f464db9 100644
--- a/source/keys/key_sources.inl
+++ b/source/keys/key_sources.inl
@@ -94,9 +94,9 @@ static const u8 mariko_key_vectors[][0x10] __attribute__((aligned(4))) = {
 // from Package1 -> Secure_Monitor
 static const u8 aes_kek_generation_source[0x10] __attribute__((aligned(4))) = {
     0x4D, 0x87, 0x09, 0x86, 0xC4, 0x5D, 0x20, 0x72, 0x2F, 0xBA, 0x10, 0x53, 0xDA, 0x92, 0xE8, 0xA9};
-static const u8 aes_kek_seed_01[0x10] __attribute__((aligned(4))) = {
+static const u8 aes_seal_key_mask_decrypt_device_unique_data[0x10] __attribute__((aligned(4))) = {
     0xA2, 0xAB, 0xBF, 0x9C, 0x92, 0x2F, 0xBB, 0xE3, 0x78, 0x79, 0x9B, 0xC0, 0xCC, 0xEA, 0xA5, 0x74};
-static const u8 aes_kek_seed_03[0x10] __attribute__((aligned(4))) = {
+static const u8 aes_seal_key_mask_import_es_device_key[0x10] __attribute__((aligned(4))) = {
     0xE5, 0x4D, 0x9A, 0x02, 0xF0, 0x4F, 0x5F, 0xA8, 0xAD, 0x76, 0x0A, 0xF6, 0x32, 0x95, 0x59, 0xBB};
 static const u8 package2_key_source[0x10] __attribute__((aligned(4))) = {
     0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7};
@@ -161,6 +161,8 @@ static const u8 eticket_rsa_kek_source[0x10] __attribute__((aligned(4))) = {
     0XDB, 0XA4, 0X51, 0X12, 0X4C, 0XA0, 0XA9, 0X83, 0X68, 0X14, 0XF5, 0XED, 0X95, 0XE3, 0X12, 0X5B};
 static const u8 eticket_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = {
     0xBE, 0xC0, 0xBC, 0x8E, 0x75, 0xA0, 0xF6, 0x0C, 0x4A, 0x56, 0x64, 0x02, 0x3E, 0xD4, 0x9C, 0xD5};
+static const u8 eticket_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = {
+    0x88, 0x87, 0x50, 0x90, 0xA6, 0x2F, 0x75, 0x70, 0xA2, 0xD7, 0x71, 0x51, 0xAE, 0x6D, 0x39, 0x87};
 static const u8 eticket_rsa_kekek_source[0x10] __attribute__((aligned(4))) = {
     0X46, 0X6E, 0X57, 0XB7, 0X4A, 0X44, 0X7F, 0X02, 0XF3, 0X21, 0XCD, 0XE5, 0X8F, 0X2F, 0X55, 0X35};
 
diff --git a/source/keys/keys.c b/source/keys/keys.c
index 88520c4..399b992 100644
--- a/source/keys/keys.c
+++ b/source/keys/keys.c
@@ -235,12 +235,12 @@ static void _derive_misc_keys(key_derivation_ctx_t *keys, bool is_dev) {
 
     if (_key_exists(keys->master_key[0])) {
         for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
-            keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_03[i];
+            keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i];
         _generate_kek(8, eticket_rsa_kekek_source, keys->master_key[0], keys->temp_key, NULL);
         se_aes_crypt_block_ecb(8, DECRYPT, keys->eticket_rsa_kek, is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source);
 
         for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
-            keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_01[i];
+            keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_decrypt_device_unique_data[i];
         _generate_kek(8, ssl_rsa_kek_source_x, keys->master_key[0], keys->temp_key, NULL);
         se_aes_crypt_block_ecb(8, DECRYPT, keys->ssl_rsa_kek, ssl_rsa_kek_source_y);
     }
@@ -483,7 +483,7 @@ static bool _derive_titlekeys(key_derivation_ctx_t *keys, titlekey_buffer_t *tit
     if (keypair_generation) {
         keypair_generation--;
         for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
-            keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_03[i];
+            keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i];
         u32 temp_device_key[AES_128_KEY_SIZE / 4] = {0};
         _get_device_key(7, keys, temp_device_key, keypair_generation);
         _generate_kek(7, eticket_rsa_kekek_source, temp_device_key, keys->temp_key, NULL);
@@ -498,8 +498,20 @@ static bool _derive_titlekeys(key_derivation_ctx_t *keys, titlekey_buffer_t *tit
 
     // Check public exponent is 65537 big endian
     if (_read_be_u32(rsa_keypair.public_exponent, 0) != 65537) {
-        EPRINTF("Invalid public exponent.");
-        return false;
+        for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
+            keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i];
+        _generate_kek(8, eticket_rsa_kekek_source, keys->master_key[0], keys->temp_key, NULL);
+        se_aes_crypt_block_ecb(8, DECRYPT, keys->temp_key, eticket_rsa_kek_source_legacy);
+
+        se_aes_key_set(6, keys->temp_key, sizeof(keys->temp_key));
+        se_aes_crypt_ctr(6, &rsa_keypair, sizeof(rsa_keypair), eticket_device_key, sizeof(rsa_keypair), eticket_iv);
+
+        if (_read_be_u32(rsa_keypair.public_exponent, 0) != 65537) {
+            EPRINTF("Invalid public exponent.");
+            return false;
+        } else {
+            memcpy(keys->eticket_rsa_kek, keys->temp_key, sizeof(keys->eticket_rsa_kek));
+        }
     }
 
     if (!_test_key_pair(rsa_keypair.public_exponent, rsa_keypair.private_exponent, rsa_keypair.modulus)) {
@@ -702,10 +714,10 @@ static void _save_keys_to_sd(key_derivation_ctx_t *keys, titlekey_buffer_t *titl
     SAVE_KEY(per_console_key_source);
     SAVE_KEY(retail_specific_aes_key_source);
     for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
-        keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_03[i];
+        keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i];
     SAVE_KEY_VAR(rsa_oaep_kek_generation_source, keys->temp_key);
     for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
-        keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_01[i];
+        keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_decrypt_device_unique_data[i];
     SAVE_KEY_VAR(rsa_private_kek_generation_source, keys->temp_key);
     SAVE_KEY(save_mac_kek_source);
     SAVE_KEY_VAR(save_mac_key, keys->save_mac_key);