Difference between revisions of "Ticket"
Jump to navigation
Jump to search
(validation of the Korean Common Key marker) |
(master -> common) |
||
| Line 1: | Line 1: | ||
| − | Tickets are found in many encrypted files used by the Wii (e.g. [[WAD Files]] or [[Wiidisc|Wiidiscs]]). They contain the encrypted [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] key and the Title ID of the data followed by a [[certificate chain]]. | + | Tickets are found in many encrypted files used by the Wii (e.g. [[WAD Files]] or [[Wiidisc|Wiidiscs]]). They contain the encrypted [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] "title key" and the Title ID of the data followed by a [[certificate chain]]. |
So far only tickets with [http://en.wikipedia.org/wiki/RSA_numbers#RSA-2048 RSA-2048] signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4) | So far only tickets with [http://en.wikipedia.org/wiki/RSA_numbers#RSA-2048 RSA-2048] signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4) | ||
| Line 11: | Line 11: | ||
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x000 | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x000 | ||
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 4 | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 4 | ||
| − | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature type (always 0x10001 for RSA-2048 | + | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature type (always 0x10001 for RSA-2048) |
|- style="background-color: #ddd;" | |- style="background-color: #ddd;" | ||
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x005 | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x005 | ||
| Line 31: | Line 31: | ||
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x1f1 | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x1f1 | ||
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 1 | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 1 | ||
| − | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | | + | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Common Key index (1 = Korean Common key, 0 = "normal" Common key) |
|- style="background-color: #ddd;" | |- style="background-color: #ddd;" | ||
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x222 | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x222 | ||
| Line 46: | Line 46: | ||
|} | |} | ||
| − | To get the title key decrypt the 16 bytes at offset 0x1bf with the | + | To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero). |
Revision as of 23:24, 5 October 2008
Tickets are found in many encrypted files used by the Wii (e.g. WAD Files or Wiidiscs). They contain the encrypted AES "title key" and the Title ID of the data followed by a certificate chain. So far only tickets with RSA-2048 signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4)
File structure
| Start | Length | Description |
| 0x000 | 4 | Signature type (always 0x10001 for RSA-2048) |
| 0x005 | 256 | Signature by a certificate's key (everything after this field is covered by this signature) |
| 0x140 | 64 | Signature issuer |
| 0x1bf | 16 | Encrypted title key |
| 0x1dc | 8 | Title ID / Initialization Vector (IV) used for AES-CBC encryption |
| 0x1f1 | 1 | Common Key index (1 = Korean Common key, 0 = "normal" Common key) |
| 0x222 | 32 | Always 0xFF (?) |
| 0x264 | 4 | Enable time limit (1 = Enabled, 0 = Disabled) |
| 0x268 | 4 | Time limit (Seconds) |
To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).