/dev/es

From WiiBrew
< /dev
Jump to: navigation, search

The ES (ETicket Services?) is responsible for the security of Wii, making it the enemy! Along with the rest of IOS, this is generally considered a "private interface" -- game developers never call any of these functions directly.

Here are some ES functions:

ios_ioctlv( fd, 1, 4, 0, vec); // ES_ImportTicket
ios_ioctlv( fd, 2, 4, 0, vec); // ES_ImportTitleInit
ios_ioctlv( fd, 3, 2, 0, vec); // ES_AddContentStart
ios_ioctlv( fd, 4, 2, 0, vec); // ES_AddContentData
ios_ioctlv( fd, 5, 1, 0, vec); // ES_AddContentFinish
ios_ioctlv( fd, 6, 0, 0, vec); // ES_AddTitleFinish
ios_ioctlv( fd, 7, 0, 0, vec); // ES_GetConsoleID
ios_ioctlvReboot( fd, 8, 0, 0, vec); // ES_Launch
ios_ioctlv( fd, 9, 1, 0, vec);  // ES_OpenContentFile
ios_ioctlv( fd, 0x0A, 1, 1, vec);  // ES_ReadContentFile
ios_ioctlv( fd, 0x0B, 1, 0, vec);  // ES_CloseContentFile
ios_ioctlv( fd, 0x0C, 0, 1, vec); // ES_ListOwnedTitles (Count?)
ios_ioctlv( fd, 0x0D, 1, 1, vec); // ES_ListOwnedTitles
ios_ioctlv( fd, 0x0E, 0, 1, vec); // ES_GetTitleCount
ios_ioctlv( fd, 0x0F, 1, 1, vec); // ES_GetTitles
ios_ioctlv( fd, 0x10, 0, 1, vec); // ES_GetTitleContentsCount
ios_ioctlv( fd, 0x11, 2, 1, vec); // ES_GetTitleContent
ios_ioctlv( fd, 0x12, 1, 1, vec); // ES_GetTicketViewsCount
ios_ioctlv( fd, 0x13, 1, 1, vec); // ES_GetTicketViews
ios_ioctlv( fd, 0x14, 1, 1, vec); // ES_GetTmdViewSize
ios_ioctlv( fd, 0x15, 2, 1, vec); // ES_GetTmdView ?
ios_ioctlv( fd, 0x16, 1, 2, vec); // ES_GetConsumption
ios_ioctlv( fd, 0x17, 1, 2, vec); // ES_DeleteTitle
ios_ioctlv( fd, 0x18, 1, 2, vec); // ES_DeleteTicket
ios_ioctlv( fd, 0x19, 1, 1, vec); // ES_DiGetTmdViewCount
ios_ioctlv( fd, 0x1A, 2, 1, vec); // ES_DiGetTmdView
ios_ioctlv( fd, 0x1B, 1, 1, vec); // ES_DiGetTicketView
ios_ioctlv( fd, 0x1c, 1, 1, vec); // ES_DiVerify
ios_ioctlv( fd, 0x1d, 1, 1, vec); // ES_GetDataDir
ios_ioctlv( fd, 0x1e, 0, 1, vec); // ES_GetDeviceCert
ios_ioctlv( fd, 0x1f, 6, 0, vec); // ES_ImportBoot
ios_ioctlv( fd, 0x20, 0, 1, vec); // ESP_GetTitleId
ios_ioctlv( fd, 0x21, 1, 0, vec); // ES_SetUid
ios_ioctlv( fd, 0x22, 0, 1, vec); // ES_DeleteTitleContent
ios_ioctlv( fd, 0x23, 3, 0, vec); // ESP_SeekContentFile
ios_ioctlv( fd, 0x24, 3, 0, vec); // ES_OpenTitleContentFile
ios_ioctlv( fd, 0x25, 0, 0, vec); // Launch 1-100? (BC)
ios_ioctlv( fd, 0x26, 1, 0, vec); // ES_ExportTitleInit
ios_ioctlv( fd, 0x27, 2, 0, vec); // ES_ExportContentBegin
ios_ioctlv( fd, 0x28, 1, 1, vec); // ES_ExportContentData
ios_ioctlv( fd, 0x29, 1, 0, vec); // ES_ExportContentEnd
ios_ioctlv( fd, 0x2A, 0, 0, vec); // ES_ExportTitleDone
ios_ioctlv( fd, 0x2B, 1, 0, vec); // ES_AddTmd
ios_ioctlv( fd, 0x2C, 3, 2, vec); // ES_Encrypt
ios_ioctlv( fd, 0x2D, 3, 2, vec); // ES_Decrypt
ios_ioctlv( fd, 0x2E, 0, 1, vec); // ES_GetBoot2Version
ios_ioctlv( fd, 0x2F, 0, 0, vec); // ES_AddTitleCancel
ios_ioctlv( fd, 0x30, 1, 2, vec); // ES_Sign
ios_ioctlv( fd, 0x31, 3, 0, vec); // ES_VerifySign
ios_ioctlv( fd, 0x32, 0, 1, vec); // ES_GetStoredContentCount
ios_ioctlv( fd, 0x33, 0, 1, vec); // ES_GetStoredContent
ios_ioctlv( fd, 0x34, 0, 1, vec); // ES_GetStoredTmdSize
ios_ioctlv( fd, 0x35, 0, 1, vec); // ES_GetStoredTmd
ios_ioctlv( fd, 0x36, 0, 1, vec); // ES_GetSharedContentCount
ios_ioctlv( fd, 0x37, 0, 1, vec); // ES_GetSharedContents
ios_ioctlv( fd, 0x38, ?, ?, vec); 
ios_ioctlv( fd, 0x39, 0, 1, vec); // ES_GetDiTmd(Size?)
ios_ioctlv( fd, 0x3A, 1, 1, vec); // ES_GetDiTmd
ios_ioctlv( fd, 0x3B, 0, 1, vec); // Unknown ... calls ES_DiVerify 
ios_ioctlv( fd, 0x3C, 0, 1, vec); // Unknown ... calls ES_DiVerify 
ios_ioctlv( fd, 0x3D, 0, 1, vec); // wrapper for syscall 5c
ES_LaunchTitle
((u32*)vec)[(0x40>>2)]   = TitleIDL;
((u32*)vec)[(0x40>>2)+1] = TitleIDH;

((u32*)vec)[0]=(u32)PHYSADDR(vec+0x40);
((u32*)vec)[1]=8;
((u32*)vec)[2]=(u32)PHYSADDR(vec+0x60); // data returned by ES_GetTicketViews
((u32*)vec)[3]=0xD8;

ios_ioctlvReboot( fd, 8, 2, 0, vec);  
ES_GetTicketViewNumber:

((u32*)vec)[(0x40>>2)]   = TitleIDL;
((u32*)vec)[(0x40>>2)+1] = TitleIDH;

((u32*)vec)[0]=(u32)PHYSADDR(vec+0x40);
((u32*)vec)[1]=8;
((u32*)vec)[2]=(u32)PHYSADDR(vec+0x60);
((u32*)vec)[3]=4;

ios_ioctlv( fd, 0x12, 1, 1, vec);


ES_GetTicketViews

((u32*)vec)[(0x40>>2)]   = TitleIDL;
((u32*)vec)[(0x40>>2)+1] = TitleIDH;

((u32*)vec)[(0x60>>2)]   = num; // value returned by ES_GetTicketViewNumber

((u32*)vec)[0]=(u32)PHYSADDR(vec+0x40);
((u32*)vec)[1]=8;
((u32*)vec)[2]=(u32)PHYSADDR(vec+0x60);
((u32*)vec)[3]=4;
((u32*)vec)[4]=(u32)PHYSADDR(vec+0x80);
((u32*)vec)[5]=num*0xD8;

ios_ioctlv( fd, 0x13, 2, 1, vec);

/dev/es error codes

Error code POSIX equivalent notes
-106 ? invalid TMD when using ES_OpenContent or <marcan> HUGHLALUGH SOMETHING FUCKED UP AND I'M NOT TELLING, or access denied
-1009 ? ?
-1010 ? ?
-1017 ? Wrong IN or OUT size, wrong size for a part of the vector
-1022 ? ? AddContentFinish will return this if Content does not match TMD
-1024 ? memory allocation failure
-1028 ? No ticket installed
-1029 ? Installed ticket is invalid
-2008 EINVAL Invalid parameter(s)
-2011 ? Signature check failed
-2014 ? Bad hash length (!= 20)