Difference between revisions of "/dev/es"

From WiiBrew
Jump to navigation Jump to search
(cleaning up ES page)
Line 1: Line 1:
The ES (ETicket Services?) is responsible for the security of Wii, making it the enemy!  Along with the rest of IOS, this is generally considered a "private interface" -- game developers never call any of these functions directly.
+
The ES (ETicket Services?) is responsible for the security of Wii, making it the enemy!  Along with the rest of IOS, this is generally considered a "private interface" -- game developers never call any of these functions directly.  Most of these are now implemented in libogc -- see http://devkitpro.cvs.sourceforge.net/viewvc/devkitpro/libogc/libogc/es.c?view=markup.  Please feel free to submit patches to implement the remaining functions.
 
   
 
   
Here are some ES functions:
+
Here are the known ES functions:
  
  ios_ioctlv( fd, 1, 4, 0, vec); // ES_ImportTicket
+
  ios_ioctlv( fd, 0x01, 4, 0, vec); // ES_AddTicket(const signed_blob *stik, u32 stik_size, const signed_blob *certificates, u32 certificates_size, const signed_blob *crl, u32 crl_size)
  ios_ioctlv( fd, 2, 4, 0, vec); // ES_ImportTitleInit
+
  ios_ioctlv( fd, 0x02, 4, 0, vec); // ES_AddTitleStart(const signed_blob *stmd, u32 tmd_size, const signed_blob *certificates, u32 certificates_size, const signed_blob *crl, u32 crl_size)
  ios_ioctlv( fd, 3, 2, 0, vec); // ES_AddContentStart
+
  ios_ioctlv( fd, 0x03, 2, 0, vec); // ES_AddContentStart(u64 titleID, u32 cid)
  ios_ioctlv( fd, 4, 2, 0, vec); // ES_AddContentData
+
  ios_ioctlv( fd, 0x04, 2, 0, vec); // ES_AddContentData(s32 cfd, u8 *data, u32 data_size)
  ios_ioctlv( fd, 5, 1, 0, vec); // ES_AddContentFinish
+
  ios_ioctlv( fd, 0x05, 1, 0, vec); // ES_AddContentFinish(u32 cid)
  ios_ioctlv( fd, 6, 0, 0, vec); // ES_AddTitleFinish
+
  ios_ioctlv( fd, 0x06, 0, 0, vec); // ES_AddTitleFinish(void)
  ios_ioctlv( fd, 7, 0, 0, vec); // ES_GetConsoleID
+
  ios_ioctlv( fd, 0x07, 0, 0, vec); // ES_GetDeviceID(void)
  ios_ioctlvReboot( fd, 8, 0, 0, vec); // ES_Launch
+
  ios_ioctlvReboot(fd, 8, 2, 0, vec); // ES_LaunchTitle(u64 titleID, const tikview *view)
  ios_ioctlv( fd, 9, 1, 0, vec);  // ES_OpenContent
+
  ios_ioctlv( fd, 0x09, 1, 0, vec);  // ES_OpenContent(u16 index)
  ios_ioctlv( fd, 0x0A, 1, 1, vec); // ES_ReadContent
+
  ios_ioctlv( fd, 0x0A, 1, 1, vec); // ES_ReadContent(s32 cfd, u8 *data, u32 data_size)
  ios_ioctlv( fd, 0x0B, 1, 0, vec); // ES_CloseContent
+
  ios_ioctlv( fd, 0x0B, 1, 0, vec); // ES_CloseContent(s32 cfd)
  ios_ioctlv( fd, 0x0C, 0, 1, vec); // ES_ListOwnedTitlesCount
+
  ios_ioctlv( fd, 0x0C, 0, 1, vec); // ES_GetOwnedTitlesCount
  ios_ioctlv( fd, 0x0D, 1, 1, vec); // ES_ListOwnedTitles
+
  ios_ioctlv( fd, 0x0D, 1, 1, vec); // ES_GetOwnedTitles
 
  ios_ioctlv( fd, 0x0E, 0, 1, vec); // ES_GetTitlesCount
 
  ios_ioctlv( fd, 0x0E, 0, 1, vec); // ES_GetTitlesCount
 
  ios_ioctlv( fd, 0x0F, 1, 1, vec); // ES_GetTitles
 
  ios_ioctlv( fd, 0x0F, 1, 1, vec); // ES_GetTitles
 
  ios_ioctlv( fd, 0x10, 0, 1, vec); // ES_GetTitleContentsCount
 
  ios_ioctlv( fd, 0x10, 0, 1, vec); // ES_GetTitleContentsCount
 
  ios_ioctlv( fd, 0x11, 2, 1, vec); // ES_GetTitleContent
 
  ios_ioctlv( fd, 0x11, 2, 1, vec); // ES_GetTitleContent
  ios_ioctlv( fd, 0x12, 1, 1, vec); // ES_GetTicketViewsCount
+
  ios_ioctlv( fd, 0x12, 1, 1, vec); // ES_GetNumTicketViews(u64 titleID, u32 *cnt)
  ios_ioctlv( fd, 0x13, 1, 1, vec); // ES_GetTicketViews
+
  ios_ioctlv( fd, 0x13, 1, 1, vec); // ES_GetTicketViews(u64 titleID, tikview *views, u32 cnt)
 
  ios_ioctlv( fd, 0x14, 1, 1, vec); // ES_GetTmdViewSize
 
  ios_ioctlv( fd, 0x14, 1, 1, vec); // ES_GetTmdViewSize
 
  ios_ioctlv( fd, 0x15, 2, 1, vec); // ES_GetTmdView
 
  ios_ioctlv( fd, 0x15, 2, 1, vec); // ES_GetTmdView
Line 32: Line 32:
 
  ios_ioctlv( fd, 0x1c, 1, 1, vec); // ES_DiVerify
 
  ios_ioctlv( fd, 0x1c, 1, 1, vec); // ES_DiVerify
 
  ios_ioctlv( fd, 0x1d, 1, 1, vec); // ES_GetDataDir
 
  ios_ioctlv( fd, 0x1d, 1, 1, vec); // ES_GetDataDir
  ios_ioctlv( fd, 0x1e, 0, 1, vec); // ES_GetDeviceCert
+
  ios_ioctlv( fd, 0x1e, 0, 1, vec); // ES_GetDeviceCert(u8 *outbuf)
  ios_ioctlv( fd, 0x1f, 6, 0, vec); // ES_ImportBoot
+
  ios_ioctlv( fd, 0x1f, 6, 0, vec); // ES_ImportBoot( const signed_blob *tik, u32 tik_size, const signed_blob *tik_certs, u32 tik_certs_size, const signed_blob *tmd, u32 tmd_size, const signed_blob *tmd_certs, u32 tmd_certs_size, const u8 *content, u32 content_size )
 
  ios_ioctlv( fd, 0x20, 0, 1, vec); // ES_GetTitleId
 
  ios_ioctlv( fd, 0x20, 0, 1, vec); // ES_GetTitleId
 
  ios_ioctlv( fd, 0x21, 1, 0, vec); // ES_SetUid
 
  ios_ioctlv( fd, 0x21, 1, 0, vec); // ES_SetUid
Line 39: Line 39:
 
  ios_ioctlv( fd, 0x23, 3, 0, vec); // ES_SeekContent
 
  ios_ioctlv( fd, 0x23, 3, 0, vec); // ES_SeekContent
 
  ios_ioctlv( fd, 0x24, 3, 0, vec); // ES_OpenTitleContent
 
  ios_ioctlv( fd, 0x24, 3, 0, vec); // ES_OpenTitleContent
  ios_ioctlv( fd, 0x25, 0, 0, vec); // ES_LaunchBC
+
  ios_ioctlv( fd, 0x25, 0, 0, vec); // ES_LaunchBC(void)
 
  ios_ioctlv( fd, 0x26, 1, 0, vec); // ES_ExportTitleInit
 
  ios_ioctlv( fd, 0x26, 1, 0, vec); // ES_ExportTitleInit
 
  ios_ioctlv( fd, 0x27, 2, 0, vec); // ES_ExportContentBegin
 
  ios_ioctlv( fd, 0x27, 2, 0, vec); // ES_ExportContentBegin
 
  ios_ioctlv( fd, 0x28, 1, 1, vec); // ES_ExportContentData
 
  ios_ioctlv( fd, 0x28, 1, 1, vec); // ES_ExportContentData
 
  ios_ioctlv( fd, 0x29, 1, 0, vec); // ES_ExportContentEnd
 
  ios_ioctlv( fd, 0x29, 1, 0, vec); // ES_ExportContentEnd
  ios_ioctlv( fd, 0x2A, 0, 0, vec); // ES_ExportTitleDone
+
  ios_ioctlv( fd, 0x2A, 0, 0, vec); // ES_ExportTitleDone(void)
 
  ios_ioctlv( fd, 0x2B, 1, 0, vec); // ES_AddTmd
 
  ios_ioctlv( fd, 0x2B, 1, 0, vec); // ES_AddTmd
  ios_ioctlv( fd, 0x2C, 3, 2, vec); // ES_Encrypt
+
  ios_ioctlv( fd, 0x2C, 3, 2, vec); // ES_Encrypt(u32 keynum, u8 *iv, u8 *source, u32 size, u8 *dest)
  ios_ioctlv( fd, 0x2D, 3, 2, vec); // ES_Decrypt
+
  ios_ioctlv( fd, 0x2D, 3, 2, vec); // ES_Decrypt(u32 keynum, u8 *iv, u8 *source, u32 size, u8 *dest)
  ios_ioctlv( fd, 0x2E, 0, 1, vec); // ES_GetBoot2Version
+
  ios_ioctlv( fd, 0x2E, 0, 1, vec); // ES_GetBoot2Version(u32 *version)
  ios_ioctlv( fd, 0x2F, 0, 0, vec); // ES_AddTitleCancel
+
  ios_ioctlv( fd, 0x2F, 0, 0, vec); // ES_AddTitleCancel(void)
  ios_ioctlv( fd, 0x30, 1, 2, vec); // ES_Sign
+
  ios_ioctlv( fd, 0x30, 1, 2, vec); // ES_Sign(u8 *source, u32 size, u8 *sig, u8 *certs)
 
  ios_ioctlv( fd, 0x31, 3, 0, vec); // ES_VerifySign
 
  ios_ioctlv( fd, 0x31, 3, 0, vec); // ES_VerifySign
 
  ios_ioctlv( fd, 0x32, 0, 1, vec); // ES_GetStoredContentCount
 
  ios_ioctlv( fd, 0x32, 0, 1, vec); // ES_GetStoredContentCount
Line 64: Line 64:
 
  ios_ioctlv( fd, 0x3C, 0, 1, vec); // Unknown ... calls ES_DiVerify  
 
  ios_ioctlv( fd, 0x3C, 0, 1, vec); // Unknown ... calls ES_DiVerify  
 
  ios_ioctlv( fd, 0x3D, 0, 1, vec); // wrapper for syscall 5c
 
  ios_ioctlv( fd, 0x3D, 0, 1, vec); // wrapper for syscall 5c
 
ES_LaunchTitle
 
((u32*)vec)[(0x40>>2)]  = TitleIDL;
 
((u32*)vec)[(0x40>>2)+1] = TitleIDH;
 
 
((u32*)vec)[0]=(u32)PHYSADDR(vec+0x40);
 
((u32*)vec)[1]=8;
 
((u32*)vec)[2]=(u32)PHYSADDR(vec+0x60); // data returned by ES_GetTicketViews
 
((u32*)vec)[3]=0xD8;
 
 
ios_ioctlvReboot( fd, 8, 2, 0, vec); 
 
 
ES_GetTicketViewNumber:
 
 
((u32*)vec)[(0x40>>2)]  = TitleIDL;
 
((u32*)vec)[(0x40>>2)+1] = TitleIDH;
 
 
((u32*)vec)[0]=(u32)PHYSADDR(vec+0x40);
 
((u32*)vec)[1]=8;
 
((u32*)vec)[2]=(u32)PHYSADDR(vec+0x60);
 
((u32*)vec)[3]=4;
 
 
ios_ioctlv( fd, 0x12, 1, 1, vec);
 
 
 
 
ES_GetTicketViews
 
 
((u32*)vec)[(0x40>>2)]  = TitleIDL;
 
((u32*)vec)[(0x40>>2)+1] = TitleIDH;
 
 
((u32*)vec)[(0x60>>2)]  = num; // value returned by ES_GetTicketViewNumber
 
 
((u32*)vec)[0]=(u32)PHYSADDR(vec+0x40);
 
((u32*)vec)[1]=8;
 
((u32*)vec)[2]=(u32)PHYSADDR(vec+0x60);
 
((u32*)vec)[3]=4;
 
((u32*)vec)[4]=(u32)PHYSADDR(vec+0x80);
 
((u32*)vec)[5]=num*0xD8;
 
 
ios_ioctlv( fd, 0x13, 2, 1, vec);
 
  
 
== /dev/es error codes ==
 
== /dev/es error codes ==

Revision as of 09:35, 3 November 2008

The ES (ETicket Services?) is responsible for the security of Wii, making it the enemy! Along with the rest of IOS, this is generally considered a "private interface" -- game developers never call any of these functions directly. Most of these are now implemented in libogc -- see http://devkitpro.cvs.sourceforge.net/viewvc/devkitpro/libogc/libogc/es.c?view=markup. Please feel free to submit patches to implement the remaining functions.

Here are the known ES functions:

ios_ioctlv( fd, 0x01, 4, 0, vec); // ES_AddTicket(const signed_blob *stik, u32 stik_size, const signed_blob *certificates, u32 certificates_size, const signed_blob *crl, u32 crl_size)
ios_ioctlv( fd, 0x02, 4, 0, vec); // ES_AddTitleStart(const signed_blob *stmd, u32 tmd_size, const signed_blob *certificates, u32 certificates_size, const signed_blob *crl, u32 crl_size)
ios_ioctlv( fd, 0x03, 2, 0, vec); // ES_AddContentStart(u64 titleID, u32 cid)
ios_ioctlv( fd, 0x04, 2, 0, vec); // ES_AddContentData(s32 cfd, u8 *data, u32 data_size)
ios_ioctlv( fd, 0x05, 1, 0, vec); // ES_AddContentFinish(u32 cid)
ios_ioctlv( fd, 0x06, 0, 0, vec); // ES_AddTitleFinish(void)
ios_ioctlv( fd, 0x07, 0, 0, vec); // ES_GetDeviceID(void)
ios_ioctlvReboot(fd, 8, 2, 0, vec); // ES_LaunchTitle(u64 titleID, const tikview *view)
ios_ioctlv( fd, 0x09, 1, 0, vec);  // ES_OpenContent(u16 index)
ios_ioctlv( fd, 0x0A, 1, 1, vec); // ES_ReadContent(s32 cfd, u8 *data, u32 data_size)
ios_ioctlv( fd, 0x0B, 1, 0, vec); // ES_CloseContent(s32 cfd)
ios_ioctlv( fd, 0x0C, 0, 1, vec); // ES_GetOwnedTitlesCount
ios_ioctlv( fd, 0x0D, 1, 1, vec); // ES_GetOwnedTitles
ios_ioctlv( fd, 0x0E, 0, 1, vec); // ES_GetTitlesCount
ios_ioctlv( fd, 0x0F, 1, 1, vec); // ES_GetTitles
ios_ioctlv( fd, 0x10, 0, 1, vec); // ES_GetTitleContentsCount
ios_ioctlv( fd, 0x11, 2, 1, vec); // ES_GetTitleContent
ios_ioctlv( fd, 0x12, 1, 1, vec); // ES_GetNumTicketViews(u64 titleID, u32 *cnt)
ios_ioctlv( fd, 0x13, 1, 1, vec); // ES_GetTicketViews(u64 titleID, tikview *views, u32 cnt)
ios_ioctlv( fd, 0x14, 1, 1, vec); // ES_GetTmdViewSize
ios_ioctlv( fd, 0x15, 2, 1, vec); // ES_GetTmdView
ios_ioctlv( fd, 0x16, 1, 2, vec); // ES_GetConsumption
ios_ioctlv( fd, 0x17, 1, 2, vec); // ES_DeleteTitle
ios_ioctlv( fd, 0x18, 1, 2, vec); // ES_DeleteTicket
ios_ioctlv( fd, 0x19, 1, 1, vec); // ES_DiGetTmdViewCount
ios_ioctlv( fd, 0x1A, 2, 1, vec); // ES_DiGetTmdView
ios_ioctlv( fd, 0x1B, 1, 1, vec); // ES_DiGetTicketView
ios_ioctlv( fd, 0x1c, 1, 1, vec); // ES_DiVerify
ios_ioctlv( fd, 0x1d, 1, 1, vec); // ES_GetDataDir
ios_ioctlv( fd, 0x1e, 0, 1, vec); // ES_GetDeviceCert(u8 *outbuf)
ios_ioctlv( fd, 0x1f, 6, 0, vec); // ES_ImportBoot( const signed_blob *tik, u32 tik_size, const signed_blob *tik_certs, u32 tik_certs_size, const signed_blob *tmd, u32 tmd_size, const signed_blob *tmd_certs, u32 tmd_certs_size, const u8 *content, u32 content_size )
ios_ioctlv( fd, 0x20, 0, 1, vec); // ES_GetTitleId
ios_ioctlv( fd, 0x21, 1, 0, vec); // ES_SetUid
ios_ioctlv( fd, 0x22, 0, 1, vec); // ES_DeleteTitleContent
ios_ioctlv( fd, 0x23, 3, 0, vec); // ES_SeekContent
ios_ioctlv( fd, 0x24, 3, 0, vec); // ES_OpenTitleContent
ios_ioctlv( fd, 0x25, 0, 0, vec); // ES_LaunchBC(void)
ios_ioctlv( fd, 0x26, 1, 0, vec); // ES_ExportTitleInit
ios_ioctlv( fd, 0x27, 2, 0, vec); // ES_ExportContentBegin
ios_ioctlv( fd, 0x28, 1, 1, vec); // ES_ExportContentData
ios_ioctlv( fd, 0x29, 1, 0, vec); // ES_ExportContentEnd
ios_ioctlv( fd, 0x2A, 0, 0, vec); // ES_ExportTitleDone(void)
ios_ioctlv( fd, 0x2B, 1, 0, vec); // ES_AddTmd
ios_ioctlv( fd, 0x2C, 3, 2, vec); // ES_Encrypt(u32 keynum, u8 *iv, u8 *source, u32 size, u8 *dest)
ios_ioctlv( fd, 0x2D, 3, 2, vec); // ES_Decrypt(u32 keynum, u8 *iv, u8 *source, u32 size, u8 *dest)
ios_ioctlv( fd, 0x2E, 0, 1, vec); // ES_GetBoot2Version(u32 *version)
ios_ioctlv( fd, 0x2F, 0, 0, vec); // ES_AddTitleCancel(void)
ios_ioctlv( fd, 0x30, 1, 2, vec); // ES_Sign(u8 *source, u32 size, u8 *sig, u8 *certs)
ios_ioctlv( fd, 0x31, 3, 0, vec); // ES_VerifySign
ios_ioctlv( fd, 0x32, 0, 1, vec); // ES_GetStoredContentCount
ios_ioctlv( fd, 0x33, 0, 1, vec); // ES_GetStoredContent
ios_ioctlv( fd, 0x34, 0, 1, vec); // ES_GetStoredTmdSize
ios_ioctlv( fd, 0x35, 0, 1, vec); // ES_GetStoredTmd
ios_ioctlv( fd, 0x36, 0, 1, vec); // ES_GetSharedContentCount
ios_ioctlv( fd, 0x37, 0, 1, vec); // ES_GetSharedContents
ios_ioctlv( fd, 0x38, ?, ?, vec); 
ios_ioctlv( fd, 0x39, 0, 1, vec); // ES_GetDiTmdSize
ios_ioctlv( fd, 0x3A, 1, 1, vec); // ES_GetDiTmd
ios_ioctlv( fd, 0x3B, 0, 1, vec); // Unknown ... calls ES_DiVerify 
ios_ioctlv( fd, 0x3C, 0, 1, vec); // Unknown ... calls ES_DiVerify 
ios_ioctlv( fd, 0x3D, 0, 1, vec); // wrapper for syscall 5c

/dev/es error codes

Error code POSIX equivalent notes
-106 ? invalid TMD when using ES_OpenContent or <marcan> HUGHLALUGH SOMETHING FUCKED UP AND I'M NOT TELLING, or access denied
-1009 ? ?
-1010 ? ?
-1017 ? Wrong IN or OUT size, wrong size for a part of the vector
-1022 ? Content did not match hash in TMD
-1024 ? memory allocation failure
-1026 ? Incorrect access rights
-1028 ? No ticket installed
-1029 ? Installed ticket is invalid
-2008 EINVAL Invalid parameter(s)
-2011 ? Signature check failed
-2014 ? Bad hash length (!= 20)