Difference between revisions of "Ticket"

From WiiBrew
Jump to navigation Jump to search
(master -> common)
m
Line 3: Line 3:
  
 
=== File structure ===  
 
=== File structure ===  
{| style="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;"
+
{| class="wikitable"
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | '''Start'''
+
! Start
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | '''Length'''
+
! Length
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | '''Description'''
+
! Description
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x000
+
| 0x000
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 4
+
| 4
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature type (always 0x10001 for RSA-2048)
+
| Signature type (always 0x10001 for RSA-2048)
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x005
+
| 0x005
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 256
+
| 256
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature by a certificate's key (everything after this field is covered by this signature)
+
| Signature by a certificate's key (everything after this field is covered by this signature)
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x140
+
| 0x140
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 64
+
| 64
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature issuer
+
| Signature issuer
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x1bf
+
| 0x1bf
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 16
+
| 16
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Encrypted title key
+
| Encrypted title key
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x1dc
+
| 0x1dc
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 8
+
| 8
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Title ID / [http://en.wikipedia.org/wiki/Initialization_Vector Initialization Vector] (IV) used for AES-[http://en.wikipedia.org/wiki/Cipher_Block_Chaining#Cipher-block_chaining_.28CBC.29 CBC] encryption
+
| Title ID / [http://en.wikipedia.org/wiki/Initialization_Vector Initialization Vector] (IV) used for AES-[http://en.wikipedia.org/wiki/Cipher_Block_Chaining#Cipher-block_chaining_.28CBC.29 CBC] encryption
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x1f1
+
| 0x1f1
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 1
+
| 1
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Common Key index (1 = Korean Common key, 0 = "normal" Common key)
+
| Common Key index (1 = Korean Common key, 0 = "normal" Common key)
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x222
+
| 0x222
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 32
+
| 32
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Always 0xFF (?)
+
| Always 0xFF (?)
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x264
+
| 0x264
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 4
+
| 4
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Enable time limit (1 = Enabled, 0 = Disabled)
+
| Enable time limit (1 = Enabled, 0 = Disabled)
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x268
+
| 0x268
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 4
+
| 4
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Time limit (Seconds)
+
| Time limit (Seconds)
 
|}
 
|}
  
 
To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).
 
To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).

Revision as of 00:23, 6 October 2008

Tickets are found in many encrypted files used by the Wii (e.g. WAD Files or Wiidiscs). They contain the encrypted AES "title key" and the Title ID of the data followed by a certificate chain. So far only tickets with RSA-2048 signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4)

File structure

Start Length Description
0x000 4 Signature type (always 0x10001 for RSA-2048)
0x005 256 Signature by a certificate's key (everything after this field is covered by this signature)
0x140 64 Signature issuer
0x1bf 16 Encrypted title key
0x1dc 8 Title ID / Initialization Vector (IV) used for AES-CBC encryption
0x1f1 1 Common Key index (1 = Korean Common key, 0 = "normal" Common key)
0x222 32 Always 0xFF (?)
0x264 4 Enable time limit (1 = Enabled, 0 = Disabled)
0x268 4 Time limit (Seconds)

To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).