Difference between revisions of "Ticket"

From WiiBrew
Jump to navigation Jump to search
m
(→‎File structure: clarification)
 
(41 intermediate revisions by 27 users not shown)
Line 1: Line 1:
Tickets are found in many encrypted files used by the Wii (e.g. [[WAD Files]] or [[Wiidisc|Wiidiscs]]). They contain the encrypted AES key, the Title ID of the data and are followed by a [[certificate chain]].
+
Tickets are found in many encrypted files used by the Wii (e.g. [[WAD Files]] or [[Wiidisc]]s). They contain the encrypted [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] "title key" and the Title ID of the data and are signed by a certificate from a [[certificate chain]] (which usually is the same for all titles and stored somewhere on the NAND).
So far I have only seen tickets with RSA-2048 signatures. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4)
+
So far only tickets with [http://en.wikipedia.org/wiki/RSA RSA-2048] signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4)
  
=== File structure ===  
+
While all Wii titles are available on [[NUS]], most are encrypted with a key found in the ticket; this key is what is purchased with the [[Wii Shop Channel]]. Deleting a title using the data management feature of the [[System Menu]] leaves the ticket intact; this is responsible for allowing software to be redownloaded. However, tools such as [[AnyTitle Deleter]] delete tickets when they delete titles, which removes all traces of the title.
{| style="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;"
+
 
|- style="background-color: #ddd;"
+
== File structure ==
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | '''Start'''
+
{| class="wikitable"
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | '''Length'''
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | '''Description'''
+
! Start
|- style="background-color: #ddd;"
+
! End
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x000
+
! Length
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 4
+
! Description
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature type (always 0x10001 for RSA-2048 (to be confirmed))
+
|-
|- style="background-color: #ddd;"
+
| 0x0000
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x005
+
| 0x0003
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 256
+
| 0x04
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature by a certificate's key (everything after this field is covered by this signature)
+
| Signature type (always 0x10001 for RSA-2048)
|- style="background-color: #ddd;"
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x140
+
| 0x0004
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 64
+
| 0x0103
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature issuer
+
| 0x100
|- style="background-color: #ddd;"
+
| Signature by a certificate's key
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x1bf
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 16
+
| 0x0104
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Encrypted Title key
+
| 0x013F
|- style="background-color: #ddd;"
+
| 0x3C
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x1dc
+
| Padding (Always 0 - everything after this field is covered by the above signature)
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 8
+
|-
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Title ID / IV used for AES-CBC encryption
+
| 0x0140
|- style="background-color: #ddd;"
+
| 0x017F
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x222
+
| 0x40
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 32
+
| Signature issuer
| style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Always 0xFF (?)
+
|-
 +
| 0x0180
 +
| 0x01BB
 +
| 0x3C
 +
| ECDH data, used to generate one-time key during install of console specific titles
 +
|-
 +
| 0x01BC
 +
| 0x01BE
 +
| 0x03
 +
| Unused/Padding
 +
|-
 +
| 0x01BF
 +
| 0x01CE
 +
| 0x10
 +
| Title Key, encrypted by Common Key
 +
|-
 +
| 0x01CF
 +
| 0x01CF
 +
| 0x01
 +
| Unknown
 +
|-
 +
| 0x01D0
 +
| 0x01D7
 +
| 0x08
 +
| ticket_id (used as IV for title key decryption of console specific titles)
 +
 
 +
|-
 +
| 0x01D8
 +
| 0x01DB
 +
| 0x04
 +
| Console ID
 +
|-
 +
| 0x01DC
 +
| 0x01E3
 +
| 0x08
 +
| Title ID / [http://en.wikipedia.org/wiki/Initialization_Vector Initialization Vector] (IV) used for AES-[http://en.wikipedia.org/wiki/Cipher_Block_Chaining#Cipher-block_chaining_.28CBC.29 CBC] encryption
 +
|-
 +
| 0x01E4
 +
| 0x01E5
 +
| 0x02
 +
| Unknown, mostly 0xFFFF
 +
|-
 +
| 0x01E6
 +
| 0x01E7
 +
| 0x02
 +
| Ticket title version
 +
|-
 +
| 0x01E8
 +
| 0x01EB
 +
| 0x04
 +
| Permitted Titles Mask
 +
|-
 +
| 0x01EC
 +
| 0x01EF
 +
| 0x04
 +
| Permit mask. The current disc title is ANDed with the inverse of this mask to see if the result matches the Permitted Titles Mask.
 +
|-
 +
| 0x01F0
 +
| 0x01F0
 +
| 0x01
 +
| Title Export allowed using PRNG key (1 = allowed, 0 = not allowed)
 +
|-
 +
| 0x01F1
 +
| 0x01F1
 +
| 0x01
 +
| Common Key index (2 = [http://wiiubrew.org/wiki/WiiMode Wii U Wii mode], 1 = Korean Common key, 0 = "normal" Common key)
 +
|-
 +
| 0x01F2
 +
| 0x0221
 +
| 0x30
 +
| Unknown. Is all 0 for non-VC, for VC, all 0 except last byte is 1.
 +
|-
 +
| 0x0222
 +
| 0x0261
 +
| 0x40
 +
| Content access permissions (one bit for each content)
 +
|-
 +
| 0x0262
 +
| 0x0263
 +
| 0x02
 +
| Padding (Always 0)
 +
|-
 +
| 0x0264
 +
| 0x0267
 +
| 0x04
 +
| Enable time limit (1 = Enabled, 0 = Disabled)
 +
|-
 +
| 0x0268
 +
| 0x026B
 +
| 0x04
 +
| Time limit (Seconds)
 +
|-
 +
| 0x026C
 +
| 0x02A3
 +
| 0x38
 +
| 7 more time_limit structs as above ({int enable, seconds})
 
|}
 
|}
  
To get the title key decrypt the 16 bytes at offset 0x1dc using the master key and the Title ID as IV.
+
To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).
 +
 
 +
[[Category:File formats]]

Latest revision as of 03:05, 14 June 2021

Tickets are found in many encrypted files used by the Wii (e.g. WAD Files or Wiidiscs). They contain the encrypted AES "title key" and the Title ID of the data and are signed by a certificate from a certificate chain (which usually is the same for all titles and stored somewhere on the NAND). So far only tickets with RSA-2048 signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4)

While all Wii titles are available on NUS, most are encrypted with a key found in the ticket; this key is what is purchased with the Wii Shop Channel. Deleting a title using the data management feature of the System Menu leaves the ticket intact; this is responsible for allowing software to be redownloaded. However, tools such as AnyTitle Deleter delete tickets when they delete titles, which removes all traces of the title.

File structure

Start End Length Description
0x0000 0x0003 0x04 Signature type (always 0x10001 for RSA-2048)
0x0004 0x0103 0x100 Signature by a certificate's key
0x0104 0x013F 0x3C Padding (Always 0 - everything after this field is covered by the above signature)
0x0140 0x017F 0x40 Signature issuer
0x0180 0x01BB 0x3C ECDH data, used to generate one-time key during install of console specific titles
0x01BC 0x01BE 0x03 Unused/Padding
0x01BF 0x01CE 0x10 Title Key, encrypted by Common Key
0x01CF 0x01CF 0x01 Unknown
0x01D0 0x01D7 0x08 ticket_id (used as IV for title key decryption of console specific titles)
0x01D8 0x01DB 0x04 Console ID
0x01DC 0x01E3 0x08 Title ID / Initialization Vector (IV) used for AES-CBC encryption
0x01E4 0x01E5 0x02 Unknown, mostly 0xFFFF
0x01E6 0x01E7 0x02 Ticket title version
0x01E8 0x01EB 0x04 Permitted Titles Mask
0x01EC 0x01EF 0x04 Permit mask. The current disc title is ANDed with the inverse of this mask to see if the result matches the Permitted Titles Mask.
0x01F0 0x01F0 0x01 Title Export allowed using PRNG key (1 = allowed, 0 = not allowed)
0x01F1 0x01F1 0x01 Common Key index (2 = Wii U Wii mode, 1 = Korean Common key, 0 = "normal" Common key)
0x01F2 0x0221 0x30 Unknown. Is all 0 for non-VC, for VC, all 0 except last byte is 1.
0x0222 0x0261 0x40 Content access permissions (one bit for each content)
0x0262 0x0263 0x02 Padding (Always 0)
0x0264 0x0267 0x04 Enable time limit (1 = Enabled, 0 = Disabled)
0x0268 0x026B 0x04 Time limit (Seconds)
0x026C 0x02A3 0x38 7 more time_limit structs as above ({int enable, seconds})

To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).