Line 1: |
Line 1: |
− | Tickets are found in many encrypted files used by the Wii (e.g. [[WAD Files]] or [[Wiidisc|Wiidiscs]]). They contain the encrypted AES key, the Title ID of the data and are followed by a [[certificate chain]]. | + | Tickets are found in many encrypted files used by the Wii (e.g. [[WAD Files]] or [[Wiidisc]]s). They contain the encrypted [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] "title key" and the Title ID of the data and are signed by a certificate from a [[certificate chain]] (which usually is the same for all titles and stored somewhere on the NAND). |
− | So far I have only seen tickets with RSA-2048 signatures. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4) | + | So far only tickets with [http://en.wikipedia.org/wiki/RSA RSA-2048] signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4) |
| | | |
− | === File structure === | + | === File structure === |
− | {| style="border-collapse: collapse; padding: 0.2em 0.2em 0.2em 0.2em;" | + | {| class="wikitable" |
− | |- style="background-color: #ddd;" | + | |- |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | '''Start'''
| + | ! Start |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | '''Length'''
| + | ! End |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | '''Description'''
| + | ! Length |
− | |- style="background-color: #ddd;" | + | ! Description |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x000 | + | |- |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 4 | + | | 0x0000 |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature type (always 0x10001 for RSA-2048 (to be confirmed))
| + | | 0x0003 |
− | |- style="background-color: #ddd;" | + | | 0x04 |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x005 | + | | Signature type (always 0x10001 for RSA-2048) |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 256 | + | |- |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature by a certificate's key (everything after this field is covered by this signature)
| + | | 0x0004 |
− | |- style="background-color: #ddd;" | + | | 0x0103 |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x140 | + | | 0x100 |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 64 | + | | Signature by a certificate's key |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Signature issuer | + | |- |
− | |- style="background-color: #ddd;" | + | | 0x0104 |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x1bf | + | | 0x013F |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 16 | + | | 0x3C |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Encrypted Title key | + | | Padding (Always 0 - everything after this field is covered by the above signature) |
− | |- style="background-color: #ddd;" | + | |- |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x1dc | + | | 0x0140 |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 8 | + | | 0x017F |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Title ID / IV used for AES-CBC encryption | + | | 0x40 |
− | |- style="background-color: #ddd;" | + | | Signature issuer |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ded;" | 0x222 | + | |- |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #ddd;" | 32 | + | | 0x0180 |
− | | style="border: 1px solid #ccc; padding: 0.2em; background-color: #edd;" | Always 0xFF (?) | + | | 0x01BB |
| + | | 0x3C |
| + | | ECDH data, used to generate one-time key during install of console specific titles |
| + | |- |
| + | | 0x01BC |
| + | | 0x01BE |
| + | | 0x03 |
| + | | Unused/Padding |
| + | |- |
| + | | 0x01BF |
| + | | 0x01CE |
| + | | 0x10 |
| + | | Encrypted title key |
| + | |- |
| + | | 0x01CF |
| + | | 0x01CF |
| + | | 0x01 |
| + | | Unknown |
| + | |- |
| + | | 0x01D0 |
| + | | 0x01D7 |
| + | | 0x08 |
| + | | ticket_id (used as IV for title key decryption of console specific titles) |
| + | |
| + | |- |
| + | | 0x01D8 |
| + | | 0x01DB |
| + | | 0x04 |
| + | | Console ID |
| + | |- |
| + | | 0x01DC |
| + | | 0x01E3 |
| + | | 0x08 |
| + | | Title ID / [http://en.wikipedia.org/wiki/Initialization_Vector Initialization Vector] (IV) used for AES-[http://en.wikipedia.org/wiki/Cipher_Block_Chaining#Cipher-block_chaining_.28CBC.29 CBC] encryption |
| + | |- |
| + | | 0x01E4 |
| + | | 0x01E5 |
| + | | 0x02 |
| + | | Unknown, mostly 0xFFFF |
| + | |- |
| + | | 0x01E6 |
| + | | 0x01E7 |
| + | | 0x02 |
| + | | Ticket title version |
| + | |- |
| + | | 0x01E8 |
| + | | 0x01EB |
| + | | 0x04 |
| + | | Permitted Titles Mask |
| + | |- |
| + | | 0x01EC |
| + | | 0x01EF |
| + | | 0x04 |
| + | | Permit mask. The current disc title is ANDed with the inverse of this mask to see if the result matches the Permitted Titles Mask. |
| + | |- |
| + | | 0x01F0 |
| + | | 0x01F0 |
| + | | 0x01 |
| + | | Title Export allowed using PRNG key (1 = allowed, 0 = not allowed) |
| + | |- |
| + | | 0x01F1 |
| + | | 0x01F1 |
| + | | 0x01 |
| + | | Common Key index (2 = [http://wiiubrew.org/wiki/WiiMode Wii U Wii mode], 1 = Korean Common key, 0 = "normal" Common key) |
| + | |- |
| + | | 0x01F2 |
| + | | 0x0221 |
| + | | 0x30 |
| + | | Unknown. Is all 0 for non-VC, for VC, all 0 except last byte is 1. |
| + | |- |
| + | | 0x0222 |
| + | | 0x0261 |
| + | | 0x40 |
| + | | Content access permissions (one bit for each content) |
| + | |- |
| + | | 0x0262 |
| + | | 0x0263 |
| + | | 0x02 |
| + | | Padding (Always 0) |
| + | |- |
| + | | 0x0264 |
| + | | 0x0267 |
| + | | 0x04 |
| + | | Enable time limit (1 = Enabled, 0 = Disabled) |
| + | |- |
| + | | 0x0268 |
| + | | 0x026B |
| + | | 0x04 |
| + | | Time limit (Seconds) |
| + | |- |
| + | | 0x026C |
| + | | 0x02A3 |
| + | | 0x38 |
| + | | 7 more time_limit structs as above ({int enable, seconds}) |
| |} | | |} |
| | | |
− | To get the title key decrypt the 16 bytes at offset 0x1dc using the master key and the Title ID as IV. | + | To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero). |
| + | |
| + | [[Category:File formats]] |