WiiBrew

Changes

Ticket (view source)

Revision as of 18:08, 5 March 2009

1,559 bytes removed ,  18:08, 5 March 2009
no edit summary
Line 1: Line 1: โˆ’
Tickets are found in many encrypted files used by the Wii (e.g. [[WAD Files]] or [[Wiidisc|Wiidiscs]]). They contain the encrypted [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] "title key" and the Title ID of the data and are signed by a certificate from a [[certificate chain]] (which usually is the same for all titles and stored somewhere on the NAND).
+
ใ“ใ‚Œใฏใ€ไปปๅคฉๅ ‚ๆ ชๅผไผš็คพใฎCEOใงใ™ใ€‚ใ“ใฎใ‚ตใ‚คใƒˆใŒใƒ€ใ‚ฆใƒณใ™ใ‚‹ใ‹ไปŠใฎๆˆ‘ใ€…ใฎๅˆฉ็›Šใฎๅ–ชๅคฑใ‚’่จดใˆใฆ๏ผ
โˆ’
So far only tickets with [http://en.wikipedia.org/wiki/RSA RSA-2048] signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4)
+
==ใ“ใ‚Œใฏใ€ไปปๅคฉๅ ‚ๆ ชๅผไผš็คพใฎCEOใงใ™ใ€‚ใ“ใฎใ‚ตใ‚คใƒˆใŒใƒ€ใ‚ฆใƒณใ™ใ‚‹ใ‹ไปŠใฎๆˆ‘ใ€…ใฎๅˆฉ็›Šใฎๅ–ชๅคฑใ‚’่จดใˆใฆ๏ผ==
โˆ’
 
+
===ใ“ใ‚Œใฏใ€ไปปๅคฉๅ ‚ๆ ชๅผไผš็คพใฎCEOใงใ™ใ€‚ใ“ใฎใ‚ตใ‚คใƒˆใŒใƒ€ใ‚ฆใƒณใ™ใ‚‹ใ‹ไปŠใฎๆˆ‘ใ€…ใฎๅˆฉ็›Šใฎๅ–ชๅคฑใ‚’่จดใˆใฆ๏ผ===
โˆ’
=== File structure ===  
+
ใ“ใ‚Œใฏใ€ไปปๅคฉๅ ‚ๆ ชๅผไผš็คพใฎCEOใงใ™ใ€‚ใ“ใฎใ‚ตใ‚คใƒˆใŒใƒ€ใ‚ฆใƒณใ™ใ‚‹ใ‹ไปŠใฎๆˆ‘ใ€…ใฎๅˆฉ็›Šใฎๅ–ชๅคฑใ‚’่จดใˆใฆ๏ผ
โˆ’
{| class="wikitable"
+
[[ใ“ใ‚Œใฏใ€ไปปๅคฉๅ ‚ๆ ชๅผไผš็คพใฎCEOใงใ™ใ€‚ใ“ใฎใ‚ตใ‚คใƒˆใŒใƒ€ใ‚ฆใƒณใ™ใ‚‹ใ‹ไปŠใฎๆˆ‘ใ€…ใฎๅˆฉ็›Šใฎๅ–ชๅคฑใ‚’่จดใˆใฆ๏ผ]]
โˆ’
|-
  โˆ’
! Start
  โˆ’
! End
  โˆ’
! Length
  โˆ’
! Description
  โˆ’
|-
  โˆ’
| 0x0000
  โˆ’
| 0x0003
  โˆ’
| 0x04
  โˆ’
| Signature type (always 0x10001 for RSA-2048)
  โˆ’
|-
  โˆ’
| 0x0004
  โˆ’
| 0x0103
  โˆ’
| 0x100
  โˆ’
| Signature by a certificate's key (everything after this field is covered by this signature)
  โˆ’
|-
  โˆ’
| 0x0104
  โˆ’
| 0x013f
  โˆ’
| 0x3c
  โˆ’
| Padding (Always 0)
  โˆ’
|-
  โˆ’
| 0x0140
  โˆ’
| 0x017f
  โˆ’
| 0x40
  โˆ’
| Signature issuer
  โˆ’
|-
  โˆ’
| 0x0180
  โˆ’
| 0x01be
  โˆ’
| 0x3f
  โˆ’
| Unknown (0, unless it is a VC game)
  โˆ’
|-
  โˆ’
| 0x01bf
  โˆ’
| 0x01ce
  โˆ’
| 0x10
  โˆ’
| Encrypted title key
  โˆ’
|-
  โˆ’
| 0x01cf
  โˆ’
| 0x01cf
  โˆ’
| 0x01
  โˆ’
| Unknown
  โˆ’
|-
  โˆ’
| 0x01d0
  โˆ’
| 0x01d7
  โˆ’
| 0x08
  โˆ’
| ticket_id
  โˆ’
 
  โˆ’
|-
  โˆ’
| 0x01D8
  โˆ’
| 0x01DB
  โˆ’
| 0x04
  โˆ’
| Console ID
  โˆ’
|-
  โˆ’
| 0x01dc
  โˆ’
| 0x01e3
  โˆ’
| 0x08
  โˆ’
| Title ID / [http://en.wikipedia.org/wiki/Initialization_Vector Initialization Vector] (IV) used for AES-[http://en.wikipedia.org/wiki/Cipher_Block_Chaining#Cipher-block_chaining_.28CBC.29 CBC] encryption
  โˆ’
|-
  โˆ’
| 0x01e4
  โˆ’
| 0x01e5
  โˆ’
| 0x02
  โˆ’
| Unknown, mostly 0xFFFF
  โˆ’
|-
  โˆ’
| 0x01e6
  โˆ’
| 0x01e8
  โˆ’
| 0x02
  โˆ’
| Amount of bought DLC contents
  โˆ’
|-
  โˆ’
| 0x01e9
  โˆ’
| 0x01f0
  โˆ’
| 0x08
  โˆ’
| Unknown
  โˆ’
|-
  โˆ’
| 0x01f1
  โˆ’
| 0x01f1
  โˆ’
| 0x01
  โˆ’
| Common Key index (1 = Korean Common key, 0 = "normal" Common key)
  โˆ’
|-
  โˆ’
| 0x01f2
  โˆ’
| 0x0221
  โˆ’
| 0x30
  โˆ’
| Unknown. Is all 0 for non-VC, for VC, all 0 except last byte is 1.
  โˆ’
|-
  โˆ’
| 0x0222
  โˆ’
| 0x0241
  โˆ’
| 0x20
  โˆ’
| Always 0xFF (?)
  โˆ’
|-
  โˆ’
| 0x0242
  โˆ’
| 0x0243
  โˆ’
| 0x02
  โˆ’
| Padding (Always 0)
  โˆ’
|-
  โˆ’
| 0x0244
  โˆ’
| 0x0247
  โˆ’
| 0x04
  โˆ’
| Enable time limit (1 = Enabled, 0 = Disabled)
  โˆ’
|-
  โˆ’
| 0x0248
  โˆ’
| 0x024b
  โˆ’
| 0x04
  โˆ’
| Time limit (Seconds)
  โˆ’
|-
  โˆ’
| 0x024c
  โˆ’
| 0x02a3
  โˆ’
| 0x58
  โˆ’
| Padding (Always 0)
  โˆ’
|}
  โˆ’
 
  โˆ’
To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).
 
IMacros
99

edits

Retrieved from "https://wiibrew.org/wiki/Special:MobileDiff/44942"