Changes

Ticket (view source)

Revision as of 18:45, 5 March 2009

1,559 bytes added , 18:45, 5 March 2009

m

Reverted edits by IMacros (Talk) to last version by Svpe

Line 1: Line 1: −

~~これは、任天堂株式会社のCEOです。このサイトがダウンするか今の我々の利益の喪失を訴えて！~~

+

Tickets are found in many encrypted files used by the Wii (e.g. [[WAD Files]] or [[Wiidisc|Wiidiscs]]). They contain the encrypted [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] "title key" and the Title ID of the data and are signed by a certificate from a [[certificate chain]] (which usually is the same for all titles and stored somewhere on the NAND).

−

==~~これは、任天堂株式会社のCEOです。このサイトがダウンするか今の我々の利益の喪失を訴えて！~~==

+

So far only tickets with [http://en.wikipedia.org/wiki/RSA RSA-2048] signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4)

−

===~~これは、任天堂株式会社のCEOです。このサイトがダウンするか今の我々の利益の喪失を訴えて！=~~==

+

−

~~これは、任天堂株式会社のCEOです。このサイトがダウンするか今の我々の利益の喪失を訴えて！~~

+

=== File structure ===

−

~~[[これは、任天堂株式会社のCEOです。このサイトがダウンするか今の我々の利益の喪失を訴えて！]]~~

+

{| class="wikitable"

+

|-

+

! Start

+

! End

+

! Length

+

! Description

+

|-

+

| 0x0000

+

| 0x0003

+

| 0x04

+

| Signature type (always 0x10001 for RSA-2048)

+

|-

+

| 0x0004

+

| 0x0103

+

| 0x100

+

| Signature by a certificate's key (everything after this field is covered by this signature)

+

|-

+

| 0x0104

+

| 0x013f

+

| 0x3c

+

| Padding (Always 0)

+

|-

+

| 0x0140

+

| 0x017f

+

| 0x40

+

| Signature issuer

+

|-

+

| 0x0180

+

| 0x01be

+

| 0x3f

+

| Unknown (0, unless it is a VC game)

+

|-

+

| 0x01bf

+

| 0x01ce

+

| 0x10

+

| Encrypted title key

+

|-

+

| 0x01cf

+

| 0x01cf

+

| 0x01

+

| Unknown

+

|-

+

| 0x01d0

+

| 0x01d7

+

| 0x08

+

| ticket_id

+

|-

+

| 0x01D8

+

| 0x01DB

+

| 0x04

+

| Console ID

+

|-

+

| 0x01dc

+

| 0x01e3

+

| 0x08

+

| Title ID / [http://en.wikipedia.org/wiki/Initialization_Vector Initialization Vector] (IV) used for AES-[http://en.wikipedia.org/wiki/Cipher_Block_Chaining#Cipher-block_chaining_.28CBC.29 CBC] encryption

+

|-

+

| 0x01e4

+

| 0x01e5

+

| 0x02

+

| Unknown, mostly 0xFFFF

+

|-

+

| 0x01e6

+

| 0x01e8

+

| 0x02

+

| Amount of bought DLC contents

+

|-

+

| 0x01e9

+

| 0x01f0

+

| 0x08

+

| Unknown

+

|-

+

| 0x01f1

+

| 0x01f1

+

| 0x01

+

| Common Key index (1 = Korean Common key, 0 = "normal" Common key)

+

|-

+

| 0x01f2

+

| 0x0221

+

| 0x30

+

| Unknown. Is all 0 for non-VC, for VC, all 0 except last byte is 1.

+

|-

+

| 0x0222

+

| 0x0241

+

| 0x20

+

| Always 0xFF (?)

+

|-

+

| 0x0242

+

| 0x0243

+

| 0x02

+

| Padding (Always 0)

+

|-

+

| 0x0244

+

| 0x0247

+

| 0x04

+

| Enable time limit (1 = Enabled, 0 = Disabled)

+

|-

+

| 0x0248

+

| 0x024b

+

| 0x04

+

| Time limit (Seconds)

+

|-

+

| 0x024c

+

| 0x02a3

+

| 0x58

+

| Padding (Always 0)

+

|}

+

To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero).

Marcan

Bureaucrats, Check users, oversight, Administrators

892

edits