Line 1: |
Line 1: |
− | Tickets are found in many encrypted files used by the Wii (e.g. [[WAD Files]] or [[Wiidisc|Wiidiscs]]). They contain the encrypted [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] "title key" and the Title ID of the data and are signed by a certificate from a [[certificate chain]] (which usually is the same for all titles and stored somewhere on the NAND). | + | Tickets are found in many encrypted files used by the Wii (e.g. [[WAD Files]] or [[Wiidisc]]s). They contain the encrypted [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] "title key" and the Title ID of the data and are signed by a certificate from a [[certificate chain]] (which usually is the same for all titles and stored somewhere on the NAND). |
| So far only tickets with [http://en.wikipedia.org/wiki/RSA RSA-2048] signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4) | | So far only tickets with [http://en.wikipedia.org/wiki/RSA RSA-2048] signatures have been seen. (Discs will only work with those signatures because the size of partition ticket is always 0x2a4) |
| | | |
− | === File structure === | + | === File structure === |
| {| class="wikitable" | | {| class="wikitable" |
| |- | | |- |
Line 18: |
Line 18: |
| | 0x0103 | | | 0x0103 |
| | 0x100 | | | 0x100 |
− | | Signature by a certificate's key (everything after this field is covered by this signature) | + | | Signature by a certificate's key |
| |- | | |- |
| | 0x0104 | | | 0x0104 |
− | | 0x013f | + | | 0x013F |
− | | 0x3c | + | | 0x3C |
− | | Padding (Always 0) | + | | Padding (Always 0 - everything after this field is covered by the above signature) |
| |- | | |- |
| | 0x0140 | | | 0x0140 |
− | | 0x017f | + | | 0x017F |
| | 0x40 | | | 0x40 |
| | Signature issuer | | | Signature issuer |
| |- | | |- |
| | 0x0180 | | | 0x0180 |
− | | 0x01be | + | | 0x01BB |
− | | 0x3f | + | | 0x3C |
− | | Unknown (0, unless it is a VC game) | + | | ECDH data, used to generate one-time key during install of console specific titles |
| |- | | |- |
− | | 0x01bf | + | | 0x01BC |
− | | 0x01ce | + | | 0x01BE |
| + | | 0x03 |
| + | | Unused/Padding |
| + | |- |
| + | | 0x01BF |
| + | | 0x01CE |
| | 0x10 | | | 0x10 |
| | Encrypted title key | | | Encrypted title key |
| |- | | |- |
− | | 0x01cf | + | | 0x01CF |
− | | 0x01cf | + | | 0x01CF |
| | 0x01 | | | 0x01 |
| | Unknown | | | Unknown |
| |- | | |- |
− | | 0x01d0 | + | | 0x01D0 |
− | | 0x01d7 | + | | 0x01D7 |
| | 0x08 | | | 0x08 |
− | | ticket_id | + | | ticket_id (used as IV for title key decryption of console specific titles) |
| | | |
| |- | | |- |
Line 56: |
Line 61: |
| | Console ID | | | Console ID |
| |- | | |- |
− | | 0x01dc | + | | 0x01DC |
− | | 0x01e3 | + | | 0x01E3 |
| | 0x08 | | | 0x08 |
| | Title ID / [http://en.wikipedia.org/wiki/Initialization_Vector Initialization Vector] (IV) used for AES-[http://en.wikipedia.org/wiki/Cipher_Block_Chaining#Cipher-block_chaining_.28CBC.29 CBC] encryption | | | Title ID / [http://en.wikipedia.org/wiki/Initialization_Vector Initialization Vector] (IV) used for AES-[http://en.wikipedia.org/wiki/Cipher_Block_Chaining#Cipher-block_chaining_.28CBC.29 CBC] encryption |
| |- | | |- |
− | | 0x01e4 | + | | 0x01E4 |
− | | 0x01e5 | + | | 0x01E5 |
| | 0x02 | | | 0x02 |
| | Unknown, mostly 0xFFFF | | | Unknown, mostly 0xFFFF |
| |- | | |- |
− | | 0x01e6 | + | | 0x01E6 |
− | | 0x01e8 | + | | 0x01E7 |
| | 0x02 | | | 0x02 |
− | | Amount of bought DLC contents | + | | Ticket title version |
| + | |- |
| + | | 0x01E8 |
| + | | 0x01EB |
| + | | 0x04 |
| + | | Permitted Titles Mask |
| + | |- |
| + | | 0x01EC |
| + | | 0x01EF |
| + | | 0x04 |
| + | | Permit mask. The current disc title is ANDed with the inverse of this mask to see if the result matches the Permitted Titles Mask. |
| |- | | |- |
− | | 0x01e9 | + | | 0x01F0 |
− | | 0x01f0 | + | | 0x01F0 |
− | | 0x08 | + | | 0x01 |
− | | Unknown | + | | Title Export allowed using PRNG key (1 = allowed, 0 = not allowed) |
| |- | | |- |
− | | 0x01f1 | + | | 0x01F1 |
− | | 0x01f1 | + | | 0x01F1 |
| | 0x01 | | | 0x01 |
− | | Common Key index (1 = Korean Common key, 0 = "normal" Common key) | + | | Common Key index (2 = [http://wiiubrew.org/wiki/WiiMode Wii U Wii mode], 1 = Korean Common key, 0 = "normal" Common key) |
| |- | | |- |
− | | 0x01f2 | + | | 0x01F2 |
| | 0x0221 | | | 0x0221 |
| | 0x30 | | | 0x30 |
Line 87: |
Line 102: |
| |- | | |- |
| | 0x0222 | | | 0x0222 |
− | | 0x0241 | + | | 0x0261 |
− | | 0x20 | + | | 0x40 |
− | | Always 0xFF (?) | + | | Content access permissions (one bit for each content) |
| |- | | |- |
− | | 0x0242 | + | | 0x0262 |
− | | 0x0243 | + | | 0x0263 |
| | 0x02 | | | 0x02 |
| | Padding (Always 0) | | | Padding (Always 0) |
| |- | | |- |
− | | 0x0244 | + | | 0x0264 |
− | | 0x0247 | + | | 0x0267 |
| | 0x04 | | | 0x04 |
| | Enable time limit (1 = Enabled, 0 = Disabled) | | | Enable time limit (1 = Enabled, 0 = Disabled) |
| |- | | |- |
− | | 0x0248 | + | | 0x0268 |
− | | 0x024b | + | | 0x026B |
| | 0x04 | | | 0x04 |
| | Time limit (Seconds) | | | Time limit (Seconds) |
| |- | | |- |
− | | 0x024c | + | | 0x026C |
− | | 0x02a3 | + | | 0x02A3 |
− | | 0x58 | + | | 0x38 |
− | | Padding (Always 0) | + | | 7 more time_limit structs as above ({int enable, seconds}) |
| |} | | |} |
| | | |
| To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero). | | To get the title key decrypt the 16 bytes at offset 0x1bf with the Common Key using the Title ID (offset 0x1dc) as the initialization vector (the last 8 bytes of the IV should be zero). |
| + | |
| [[Category:File formats]] | | [[Category:File formats]] |