|
|
| (One intermediate revision by the same user not shown) |
| Line 1: |
Line 1: |
| [[Category:File formats]]
| | #REDIRECT [[Ticket]] |
| '''CommonETicket''' (for short, '''cetk''') is a format as a ticket used to store an encrypted titlekey (using 128-Bit AES-CBC). This format seems to be identical to DSi/Wii tickets.
| |
| | |
| == Structure ==
| |
| | |
| All of the data in the file is represented in Big Endian.
| |
| | |
| === Content ===
| |
| {| class="wikitable"
| |
| | align="center" style="background:#f0f0f0;"|'''Offset'''
| |
| | align="center" style="background:#f0f0f0;"|'''Size'''
| |
| | align="center" style="background:#f0f0f0;"|'''Description'''
| |
| |-
| |
| | 0x000||0x4||Signature Type
| |
| |-
| |
| | 0x004||0x100||Signature
| |
| |-
| |
| | 0x104||0x3C||Padding modulo 64
| |
| |-
| |
| | 0x140||0x40||Issuer
| |
| |-
| |
| | 0x180||0x3C||ECDH data for console-unique eShop tickets.
| |
| |-
| |
| | 0x1BC||0x3||Unknown, first u8 is 0x01.
| |
| |-
| |
| | 0x1BF||0x10||Encrypted TitleKey
| |
| |-
| |
| | 0x1CF||0x1||Unknown
| |
| |-
| |
| | 0x1D0||0x8||TicketID
| |
| |-
| |
| | 0x1D8||0x4||Ticket consoleID
| |
| |-
| |
| | 0x1DC||0x8||TitleID
| |
| |-
| |
| | 0x1E4||0x2||Unknown
| |
| |-
| |
| | 0x1E6||0x2||Ticket title version, this title version is also stored in the [[TMD]].
| |
| |-
| |
| | 0x1E8||0x8||Unused
| |
| |-
| |
| | 0x1F0||0x1||Unused
| |
| |-
| |
| | 0x1F1||0x1||Ticket common [[AES|keyY]] index, usually 0x1 for retail system titles.
| |
| |-
| |
| | 0x1F2||0xB2||Unused
| |
| |-
| |
| | 0x2A4||0x30||Unknown
| |
| |-
| |
| | 0x2D4||0x7C||Unused
| |
| |}
| |
| | |
| The Signature Type is the same const as that in [[TMD]].
| |
| | |
| The titlekey is decrypted by using the [[AES]] engine with the ticket common-key keyslot where the keyY is one of 6 keyYs loaded via the keyY index stored in the ticket. AES-CBC mode is used where the IV is the big-endian titleID. Note that on a retail unit index0 is a retail keyY, while on a dev-unit index0 is the dev common-key which is a normal-key.(On retail for these keyYs, the hardware key-scrambler is used)
| |
| | |
| == Certificate Chain ==
| |
| Tickets retrieved from CDN/SOAP have a [[Certificates|certificate]] chain appended at the end of the file. There are two certificates in this chain:
| |
| | |
| {| class="wikitable" border="1"
| |
| |-
| |
| ! CERTIFICATE
| |
| ! SIGNATURE TYPE
| |
| ! RETAIL CERT NAME
| |
| ! DEBUG CERT NAME
| |
| ! DESCRIPTION
| |
| |-
| |
| | Ticket
| |
| | RSA-2048
| |
| | XS0000000c
| |
| | XS00000009
| |
| | Used to verify the Ticket signature
| |
| |-
| |
| | CA
| |
| | RSA-4096
| |
| | CA00000003
| |
| | CA00000004
| |
| | Used to verify the Ticket Certificate
| |
| |}
| |
| | |
| The CA certificate is issued by 'Root', the public key for which is stored in NATIVE_FIRM.
| |
| | |
| == Some facts==
| |
| * '''CETK''' can be fetched through HTTP using the link to default update server, using the title's [[TMD]] URL where "cetk" is used instead of "tmd" for the URL. The 3DS NIM module retrieves system tickets via SOAP request ''GetCommonETicket''.
| |