Changes

Jump to navigation Jump to search

Ticket (edit)

Revision as of 06:06, 25 April 2013

3,386 bytes added ,  06:06, 25 April 2013
Created page with "Category:File formats Tickets are a format used to store an encrypted titlekey (using 128-Bit AES-CBC). This format seems to be identical to DSi/Wii tickets. == Structure =..."
[[Category:File formats]]
Tickets are a format used to store an encrypted titlekey (using 128-Bit AES-CBC). This format seems to be identical to DSi/Wii tickets.

== Structure ==

All of the data in the file is represented in Big Endian.

{| class="wikitable"
| align="center" style="background:#f0f0f0;"|'''Offset'''
| align="center" style="background:#f0f0f0;"|'''Size'''
| align="center" style="background:#f0f0f0;"|'''Description'''
|-
| 0x000||Y||Signature Data
|-
| Y||0x210||Ticket Data
|}

=== Signature Data ===
The total size of this section is referred to as "Y" in the overall TMD structure. The signature is of the header of the TMD.
{| class="wikitable"
| align="center" style="background:#f0f0f0;"|'''Offset'''
| align="center" style="background:#f0f0f0;"|'''Size'''
| align="center" style="background:#f0f0f0;"|'''Description'''
|-
| 0x0||0x4||Signature Type
|-
| 0x4 ||X||Signature
|-
| 0x4 + X|| ||Padding Aligning the signature data to 0x40 bytes
|}

==== Signature Type ====
{{Signature Types}}

The hash for the signature is calculated over the Ticket Data.

=== Ticket Data ===
{| class="wikitable"
| align="center" style="background:#f0f0f0;"|'''Offset'''
| align="center" style="background:#f0f0f0;"|'''Size'''
| align="center" style="background:#f0f0f0;"|'''Description'''
|-
| 0x0||0x40||Issuer
|-
| 0x40||0x3C||ECDH data for console-unique eShop tickets.
|-
| 0x7C||0x3||Unknown, first u8 is 0x01.
|-
| 0x7F||0x10||Encrypted TitleKey
|-
| 0x8F||0x1||Unknown
|-
| 0x90||0x8||TicketID
|-
| 0x98||0x4||Ticket consoleID
|-
| 0x9C||0x8||TitleID
|-
| 0xA4||0x2||Unknown
|-
| 0xA6||0x2||Ticket title version, this title version is also stored in the [[TMD]].
|-
| 0xA8||0x8||Unused
|-
| 0xB0||0x1||Unused
|-
| 0xB1||0x1||Ticket common [[AES|keyY]] index, usually 0x1 for retail system titles.
|-
| 0xB2||0x2F||Unused
|-
| 0xE1||0x1||Unknown
|-
| 0xE2||0x82||Unused
|-
| 0x164||0x30||Unknown
|-
| 0x194||0x7C||Unused
|}

The Signature Type is the same const as that in [[TMD]].

The titlekey is decrypted by using the [[AES]] engine with the ticket common-key keyslot where the keyY is one of 6 keyYs loaded via the keyY index stored in the ticket. AES-CBC mode is used where the IV is the big-endian titleID. Note that on a retail unit index0 is a retail keyY, while on a dev-unit index0 is the dev common-key which is a normal-key.(On retail for these keyYs, the hardware key-scrambler is used)

== Certificate Chain ==
Tickets retrieved from CDN/SOAP have a [[Certificates|certificate]] chain appended at the end of the file. There are two certificates in this chain:

{| class="wikitable" border="1"
|-
! CERTIFICATE
! SIGNATURE TYPE
! RETAIL CERT NAME
! DEBUG CERT NAME
! DESCRIPTION
|-
| Ticket
| RSA-2048
| XS0000000c
| XS00000009
| Used to verify the Ticket signature
|-
| CA
| RSA-4096
| CA00000003
| CA00000004
| Used to verify the Ticket Certificate
|}

The CA certificate is issued by 'Root', the public key for which is stored in NATIVE_FIRM.

== Some facts==
* '''CommonETicket''' (for short, '''cetk''') is the name given to tickets for titles which aren't purchasable, like system titles.

* '''CETK''' can be fetched through HTTP using the link to default update server, using the title's [[TMD]] URL where "cetk" is used instead of "tmd" for the URL. The 3DS NIM module retrieves system tickets via SOAP request ''GetCommonETicket''.
3dsguy
839

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/5748"

Navigation menu