Difference between revisions of "Ticket"
(Created page with "Tickets are used for decrypting downloads from DSi shop. They are essentially containing a 16-byte decryption key, plus signatures and some other stuff. == Ticket Format == Tick...") |
m |
||
Line 4: | Line 4: | ||
Tickets exist as "cetk" file (as found on Nintendo's server), and as ".tik" files (as found in [[nand/ticket]] folder). | Tickets exist as "cetk" file (as found on Nintendo's server), and as ".tik" files (as found in [[nand/ticket]] folder). | ||
* .tik files: encrypted 2A4h+20h bytes (the +20h bytes are probably ES block encryption footer, using an unknown KEY or KEY X/Y?) | * .tik files: encrypted 2A4h+20h bytes (the +20h bytes are probably ES block encryption footer, using an unknown KEY or KEY X/Y?) | ||
− | * cetk files: unencrypted 2A4h+700h bytes (the +700h bytes are some certificate footer). | + | * cetk files: unencrypted 2A4h+700h bytes (the +700h bytes are some certificate footer). The SHA256 of the certificate footer is usually/always 61BADF43329EEC10E1FD952BA55777E116CD25EC5BEFCBE823F13439B8FAE0DC. |
For the overall format of the 2A4h bytes, see [http://wiibrew.org/wiki/Ticket], and NUS Downloader source code. | For the overall format of the 2A4h bytes, see [http://wiibrew.org/wiki/Ticket], and NUS Downloader source code. | ||
Revision as of 19:27, 18 June 2021
Tickets are used for decrypting downloads from DSi shop. They are essentially containing a 16-byte decryption key, plus signatures and some other stuff.
Ticket Format
Tickets exist as "cetk" file (as found on Nintendo's server), and as ".tik" files (as found in nand/ticket folder).
- .tik files: encrypted 2A4h+20h bytes (the +20h bytes are probably ES block encryption footer, using an unknown KEY or KEY X/Y?)
- cetk files: unencrypted 2A4h+700h bytes (the +700h bytes are some certificate footer). The SHA256 of the certificate footer is usually/always 61BADF43329EEC10E1FD952BA55777E116CD25EC5BEFCBE823F13439B8FAE0DC.
For the overall format of the 2A4h bytes, see [1], and NUS Downloader source code.
Download Server
For free system updates, tickets can be downloaded as "cetk" files. For titles sold commercially in DSi ship, tickets must purchased somehow differently. For example, the updates for DSi System Settings (EUR) can be downloaded from:
- http://nus.cdn.t.shop.nintendowifi.net/ccs/download/00030015484e4250/tmd - tmd (unencrypted)
- http://nus.cdn.t.shop.nintendowifi.net/ccs/download/00030015484e4250/cetk - ticket (unencrypted) (available only for free updates)
- http://nus.cdn.t.shop.nintendowifi.net/ccs/download/00030015484e4250/00000002 - executable, version 2 (encrypted via ticket)
- http://nus.cdn.t.shop.nintendowifi.net/ccs/download/00030015484e4250/00000003 - executable, version 3 (encrypted via ticket)
Title Decryption
First, the encrypted Title Key must be decrypted (via AES-CBC):
KEY[00h..0Fh] = Common Key (AF,1B,F5,16,...) ;from ARM7BIOS IV[00h..07h] = Title ID (00,03,00,tt,gg,gg,gg,gg) ;tik/cetk[1DCh] IV[08h..0Fh] = Zerofilled ;padding Input: Encrypted Title Key ;tik/cetk[1BFh] Output: Decrypted Title Key ;for use in next step
Then, the actual executable/file can be decrypted (also via AES-CBC):
KEY[00h..0Fh] = Decrypted Title Key ;from above step IV[00h..01h] = Usually Zero (or "Index" from tmd?) ;tmd[?] IV[02h..0Fh] = Zerofilled ;padding Input: Encrypted file "000000vv" ;from http download Output: Decrypted file "000000vv.app" ;saved on eMMC
The above decryption steps do require a big-endian AES-CBC software implementation (the DSi hardware supports only little-endian, and it supports only AES-CTR and AES-CCM, and, especially, it supports only the "encrypt" key schedule, whilst AES-CBC would require a different "decrypt" key schedule).
See Also
- NUS Downloader/database
- http://wiibrew.org/wiki/Ticket - Wii Tickets (similar to DSi tickets)
- http://3dbrew.org/wiki/Ticket - 3DS Tickets