Tickets are used for decrypting downloads from DSi shop. They are essentially containing a 16-byte decryption key, plus signatures and some other stuff.
Tickets exist as "cetk" file (as found on Nintendo's server), and as ".tik" files (as found in nand:/ticket folder).
- .tik files: encrypted 2A4h+20h bytes (the +20h bytes are probably ES block encryption footer, using an unknown KEY or KEY X/Y?)
- cetk files: unencrypted 2A4h+700h bytes (the +700h bytes are some certificate footer). The SHA256 of the certificate footer is usually/always 61BADF43329EEC10E1FD952BA55777E116CD25EC5BEFCBE823F13439B8FAE0DC.
For the overall format of the 2A4h bytes, see , and NUS Downloader source code.
For free system updates, tickets can be downloaded as "cetk" files. For titles sold commercially in DSi ship, tickets must purchased somehow differently. For example, the updates for DSi System Settings (EUR) can be downloaded from:
- http://nus.cdn.t.shop.nintendowifi.net/ccs/download/00030015484e4250/tmd - tmd (unencrypted)
- http://nus.cdn.t.shop.nintendowifi.net/ccs/download/00030015484e4250/cetk - ticket (unencrypted) (available only for free updates)
- http://nus.cdn.t.shop.nintendowifi.net/ccs/download/00030015484e4250/00000002 - executable, version 2 (encrypted via ticket)
- http://nus.cdn.t.shop.nintendowifi.net/ccs/download/00030015484e4250/00000003 - executable, version 3 (encrypted via ticket)
First, the encrypted Title Key must be decrypted (via AES-CBC):
KEY[00h..0Fh] = Common Key (AF,1B,F5,16,...) ;from ARM7BIOS IV[00h..07h] = Title ID (00,03,00,tt,gg,gg,gg,gg) ;tik/cetk[1DCh] IV[08h..0Fh] = Zerofilled ;padding Input: Encrypted Title Key ;tik/cetk[1BFh] Output: Decrypted Title Key ;for use in next step
Then, the actual executable/file can be decrypted (also via AES-CBC):
KEY[00h..0Fh] = Decrypted Title Key ;from above step IV[00h..01h] = Usually Zero (or "Index" from tmd?) ;tmd[?] IV[02h..0Fh] = Zerofilled ;padding Input: Encrypted file "000000vv" ;from http download Output: Decrypted file "000000vv.app" ;saved on eMMC
The above decryption steps do require a big-endian AES-CBC software implementation (the DSi hardware supports only little-endian, and it supports only AES-CTR and AES-CCM, and, especially, it supports only the "encrypt" key schedule, whilst AES-CBC would require a different "decrypt" key schedule).