From DSiBrew
Jump to navigation Jump to search

Tickets are used for decrypting downloads from DSi shop. They are essentially containing a 16-byte decryption key, plus signatures and some other stuff.

Ticket Format

Tickets exist as "cetk" file (as found on Nintendo's server), and as ".tik" files (as found in nand:/ticket folder).

  • .tik files: encrypted 2A4h+20h bytes (the +20h bytes are probably ES block encryption footer, using an unknown KEY or KEY X/Y?)
  • cetk files: unencrypted 2A4h+700h bytes (the +700h bytes are some certificate footer). The SHA256 of the certificate footer is usually/always 61BADF43329EEC10E1FD952BA55777E116CD25EC5BEFCBE823F13439B8FAE0DC.

For the overall format of the 2A4h bytes, see [1], and NUS Downloader source code.

Download Server

For free system updates, tickets can be downloaded as "cetk" files. For titles sold commercially in DSi ship, tickets must purchased somehow differently. For example, the updates for DSi System Settings (EUR) can be downloaded from:

Title Decryption

First, the encrypted Title Key must be decrypted (via AES-CBC):

 KEY[00h..0Fh] = Common Key (AF,1B,F5,16,...)        ;from ARM7BIOS
 IV[00h..07h]  = Title ID (00,03,00,tt,gg,gg,gg,gg)  ;tik/cetk[1DCh]
 IV[08h..0Fh]  = Zerofilled                          ;padding
 Input: Encrypted Title Key                          ;tik/cetk[1BFh]
 Output: Decrypted Title Key                         ;for use in next step

Then, the actual executable/file can be decrypted (also via AES-CBC):

 KEY[00h..0Fh] = Decrypted Title Key                 ;from above step
 IV[00h..01h]  = Usually Zero (or "Index" from tmd?) ;tmd[?]
 IV[02h..0Fh]  = Zerofilled                          ;padding
 Input: Encrypted file "000000vv"                    ;from http download
 Output: Decrypted file "000000vv.app"               ;saved on eMMC

The above decryption steps do require a big-endian AES-CBC software implementation (the DSi hardware supports only little-endian, and it supports only AES-CTR and AES-CCM, and, especially, it supports only the "encrypt" key schedule, whilst AES-CBC would require a different "decrypt" key schedule).

See Also