Ticket: Difference between revisions
|  Update debug cert names + change certificate chain table entry order | No edit summary | ||
| Line 38: | Line 38: | ||
| |- | |- | ||
| | 0x010000 | | 0x010000 | ||
| |  | | RSA-4096 PKCS#1 v1.5 with SHA-1 | ||
| | 0x200 | | 0x200 | ||
| | 0x3C | | 0x3C | ||
| |- | |- | ||
| | 0x010001 | | 0x010001 | ||
| |  | | RSA-2048 PKCS#1 v1.5 with SHA-1 | ||
| | 0x100 | | 0x100 | ||
| | 0x3C | | 0x3C | ||
| |- | |- | ||
| | 0x010002 | | 0x010002 | ||
| | ECDSA  | | ECDSA with SHA-1 | ||
| | 0x3C | | 0x3C | ||
| | 0x40 | | 0x40 | ||
| |- | |- | ||
| | 0x010003 | | 0x010003 | ||
| |  | | RSA-4096 PKCS#1 v1.5 with SHA-256 | ||
| | 0x200 | | 0x200 | ||
| | 0x3C | | 0x3C | ||
| |- | |- | ||
| | 0x010004 | | 0x010004 | ||
| |  | | RSA-2048 PKCS#1 v1.5 with SHA-256 | ||
| | 0x100 | | 0x100 | ||
| | 0x3C | | 0x3C | ||
| |- | |- | ||
| | 0x010005 | | 0x010005 | ||
| | ECDSA  | | ECDSA with SHA-256 | ||
| | 0x3C | | 0x3C | ||
| | 0x40 | | 0x40 | ||
| |- | |||
| | 0x010006 | |||
| | HMAC-SHA1-160 | |||
| | 0x14 | |||
| | 0x28 | |||
| |} | |} | ||
| Line 127: | Line 132: | ||
| |  RSA-2048 | |  RSA-2048 | ||
| |  colspan="2" style="text-align:center;" | XS00000021 | |  colspan="2" style="text-align:center;" | XS00000021 | ||
| |  Used to verify ticket signatures using RSA title key block ("personalized" tickets) | |||
| |- | |||
| |  Ticket | |||
| |  RSA-2048 | |||
| |  colspan="2" style="text-align:center;" | [9.0.0+] XS00000024 | |||
| |  Used to verify ticket signatures using RSA title key block ("personalized" tickets) | |  Used to verify ticket signatures using RSA title key block ("personalized" tickets) | ||
| |- | |- | ||
| |  CA | |  CA | ||
| |  RSA-4096 | |  RSA-4096 | ||
| |  CA00000003 | |  style="text-align:center;" | CA00000003 | ||
| |  CA00000004 | |  style="text-align:center;" | CA00000004 | ||
| |  Used to verify the ticket certificate | |  Used to verify the ticket certificate | ||
| |} | |} | ||
| The CA certificate is issued by 'Root', the public key for which is stored in ES. | The CA certificate is issued by 'Root', the public key for which is stored in ES. | ||
Latest revision as of 02:08, 16 October 2023
Tickets are a format used to store an encrypted title key. The format has been updated again since 3DS.
Structure
| Offset | Size | Description | 
|---|---|---|
| 0x000 | Y | Signature data | 
| Y | 0x2C0 | Ticket data | 
Y denotes the total size of the "signature data" section and depends on the signature type.
Signature data
| Offset | Size | Description | 
|---|---|---|
| 0x0 | 0x4 | Signature type | 
| 0x4 | X | Signature | 
| 0x4 + X | Padding to align the signature data to 0x40 bytes | 
Signature type
| Value | Signature method | Signature size | Padding size | 
|---|---|---|---|
| 0x010000 | RSA-4096 PKCS#1 v1.5 with SHA-1 | 0x200 | 0x3C | 
| 0x010001 | RSA-2048 PKCS#1 v1.5 with SHA-1 | 0x100 | 0x3C | 
| 0x010002 | ECDSA with SHA-1 | 0x3C | 0x40 | 
| 0x010003 | RSA-4096 PKCS#1 v1.5 with SHA-256 | 0x200 | 0x3C | 
| 0x010004 | RSA-2048 PKCS#1 v1.5 with SHA-256 | 0x100 | 0x3C | 
| 0x010005 | ECDSA with SHA-256 | 0x3C | 0x40 | 
| 0x010006 | HMAC-SHA1-160 | 0x14 | 0x28 | 
The hash for the signature is calculated over the ticket data.
Ticket data
| Offset | Size | Description | 
|---|---|---|
| 0x0 | 0x40 | Issuer | 
| 0x40 | 0x100 | Title key block | 
| 0x140 | 0x1 | Ticket Version (Always 2 for Switch (ES) Tickets) | 
| 0x141 | 0x1 | Title key type | 
| 0x142 | 0x2 | Ticket Version | 
| 0x144 | 0x1 | License Type | 
| 0x145 | 0x1 | Master key revision | 
| 0x146 | 0x2 | Properties Bitfield | 
| 0x148 | 0x8 | Reserved | 
| 0x150 | 0x8 | Ticket ID | 
| 0x158 | 0x8 | Device ID | 
| 0x160 | 0x10 | Rights ID | 
| 0x170 | 0x4 | Account ID | 
| 0x174 | 0xC | Unknown | 
| 0x180 | 0x140 | Unknown | 
The title key can be stored as a 16-byte block when tickets are "common" [2.0.0+] with title key type 0, or as a "personalized" RSA-2048 message when title key type is 1. The latter is used for titles requiring stronger licensing (applications, add-on content), while the former (old) method is used for patches.
When RSA is used, this uses an SPL key handle that is initialized with the console-unique RSA-2048 ticket key.
Certificate chain
| Certificate | Signature type | Retail cert name | Debug cert name | Description | 
|---|---|---|---|---|
| Ticket | RSA-2048 | XS00000020 | Used to verify ticket signatures using AES title key block ("common" tickets) | |
| Ticket | RSA-2048 | XS00000021 | Used to verify ticket signatures using RSA title key block ("personalized" tickets) | |
| Ticket | RSA-2048 | [9.0.0+] XS00000024 | Used to verify ticket signatures using RSA title key block ("personalized" tickets) | |
| CA | RSA-4096 | CA00000003 | CA00000004 | Used to verify the ticket certificate | 
The CA certificate is issued by 'Root', the public key for which is stored in ES.