Difference between revisions of "Ticket"

From Nintendo Switch Brew
Jump to navigation Jump to search
 
(5 intermediate revisions by 4 users not shown)
Line 38: Line 38:
 
|-
 
|-
 
| 0x010000
 
| 0x010000
| RSA_4096 SHA1
+
| RSA-4096 PKCS#1 v1.5 with SHA-1
 
| 0x200
 
| 0x200
 
| 0x3C
 
| 0x3C
 
|-
 
|-
 
| 0x010001
 
| 0x010001
| RSA_2048 SHA1
+
| RSA-2048 PKCS#1 v1.5 with SHA-1
 
| 0x100
 
| 0x100
 
| 0x3C
 
| 0x3C
 
|-
 
|-
 
| 0x010002
 
| 0x010002
| ECDSA SHA1
+
| ECDSA with SHA-1
 
| 0x3C
 
| 0x3C
 
| 0x40
 
| 0x40
 
|-
 
|-
 
| 0x010003
 
| 0x010003
| RSA_4096 SHA256
+
| RSA-4096 PKCS#1 v1.5 with SHA-256
 
| 0x200
 
| 0x200
 
| 0x3C
 
| 0x3C
 
|-
 
|-
 
| 0x010004
 
| 0x010004
| RSA_2048 SHA256
+
| RSA-2048 PKCS#1 v1.5 with SHA-256
 
| 0x100
 
| 0x100
 
| 0x3C
 
| 0x3C
 
|-
 
|-
 
| 0x010005
 
| 0x010005
| ECDSA SHA256
+
| ECDSA with SHA-256
 
| 0x3C
 
| 0x3C
 
| 0x40
 
| 0x40
 +
|-
 +
| 0x010006
 +
| HMAC-SHA1-160
 +
| 0x14
 +
| 0x28
 
|}
 
|}
  
Line 80: Line 85:
 
| 0x40 || 0x100 || Title key block
 
| 0x40 || 0x100 || Title key block
 
|-
 
|-
| 0x140 || 0x1 || Unknown
+
| 0x140 || 0x1 || Ticket Version (Always 2 for Switch (ES) Tickets)
 
|-
 
|-
 
| 0x141 || 0x1 || Title key type
 
| 0x141 || 0x1 || Title key type
 
|-
 
|-
| 0x142 || 0xE || Unknown
+
| 0x142 || 0x2 || Ticket Version
 +
|-
 +
| 0x144 || 0x1 || License Type
 +
|-
 +
| 0x145 || 0x1 || Master key revision
 +
|-
 +
| 0x146 || 0x2 || Properties Bitfield
 +
|-
 +
| 0x148 || 0x8 || Reserved
 
|-
 
|-
 
| 0x150 || 0x8 || Ticket ID
 
| 0x150 || 0x8 || Ticket ID
Line 90: Line 103:
 
| 0x158 || 0x8 || Device ID
 
| 0x158 || 0x8 || Device ID
 
|-
 
|-
| 0x160 || 0x8 || Title ID
+
| 0x160 || 0x10 || Rights ID
|-
 
| 0x168 || 0x8 || Unknown
 
 
|-
 
|-
 
| 0x170 || 0x4 || Account ID
 
| 0x170 || 0x4 || Account ID
Line 101: Line 112:
 
|}
 
|}
  
The title key can be encrypted as a single AES block when title key type is 0 (presumably AES-128-CBC) or as a "personalized" RSA-2048 message when title key type is 1. The latter is used for titles requiring stronger licensing (applications, add-on content), while the former (old) method is used for patches.
+
The title key can be stored as a 16-byte block when tickets are "common" [2.0.0+] with title key type 0, or as a "personalized" RSA-2048 message when title key type is 1. The latter is used for titles requiring stronger licensing (applications, add-on content), while the former (old) method is used for patches.
  
 
When RSA is used, this uses an SPL key handle that is initialized with the console-unique RSA-2048 ticket key.
 
When RSA is used, this uses an SPL key handle that is initialized with the console-unique RSA-2048 ticket key.
 
CommonETicket (or cetk) no longer exist.
 
  
 
== Certificate chain ==
 
== Certificate chain ==
Line 117: Line 126:
 
|  Ticket
 
|  Ticket
 
|  RSA-2048
 
|  RSA-2048
XS00000021
+
colspan="2" style="text-align:center;" | XS00000020
?
+
|  Used to verify ticket signatures using AES title key block ("common" tickets)
 +
|-
 +
|  Ticket
 +
|  RSA-2048
 +
colspan="2" style="text-align:center;" | XS00000021
 
|  Used to verify ticket signatures using RSA title key block ("personalized" tickets)
 
|  Used to verify ticket signatures using RSA title key block ("personalized" tickets)
 
|-
 
|-
 
|  Ticket
 
|  Ticket
 
|  RSA-2048
 
|  RSA-2048
XS00000020
+
colspan="2" style="text-align:center;" | [9.0.0+] XS00000024
| ?
+
|  Used to verify ticket signatures using RSA title key block ("personalized" tickets)
|  Used to verify ticket signatures using AES title key block
 
 
|-
 
|-
 
|  CA
 
|  CA
 
|  RSA-4096
 
|  RSA-4096
|  CA00000003
+
style="text-align:center;" | CA00000003
|  CA00000004
+
style="text-align:center;" | CA00000004
 
|  Used to verify the ticket certificate
 
|  Used to verify the ticket certificate
 
|}
 
|}
  
 
The CA certificate is issued by 'Root', the public key for which is stored in ES.
 
The CA certificate is issued by 'Root', the public key for which is stored in ES.

Latest revision as of 00:08, 16 October 2023

Tickets are a format used to store an encrypted title key. The format has been updated again since 3DS.

Structure

Offset Size Description
0x000 Y Signature data
Y 0x2C0 Ticket data

Y denotes the total size of the "signature data" section and depends on the signature type.

Signature data

Offset Size Description
0x0 0x4 Signature type
0x4 X Signature
0x4 + X Padding to align the signature data to 0x40 bytes

Signature type

Value Signature method Signature size Padding size
0x010000 RSA-4096 PKCS#1 v1.5 with SHA-1 0x200 0x3C
0x010001 RSA-2048 PKCS#1 v1.5 with SHA-1 0x100 0x3C
0x010002 ECDSA with SHA-1 0x3C 0x40
0x010003 RSA-4096 PKCS#1 v1.5 with SHA-256 0x200 0x3C
0x010004 RSA-2048 PKCS#1 v1.5 with SHA-256 0x100 0x3C
0x010005 ECDSA with SHA-256 0x3C 0x40
0x010006 HMAC-SHA1-160 0x14 0x28

The hash for the signature is calculated over the ticket data.

Ticket data

Offset Size Description
0x0 0x40 Issuer
0x40 0x100 Title key block
0x140 0x1 Ticket Version (Always 2 for Switch (ES) Tickets)
0x141 0x1 Title key type
0x142 0x2 Ticket Version
0x144 0x1 License Type
0x145 0x1 Master key revision
0x146 0x2 Properties Bitfield
0x148 0x8 Reserved
0x150 0x8 Ticket ID
0x158 0x8 Device ID
0x160 0x10 Rights ID
0x170 0x4 Account ID
0x174 0xC Unknown
0x180 0x140 Unknown

The title key can be stored as a 16-byte block when tickets are "common" [2.0.0+] with title key type 0, or as a "personalized" RSA-2048 message when title key type is 1. The latter is used for titles requiring stronger licensing (applications, add-on content), while the former (old) method is used for patches.

When RSA is used, this uses an SPL key handle that is initialized with the console-unique RSA-2048 ticket key.

Certificate chain

Certificate Signature type Retail cert name Debug cert name Description
Ticket RSA-2048 XS00000020 Used to verify ticket signatures using AES title key block ("common" tickets)
Ticket RSA-2048 XS00000021 Used to verify ticket signatures using RSA title key block ("personalized" tickets)
Ticket RSA-2048 [9.0.0+] XS00000024 Used to verify ticket signatures using RSA title key block ("personalized" tickets)
CA RSA-4096 CA00000003 CA00000004 Used to verify the ticket certificate

The CA certificate is issued by 'Root', the public key for which is stored in ES.