47
edits
Changes
Created page with "Tickets are a format used to store an encrypted title key. The format has been updated again since 3DS. == Structure == {| class="wikitable" ! Offset ! Size ! Description |-..."
Tickets are a format used to store an encrypted title key. The format has been updated again since 3DS.
== Structure ==
{| class="wikitable"
! Offset
! Size
! Description
|-
| 0x000 || Y || Signature data
|-
| Y || 0x2C0 || Ticket data
|}
Y denotes the total size of the "signature data" section and depends on the signature type.
=== Signature data ===
{| class="wikitable"
! Offset
! Size
! Description
|-
| 0x0 || 0x4 || Signature type
|-
| 0x4 || X || Signature
|-
| 0x4 + X || || Padding to align the signature data to 0x40 bytes
|}
==== Signature type ====
{| class="wikitable"
! Value
! Signature method
! Signature size
! Padding size
|-
| 0x010000
| RSA_4096 SHA1
| 0x200
| 0x3C
|-
| 0x010001
| RSA_2048 SHA1
| 0x100
| 0x3C
|-
| 0x010002
| Elliptic Curve with SHA1
| 0x3C
| 0x40
|-
| 0x010003
| RSA_4096 SHA256
| 0x200
| 0x3C
|-
| 0x010004
| RSA_2048 SHA256
| 0x100
| 0x3C
|-
| 0x010005
| ECDSA with SHA256
| 0x3C
| 0x40
|}
The hash for the signature is calculated over the ticket data.
=== Ticket data ===
{| class="wikitable"
! Offset
! Size
! Description
|-
| 0x0 || 0x40 || Issuer
|-
| 0x40 || 0x100 || Title key block
|-
| 0x140 || 0x1 || Unknown
|-
| 0x141 || 0x1 || Title key type
|-
| 0x142 || 0xE || Unknown
|-
| 0x150 || 0x8 || Ticket ID
|-
| 0x158 || 0x8 || Device ID
|-
| 0x160 || 0x8 || Title ID
|-
| 0x168 || 0x8 || Unknown
|-
| 0x170 || 0x4 || Account ID
|-
| 0x174 || 0xC || Unknown
|-
| 0x180 || 0x140 || Unknown
|}
The title key can be encrypted as a single AES block when title key type is 0 (presumably AES-128-CBC) or as an RSA-2048 message when title key type is 1. The latter is used for titles requiring stronger licensing (applications, add-on content), while the former (old) method is used for patches.
When RSA is used, this uses an SPL key handle that is initialized with the console-unique RSA-2048 ticket key.
CommonETicket (or cetk) no longer exist.
== Certificate chain ==
{| class="wikitable"
! Certificate
! Signature type
! Retail cert name
! Debug cert name
! Description
|-
| Ticket
| RSA-2048
| XS00000021
| ?
| Used to verify (some?) ticket signatures
|-
| Ticket
| RSA-2048
| XS00000020
| ?
| Used to verify (some?) ticket signatures
|-
| CA
| RSA-4096
| CA00000003
| CA00000004
| Used to verify the ticket certificate
|}
The CA certificate is issued by 'Root', the public key for which is stored in ES.
== Structure ==
{| class="wikitable"
! Offset
! Size
! Description
|-
| 0x000 || Y || Signature data
|-
| Y || 0x2C0 || Ticket data
|}
Y denotes the total size of the "signature data" section and depends on the signature type.
=== Signature data ===
{| class="wikitable"
! Offset
! Size
! Description
|-
| 0x0 || 0x4 || Signature type
|-
| 0x4 || X || Signature
|-
| 0x4 + X || || Padding to align the signature data to 0x40 bytes
|}
==== Signature type ====
{| class="wikitable"
! Value
! Signature method
! Signature size
! Padding size
|-
| 0x010000
| RSA_4096 SHA1
| 0x200
| 0x3C
|-
| 0x010001
| RSA_2048 SHA1
| 0x100
| 0x3C
|-
| 0x010002
| Elliptic Curve with SHA1
| 0x3C
| 0x40
|-
| 0x010003
| RSA_4096 SHA256
| 0x200
| 0x3C
|-
| 0x010004
| RSA_2048 SHA256
| 0x100
| 0x3C
|-
| 0x010005
| ECDSA with SHA256
| 0x3C
| 0x40
|}
The hash for the signature is calculated over the ticket data.
=== Ticket data ===
{| class="wikitable"
! Offset
! Size
! Description
|-
| 0x0 || 0x40 || Issuer
|-
| 0x40 || 0x100 || Title key block
|-
| 0x140 || 0x1 || Unknown
|-
| 0x141 || 0x1 || Title key type
|-
| 0x142 || 0xE || Unknown
|-
| 0x150 || 0x8 || Ticket ID
|-
| 0x158 || 0x8 || Device ID
|-
| 0x160 || 0x8 || Title ID
|-
| 0x168 || 0x8 || Unknown
|-
| 0x170 || 0x4 || Account ID
|-
| 0x174 || 0xC || Unknown
|-
| 0x180 || 0x140 || Unknown
|}
The title key can be encrypted as a single AES block when title key type is 0 (presumably AES-128-CBC) or as an RSA-2048 message when title key type is 1. The latter is used for titles requiring stronger licensing (applications, add-on content), while the former (old) method is used for patches.
When RSA is used, this uses an SPL key handle that is initialized with the console-unique RSA-2048 ticket key.
CommonETicket (or cetk) no longer exist.
== Certificate chain ==
{| class="wikitable"
! Certificate
! Signature type
! Retail cert name
! Debug cert name
! Description
|-
| Ticket
| RSA-2048
| XS00000021
| ?
| Used to verify (some?) ticket signatures
|-
| Ticket
| RSA-2048
| XS00000020
| ?
| Used to verify (some?) ticket signatures
|-
| CA
| RSA-4096
| CA00000003
| CA00000004
| Used to verify the ticket certificate
|}
The CA certificate is issued by 'Root', the public key for which is stored in ES.