CommonETicket: Difference between revisions

3dsguy (talk | contribs)
3dsguy (talk | contribs)
mNo edit summary
Line 51: Line 51:
|}
|}


The Signature Type is the same const as that in [[TMD]]. The certificate chain is located at offset 0x350 for tickets from CDN/SOAP, however this cert-chain is removed once the ticket is installed to NAND.
The Signature Type is the same const as that in [[TMD]].  


The titlekey is decrypted by using the [[AES]] engine with the ticket common-key keyslot where the keyY is one of 6 keyYs loaded via the keyY index stored in the ticket. AES-CBC mode is used where the IV is the big-endian titleID. Note that on a retail unit index0 is a retail keyY, while on a dev-unit index0 is the dev common-key which is a normal-key.(On retail for these keyYs, the hardware key-scrambler is used)
The titlekey is decrypted by using the [[AES]] engine with the ticket common-key keyslot where the keyY is one of 6 keyYs loaded via the keyY index stored in the ticket. AES-CBC mode is used where the IV is the big-endian titleID. Note that on a retail unit index0 is a retail keyY, while on a dev-unit index0 is the dev common-key which is a normal-key.(On retail for these keyYs, the hardware key-scrambler is used)
== Certificate Chain ==
Tickets retrieved from CDN/SOAP have a Certificate chain appended at the end, outside of the ticket structure(offset 0x350/0x450 depending on the size of the ticket signature). There are two certificates in this chain:
{| class="wikitable" border="1"
|-
!  CERTIFICATE
!  SIGNATURE TYPE
!  RETAIL CERT NAME
!  DEBUG CERT NAME
!  DESCRIPTION
|-
|  Ticket
|  RSA-2048
|  XS0000000c
|  XS00000009
|  Used to verify the Ticket signature
|-
|  CA
|  RSA-4096
|  CA00000003
|  CA00000004
|  Used to verify the Ticket Certificate
|}
The CA certificate is issued by 'Root', the public key for which is stored in NATIVE_FIRM.


== Some facts==
== Some facts==
* '''CETK''' can be fetched through HTTP using the link to default update server, using the title's [[TMD]] URL where "cetk" is used instead of "tmd" for the URL. The 3DS NIM module retrieves system tickets via SOAP request ''GetCommonETicket''.
* '''CETK''' can be fetched through HTTP using the link to default update server, using the title's [[TMD]] URL where "cetk" is used instead of "tmd" for the URL. The 3DS NIM module retrieves system tickets via SOAP request ''GetCommonETicket''.