Tutorial
Updated
Hex Editing - Unlocking DLC without CFW or Sigpatch!
Special thanks to @raphamotta for his detailed tutorial(s) on this subject. This one serves as a more detailed explanation of the hex editing portions of his tutorial, which can be found here:
http://gbatemp.net/threads/tutorial...d-on-sysnand-without-cfw-or-aocptcher.464178/
Assumptions:
Facts to Keep in Mind:
There are 2 possible scenarios. In the first scenario, there are 2 tickets in the .tik file. Meaning, your legit ticket for that game (free or paid DLC you downloaded from eShop) + your fake ticket (installed by WUP Installer / USB Helper). In the second scenario, there might be 3 or more tickets in the same .tik file. You'll want to swap them so that your legit ticket is not necessarily at the TOP, but HIGHER than the fake ticket, if that makes sense.
For the purposes of this tutorial, I will be going over the 2 ticket scenario using dummy .tik files I created myself, containing 2 FAKE tickets. YOUR .tik file will have your fake ticket in it (installed from WUP Installer) in addition to your REAL (legit) ticket for that game. I'm doing this because I won't want to reveal my real tickets (for obvious reasons).
How to Do It!:
For the other possible scenario with 3 or more tickets in your .tik file, just picture another 848 or 696 byte ticket for a different game BETWEEN the 1st and 2nd tickets, or perhaps at the top or bottom. In a case like this, you'd want to CUT the top fake ticket, and paste it in a separate, blank hex editor window temporarily. Then take the REAL ticket, and paste it temporarily into a 3rd blank hex window. Now, take your REAL ticket and paste it at the top (0x0), while putting your FAKE ticket at the bottom. Make sure all of you starting offsets for each ticket are correct once swapped, or the Wii U will say that your DLC is corrupted. It really doesn't matter what position that 3rd 'mysterious' ticket is in, because it's for a separate game and the Wii U will ignore the other tickets that aren't for that game if you ever launch it.
As a side note, it looks like @marc_max has created a ticket swapper tool, which makes this whole process automated. His tool cane be found here:
http://www.marcrobledo.com/wiiu-tik-fixer/
Let me know if there's anything you don't understand, or if I should make any changes!
http://gbatemp.net/threads/tutorial...d-on-sysnand-without-cfw-or-aocptcher.464178/
Assumptions:
- You've followed raphamotta's tutorial (link above) up to the hex editing part
- You have your correct .tik file open in a hex editor (I use frhed) for the DLC in question
- You've cheked the keys.txt file (dumped from tik2sd) and you've triple-checked you have the correct .tik file open, comparing your title key / title ID against "that site".
Facts to Keep in Mind:
- DLC tickets are almost always exactly 848 bytes. There are exceptions to this, however the same rules apply to tickets of other sizes as well. I will go over how to tell where one ticket ends and the next one begins.
- If your .tik file is 848 bytes, it contains 1 ticket. If it's 1696 bytes, it contains 2 tickets (most likely your legit + fake ticket), or 2544 bytes (3 tickets - likely your legit + fake, and 1 legit for a different game). I'm not sure how many tickets can be in one .tik file, but I can only assume the sky is the limit.
- Your keys.txt file dumped from tik2sd will be essential for figuring out exactly WHERE (hex offset) inside WHAT .tik file, the ticket you're looking for is located.
- In a .tik file with multiple tickets, each ticket BEGINS IMMEDIATELY after the first ticket ends. For example, an 848 byte ticket located at offset 0x0 ends at 0x34F. The 2nd ticket in this file would begin at offset 0x350 and end at 0x69F. Finally, a 3rd ticket would begin at 0x6A0 and end at 0x9EF.
- In a hex editor, you can generally tell a FAKE ticket from a REAL one, because the FAKE ticket will have a lot of repeating characters, and a real one will look like more randomized gibberish, as in this example:
- The "@xxx" portion in your keys.txt is referring to the hex offset. Think of it like an address, or location inside of a file so we can know exactly WHERE the data (in this case the ticket) is located inside the file. In frhed (the hex editor I use), the offset is always shown at the bottom:
There are 2 possible scenarios. In the first scenario, there are 2 tickets in the .tik file. Meaning, your legit ticket for that game (free or paid DLC you downloaded from eShop) + your fake ticket (installed by WUP Installer / USB Helper). In the second scenario, there might be 3 or more tickets in the same .tik file. You'll want to swap them so that your legit ticket is not necessarily at the TOP, but HIGHER than the fake ticket, if that makes sense.
For the purposes of this tutorial, I will be going over the 2 ticket scenario using dummy .tik files I created myself, containing 2 FAKE tickets. YOUR .tik file will have your fake ticket in it (installed from WUP Installer) in addition to your REAL (legit) ticket for that game. I'm doing this because I won't want to reveal my real tickets (for obvious reasons).
How to Do It!:
- 2 tickets (1 legit + 1 fake for the same game) are inside the .tik file (1696 bytes), and are the only 2 tickets in that file.
- After searching in keys.txt, it indicates that the ticket(s) start at 0x0 and 0x350
- We're going to swap them according to the image and instructions below.
For the other possible scenario with 3 or more tickets in your .tik file, just picture another 848 or 696 byte ticket for a different game BETWEEN the 1st and 2nd tickets, or perhaps at the top or bottom. In a case like this, you'd want to CUT the top fake ticket, and paste it in a separate, blank hex editor window temporarily. Then take the REAL ticket, and paste it temporarily into a 3rd blank hex window. Now, take your REAL ticket and paste it at the top (0x0), while putting your FAKE ticket at the bottom. Make sure all of you starting offsets for each ticket are correct once swapped, or the Wii U will say that your DLC is corrupted. It really doesn't matter what position that 3rd 'mysterious' ticket is in, because it's for a separate game and the Wii U will ignore the other tickets that aren't for that game if you ever launch it.
As a side note, it looks like @marc_max has created a ticket swapper tool, which makes this whole process automated. His tool cane be found here:
http://www.marcrobledo.com/wiiu-tik-fixer/
Let me know if there's anything you don't understand, or if I should make any changes!
Last edited by Rahzadan,