Hacking [HOW-TO] Dumping tickets for Brazilian exploit

[shutterbug2000]

First off, you need to follow this: https://gbatemp.net/threads/how-to-load-a-fw-img-for-any-file-dumping-wiiubru-status-update.445840/ to set up cfw hax.

Then, run python and get into a python console(just run the python executable)

Then, type "execfile('path\\to\\the\\.py\\file')"

Then, for eshop:

Run "w.dldir("/vol/system_slc/rights/ticket/apps/")"

OR

For disc games:

Type "mount_odd_tickets()", "w.dldir("/vol/storage_odd_tickets")", and unmount_odd_tickets().

You can then swap the disc and repeat.



For eshop games, to determine the title id, open in a hex editor

Then, find 0005. Make sure it comes Root-CA.

The next 8 hex digits will be your title id, which can be compared with a title id database to find the game the ticket belongs to.

 

[KiiWii]

Very cool, do you think will be there possibility to dump directly to SD without a PC present?

 

[shutterbug2000]

Very cool, do you think will be there possibility to dump directly to SD without a PC present?

Possibly, but it depends on how IOSU/cfw progresses.

 

[zongalito]

So now eshop game tickets can be extracted? And dlc?

 

[SoulEater98]

So with this we can get tickets for VC games, eShop titles or DLC?

 

[shutterbug2000]

So now eshop game tickets can be extracted? And dlc?

So with this we can get tickets for VC games, eShop titles or DLC?

Yep. EShop games for sure, and DLC should work.

 

[veggav]

I don't think this will work because DLC/Eshop/VC all have console ID bytes.

So it's hooked to your console only.

 

[Wishi]

Great hopefully someone could get us Pokken USA ticket thats the only game I need :c

 

[shutterbug2000]

I don't think this will work because DLC/Eshop/VC all have console ID bytes.

So it's hooked to your console only.

Good point. I'm willing to try, but I'd need someone else's tickets

(either way, still useful for disc games)

 

[brkun]

This, sir, is amazing.

THanks!

 

[Kohmei]

I heard the fw.img you need might be available on that one site if you check a PSA thread

 

[Exavold]

Wow , I would have dumped a lot of stuff.

(if I wasn't stuck searching for the ancast iv key :[)

 

[veggav]

Awesome work! Things move at light speed when the community works together!

 

[joacosur15]

I think cyan already tested and get different tickets than the public/pirate .wud

 

[Pokezuculento]

You can make a video?

 

[KongsNutz]

I think cyan already tested and get different tickets than the public/pirate .wud

They work

 

[Cyan]

I think cyan already tested and get different tickets than the public/pirate .wud

naah, it's not me.
I didn't even build the fw.bin (blocked at armips step), or tried any CFW booter.
I also don't share tickets.


you can get and share the Disc ticket, but the eShop tickets are linked to the console.
until there's a CFW patch with signature check removed, users won't be able to use them.
(unless I'm wrong?)

 

[veggav]

naah, it's not me.
I didn't even build the fw.bin (blocked at armips step), or tried any CFW booter.
I also don't share tickets.


you can get and share the Disc ticket, but the eShop tickets are linked to the console.
until there's a CFW patch with signature check removed, users won't be able to use them.
(unless I'm wrong?)

What if the exact location of the bytes for the console ID are found and we swap it for our own console ID?
Would this kill the hash check?

 

[SoulEater98]

Wow , I would have dumped a lot of stuff.

(if I wasn't stuck searching for the ancast iv key :[)

You're not able to find them through google?

 

[Exavold]

You're not able to find them through google?

I did , after all.