1. crediar

    crediar Possiblenator
    Member

    Joined:
    Mar 5, 2006
    Messages:
    342
    Country:
    Antarctica
    Actually the 0xF thing is because none of the extraction tools seem to use the right IV (all zero) instead of the correct one.
    Because it is within some random data nobody ever noticed until now I guess.
     
    ajd4096, moops44 and cearp like this.
  2. AboodXD

    AboodXD I hack NSMB games, and other shiz.
    Member

    Joined:
    Oct 11, 2014
    Messages:
    2,780
    Country:
    United Arab Emirates
    Hey crediar, do you know how did they dump their discs?
    Detailed please. :)
     
  3. veggav

    veggav GBAtemp Regular
    Member

    Joined:
    Nov 21, 2009
    Messages:
    161
    Country:
    Brazil
    I get you, NWPlayer, amd a bunch of people are able to dump tikets from disc because you got private iosu?
    Do you think we might get a few more tickets that aren't available at the moment?
     
  4. FIX94

    FIX94 Global Moderator
    Global Moderator

    Joined:
    Dec 3, 2009
    Messages:
    7,284
    Country:
    Germany
    uhm, the IOSU exploit is public already though which needs just a couple more things to load iosuhax, and iosuhax has been public on github by smea for months now so quite a few people have access to stuff by now, you do have to be a developer though to make sense of it all, there is no user friendly version of anything yet but that will be there soon so people who arent devs can do it too.
     
    VinsCool and veggav like this.
  5. asper

    OP asper GBAtemp Advanced Fan
    Member

    Joined:
    May 14, 2010
    Messages:
    866
    Country:
    United States
    @crediar , I am sorry, can you explain better what you mean with "Because it is within some random data nobody ever noticed" ?
     
  6. FIX94

    FIX94 Global Moderator
    Global Moderator

    Joined:
    Dec 3, 2009
    Messages:
    7,284
    Country:
    Germany
    So to do AES decryption you need a key and a iv (initialization vector), if that vector is not correct the first decrypted block (one block=0x10 bytes) will look wrong, thats exactly what happens here to the first 0x10 tik bytes, whatever decrypts this at the moment does not correctly set up the iv.
     
    ajd4096 likes this.
  7. uyjulian

    uyjulian Homebrewer
    Member

    Joined:
    Nov 26, 2012
    Messages:
    2,440
    Country:
    United States
    So, basically, all disks are "legit WUDs"; can be installed on any console ?
    And eshop is keyed to one console?
     
  8. asper

    OP asper GBAtemp Advanced Fan
    Member

    Joined:
    May 14, 2010
    Messages:
    866
    Country:
    United States
    With "whatever decrypts this" you mean inside the console ?
     
  9. FIX94

    FIX94 Global Moderator
    Global Moderator

    Joined:
    Dec 3, 2009
    Messages:
    7,284
    Country:
    Germany
    yes that is correct.
    I mean the software decrypting the .wud right now has the problem, and thats why my own tik dumps from disc are automatically correct and can be installed ;)
     
  10. asper

    OP asper GBAtemp Advanced Fan
    Member

    Joined:
    May 14, 2010
    Messages:
    866
    Country:
    United States
    Good to hear that my theory is totally wrong ;)
     
    AboodXD likes this.
  11. Kohmei

    Kohmei GBAtemp Advanced Fan
    Member

    Joined:
    Feb 17, 2013
    Messages:
    809
    Country:
    United States
    My SM3DW pre-install ticket is completely different than the "public" disc ticket

    It's even many bytes shorter
     
    Toscanelli likes this.
  12. cearp

    cearp 瓜老外
    Member

    Joined:
    May 26, 2008
    Messages:
    8,171
    Country:
    Tuvalu
    I just want to fully understand this.

    (this is what i think happens, i might be wrong, please correct!)
    So, wii u disk games, they happen to have a ticket on the disk.
    The contents on the disk are encrypted, with the WUD key. (wii u disk key)
    Yet the ticket on the disk, it contains the CDN key for the digital game. - Useless for the disk contents which are encrypted with different key, the WUD key. -- this confuses me if true, why nintendo? :wtf:

    For the brazil trick we take and change the ticket on disk to be a digital media type instead of physical, download the contents from cdn and install with our edited ticket.



    And @crediar or anyone else in the know, when downloading the h3 files from cdn, how can we find out what .app content files will have a .h3 file?
    Some games I have seem don't have a .h3 file for each .app file. In my tool I'm simply testing to see if a .h3 file exists for each content file, but it seems a bit ugly.

    Thanks guys :)


    ---
    and from what i see, the premade tickets I have found online... they have console ids in them.
    with wiiu we can install tickets that have a console id?
    (and especially one that is not ours?)
    i ask because, with 3ds we cannot install anything that has a console id in the ticket, even our own console id... = no legit personal backups. :(
     
    Last edited: Oct 24, 2016
    moops44 likes this.
  13. Cyanopsis

    Cyanopsis Advanced Member
    Newcomer

    Joined:
    Nov 6, 2015
    Messages:
    76
    Country:
    Om that ticket database site there is a ticket for Zelda A link to the Past, which i guess is an e-shop VC title. That must be bogus then right?
     
  14. cearp

    cearp 瓜老外
    Member

    Joined:
    May 26, 2008
    Messages:
    8,171
    Country:
    Tuvalu
    today i noticed quite a few eshop tickets/keys up, so i guess with the recent progess/public progress, we can dump tickets from our console?
    before i never saw eshop tickets, or even jpn tickets ha...

    good the collection is building!
     
    Azel likes this.
  15. Pachee

    Pachee GBAtemp Fan
    Member

    Joined:
    Nov 3, 2015
    Messages:
    412
    Country:
    United States
    Wii VC games like Xenoblade and Kirby Dream Land also have a rvlt.tik/rvlt.tmd in the /code folder that are way smaller than the normal tickets/tmds use to download from nus.
     
  16. cearp

    cearp 瓜老外
    Member

    Joined:
    May 26, 2008
    Messages:
    8,171
    Country:
    Tuvalu
    so instead of a separate database like 3ds ha, wii u keeps the tickets in the game folder/data themselves?
    or, there is also a database too?
     
  17. Pachee

    Pachee GBAtemp Fan
    Member

    Joined:
    Nov 3, 2015
    Messages:
    412
    Country:
    United States
    No, there is a separate folder for the nus/ownership tickets, just like on the Wii.

    These i mentioned above are just an example of those "smaller tickets" because until now we weren't able to dump stuff from nand. I don't know what they are for because this is the first time i have seen a 1kb tmd and 1kb ticket. Dream Land NUS tmd/ticket are 6/3kb for comparison.
     
    Last edited: Oct 24, 2016
  18. cearp

    cearp 瓜老外
    Member

    Joined:
    May 26, 2008
    Messages:
    8,171
    Country:
    Tuvalu
    sure, but depending if these small tickets has the title key, that is all we need :)
     
  19. Cyan

    Cyan GBATemp's lurking knight
    Global Moderator

    Joined:
    Oct 27, 2002
    Messages:
    22,532
    Country:
    France
    @cearp:
    Fix94 said his extracted NAND ticket from disc game already had 0x01 instead of 0x03
    it's an issue with the extractor (discU and VGm ?) not using the correct IV for the first bloc? that's what I understood.
    that's what happen here, the first 0x10 bytes are wrong.


    To know if you need .h3, look at the tmd.
    each content has a content type, if it's 0x2003 then it has a .h3 (wait, I'm verifying it!)
    edit: yes, that's it.
     
    I pwned U! and cearp like this.
  20. cearp

    cearp 瓜老外
    Member

    Joined:
    May 26, 2008
    Messages:
    8,171
    Country:
    Tuvalu
    oooooh that makes sense, i always ignored the content type in my tools. thanks :)
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - removing, formula, adding