CMD
Jump to navigation
Jump to search
An iQue Content MetaData (CMD) is used to store data about a piece of content, such as the size, hash and ID. It's used as part of the SKSA (for info about the SA1/SA2) and also used as part of the Title Data structure (for info about the game title).
Each ticket is signed via RSA-2048 using a CP (content protection?) certificate.
Format
The CMD format is similar to a Wii ticket, though it seems the structure was reworked sometime between the iQue and Wii.
Offset | Length | Type | Description | Information |
---|---|---|---|---|
0x0 | 0x8 | bytes | ca_crl_version | Unknown (always 0?) |
0x8 | 0x4 | int32 | cmd_crl_version | Unknown (always 1?) |
0xC | 0x4 | uint32 | content_size | Content Size |
0x10 | 0x4 | int32 | unused_flags | bit 0 on if SA; nothing checks it though |
0x14 | 0x10 | bytes | titlekey_iv | IV used to encrypt titlekey (with common key) |
0x24 | 0x14 | bytes | content_hash | sha1 hash of plaintext content |
0x38 | 0x10 | bytes | content_iv | IV used to encrypt content |
0x48 | 0x4 | int32 | recrypt_flag | if bit 1 on, content will be re-encrypted on first launch, using console-unique key stored in Virage2 in the SoC |
0x4C | 0x4 | int32 | allowed_hardware | bitfield, each bit enables access to some MMIO regs new to iQue Player:
(0 for games except for Animal Forest which is 0x33, 0x13 for iQue Club, 0x1F7/0x1B3 for SA) |
0x50 | 0x4 | int32 | allowed_secure_kernel_calls | one bit per syscall bit 0 allows skc 0, etc. |
0x54 | 0x4 | int32 | console_id | can be zero; if not can only run on certain (used for SAs, not games) |
0x58 | 0x40 | chars | signer | Authority (cert used to sign ticket) |
0x98 | 0x4 | uint32 | content_id | Content ID (can't be higher than 99999999, if (cid / 100) % 10 == 9, this is a game manual) |
0x9C | 0x10 | bytes | titlekey | crypted with common key, and if this is not an SA, then crypted again with key derived using ECDH of console's privkey and pubkey in ticket |
0xAC | 0x100 | bytes | signature | RSA-2048 signature |
Signature
The signature is made from a SHA1 hash of 0x0 - 0xAC, prior to the titlekey being encrypted with the ECDH-derived titlekek.