Secure Kernel Calls: Difference between revisions

Jump to navigation Jump to search
Content added Content deleted
VisualWikitext
(Create page)
 
(→‎Ticket bundle: Moved references outside the code tags, and adjusted the width of the "C type" column to keep the text on 1 line.)
Line 14: Line 14:
|+Ticket bundle{{refn|name=skDecompTicketBundle|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L130-L134 iQuePlayer-SecureKernel], BbTicketBundle}}
|+Ticket bundle{{refn|name=skDecompTicketBundle|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L130-L134 iQuePlayer-SecureKernel], BbTicketBundle}}
!Offset
!Offset
!C type
! style="width: 175px" | C type
!Name
!Name
!Description
!Description
|-
|-
|0x00
|0x00
|<code>Ticket{{refn|name=skDecompTicket|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L123-L126 iQuePlayer-SecureKernel], BbTicket}}{{refn|name=iQBTicket|iQueBrew, "Ticket"}} *</code>
|<code>Ticket *</code>{{refn|name=skDecompTicket|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L123-L126 iQuePlayer-SecureKernel], BbTicket}}{{refn|name=iQBTicket|iQueBrew, "Ticket"}}
|<code>ticket</code>
|<code>ticket</code>
|A pointer to an iQue Player ticket structure.
|A pointer to an iQue Player ticket structure.
|-
|-
|0x04
|0x04
|<code>Certificate{{refn|name=skDecompCert|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L56-L65 iQuePlayer-SecureKernel], BbCertBase}} *[5]</code>
|<code>Certificate *[5]</code>{{refn|name=skDecompCert|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L56-L65 iQuePlayer-SecureKernel], BbCertBase}}
|<code>ticketCerts</code>
|<code>ticketCerts</code>
|An array of 5 pointers to content certificates; this must be a valid certificate chain, such that the first certificate signs the ticket, the second certificate signs the first certificate, etc., until a certificate is signed by <code>Root</code>. Unused certificate slots should be set to <code>NULL</code>.
|An array of 5 pointers to content certificates; this must be a valid certificate chain, such that the first certificate signs the ticket, the second certificate signs the first certificate, etc., until a certificate is signed by <code>Root</code>. Unused certificate slots should be set to <code>NULL</code>.
|-
|-
|0x18
|0x18
|<code>Certificate{{refn|name=skDecompCert}} *[5]</code>
|<code>Certificate *[5]</code>{{refn|name=skDecompCert}}
|<code>cmdCerts</code>
|<code>cmdCerts</code>
|An array of 5 pointers to content certificates; this must also be a valid certificate chain, but that signs the ticket's embedded CMD structure.
|An array of 5 pointers to content certificates; this must also be a valid certificate chain, but that signs the ticket's embedded CMD structure.
|}
|}
The ticket structure contains all of the information needed for SK to set up the encryption hardware to decrypt the application to be launched. SK ensures that the ticket and its included CMD{{refn|name=skDecompCmd|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L105-L108 iQuePlayer-SecureKernel], BbContentMetaData}}{{refn|name=iQBCmd|iQueBrew, "CMD"}} are signed by iQue, as the CMD contains the SHA-1 hash of the application to be launched.
The ticket structure contains all of the information needed for SK to set up the encryption hardware to decrypt the application to be launched. SK ensures that the ticket and its included CMD{{refn|name=skDecompCmd|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L105-L108 iQuePlayer-SecureKernel], BbContentMetaData}}{{refn|name=iQBCmd|iQueBrew, "CMD"}} are signed by iQue, as the CMD contains the SHA-1 hash of the application to be launched.

==== <span style="display:none;">Launch CRLs</code> ====
==== <span style="display:none;">Launch CRLs</code> ====
----
----
Retrieved from "https://n64brew.dev/wiki/Secure_Kernel_Calls"