Forging a ticket

Discussion in 'WiiU Hacking Development' started by kanye_west, Oct 25, 2016.

  1. kanye_west

    kanye_west Member

    Joined:
    May 2, 2016
    Messages:
    59
    Likes Received:
    0
    Here is a simple little python script which will generate a title ticket given a title ID and a title key. Obviously the signature will be invalid, so you must install the title from within iosuhax.

    Code:
    import binascii
    import sys
    import os
    
    if len(sys.argv) != 3:
        print("usage: %s titleid titlekey" % sys.argv[0])
        sys.exit()
    
    f = open("title.tik", "wb")
    
    if not f:
        print("can't open outfile title.tik for writing" % sys.argv[0])
        sys.exit()
        
    f.write(b"\x00\x01\x00\x04")
    f.write(os.urandom(0x100))
    f.write(b"\x00" * 0x3C)
    f.write(b"\x52\x6F\x6F\x74\x2D\x43\x41\x30\x30\x30\x30"+
            b"\x30\x30\x30\x33\x2D\x58\x53\x30\x30\x30\x30"+
            b"\x30\x30\x30\x63\x00\x00\x00\x00\x00\x00")
    f.write(b"\x00" * 0x5C)
    f.write(b"\x01\x00\x00")
    f.write(binascii.unhexlify(sys.argv[2]))
    f.write(b"\x00\x00\x05")
    f.write(os.urandom(0x6))
    f.write(b"\x00\x00\x00\x00")
    f.write(binascii.unhexlify(sys.argv[1]))
    f.write(b"\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00"+
            b"\x00\x00\x00\x00\x05")
    f.write(b"\x00" * 0xB0)
    f.write(b"\x00\x01\x00\x14\x00\x00\x00\xAC\x00\x00\x00"+
            b"\x14\x00\x01\x00\x14\x00\x00\x00\x00\x00\x00"+
            b"\x00\x28\x00\x00\x00\x01\x00\x00\x00\x84\x00"+
            b"\x00\x00\x84\x00\x03\x00\x00\x00\x00\x00\x00"+
            b"\xFF\xFF\xFF\x01")
    f.write(b"\x00" * 0x7C)
    f.close()
    I changed the script so now it works on python 2 as well. Thanks EclipseSin for pointing out the error.
     

Share This Page