|Argument: Generic , Reference: 0255|
redunka @ 2019-03-09 18:50:09
Since you seem to be adding the certificate chain to every TMD, regardless of whether it existed on the CDN or not, what do you think about doing the same for tickets too?
It won't be any much of use for console specific dumps that originate from the DSi shop (especially if you're planning to make fake tickets for them anyway) but it may be useful for preinstalls.
Preinstalled titles actually use CETKs (CommonETicket), which are universal for all consoles and should always be valid and verifiable by the same certificate chain that you can find at the end of any CETK from the CDN.
Console-unique tickets use a different cert chain for verification, but these tickets are usually never seen in their "full" form (i.e. with the certificates attached), because the DSi stores all the certs it needs in its own system database.
By the way, you can tell which ticket is which by their names: XS00000006 = CETK; XS00000003 = shop ticket.
I'm sorry for this wall of text, I just thought it could be interesting to take into consideration. :P
Hiccup @ 2019-04-07 06:30:21
i'm not sure if the certificate chain should be added to from-console TMDs or not. but as long as its noted in the comment so that it is reversible, it doesn't matter too much.
but if its being done on TMDs it should be done on tickets too.
I don't think we should have fake tickets.
redunka @ 2019-05-27 01:44:57
Thank you for the answer and sorry for such late reply.
Over at the shepherd forum, I remember you mentioning that you might add some basic fake tickets as a way to preserve titlekeys, but perhaps my memory's deceiving me or I misunderstood something.
Anyway, I agree that having only the genuine tickets would be better than a mix of real and fake ones (especially since there's already enough fake tiks out there with people manually installing titles into NAND).
P.S. BTW, you call the certificate chain "common signature footer" in the notes?
Sorry for nitpicking, it's just a bit confusing.