Added missing note about retail vs development root keys

Updated placeholder docstrings in cert module
Handle cert chain data in a title as a CertificateChain instead of bytes
2026-03-05 08:35:28 -05:00 · 2024-12-16 22:24:27 -05:00 · 2024-12-16 22:22:11 -05:00 · 2024-12-16 22:14:07 -05:00 · 2024-12-16 21:55:58 -05:00 · 2024-12-15 23:09:13 -05:00
22 changed files with 1102 additions and 216 deletions
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![banner](https://github.com/NinjaCheetah/libWiiPy/assets/58050615/00ea4c41-673c-4a74-addb-fbb40b4313c8)
+![banner](https://github.com/user-attachments/assets/eb30a500-6d27-42f1-bded-24221930a8e3)
 # libWiiPy
 libWiiPy is a modern Python 3 library for handling the various files and formats found on the Wii. It aims to be simple to use, well maintained, and offer as many features as reasonably possible in one library, so that a newly-written Python program could do 100% of its Wii-related work with just one library. It also aims to be fully cross-platform, so that any tools written with it can also be cross-platform.
@@ -8,7 +8,7 @@ libWiiPy is inspired by [libWiiSharp](https://github.com/TheShadowEevee/libWiiSh
 # Features
 This list will expand as libWiiPy is developed, but these features are currently available:
 - TMD and Ticket parsing/editing (`.tmd`, `.tik`)
- Title parsing/editing, including content encryption/decryption
+- Title parsing/editing, including content encryption/decryption (both retail and development)
 - WAD file parsing/editing (`.wad`)
 - Downloading titles from the NUS
 - Packing and unpacking U8 archives (`.app`, `.arc`)
--- a/docs/source/banner.png
+++ b/docs/source/banner.png
--- a/docs/source/banner_old.png
+++ b/docs/source/banner_old.png
--- a/docs/source/libWiiPy.md
+++ b/docs/source/libWiiPy.md
@@ -6,6 +6,7 @@
 :maxdepth: 4
 libWiiPy.archive
 libWiiPy.media
 libWiiPy.nand
 libWiiPy.title
 ```
--- a/docs/source/libWiiPy.media.md
+++ b/docs/source/libWiiPy.media.md
@@ -0,0 +1,11 @@
 # libWiiPy.media package
 ## Submodules
 ### libWiiPy.media.banner module
 ```{eval-rst}
 .. automodule:: libWiiPy.media.banner
   :members:
   :undoc-members:
   :show-inheritance:
 ```
--- a/docs/source/libWiiPy.title.md
+++ b/docs/source/libWiiPy.title.md
@@ -2,6 +2,14 @@
 ## Submodules
 ### libWiiPy.title.cert module
 ```{eval-rst}
 .. automodule:: libWiiPy.title.cert
   :members:
   :undoc-members:
   :show-inheritance:
 ```
 ### libWiiPy.title.commonkeys module
 ```{eval-rst}
 .. automodule:: libWiiPy.title.commonkeys
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "libWiiPy"
-version = "0.5.1"
+version = "0.6.0"
 authors = [
    { name="NinjaCheetah", email="ninjacheetah@ncxprogramming.com" },
    { name="Lillian Skinner", email="lillian@randommeaninglesscharacters.com" }
--- a/src/libWiiPy/init.py
+++ b/src/libWiiPy/init.py
@@ -3,8 +3,9 @@
 #
 # These are the essential submodules from libWiiPy that you'd probably want imported by default.
-__all__ = ["archive", "nand", "title"]
+__all__ = ["archive", "media", "nand", "title"]
 from . import archive
 from . import media
 from . import nand
 from . import title
--- a/src/libWiiPy/archive/u8.py
+++ b/src/libWiiPy/archive/u8.py
@@ -3,11 +3,14 @@
 #
 # See https://wiibrew.org/wiki/U8_archive for details about the U8 archive format.
 import binascii
 import hashlib
 import io
 import os
 import pathlib
 from enum import IntEnum as _IntEnum
 from dataclasses import dataclass as _dataclass
-from typing import List
+from typing import List, Tuple
 from ..shared import _align_value, _pad_bytes
@@ -36,13 +39,25 @@ class _U8Node:
 class U8Archive:
-    def __init__(self):
+    """
-        """
+    A U8 object that allows for parsing and editing the contents of a U8 archive.
        A U8 object that allows for managing the contents of a U8 archive.
-        Attributes
+    Attributes
-        ----------
+    ----------
-        """
+    u8_node_list : List[_U8Node]
        A list of U8Node objects representing the nodes of the U8 archive.
    file_name_list : List[str]
        A list of the names of the files in the U8 archive.
    file_data_list : List[bytes]
        A list of file data for the files in the U8 archive; corresponds with file_name_list.
    header_size : int
        The size of the U8 archive header.
    data_offset : int
        The offset of the data region of the U8 archive.
    imet_header: IMETHeader
        The IMET header of the U8 archive, if one exists. Otherwise, an empty IMETHeader object.
    """
    def __init__(self):
        self.u8_magic = b''
        self.u8_node_list: List[_U8Node] = []  # All the nodes in the header of a U8 file.
        self.file_name_list: List[str] = []
@@ -51,6 +66,7 @@ class U8Archive:
        self.header_size: int = 0
        self.data_offset: int = 0
        self.root_node: _U8Node = _U8Node(0, 0, 0, 0)
        self.imet_header: IMETHeader = IMETHeader()
    def load(self, u8_data: bytes) -> None:
        """
@@ -66,7 +82,34 @@ class U8Archive:
            u8_data.seek(0x0)
            self.u8_magic = u8_data.read(4)
            if self.u8_magic != b'\x55\xAA\x38\x2D':
-                raise TypeError("This is not a valid U8 archive!")
+                # Check for an IMET header, if the file doesn't start with the proper magic number. The header magic
                # may be at either 0x40 or 0x80 depending on whether this title has a build tag at the start or not.
                u8_data.seek(0x40)
                self.u8_magic = u8_data.read(4)
                if self.u8_magic == b'\x49\x4D\x45\x54':
                    # IMET with no build tag means the U8 archive should start at 0x600.
                    u8_data.seek(0x600)
                    self.u8_magic = u8_data.read(4)
                    if self.u8_magic != b'\x55\xAA\x38\x2D':
                        raise TypeError("This is not a valid U8 archive!")
                    # Parse the IMET header, then continue parsing the U8 archive.
                    u8_data.seek(0x0)
                    self.imet_header.load(u8_data.read(0x600))
                else:
                    # This check will pass if the IMET comes after a build tag.
                    u8_data.seek(0x80)
                    self.u8_magic = u8_data.read(4)
                    if self.u8_magic == b'\x49\x4D\x45\x54':
                        # IMET with a build tag means the U8 archive should start at 0x640.
                        u8_data.seek(0x640)
                        self.u8_magic = u8_data.read(4)
                        if self.u8_magic != b'\x55\xAA\x38\x2D':
                            raise TypeError("This is not a valid U8 archive!")
                        # Parse the IMET header, then continue parsing the U8 archive.
                        u8_data.seek(0x40)
                        self.imet_header.load(u8_data.read(0x600))
                    else:
                        raise TypeError("This is not a valid U8 archive!")
            # Offset of the root node, which will always be 0x20.
            self.root_node_offset = int.from_bytes(u8_data.read(4))
            # The size of the U8 header.
@@ -215,7 +258,7 @@ def extract_u8(u8_data, output_folder) -> None:
            open(current_dir.joinpath(u8_archive.file_name_list[node]), "wb").write(u8_archive.file_data_list[node])
        # Handle an invalid node type.
        elif u8_archive.u8_node_list[node].type != 0 and u8_archive.u8_node_list[node].type != 1:
-            raise ValueError("A node with an invalid type (" + str(u8_archive.u8_node_list[node].type) + ") was found!")
+            raise ValueError(f"A node with an invalid type ({str(u8_archive.u8_node_list[node].type)}) was found!")
 def _pack_u8_dir(u8_archive: U8Archive, current_path, node_count, parent_node):
@@ -257,14 +300,23 @@ def _pack_u8_dir(u8_archive: U8Archive, current_path, node_count, parent_node):
    return u8_archive, node_count
-def pack_u8(input_path) -> bytes:
+def pack_u8(input_path, generate_imet=False, imet_titles:List[str]=None) -> bytes:
    """
    Packs the provided file or folder into a new U8 archive, and returns the raw file data for it.
    To generate an IMET header for this U8 archive, the archive must contain the required banner files "icon.bin",
    "banner.bin", and "sound.bin", because the sizes of these files are stored in the header.
    Parameters
    ----------
    input_path
        The path to the input file or folder.
    generate_imet : bool, optional
        Whether an IMET header should be generated for this U8 archive or not. IMET headers are only used for channel
        banners (00000000.app), and required banner files must exist to generate this header. Defaults to False.
    imet_titles : List[str], optional
        A list of the channel title in different languages for the IMET header. If only one item is provided, that
        item will be used for all entries in the header. Defaults to None, and is only used when generate_imet is True.
    Returns
    -------
@@ -283,8 +335,221 @@ def pack_u8(input_path) -> bytes:
        # subdirectory and file. Discard node_count and name_offset since we don't care about them here, as they're
        # really only necessary for the directory recursion.
        u8_archive, _ = _pack_u8_dir(u8_archive, input_path, node_count=1, parent_node=0)
        if generate_imet:
            print("gen imet")
        return u8_archive.dump()
    elif input_path.is_file():
        raise ValueError("This does not appear to be a directory.")
    else:
-        raise FileNotFoundError("Input directory: \"" + str(input_path) + "\" does not exist!")
+        raise FileNotFoundError(f"Input directory: \"{input_path}\" does not exist!")
 class IMETHeader:
    """
    An IMETHeader object that allows for parsing, editing, and generating an IMET header. These headers precede the
    data of a channel banner (00000000.app), and are used to store metadata about the banner and verify its data.
    An IMET header is always 1,536 (0x600) bytes long.
    Attributes
    ----------
    magic : str
        Magic number for the header, should be "IMD5".
    header_size : int
        Length of the M
    imet_version : int
        Version of the IMET header. Normally always 3.
    sizes : List[int]
        The file sizes of icon.bin, banner.bin, and sound.bin.
    flag1 : int
        Unknown.
    channel_names : List[str]
        The name of the channel this header is for in Japanese, English, German, French, Spanish, Italian, Dutch,
        Simplified Chinese, Traditional Chinese, and Korean, in that order.
    md5_hash : bytes
        MD5 sum of the entire header, with this field being all zeros during the hashing.
    """
    def __init__(self):
        self.magic: str = ""  # Should always be "IMET"
        self.header_size: int = 0  # Always 1536? I assumed this would mean something, but it's just the header length.
        self.imet_version: int = 0  # Always 3?
        self.sizes: List[int] = []  # Should only have 3 items
        self.flag1: int = 0  # Unknown
        self.channel_names: List[str] = []  # Should have 10 items
        self.md5_hash: bytes = b''
    class LocalizedTitles(_IntEnum):
        TITLE_JAPANESE = 0
        TITLE_ENGLISH = 1
        TITLE_GERMAN = 2
        TITLE_FRENCH = 3
        TITLE_SPANISH = 4
        TITLE_ITALIAN = 5
        TITLE_DUTCH = 6
        TITLE_CHINESE_SIMPLIFIED = 7
        TITLE_CHINESE_TRADITIONAL = 8
        TITLE_KOREAN = 9
    def load(self, imet_data: bytes) -> None:
        """
        Loads the raw data of an IMET header.
        Parameters
        ----------
        imet_data : bytes
            The data for the IMET header to load.
        """
        with io.BytesIO(imet_data) as data:
            data.seek(0x40)
            self.magic = str(data.read(4).decode())
            self.header_size = int.from_bytes(data.read(4))
            self.imet_version = int.from_bytes(data.read(4))
            self.sizes = []
            for _ in range(0, 3):
                self.sizes.append(int.from_bytes(data.read(4)))
            self.flag1 = int.from_bytes(data.read(4))
            self.channel_names = []
            for _ in range(0, 10):
                # Read the translated channel name from the header, then drop all trailing null bytes. The encoding
                # used here is UTF-16 Big Endian.
                new_channel_name = data.read(84)
                self.channel_names.append(str(new_channel_name.decode('utf-16-be')).replace('\x00', ''))
            data.seek(data.tell() + 588)
            self.md5_hash = binascii.hexlify(data.read(16))
    def dump(self) -> bytes:
        """
        Dump the IMETHeader back into raw bytes.
        Returns
        -------
        bytes
            The IMET header as bytes.
        """
        imet_data = b''
        # 64 bytes of padding.
        imet_data += b'\x00' * 64
        # "IMET" magic number.
        imet_data += str.encode("IMET")
        # IMET header size. TODO: check if this is actually always 1536
        imet_data += int.to_bytes(1536, 4)
        # IMET header version.
        imet_data += int.to_bytes(self.imet_version, 4)
        # Banner component sizes.
        for size in self.sizes:
            imet_data += int.to_bytes(size, 4)
        # flag1.
        imet_data += int.to_bytes(self.flag1, 4)
        # Channel names.
        for channel_name in self.channel_names:
            new_channel_name = channel_name.encode('utf-16-be')
            while len(new_channel_name) < 84:
                new_channel_name += b'\x00'
            imet_data += new_channel_name
        # 588 (WHY??) bytes of padding.
        imet_data += b'\x00' * 588
        # MD5 hash. To calculate the real one, we need to write all zeros to it first, then hash the entire header with
        # the zero hash. After that we'll replace this hash with the calculated one.
        imet_data += b'\x00' * 16
        imet_hash = hashlib.md5(imet_data)
        imet_data = imet_data[:-16] + imet_hash.digest()
        return imet_data
    def create(self, sizes: List[int], channel_names: Tuple[int, str] | List[Tuple[int, str]]) -> None:
        """
        Create a new IMET header, specifying the sizes of the banner components and one or more localized channel names.
        Parameters
        ----------
        sizes : List[int]
            The size in bytes of icon.bin, banner.bin, and sound.bin, in that order.
        channel_names : Tuple(int, str), List[Tuple[int, str]]
            A pair or list of pairs of the target language and channel name for that language. Target languages are
            defined in LocalizedTitles.
        See Also
        --------
        libWiiPy.archive.u8.IMETHeader.LocalizedTitles
        """
        # Begin by setting the constant values before we parse the input.
        self.magic = "IMET"
        self.header_size = 1536
        self.imet_version = 3
        self.flag1 = 0  # Still not really sure about this one.
        # Validate the number of entries, then set the provided file sizes.
        if len(sizes) != 3:
            raise ValueError("You must supply 3 file sizes to generate an IMET header!")
        self.sizes = sizes
        # Now we can parse the channel names. This functions the same as setting them later, so just calling
        # set_channel_names() is the most practical.
        self.channel_names = ["" for _ in range(0, 10)]
        self.set_channel_names(channel_names)
    def get_channel_names(self, target_languages: int | List[int]) -> str | List[str]:
        """
        Get one or more channel names from the IMET header based on the specified languages.
        Parameters
        ----------
        target_languages : int, List[int, str]
            One or more target languages. Target languages are defined in LocalizedTitles.
        Returns
        -------
        str, List[str]
            The channel name for the specified language, or a list of channel names in the same order as the specified
            languages.
        See Also
        --------
        libWiiPy.archive.u8.IMETHeader.LocalizedTitles
        """
        # Flatten single instance of LocalizedTitles being passed to a proper int.
        if isinstance(target_languages, self.LocalizedTitles):
            target_languages = int(target_languages)
        # If only one channel name was requested.
        if type(target_languages) == int:
            if target_languages not in self.LocalizedTitles:
                raise ValueError(f"The specified language is not valid!")
            return self.channel_names[target_languages]
        # If multiple channel names were requested.
        else:
            channel_names = []
            for lang in target_languages:
                if lang not in self.LocalizedTitles:
                    raise ValueError(f"The specified language at index {target_languages.index(lang)} is not valid!")
                channel_names.append(self.channel_names[lang])
            return channel_names
    def set_channel_names(self, channel_names: Tuple[int, str] | List[Tuple[int, str]]) -> None:
        """
        Specify one or more new channel names to set in the IMET header.
        Parameters
        ----------
        channel_names : Tuple(int, str), List[Tuple[int, str]]
            A pair or list of pairs of the target language and channel name for that language. Target languages are
            defined in LocalizedTitles.
        See Also
        --------
        libWiiPy.archive.u8.IMETHeader.LocalizedTitles
        """
        # If only one channel name was provided.
        if type(channel_names) == tuple:
            if channel_names[0] not in self.LocalizedTitles:
                raise ValueError(f"The target language \"{channel_names[0]}\" is not valid!")
            if len(channel_names[1]) > 42:
                raise ValueError(f"The channel name \"{channel_names[1]}\" is too long! Channel names cannot exceed "
                                 f"42 characters!")
            self.channel_names[channel_names[0]] = channel_names[1]
        # If a list of channel names was provided.
        else:
            for name in channel_names:
                if name[0] not in self.LocalizedTitles:
                    raise ValueError(f"The target language \"{name[0]}\" for the name at index {channel_names.index(name)} "
                                     f"is not valid!")
                if len(name[1]) > 42:
                    raise ValueError(f"The channel name \"{name[1]}\" at index {channel_names.index(name)} is too long! "
                                     f"Channel names cannot exceed 42 characters!")
                self.channel_names[name[0]] = name[1]
--- a/src/libWiiPy/media/init.py
+++ b/src/libWiiPy/media/init.py
@@ -0,0 +1,4 @@
 # "media/__init__.py" from libWiiPy by NinjaCheetah & Contributors
 # https://github.com/NinjaCheetah/libWiiPy
 from .banner import *
--- a/src/libWiiPy/media/banner.py
+++ b/src/libWiiPy/media/banner.py
@@ -0,0 +1,31 @@
 # "title/banner.py" from libWiiPy by NinjaCheetah & Contributors
 # https://github.com/NinjaCheetah/libWiiPy
 #
 # See https://wiibrew.org/wiki/Opening.bnr for details about the Wii's banner format
 from dataclasses import dataclass as _dataclass
@_dataclass
 class IMD5Header:
    """
    An IMD5Header object that contains the properties of an IMD5 header. These headers precede the data of banner.bin
    and icon.bin inside the banner (00000000.app) of a channel, and are used to verify the data of those files.
    An IMD5 header is always 32 bytes long.
    Attributes
    ----------
    magic : str
        Magic number for the header, should be "IMD5".
    file_size : int
        The size of the file this header precedes.
    zeros : int
        8 bytes of zero padding.
    md5_hash : bytes
        The MD5 hash of the file this header precedes.
    """
    magic: str  # Should always be "IMD5"
    file_size: int
    zeros: int
    md5_hash: bytes
--- a/src/libWiiPy/nand/emunand.py
+++ b/src/libWiiPy/nand/emunand.py
@@ -6,7 +6,11 @@
 import os
 import pathlib
 import shutil
 from dataclasses import dataclass as _dataclass
 from typing import List
 from ..title.ticket import Ticket
 from ..title.title import Title
 from ..title.tmd import TMD
 from ..title.content import SharedContentMap as _SharedContentMap
 from .sys import UidSys as _UidSys
@@ -73,7 +77,7 @@ class EmuNAND:
        # Tickets are installed as <tid_lower>.tik in /ticket/<tid_upper>/
        ticket_dir = self.ticket_dir.joinpath(tid_upper)
        ticket_dir.mkdir(exist_ok=True)
-        open(ticket_dir.joinpath(tid_lower + ".tik"), "wb").write(title.wad.get_ticket_data())
+        ticket_dir.joinpath(f"{tid_lower}.tik").write_bytes(title.ticket.dump())
        # The TMD and normal contents are installed to /title/<tid_upper>/<tid_lower>/content/, with the tmd being named
        # title.tmd and the contents being named <cid>.app.
@@ -85,11 +89,11 @@ class EmuNAND:
        if content_dir.exists():
            shutil.rmtree(content_dir)  # Clear the content directory so old contents aren't left behind.
        content_dir.mkdir(exist_ok=True)
-        open(content_dir.joinpath("title.tmd"), "wb").write(title.wad.get_tmd_data())
+        content_dir.joinpath("title.tmd").write_bytes(title.tmd.dump())
        for content_file in range(0, title.tmd.num_contents):
            if title.tmd.content_records[content_file].content_type == 1:
                content_file_name = f"{title.tmd.content_records[content_file].content_id:08X}".lower()
-                open(content_dir.joinpath(content_file_name + ".app"), "wb").write(
+                content_dir.joinpath(f"{content_file_name}.app").write_bytes(
                    title.get_content_by_index(content_file, skip_hash=skip_hash))
        title_dir.joinpath("data").mkdir(exist_ok=True)  # Empty directory used for save data for the title.
@@ -98,16 +102,16 @@ class EmuNAND:
        content_map = _SharedContentMap()
        existing_hashes = []
        if content_map_path.exists():
-            content_map.load(open(content_map_path, "rb").read())
+            content_map.load(content_map_path.read_bytes())
            for record in content_map.shared_records:
                existing_hashes.append(record.content_hash)
        for content_file in range(0, title.tmd.num_contents):
            if title.tmd.content_records[content_file].content_type == 32769:
                if title.tmd.content_records[content_file].content_hash not in existing_hashes:
                    content_file_name = content_map.add_content(title.tmd.content_records[content_file].content_hash)
-                    open(self.shared1_dir.joinpath(content_file_name + ".app"), "wb").write(
+                    self.shared1_dir.joinpath(f"{content_file_name}.app").write_bytes(
                        title.get_content_by_index(content_file, skip_hash=skip_hash))
-        open(self.shared1_dir.joinpath("content.map"), "wb").write(content_map.dump())
+        self.shared1_dir.joinpath("content.map").write_bytes(content_map.dump())
        # The "footer" or meta file is installed as title.met in /meta/<tid_upper>/<tid_lower>/. Only write this if meta
        # is not nothing.
@@ -117,7 +121,7 @@ class EmuNAND:
            meta_dir.mkdir(exist_ok=True)
            meta_dir = meta_dir.joinpath(tid_lower)
            meta_dir.mkdir(exist_ok=True)
-            open(meta_dir.joinpath("title.met"), "wb").write(title.wad.get_meta_data())
+            meta_dir.joinpath("title.met").write_bytes(title.wad.get_meta_data())
        # Ensure we have a uid.sys file created.
        uid_sys_path = self.sys_dir.joinpath("uid.sys")
@@ -159,3 +163,96 @@ class EmuNAND:
        # On the off chance this title has a meta entry, delete that too.
        if self.meta_dir.joinpath(tid_upper).joinpath(tid_lower).joinpath("title.met").exists():
            shutil.rmtree(self.meta_dir.joinpath(tid_upper).joinpath(tid_lower))
    @_dataclass
    class InstalledTitles:
        """
        An InstalledTitles object that is used to track a title type and any titles that belong to that type that are
        installed to an EmuNAND.
        Attributes
        ----------
        type : str
            The type (Title ID high) of the installed titles.
        titles : List[str]
            The Title ID low of each installed title.
        """
        type: str
        titles: List[str]
    def get_installed_titles(self) -> List[InstalledTitles]:
        """
        Scans for installed titles and returns a list of InstalledTitles objects, which each contain a title type
        (Title ID high) and a list of Title ID lows that are installed under it.
        Returns
        -------
        List[InstalledTitles]
            The titles installed to the EmuNAND.
        """
        # Scan for TID highs present.
        tid_highs = [d for d in self.title_dir.iterdir() if d.is_dir()]
        # Iterate through each one, verify that every TID low directory contains a TMD, and then add it to the list.
        installed_titles = []
        for high in tid_highs:
            tid_lows = [d for d in high.iterdir() if d.is_dir()]
            valid_lows = []
            for low in tid_lows:
                if low.joinpath("content", "title.tmd").exists():
                    valid_lows.append(low.name)
            installed_titles.append(self.InstalledTitles(high.name, valid_lows))
        return installed_titles
    def get_title_tmd(self, tid: str) -> TMD:
        """
        Gets the TMD for a title installed to the EmuNAND, and returns it as a TMD objects. Returns an error if the
        TMD for the specified Title ID does not exist.
        Parameters
        ----------
        tid : str
            The Title ID of the Title to get the TMD for.
        Returns
        -------
        TMD
            The TMD for the Title.
        """
        # Validate the TID, then build a path to the TMD file to verify that it exists.
        if len(tid) != 16:
            raise ValueError(f"Title ID \"{tid}\" is not a valid!")
        tid_high = tid[:8].lower()
        tid_low = tid[8:].lower()
        tmd_path = self.title_dir.joinpath(tid_high, tid_low, "content", "title.tmd")
        if not tmd_path.exists():
            raise FileNotFoundError(f"Title with Title ID {tid} does not appear to be installed!")
        tmd = TMD()
        tmd.load(tmd_path.read_bytes())
        return tmd
    def get_title_ticket(self, tid: str) -> Ticket:
        """
        Gets the Ticket for a title installed to the EmuNAND, and returns it as a Ticket object. Returns an error if
        the Ticket for the specified Title ID does not exist.
        Parameters
        ----------
        tid : str
            The Title ID of the Title to get the Ticket for.
        Returns
        -------
        Ticket
            The Ticket for the Title.
        """
        # Validate the TID, then build a path to the Ticket files to verify that it exists.
        if len(tid) != 16:
            raise ValueError(f"Title ID \"{tid}\" is not a valid!")
        tid_high = tid[:8].lower()
        tid_low = tid[8:].lower()
        ticket_path = self.ticket_dir.joinpath(tid_high, f"{tid_low}.tik")
        if not ticket_path.exists():
            raise FileNotFoundError(f"No Ticket exists for the title with Title ID {tid}!")
        ticket = Ticket()
        ticket.load(ticket_path.read_bytes())
        return ticket
--- a/src/libWiiPy/title/init.py
+++ b/src/libWiiPy/title/init.py
@@ -1,6 +1,7 @@
 # "title/__init__.py" from libWiiPy by NinjaCheetah & Contributors
 # https://github.com/NinjaCheetah/libWiiPy
 from .cert import *
 from .content import *
 from .crypto import *
 from .iospatcher import *
--- a/src/libWiiPy/title/cert.py
+++ b/src/libWiiPy/title/cert.py
@@ -0,0 +1,362 @@
 # "title/cert.py" from libWiiPy by NinjaCheetah & Contributors
 # https://github.com/NinjaCheetah/libWiiPy
 #
 # See https://wiibrew.org/wiki/Certificate_chain for details about the Wii's certificate chain
 import io
 from enum import IntEnum as _IntEnum
 from ..shared import _align_value, _pad_bytes
 from .ticket import Ticket
 from .tmd import TMD
 from Crypto.Hash import SHA1
 from Crypto.PublicKey import RSA
 from Crypto.Signature import pkcs1_15
 class CertificateType(_IntEnum):
    RSA_4096 = 0x00010000
    RSA_2048 = 0x00010001
    ECC = 0x00010002
 class CertificateSignatureLength(_IntEnum):
    RSA_4096 = 0x200
    RSA_2048 = 0x100
    ECC = 0x3C
 class CertificateKeyType(_IntEnum):
    RSA_4096 = 0x00000000
    RSA_2048 = 0x00000001
    ECC = 0x00000002
 class CertificateKeyLength(_IntEnum):
    RSA_4096 = 0x200
    RSA_2048 = 0x100
    ECC = 0x3C
 class Certificate:
    """
    A Certificate object used to parse a certificate used for the Wii's content verification.
    Attributes
    ----------
    type: CertificateType
        The type of the certificate, either RSA-2048, RSA-4096, or ECC.
    signature: bytes
        The signature data of the certificate.
    issuer: str
        The certificate that issued this certificate.
    pub_key_type: CertificateKeyType
        The type of public key contained in the certificate, either RSA-2048, RSA-4096, or ECC.
    child_name: str
        The name of this certificate.
    pub_key_id: int
        The ID of this certificate's public key.
    pub_key_modulus: int
        The modulus of this certificate's public key. Combined with the exponent to get the full key.
    pub_key_exponent: int
        The exponent of this certificate's public key. Combined with the modulus to get the full key.
    """
    def __init__(self):
        self.type: CertificateType | None = None
        self.signature: bytes = b''
        self.issuer: str = ""
        self.pub_key_type: CertificateKeyType | None = None
        self.child_name: str = ""
        self.pub_key_id: int = 0
        self.pub_key_modulus: int = 0
        self.pub_key_exponent: int = 0
    def load(self, cert: bytes) -> None:
        """
        Loads certificate data into the Certificate object, allowing you to parse the certificate.
        Parameters
        ----------
        cert: bytes
            The data for the certificate to load.
        """
        with io.BytesIO(cert) as cert_data:
            # Read the first 4 bytes of the cert to get the certificate's type.
            try:
                self.type = CertificateType.from_bytes(cert_data.read(0x4))
            except ValueError:
                raise ValueError("Invalid Certificate Type!")
            cert_length = CertificateSignatureLength[self.type.name]
            self.signature = cert_data.read(cert_length.value)
            cert_data.seek(0x40 + cert_length.value)
            self.issuer = str(cert_data.read(0x40).replace(b'\x00', b'').decode())
            try:
                cert_data.seek(0x80 + cert_length.value)
                self.pub_key_type = CertificateKeyType.from_bytes(cert_data.read(0x4))
            except ValueError:
                raise ValueError("Invalid Certificate Key type!")
            cert_data.seek(0x84 + cert_length.value)
            self.child_name = str(cert_data.read(0x40).replace(b'\x00', b'').decode())
            cert_data.seek(0xC4 + cert_length.value)
            self.pub_key_id = int.from_bytes(cert_data.read(0x4))
            key_length = CertificateKeyLength[self.pub_key_type.name]
            cert_data.seek(0xC8 + cert_length.value)
            self.pub_key_modulus = int.from_bytes(cert_data.read(key_length.value))
            if self.pub_key_type == CertificateKeyType.RSA_4096 or self.pub_key_type == CertificateKeyType.RSA_2048:
                self.pub_key_exponent = int.from_bytes(cert_data.read(0x4))
    def dump(self) -> bytes:
        """
        Dump the certificate object back into bytes.
        Returns
        -------
        bytes:
            The certificate file as bytes.
        """
        cert_data = b''
        cert_data += int.to_bytes(self.type.value, 4)
        cert_data += self.signature
        cert_data = _pad_bytes(cert_data)
        # Pad out the issuer name with null bytes.
        issuer = self.issuer.encode()
        while len(issuer) < 0x40:
            issuer += b'\x00'
        cert_data += issuer
        cert_data += int.to_bytes(self.pub_key_type.value, 4)
        # Pad out the child cert name with null bytes
        child_name = self.child_name.encode()
        while len(child_name) < 0x40:
            child_name += b'\x00'
        cert_data += child_name
        cert_data += int.to_bytes(self.pub_key_id, 4)
        cert_data += int.to_bytes(self.pub_key_modulus, CertificateKeyLength[self.pub_key_type.name])
        if self.pub_key_type == CertificateKeyType.RSA_4096 or self.pub_key_type == CertificateKeyType.RSA_2048:
            cert_data += int.to_bytes(self.pub_key_exponent, 4)
        # Pad out the certificate data to a multiple of 64.
        cert_data = _pad_bytes(cert_data)
        return cert_data
 class CertificateChain:
    """
    A CertificateChain object used to parse the chain of certificates stored in a WAD that are used for the Wii's
    content verification. The certificate chain is the format that the certificates are stored in as part of every WAD.
    Attributes
    ----------
    ca_cert: Certificate
        The CA certificate from the chain.
    tmd_cert: Certificate
        The CP (TMD) certificate from the chain.
    ticket_cert: Certificate
        The XS (Ticket) certificate from the chain.
    """
    def __init__(self):
        self.ca_cert: Certificate = Certificate()
        self.tmd_cert: Certificate = Certificate()
        self.ticket_cert: Certificate = Certificate()
    def load(self, cert_chain: bytes) -> None:
        """
        Loads certificate chain data into the CertificateChain object, allowing you to parse the individual
        certificates stored in the chain.
        Parameters
        ----------
        cert_chain: bytes
            The data for the certificate chain to load.
        """
        with (io.BytesIO(cert_chain) as cert_chain_data):
            # Read the two fields that denote different length sections of the certificate, so that we know how long
            # this certificate is in total.
            offset = 0x0
            for _ in range(3):
                cert_chain_data.seek(offset)
                cert_type = CertificateType.from_bytes(cert_chain_data.read(0x4))
                cert_chain_data.seek(offset + 0x80 + CertificateSignatureLength[cert_type.name].value)
                key_type = CertificateKeyType.from_bytes(cert_chain_data.read(0x4))
                cert_size = _align_value(0xC8 + CertificateSignatureLength[cert_type.name].value +
                                               CertificateKeyLength[key_type.name].value)
                cert_chain_data.seek(offset + 0x0)
                cert = Certificate()
                cert.load(cert_chain_data.read(cert_size))
                if cert.issuer == "Root":
                    self.ca_cert = cert
                elif cert.issuer.find("Root-CA") != -1:
                    if cert.child_name.find("CP") != -1:
                        self.tmd_cert = cert
                    elif cert.child_name.find("XS") != -1:
                        self.ticket_cert = cert
                    else:
                        raise ValueError("Unknown certificate in chain!")
                else:
                    raise ValueError("Unknown certificate in chain!")
                offset += cert_size
    def dump(self) -> bytes:
        """
        Dumps the full certificate chain back into bytes. This chain will always be formatted with the CA cert first,
        followed by the CP (TMD) cert, then finally the XS (Ticket) cert.
        Returns
        -------
        bytes
            The full certificate chain as bytes.
        """
        cert_chain_data = b''
        cert_chain_data += self.ca_cert.dump()
        cert_chain_data += self.tmd_cert.dump()
        cert_chain_data += self.ticket_cert.dump()
        return cert_chain_data
 def verify_ca_cert(ca_cert: Certificate) -> bool:
    """
    Verify a Wii CA certificate using the root public key. The retail or development root key will be automatically
    selected based off of the name of the CA certificate provided.
    Parameters
    ----------
    ca_cert: Certificate
        The CA certificate to verify.
    Returns
    -------
    bool
        Whether the certificate is valid or not.
    """
    if ca_cert.issuer != "Root" or ca_cert.child_name.find("CA") == -1:
        raise ValueError("The provided certificate is not a CA certificate!")
    if ca_cert.child_name == "CA00000001":
        root_key_modulus = \
            (b'\xf8$lX\xba\xe7P\x03\x01\xfb\xb7\xc2\xeb\xe0\x01\x05q\xda\x92#x\xf0QN\xc0\x03\x1d\xd0\xd2\x1e\xd3\xd0~'
             b'\xfc\x85 i\xb5\xde\x9b\xb9Q\xa8\xbc\x90\xa2D\x92m7\x92\x95\xae\x946\xaa\xa6\xa3\x02Q\x0c{\x1d\xed\xd5'
             b'\xfb \x86\x9d\x7f0\x16\xf6\xbee\xd3\x83\xa1m\xb32\x1b\x955\x18\x90\xb1p\x02\x93~\xe1\x93\xf5~\x99\xa2GN'
             b'\x9d8$\xc7\xae\xe3\x85A\xf5g\xe7Q\x8cz\x0e8\xe7\xeb\xafA\x19\x1b\xcf\xf1{B\xa6\xb4\xed\xe6\xce\x8d\xe71'
             b'\x8f\x7fR\x04\xb3\x99\x0e"gE\xaf\xd4\x85\xb2D\x93\x00\x8b\x08\xc7\xf6\xb7\xe5k\x02\xb3\xe8\xfe\x0c\x9d'
             b'\x85\x9c\xb8\xb6\x82#\xb8\xab\'\xee_e8\x07\x8b-\xb9\x1e*\x15>\x85\x81\x80r\xa2;m\xd92\x81\x05Oo\xb0\xf6'
             b'\xf5\xad(>\xca\x0bz\xf3TU\xe0=\xa7\xb6\x83&\xf3\xec\x83J\xf3\x14\x04\x8a\xc6\xdf \xd2\x85\x08g<\xabb\xa2'
             b'\xc7\xbc\x13\x1aS>\x0bf\x80k\x1c0fK7#1\xbd\xc4\xb0\xca\xd8\xd1\x1e\xe7\xbb\xd9(UH\xaa\xec\x1ff\xe8!\xb3'
             b'\xc8\xa0Gi\x00\xc5\xe6\x88\xe8\x0c\xce<a\xd6\x9c\xbb\xa17\xc6`Ozr\xdd\x8c{>=Q)\r\xaajY{\x08\x1f\x9d63'
             b'\xa3Fz5a\t\xac\xa7\xdd}./\xb2\xc1\xae\xb8\xe2\x0fH\x92\xd8\xb9\xf8\xb4oN<\x11\xf4\xf4}\x8bu}\xfe\xfe\xa3'
             b'\x89\x9c3Y\\^\xfd\xeb\xcb\xab\xe8A>:\x9a\x80<i5n\xb2\xb2\xad\\\xc4\xc8XE^\xf5\xf7\xb3\x06D\xb4|d\x06\x8c'
             b'\xdf\x80\x9fv\x02Z-\xb4F\xe0=|\xf6/4\xe7\x02E{\x02\xa4\xcf]\x9d\xd5<\xa5:|\xa6)x\x8cg\xca\x08\xbf\xec'
             b'\xcaC\xa9W\xad\x16\xc9N\x1c\xd8u\xca\x10}\xce~\x01\x18\xf0\xdfk\xfe\xe5\x1d\xdb\xd9\x91\xc2n`\xcdHX\xaa'
             b'Y,\x82\x00u\xf2\x9fRl\x91|o\xe5@>\xa7\xd4\xa5\x0c\xec;s\x84\xde\x88n\x82\xd2\xebMNB\xb5\xf2\xb1I\xa8\x1e'
             b'\xa7\xceqD\xdc)\x94\xcf\xc4N\x1f\x91\xcb\xd4\x95')
    elif ca_cert.child_name == "CA00000002":
        root_key_modulus = \
            (b'\x00\xd0\x1f\xe1\x00\xd45V\xb2KV\xda\xe9q\xb5\xa5\xd3\x84\xb90\x03\xbe\x1b\xbf(\xa20[\x06\x06EF}[\x02Q'
             b'\xd2V\x1a\'O\x9e\x9f\x9c\xecdaP\xab=*\xe36hf\xac\xa4\xba\xe8\x1a\xe3\xd7\x9a\xa6\xb0J\x8b\xcb\xa7\xe6'
             b'\xfbd\x89E\xeb\xdf\xdb\x85\xba\t\x1f\xd7\xd1\x14\xb5\xa3\xa7\x80\xe3\xa2.n\xcd\x87\xb5\xa4\xc6\xf9\x10'
             b'\xe4\x03"\x08\x81K\x0c\xee\xa1\xa1}\xf79i_a~\xf65(\xdb\x94\x967\xa0V\x03\x7f{2A8\x95\xc0\xa8\xf1\x98.'
             b'\x15e\xe3\x8e\xed\xc2.Y\x0e\xe2g{\x86\t\xf4\x8c.0?\xbc@\\\xac\x18\x04/\x82 \x84\xe4\x93h\x03\xda\x7fA4'
             b'\x92HV+\x8e\xe1/x\xf8\x03$c0\xbc{\xe7\xeerJ\xf4X\xa4r\xe7\xabF\xa1\xa7\xc1\x0c/\x18\xfa\x07\xc3\xdd\xd8'
             b'\x98\x06\xa1\x1c\x9c\xc10\xb2G\xa3<\x8dG\xdeg\xf2\x9eUw\xb1\x1cCI=[\xbav4\xa7\xe4\xe7\x151\xb7\xdfY\x81'
             b'\xfe$\xa1\x14UL\xbd\x8f\x00\\\xe1\xdb5\x08\\\xcf\xc7x\x06\xb6\xde%@h\xa2l\xb5I-E\x80C\x8f\xe1\xe5\xa9'
             b'\xedu\xc5\xedE\x1d\xcex\x949\xcc\xc3\xba(\xa21*\x1b\x87\x19\xef\x0fs\xb7\x13\x95\x0c\x02Y\x1atb\xa6\x07'
             b'\xf3|\n\xa7\xa1\x8f\xa9C\xa3mu*_A\x92\xf0\x13a\x00\xaa\x9c\xb4\x1b\xbe\x14\xbe\xb1\xf9\xfci/\xdf\xa0\x94'
             b'F\xdeZ\x9d\xde,\xa5\xf6\x8c\x1c\x0c!B\x92\x87\xcb-\xaa\xa3\xd2cu/s\xe0\x9f\xafDy\xd2\x81t)\xf6\x98\x00'
             b'\xaf\xdekY-\xc1\x98\x82\xbd\xf5\x81\xcc\xab\xf2\xcb\x91\x02\x9e\xf3\\L\xfd\xbb\xffI\xc1\xfa\x1b/\xe3\x1d'
             b'\xe7\xa5`\xec\xb4~\xbc\xfe2B[\x95o\x81\xb6\x99\x17H~;x\x91Q\xdb.x\xb1\xfd.\xbe~bk>\xa1e\xb4\xfb\x00\xcc'
             b'\xb7Q\xafPs)\xc4\xa3\x93\x9e\xa6\xdd\x9cP\xa0\xe78k\x01EykA\xafa\xf7\x85U\x94O;\xc2-\xc3\xbd\r\x00\xf8y'
             b'\x8aB\xb1\xaa\xa0\x83 e\x9a\xc79Z\xb4\xf3)')
    else:
        raise ValueError("The provided CA certificate is not valid!")
    root_key_exponent = 0x00010001
    cert_hash = SHA1.new(ca_cert.dump()[576:])
    public_key = RSA.construct((int.from_bytes(root_key_modulus), root_key_exponent))
    try:
        pkcs1_15.new(public_key).verify(cert_hash, ca_cert.signature)
        return True
    except ValueError:
        return False
 def verify_cert_sig(ca_cert: Certificate, target_cert: Certificate) -> bool:
    """
    Verify a TMD or Ticket certificate using a CA certificate.
    Parameters
    ----------
    ca_cert: Certificate
        The CA certificate to use for verification.
    target_cert: Certificate
        The target certificate to verify.
    Returns
    -------
    bool
        Whether the certificate's signature is valid or not.
    """
    if ca_cert.issuer != "Root" or ca_cert.child_name.find("CA") == -1:
        raise ValueError("The provided certificate is not a CA certificate!")
    # The issuer of the TMD/Ticket certs is Root-CA0000000X, so prepend "Root-" to the CA cert child name. If these
    # don't match, then there's probably a mismatch between retail and development certs.
    if f"Root-{ca_cert.child_name}" != target_cert.issuer:
        raise ValueError("The certificate you are trying to verify does not match the provided CA certificate!")
    cert_hash = SHA1.new(target_cert.dump()[320:])
    public_key = RSA.construct((ca_cert.pub_key_modulus, ca_cert.pub_key_exponent))
    try:
        pkcs1_15.new(public_key).verify(cert_hash, target_cert.signature)
        return True
    except ValueError:
        return False
 def verify_tmd_sig(tmd_cert: Certificate, tmd: TMD) -> bool:
    """
    Verify the signature of a TMD file using a TMD certificate.
    Parameters
    ----------
    tmd_cert: Certificate
        The TMD certificate to use for verification.
    tmd: TMD
        The TMD to verify.
    Returns
    -------
    bool
        Whether the TMD's signature is valid or not.
    """
    if tmd_cert.issuer.find("Root-CA") == -1 or tmd_cert.child_name.find("CP") == -1:
        raise ValueError("The provided TMD certificate is not valid!")
    if f"{tmd_cert.issuer}-{tmd_cert.child_name}" != tmd.signature_issuer:
        raise ValueError("The signature you are trying to verify was not created with the provided TMD certificate!")
    tmd_hash = SHA1.new(tmd.dump()[320:])
    public_key = RSA.construct((tmd_cert.pub_key_modulus, tmd_cert.pub_key_exponent))
    try:
        pkcs1_15.new(public_key).verify(tmd_hash, tmd.signature)
        return True
    except ValueError:
        return False
 def verify_ticket_sig(ticket_cert: Certificate, ticket: Ticket) -> bool:
    """
    Verify the signature of a Ticket file using a Ticket certificate.
    Parameters
    ----------
    ticket_cert: Certificate
        The Ticket certificate to use for verification.
    ticket: Ticket
        The Ticket to verify.
    Returns
    -------
    bool
        Whether the Ticket's signature is valid or not.
    """
    if ticket_cert.issuer.find("Root-CA") == -1 or ticket_cert.child_name.find("XS") == -1:
        raise ValueError("The provided Ticket certificate is not valid!")
    if f"{ticket_cert.issuer}-{ticket_cert.child_name}" != ticket.signature_issuer:
        raise ValueError("The signature you are trying to verify was not created with the provided Ticket certificate!")
    ticket_hash = SHA1.new(ticket.dump()[320:])
    public_key = RSA.construct((ticket_cert.pub_key_modulus, ticket_cert.pub_key_exponent))
    try:
        pkcs1_15.new(public_key).verify(ticket_hash, ticket.signature)
        return True
    except ValueError:
        return False
--- a/src/libWiiPy/title/commonkeys.py
+++ b/src/libWiiPy/title/commonkeys.py
@@ -7,11 +7,14 @@ common_key = 'ebe42a225e8593e448d9c5457381aaf7'
 korean_key = '63b82bb4f4614e2e13f2fefbba4c9b7e'
 vwii_key = '30bfc76e7c19afbb23163330ced7c28d'
 development_key = 'a1604a6a7123b529ae8bec32c816fcaa'
-def get_common_key(common_key_index) -> bytes:
+
 def get_common_key(common_key_index, dev=False) -> bytes:
    """
    Gets the specified Wii Common Key based on the index provided. If an invalid common key index is provided, this
-    function falls back on always returning key 0 (the Common Key).
+    function falls back on always returning key 0 (the Common Key). If the kwarg "dev" is specified, then key 0 will
    point to the development common key rather than the retail one. Keys 1 and 2 are unaffected by this argument.
    Possible values for common_key_index: 0: Common Key, 1: Korean Key, 2: vWii Key
@@ -19,6 +22,8 @@ def get_common_key(common_key_index) -> bytes:
    ----------
    common_key_index : int
        The index of the common key to be returned.
    dev : bool
        If the dev keys should be used in place of the retail keys. Only affects key 0.
    Returns
    -------
@@ -27,7 +32,10 @@ def get_common_key(common_key_index) -> bytes:
    """
    match common_key_index:
        case 0:
-            common_key_bin = binascii.unhexlify(common_key)
+            if dev:
                common_key_bin = binascii.unhexlify(development_key)
            else:
                common_key_bin = binascii.unhexlify(common_key)
        case 1:
            common_key_bin = binascii.unhexlify(korean_key)
        case 2:
--- a/src/libWiiPy/title/content.py
+++ b/src/libWiiPy/title/content.py
@@ -117,10 +117,6 @@ class ContentRegion:
        """
        Gets an individual content from the content region based on the provided index, in encrypted form.
        This uses the content index, which is the value tied to each content and used as the IV for encryption, rather
        than the literal index in the array of content, because sometimes the contents end up out of order in a WAD
        while still retaining the original indices.
        Parameters
        ----------
        index : int
@@ -131,17 +127,10 @@ class ContentRegion:
        bytes
            The encrypted content listed in the content record.
        """
-        # Get a list of the current content indices, so we can make sure the target one exists. Doing it this way
+        if index >= self.num_contents:
-        # ensures we can find the target, even if the highest content index is greater than the highest literal index.
+            raise ValueError(f"You are trying to get the content at index {index}, but no content with that "
-        current_indices = []
+                             f"index exists!")
-        for record in self.content_records:
+        content_enc = self.content_list[index]
            current_indices.append(record.index)
        if index not in current_indices:
            raise ValueError("You are trying to get the content at index " + str(index) + ", but no content with that "
                             "index exists!")
        # This is the literal index in the list of content that we're going to get.
        target_index = current_indices.index(index)
        content_enc = self.content_list[target_index]
        return content_enc
    def get_enc_content_by_cid(self, cid: int) -> bytes:
@@ -181,14 +170,10 @@ class ContentRegion:
        """
        Gets an individual content from the content region based on the provided index, in decrypted form.
        This uses the content index, which is the value tied to each content and used as the IV for encryption, rather
        than the literal index in the array of content, because sometimes the contents end up out of order in a WAD
        while still retaining the original indices.
        Parameters
        ----------
        index : int
-            The content index of the content you want to get.
+            The index of the content you want to get.
        title_key : bytes
            The Title Key for the title the content is from.
        skip_hash : bool, optional
@@ -199,19 +184,14 @@ class ContentRegion:
        bytes
            The decrypted content listed in the content record.
        """
-        # Get a list of the current content indices, so we can make sure the target one exists. Doing it this way
+        # Get the content index in the Content Record to ensure decryption works properly.
-        # ensures we can find the target, even if the highest content index is greater than the highest literal index.
+        cnt_index = self.content_records[index].index
        current_indices = []
        for record in self.content_records:
            current_indices.append(record.index)
        # This is the literal index in the list of content that we're going to get.
        target_index = current_indices.index(index)
        content_enc = self.get_enc_content_by_index(index)
-        content_dec = decrypt_content(content_enc, title_key, index, self.content_records[target_index].content_size)
+        content_dec = decrypt_content(content_enc, title_key, cnt_index, self.content_records[index].content_size)
        # Hash the decrypted content and ensure that the hash matches the one in its Content Record.
        # If it does not, then something has gone wrong in the decryption, and an error will be thrown.
        content_dec_hash = hashlib.sha1(content_dec).hexdigest()
-        content_record_hash = str(self.content_records[target_index].content_hash.decode())
+        content_record_hash = str(self.content_records[index].content_hash.decode())
        # Compare the hash and throw a ValueError if the hash doesn't match.
        if content_dec_hash != content_record_hash:
            if skip_hash:
@@ -273,9 +253,7 @@ class ContentRegion:
    def get_index_from_cid(self, cid: int) -> int:
        """
-        Gets the content index of a content by its Content ID. The returned index is the value tied to each content and
+        Gets the index of a content by its Content ID.
        used as the IV for encryption, rather than the literal index in the array of content, because sometimes the
        contents end up out of order in a WAD while still retaining the original indices.
        Parameters
        ----------
@@ -293,9 +271,8 @@ class ContentRegion:
            content_ids.append(record.content_id)
        if cid not in content_ids:
            raise ValueError("The specified Content ID does not exist!")
-        literal_index = content_ids.index(cid)
+        index = content_ids.index(cid)
-        target_index = self.content_records[literal_index].index
+        return index
        return target_index
    def add_enc_content(self, enc_content: bytes, cid: int, index: int, content_type: int, content_size: int,
                        content_hash: bytes) -> None:
@@ -327,6 +304,7 @@ class ContentRegion:
        # If we're good, then append all the data and create a new ContentRecord().
        self.content_list.append(enc_content)
        self.content_records.append(_ContentRecord(cid, index, content_type, content_size, content_hash))
        self.num_contents += 1
    def add_content(self, dec_content: bytes, cid: int, content_type: int, title_key: bytes) -> None:
        """
@@ -363,18 +341,14 @@ class ContentRegion:
        """
        Sets the content at the provided content index to the provided new encrypted content. The provided hash and
        content size are set in the corresponding content record. A new Content ID or content type can also be
-        specified, but if it isn't than the current values are preserved.
+        specified, but if it isn't then the current values are preserved.
        This uses the content index, which is the value tied to each content and used as the IV for encryption, rather
        than the literal index in the array of content, because sometimes the contents end up out of order in a WAD
        while still retaining the original indices.
        Parameters
        ----------
        enc_content : bytes
            The new encrypted content to set.
        index : int
-            The target content index to set the new content at.
+            The target index to set the new content at.
        content_size : int
            The size of the new encrypted content when decrypted.
        content_hash : bytes
@@ -384,34 +358,27 @@ class ContentRegion:
        content_type : int, optional
            The type of the new content. Current value will be preserved if not set.
        """
-        # Get a list of the current content indices, so we can make sure the target one exists. Doing it this way
+        if index >= self.num_contents:
-        # ensures we can find the target, even if the highest content index is greater than the highest literal index.
+            raise ValueError(f"You are trying to set the content at index {index}, but no content with that "
-        current_indices = []
+                             f"index currently exists!")
        for record in self.content_records:
            current_indices.append(record.index)
        if index not in current_indices:
            raise ValueError("You are trying to set the content at index " + str(index) + ", but no content with that "
                             "index currently exists!")
        # This is the literal index in the list of content/content records that we're going to change.
        target_index = current_indices.index(index)
        # Reassign the values, but only set the optional ones if they were passed.
-        self.content_records[target_index].content_size = content_size
+        self.content_records[index].content_size = content_size
-        self.content_records[target_index].content_hash = content_hash
+        self.content_records[index].content_hash = content_hash
        if cid is not None:
-            self.content_records[target_index].content_id = cid
+            self.content_records[index].content_id = cid
        if content_type is not None:
-            self.content_records[target_index].content_type = content_type
+            self.content_records[index].content_type = content_type
        # Add blank entries to the list to ensure that its length matches the length of the content record list.
        while len(self.content_list) < len(self.content_records):
            self.content_list.append(b'')
-        self.content_list[target_index] = enc_content
+        self.content_list[index] = enc_content
    def set_content(self, dec_content: bytes, index: int, title_key: bytes, cid: int = None,
                    content_type: int = None) -> None:
        """
        Sets the content at the provided content index to the provided new decrypted content. The hash and content size
        of this content will be generated and then set in the corresponding content record. A new Content ID or content
-        type can also be specified, but if it isn't than the current values are preserved.
+        type can also be specified, but if it isn't then the current values are preserved.
        The provided Title Key is used to encrypt the content so that it can be set in the ContentRegion.
@@ -432,8 +399,9 @@ class ContentRegion:
        content_size = len(dec_content)
        # Calculate the hash of the new content.
        content_hash = str.encode(hashlib.sha1(dec_content).hexdigest())
-        # Encrypt the content using the provided Title Key and index.
+        # Encrypt the content using the provided Title Key and the index from the Content Record, to ensure that
-        enc_content = encrypt_content(dec_content, title_key, index)
+        # encryption will succeed even if the provided index doesn't match the content's index.
        enc_content = encrypt_content(dec_content, title_key, self.content_records[index].index)
        # Pass values to set_enc_content()
        self.set_enc_content(enc_content, index, content_size, content_hash, cid, content_type)
@@ -443,10 +411,6 @@ class ContentRegion:
        it matches the record at that index. Not recommended for most use cases, use decrypted content and
        load_content() instead.
        This uses the content index, which is the value tied to each content and used as the IV for encryption, rather
        than the literal index in the array of content, because sometimes the contents end up out of order in a WAD
        while still retaining the original indices.
        Parameters
        ----------
        enc_content : bytes
@@ -454,20 +418,13 @@ class ContentRegion:
        index : int
            The content index to load the content at.
        """
-        # Get a list of the current content indices, so we can make sure the target one exists. Doing it this way
+        if index >= self.num_contents:
-        # ensures we can find the target, even if the highest content index is greater than the highest literal index.
+            raise ValueError(f"You are trying to load the content at index {index}, but no content with that "
-        current_indices = []
+                             f"index currently exists! Make sure the correct content records have been loaded.")
        for record in self.content_records:
            current_indices.append(record.index)
        if index not in current_indices:
            raise ValueError("You are trying to load the content at index " + str(index) + ", but no content with that "
                             "index currently exists! Make sure the correct content records have been loaded.")
        # Add blank entries to the list to ensure that its length matches the length of the content record list.
        while len(self.content_list) < len(self.content_records):
            self.content_list.append(b'')
-        # This is the literal index in the list of content/content records that we're going to change.
+        self.content_list[index] = enc_content
        target_index = current_indices.index(index)
        self.content_list[target_index] = enc_content
    def load_content(self, dec_content: bytes, index: int, title_key: bytes) -> None:
        """
@@ -475,32 +432,21 @@ class ContentRegion:
        sure that it matches the corresponding record. This content will then be encrypted using the provided Title Key
        before being loaded.
        This uses the content index, which is the value tied to each content and used as the IV for encryption, rather
        than the literal index in the array of content, because sometimes the contents end up out of order in a WAD
        while still retaining the original indices.
        Parameters
        ----------
        dec_content : bytes
            The decrypted content to load.
        index : int
-            The content index to load the content at.
+            The index to load the content at.
        title_key: bytes
            The Title Key that matches the decrypted content.
        """
-        # Get a list of the current content indices, so we can make sure the target one exists. Doing it this way
+        if index >= self.num_contents:
-        # ensures we can find the target, even if the highest content index is greater than the highest literal index.
+            raise ValueError(f"You are trying to load the content at index {index}, but no content with that "
-        current_indices = []
+                             f"index currently exists! Make sure the correct content records have been loaded.")
        for record in self.content_records:
            current_indices.append(record.index)
        if index not in current_indices:
            raise ValueError("You are trying to load the content at index " + str(index) + ", but no content with that "
                             "index currently exists! Make sure the correct content records have been loaded.")
        # This is the literal index in the list of content/content records that we're going to change.
        target_index = current_indices.index(index)
        # Check the hash of the content against the hash stored in the record to ensure it matches.
        content_hash = hashlib.sha1(dec_content).hexdigest()
-        if content_hash != self.content_records[target_index].content_hash.decode():
+        if content_hash != self.content_records[index].content_hash.decode():
            raise ValueError("The decrypted content provided does not match the record at the provided index. \n"
                             "Expected hash is: {}\n".format(self.content_records[index].content_hash.decode()) +
                             "Actual hash is: {}".format(content_hash))
@@ -508,11 +454,10 @@ class ContentRegion:
        while len(self.content_list) < len(self.content_records):
            self.content_list.append(b'')
        # If the hash matches, encrypt the content and set it where it belongs.
-        # This uses the index from the content records instead of just the index given, because there are some strange
+        # This uses the index from the content records instead of just the index given, because there are some poorly
-        # circumstances where the actual index in the array and the assigned content index don't match up, and this
+        # made custom WADs out there that don't have the contents in order, for whatever reason.
-        # needs to accommodate that. Seems to only apply to custom WADs ? (Like cIOS WADs?)
+        enc_content = encrypt_content(dec_content, title_key, self.content_records[index].index)
-        enc_content = encrypt_content(dec_content, title_key, index)
+        self.content_list[index] = enc_content
        self.content_list[target_index] = enc_content
    def remove_content_by_index(self, index: int) -> None:
        """
@@ -525,19 +470,13 @@ class ContentRegion:
        index : int
            The index of the content you want to remove.
        """
-        # Get a list of the current content indices, so we can make sure the target one exists. Doing it this way
+        if index >= self.num_contents:
-        # ensures we can find the target, even if the highest content index is greater than the highest literal index.
+            raise ValueError(f"You are trying to remove the content at index {index}, but no content with "
-        current_indices = []
+                             f"that index currently exists!")
        for record in self.content_records:
            current_indices.append(record.index)
        if index not in current_indices:
            raise ValueError("You are trying to remove the content at index " + str(index) + ", but no content with "
                             "that index currently exists!")
        # This is the literal index in the list of content/content records that we're going to change.
        target_index = current_indices.index(index)
        # Delete the target index from both the content list and content records.
-        self.content_list.pop(target_index)
+        self.content_list.pop(index)
-        self.content_records.pop(target_index)
+        self.content_records.pop(index)
        self.num_contents -= 1
    def remove_content_by_cid(self, cid: int) -> None:
        """
@@ -551,11 +490,11 @@ class ContentRegion:
            The Content ID of the content you want to remove.
        """
        try:
-            content_index = self.get_index_from_cid(cid)
+            index = self.get_index_from_cid(cid)
        except ValueError:
            raise ValueError(f"You are trying to remove content with Content ID {cid}, "
                             f"but no content with that ID exists!")
-        self.remove_content_by_index(content_index)
+        self.remove_content_by_index(index)
@_dataclass
--- a/src/libWiiPy/title/crypto.py
+++ b/src/libWiiPy/title/crypto.py
@@ -1,8 +1,8 @@
 # "title/crypto.py" from libWiiPy by NinjaCheetah & Contributors
 # https://github.com/NinjaCheetah/libWiiPy
 import struct
 import binascii
 import struct
 from .commonkeys import get_common_key
 from Crypto.Cipher import AES as _AES
@@ -30,7 +30,7 @@ def _convert_tid_to_iv(title_id: str | bytes) -> bytes:
    return title_key_iv
-def decrypt_title_key(title_key_enc: bytes, common_key_index: int, title_id: bytes | str) -> bytes:
+def decrypt_title_key(title_key_enc: bytes, common_key_index: int, title_id: bytes | str, dev=False) -> bytes:
    """
    Gets the decrypted version of the encrypted Title Key provided.
@@ -44,6 +44,8 @@ def decrypt_title_key(title_key_enc: bytes, common_key_index: int, title_id: byt
        The index of the common key used to encrypt the Title Key.
    title_id : bytes, str
        The Title ID of the title that the key is for.
    dev : bool
        Whether the Title Key is encrypted with the development key or not.
    Returns
    -------
@@ -51,7 +53,7 @@ def decrypt_title_key(title_key_enc: bytes, common_key_index: int, title_id: byt
        The decrypted Title Key.
    """
    # Load the correct common key for the title.
-    common_key = get_common_key(common_key_index)
+    common_key = get_common_key(common_key_index, dev)
    # Convert the IV into the correct format based on the type provided.
    title_key_iv = _convert_tid_to_iv(title_id)
    # The IV will always be in the same format by this point, so add the last 8 bytes.
@@ -63,7 +65,7 @@ def decrypt_title_key(title_key_enc: bytes, common_key_index: int, title_id: byt
    return title_key
-def encrypt_title_key(title_key_dec: bytes, common_key_index: int, title_id: bytes | str) -> bytes:
+def encrypt_title_key(title_key_dec: bytes, common_key_index: int, title_id: bytes | str, dev=False) -> bytes:
    """
    Encrypts the provided Title Key with the selected common key.
@@ -77,6 +79,8 @@ def encrypt_title_key(title_key_dec: bytes, common_key_index: int, title_id: byt
        The index of the common key used to encrypt the Title Key.
    title_id : bytes, str
        The Title ID of the title that the key is for.
    dev : bool
        Whether the Title Key is encrypted with the development key or not.
    Returns
    -------
@@ -84,7 +88,7 @@ def encrypt_title_key(title_key_dec: bytes, common_key_index: int, title_id: byt
        An encrypted Title Key.
    """
    # Load the correct common key for the title.
-    common_key = get_common_key(common_key_index)
+    common_key = get_common_key(common_key_index, dev)
    # Convert the IV into the correct format based on the type provided.
    title_key_iv = _convert_tid_to_iv(title_id)
    # The IV will always be in the same format by this point, so add the last 8 bytes.
--- a/src/libWiiPy/title/nus.py
+++ b/src/libWiiPy/title/nus.py
@@ -6,6 +6,7 @@
 import requests
 import hashlib
 from typing import List
 from urllib.parse import urlparse as _urlparse
 from .title import Title
 from .tmd import TMD
 from .ticket import Ticket
@@ -13,7 +14,8 @@ from .ticket import Ticket
 _nus_endpoint = ["http://nus.cdn.shop.wii.com/ccs/download/", "http://ccs.cdn.wup.shop.nintendo.net/ccs/download/"]
-def download_title(title_id: str, title_version: int = None, wiiu_endpoint: bool = False) -> Title:
+def download_title(title_id: str, title_version: int = None, wiiu_endpoint: bool = False,
                   endpoint_override: str = None) -> Title:
    """
    Download an entire title and all of its contents, then load the downloaded components into a Title object for
    further use. This method is NOT recommended for general use, as it has absolutely no verbosity. It is instead
@@ -23,10 +25,13 @@ def download_title(title_id: str, title_version: int = None, wiiu_endpoint: bool
    ----------
    title_id : str
        The Title ID of the title to download.
-    title_version : int, option
+    title_version : int, optional
        The version of the title to download. Defaults to latest if not set.
-    wiiu_endpoint : bool, option
+    wiiu_endpoint : bool, optional
        Whether the Wii U endpoint for the NUS should be used or not. This increases download speeds. Defaults to False.
    endpoint_override: str, optional
        A custom endpoint URL to use instead of the standard Wii or Wii U endpoints. Defaults to no override, and if
        set entirely overrides the "wiiu_endpoint" parameter.
    Returns
    -------
@@ -35,18 +40,19 @@ def download_title(title_id: str, title_version: int = None, wiiu_endpoint: bool
    """
    # First, create the new title.
    title = Title()
-    # Download and load the TMD, Ticket, and certs.
+    # Download and load the certificate chain, TMD, and Ticket.
-    title.load_tmd(download_tmd(title_id, title_version, wiiu_endpoint))
+    title.load_cert_chain(download_cert_chain(wiiu_endpoint, endpoint_override))
-    title.load_ticket(download_ticket(title_id, wiiu_endpoint))
+    title.load_tmd(download_tmd(title_id, title_version, wiiu_endpoint, endpoint_override))
-    title.wad.set_cert_data(download_cert(wiiu_endpoint))
+    title.load_ticket(download_ticket(title_id, wiiu_endpoint, endpoint_override))
    # Download all contents
    title.load_content_records()
-    title.content.content_list = download_contents(title_id, title.tmd, wiiu_endpoint)
+    title.content.content_list = download_contents(title_id, title.tmd, wiiu_endpoint, endpoint_override)
    # Return the completed title.
    return title
-def download_tmd(title_id: str, title_version: int = None, wiiu_endpoint: bool = False) -> bytes:
+def download_tmd(title_id: str, title_version: int = None, wiiu_endpoint: bool = False,
                 endpoint_override: str = None) -> bytes:
    """
    Downloads the TMD of the Title specified in the object. Will download the latest version by default, or another
    version if it was manually specified in the object.
@@ -59,6 +65,9 @@ def download_tmd(title_id: str, title_version: int = None, wiiu_endpoint: bool =
        The version of the TMD to download. Defaults to latest if not set.
    wiiu_endpoint : bool, option
        Whether the Wii U endpoint for the NUS should be used or not. This increases download speeds. Defaults to False.
    endpoint_override: str, optional
        A custom endpoint URL to use instead of the standard Wii or Wii U endpoints. Defaults to no override, and if
        set entirely overrides the "wiiu_endpoint" parameter.
    Returns
    -------
@@ -67,10 +76,14 @@ def download_tmd(title_id: str, title_version: int = None, wiiu_endpoint: bool =
    """
    # Build the download URL. The structure is download/<TID>/tmd for latest and download/<TID>/tmd.<version> for
    # when a specific version is requested.
-    if wiiu_endpoint is False:
+    if endpoint_override is not None:
-        tmd_url = _nus_endpoint[0] + title_id + "/tmd"
+        endpoint_url = _validate_endpoint(endpoint_override)
    else:
-        tmd_url = _nus_endpoint[1] + title_id + "/tmd"
+        if wiiu_endpoint:
            endpoint_url = _nus_endpoint[1]
        else:
            endpoint_url = _nus_endpoint[0]
    tmd_url = endpoint_url + title_id + "/tmd"
    # Add the version to the URL if one was specified.
    if title_version is not None:
        tmd_url += "." + str(title_version)
@@ -89,7 +102,7 @@ def download_tmd(title_id: str, title_version: int = None, wiiu_endpoint: bool =
    return tmd
-def download_ticket(title_id: str, wiiu_endpoint: bool = False) -> bytes:
+def download_ticket(title_id: str, wiiu_endpoint: bool = False, endpoint_override: str = None) -> bytes:
    """
    Downloads the Ticket of the Title specified in the object. This will only work if the Title ID specified is for
    a free title.
@@ -100,6 +113,9 @@ def download_ticket(title_id: str, wiiu_endpoint: bool = False) -> bytes:
        The Title ID of the title to download the Ticket for.
    wiiu_endpoint : bool, option
        Whether the Wii U endpoint for the NUS should be used or not. This increases download speeds. Defaults to False.
    endpoint_override: str, optional
        A custom endpoint URL to use instead of the standard Wii or Wii U endpoints. Defaults to no override, and if
        set entirely overrides the "wiiu_endpoint" parameter.
    Returns
    -------
@@ -108,10 +124,14 @@ def download_ticket(title_id: str, wiiu_endpoint: bool = False) -> bytes:
    """
    # Build the download URL. The structure is download/<TID>/cetk, and cetk will only exist if this is a free
    # title.
-    if wiiu_endpoint is False:
+    if endpoint_override is not None:
-        ticket_url = _nus_endpoint[0] + title_id + "/cetk"
+        endpoint_url = _validate_endpoint(endpoint_override)
    else:
-        ticket_url = _nus_endpoint[1] + title_id + "/cetk"
+        if wiiu_endpoint:
            endpoint_url = _nus_endpoint[1]
        else:
            endpoint_url = _nus_endpoint[0]
    ticket_url = endpoint_url + title_id + "/cetk"
    # Make the request.
    ticket_request = requests.get(url=ticket_url, headers={'User-Agent': 'wii libnup/1.0'}, stream=True)
    if ticket_request.status_code != 200:
@@ -126,44 +146,51 @@ def download_ticket(title_id: str, wiiu_endpoint: bool = False) -> bytes:
    return ticket
-def download_cert(wiiu_endpoint: bool = False) -> bytes:
+def download_cert_chain(wiiu_endpoint: bool = False, endpoint_override: str = None) -> bytes:
    """
-    Downloads the signing certificate used by all WADs. This uses System Menu 4.3U as the source.
+    Downloads the signing certificate chain used by all WADs. This uses System Menu 4.3U as the source.
    Parameters
    ----------
    wiiu_endpoint : bool, option
        Whether the Wii U endpoint for the NUS should be used or not. This increases download speeds. Defaults to False.
    endpoint_override: str, optional
        A custom endpoint URL to use instead of the standard Wii or Wii U endpoints. Defaults to no override, and if
        set entirely overrides the "wiiu_endpoint" parameter.
    Returns
    -------
    bytes
        The cert file.
    """
-    # Download the TMD and cetk for the System Menu 4.3U.
+    # Download the TMD and cetk for System Menu 4.3U (v513).
-    if wiiu_endpoint is False:
+    if endpoint_override is not None:
-        tmd_url = _nus_endpoint[0] + "0000000100000002/tmd.513"
+        endpoint_url = _validate_endpoint(endpoint_override)
        cetk_url = _nus_endpoint[0] + "0000000100000002/cetk"
    else:
-        tmd_url = _nus_endpoint[1] + "0000000100000002/tmd.513"
+        if wiiu_endpoint:
-        cetk_url = _nus_endpoint[1] + "0000000100000002/cetk"
+            endpoint_url = _nus_endpoint[1]
        else:
            endpoint_url = _nus_endpoint[0]
    tmd_url = endpoint_url + "0000000100000002/tmd.513"
    cetk_url = endpoint_url + "0000000100000002/cetk"
    tmd = requests.get(url=tmd_url, headers={'User-Agent': 'wii libnup/1.0'}, stream=True).content
    cetk = requests.get(url=cetk_url, headers={'User-Agent': 'wii libnup/1.0'}, stream=True).content
-    # Assemble the certificate.
+    # Assemble the certificate chain.
-    cert = b''
+    cert_chain = b''
    # Certificate Authority data.
-    cert += cetk[0x2A4 + 768:]
+    cert_chain += cetk[0x2A4 + 768:]
-    # Certificate Policy data.
+    # Certificate Policy (TMD certificate) data.
-    cert += tmd[0x328:0x328 + 768]
+    cert_chain += tmd[0x328:0x328 + 768]
-    # XS data.
+    # XS (Ticket certificate) data.
-    cert += cetk[0x2A4:0x2A4 + 768]
+    cert_chain += cetk[0x2A4:0x2A4 + 768]
-    # Since the cert is always the same, check the hash to make sure nothing went wildly wrong.
+    # Since the cert chain is always the same, check the hash to make sure nothing went wildly wrong.
-    if hashlib.sha1(cert).hexdigest() != "ace0f15d2a851c383fe4657afc3840d6ffe30ad0":
+    if hashlib.sha1(cert_chain).hexdigest() != "ace0f15d2a851c383fe4657afc3840d6ffe30ad0":
        raise Exception("An unknown error has occurred downloading and creating the certificate.")
-    return cert
+    return cert_chain
-def download_content(title_id: str, content_id: int, wiiu_endpoint: bool = False) -> bytes:
+def download_content(title_id: str, content_id: int, wiiu_endpoint: bool = False,
                     endpoint_override: str = None) -> bytes:
    """
    Downloads a specified content for the title specified in the object.
@@ -175,6 +202,9 @@ def download_content(title_id: str, content_id: int, wiiu_endpoint: bool = False
        The Content ID of the content you wish to download.
    wiiu_endpoint : bool, option
        Whether the Wii U endpoint for the NUS should be used or not. This increases download speeds. Defaults to False.
    endpoint_override: str, optional
        A custom endpoint URL to use instead of the standard Wii or Wii U endpoints. Defaults to no override, and if
        set entirely overrides the "wiiu_endpoint" parameter.
    Returns
    -------
@@ -185,10 +215,14 @@ def download_content(title_id: str, content_id: int, wiiu_endpoint: bool = False
    content_id_hex = hex(content_id)[2:]
    if len(content_id_hex) < 2:
        content_id_hex = "0" + content_id_hex
-    if wiiu_endpoint is False:
+    if endpoint_override is not None:
-        content_url = _nus_endpoint[0] + title_id + "/000000" + content_id_hex
+        endpoint_url = _validate_endpoint(endpoint_override)
    else:
-        content_url = _nus_endpoint[1] + title_id + "/000000" + content_id_hex
+        if wiiu_endpoint:
            endpoint_url = _nus_endpoint[1]
        else:
            endpoint_url = _nus_endpoint[0]
    content_url = endpoint_url + title_id + "/000000" + content_id_hex
    # Make the request.
    content_request = requests.get(url=content_url, headers={'User-Agent': 'wii libnup/1.0'}, stream=True)
    if content_request.status_code != 200:
@@ -199,7 +233,8 @@ def download_content(title_id: str, content_id: int, wiiu_endpoint: bool = False
    return content_data
-def download_contents(title_id: str, tmd: TMD, wiiu_endpoint: bool = False) -> List[bytes]:
+def download_contents(title_id: str, tmd: TMD, wiiu_endpoint: bool = False,
                      endpoint_override: str = None) -> List[bytes]:
    """
    Downloads all the contents for the title specified in the object. This requires a TMD to already be available
    so that the content records can be accessed.
@@ -212,6 +247,9 @@ def download_contents(title_id: str, tmd: TMD, wiiu_endpoint: bool = False) -> L
        The TMD that matches the title that the contents being downloaded are from.
    wiiu_endpoint : bool, option
        Whether the Wii U endpoint for the NUS should be used or not. This increases download speeds. Defaults to False.
    endpoint_override: str, optional
        A custom endpoint URL to use instead of the standard Wii or Wii U endpoints. Defaults to no override, and if
        set entirely overrides the "wiiu_endpoint" parameter.
    Returns
    -------
@@ -228,6 +266,29 @@ def download_contents(title_id: str, tmd: TMD, wiiu_endpoint: bool = False) -> L
    content_list = []
    for content_id in content_ids:
        # Call self.download_content() for each Content ID.
-        content = download_content(title_id, content_id, wiiu_endpoint)
+        content = download_content(title_id, content_id, wiiu_endpoint, endpoint_override)
        content_list.append(content)
    return content_list
 def _validate_endpoint(endpoint: str) -> str:
    """
    Validate the provided NUS endpoint URL and append the required path if necessary.
    Parameters
    ----------
    endpoint: str
        The NUS endpoint URL to validate.
    Returns
    -------
    str
        The validated NUS endpoint with the proper path.
    """
    # Find the root of the URL and then assemble the correct URL based on that.
    new_url = _urlparse(endpoint)
    if new_url.netloc == "":
        endpoint_url = "http://" + new_url.path + "/ccs/download/"
    else:
        endpoint_url = "http://" + new_url.netloc + "/ccs/download/"
    return endpoint_url
--- a/src/libWiiPy/title/ticket.py
+++ b/src/libWiiPy/title/ticket.py
@@ -23,12 +23,11 @@ class _TitleLimit:
    Attributes
    ----------
    limit_type : int
-        The type of play limit applied.
+        The type of play limit applied. 0 and 3 are none, 1 is a time limit, and 4 is a launch count limit.
    maximum_usage : int
        The maximum value for the type of play limit applied.
    """
    # The type of play limit applied.
    # 0 = None, 1 = Time Limit, 3 = None, 4 = Launch Count
    limit_type: int
    # The maximum value of the limit applied.
    maximum_usage: int
@@ -40,6 +39,9 @@ class Ticket:
    Attributes
    ----------
    is_dev : bool
        Whether this Ticket is signed for development or not, and whether the Title Key is encrypted for development
        or not.
    signature : bytes
        The signature applied to the ticket.
    ticket_version : int
@@ -56,6 +58,8 @@ class Ticket:
        The index of the common key required to decrypt this ticket's Title Key.
    """
    def __init__(self):
        # If this is a dev ticket
        self.is_dev: bool = False  # Defaults to false, set to true during load if this ticket is using dev certs.
        # Signature blob header
        self.signature_type: bytes = b''  # Type of signature, always 0x10001 for RSA-2048
        self.signature: bytes = b''  # Actual signature data
@@ -103,7 +107,7 @@ class Ticket:
            self.signature = ticket_data.read(256)
            # Signature issuer.
            ticket_data.seek(0x140)
-            self.signature_issuer = str(ticket_data.read(64).decode())
+            self.signature_issuer = str(ticket_data.read(64).replace(b'\x00', b'').decode())
            # ECDH data.
            ticket_data.seek(0x180)
            self.ecdh_data = ticket_data.read(60)
@@ -155,6 +159,11 @@ class Ticket:
                limit_type = int.from_bytes(ticket_data.read(4))
                limit_value = int.from_bytes(ticket_data.read(4))
                self.title_limits_list.append(_TitleLimit(limit_type, limit_value))
        # Check certs to see if this is a retail or dev ticket. Treats unknown certs as being retail for now.
        if self.signature_issuer.find("Root-CA00000002-XS00000006") != -1:
            self.is_dev = True
        else:
            self.is_dev = False
    def dump(self) -> bytes:
        """
@@ -173,7 +182,10 @@ class Ticket:
        # Padding to 64 bytes.
        ticket_data += b'\x00' * 60
        # Signature issuer.
-        ticket_data += str.encode(self.signature_issuer)
+        signature_issuer = self.signature_issuer.encode()
        while len(signature_issuer) < 0x40:
            signature_issuer += b'\x00'
        ticket_data += signature_issuer
        # ECDH data.
        ticket_data += self.ecdh_data
        # Ticket version.
@@ -315,7 +327,7 @@ class Ticket:
        bytes
            The decrypted title key.
        """
-        title_key = decrypt_title_key(self.title_key_enc, self.common_key_index, self.title_id)
+        title_key = decrypt_title_key(self.title_key_enc, self.common_key_index, self.title_id, self.is_dev)
        return title_key
    def set_title_id(self, title_id) -> None:
--- a/src/libWiiPy/title/title.py
+++ b/src/libWiiPy/title/title.py
@@ -4,6 +4,7 @@
 # See https://wiibrew.org/wiki/Title for details about how titles are formatted
 import math
 from .cert import CertificateChain
 from .content import ContentRegion
 from .ticket import Ticket
 from .tmd import TMD
@@ -19,17 +20,20 @@ class Title:
    Attributes
    ----------
-    wad : WAD
+    wad: WAD
        A WAD object of a WAD containing the title's data.
-    tmd : TMD
+    cert_chain: CertificateChain
        The chain of certificates used to verify the contents of a title.
    tmd: TMD
        A TMD object of the title's TMD.
-    ticket : Ticket
+    ticket: Ticket
        A Ticket object of the title's Ticket.
    content: ContentRegion
        A ContentRegion object containing the title's contents.
    """
    def __init__(self):
        self.wad: WAD = WAD()
        self.cert_chain: CertificateChain = CertificateChain()
        self.tmd: TMD = TMD()
        self.ticket: Ticket = Ticket()
        self.content: ContentRegion = ContentRegion()
@@ -47,6 +51,9 @@ class Title:
        # Create a new WAD object based on the WAD data provided.
        self.wad = WAD()
        self.wad.load(wad)
        # Load the certificate chain.
        self.cert_chain = CertificateChain()
        self.cert_chain.load(self.wad.get_cert_data())
        # Load the TMD.
        self.tmd = TMD()
        self.tmd.load(self.wad.get_tmd_data())
@@ -58,9 +65,9 @@ class Title:
        self.content.load(self.wad.get_content_data(), self.tmd.content_records)
        # Ensure that the Title IDs of the TMD and Ticket match before doing anything else. If they don't, throw an
        # error because clearly something strange has gone on with the WAD and editing it probably won't work.
-        if self.tmd.title_id != str(self.ticket.title_id.decode()):
+        #if self.tmd.title_id != str(self.ticket.title_id.decode()):
-            raise ValueError("The Title IDs of the TMD and Ticket in this WAD do not match. This WAD appears to be "
+        #    raise ValueError("The Title IDs of the TMD and Ticket in this WAD do not match. This WAD appears to be "
-                             "invalid.")
+        #                     "invalid.")
    def dump_wad(self) -> bytes:
        """
@@ -75,9 +82,11 @@ class Title:
        # Set WAD type to ib if the title being packed is boot2.
        if self.tmd.title_id == "0000000100000001":
            self.wad.wad_type = "ib"
        # Dump the certificate chain and set it in the WAD.
        self.wad.set_cert_data(self.cert_chain.dump())
        # Dump the TMD and set it in the WAD.
        # This requires updating the content records and number of contents in the TMD first.
-        self.tmd.content_records = self.content.content_records
+        self.tmd.content_records = self.content.content_records  # This may not be needed because it's a ref already
        self.tmd.num_contents = len(self.content.content_records)
        self.wad.set_tmd_data(self.tmd.dump())
        # Dump the Ticket and set it in the WAD.
@@ -87,6 +96,19 @@ class Title:
        self.wad.set_content_data(content_data, content_size)
        return self.wad.dump()
    def load_cert_chain(self, cert_chain: bytes) -> None:
        """
        Load an existing certificate chain into the title. Note that this will overwrite any existing certificate chain
        data for this title.
        Parameters
        ----------
        cert_chain: bytes
            The data for the certificate chain to load.
        """
        self.cert_chain.load(cert_chain)
    def load_tmd(self, tmd: bytes) -> None:
        """
        Load existing TMD data into the title. Note that this will overwrite any existing TMD data for this title.
@@ -94,9 +116,8 @@ class Title:
        Parameters
        ----------
        tmd : bytes
-            The data for the WAD you wish to load.
+            The data for the TMD to load.
        """
        # Load TMD.
        self.tmd.load(tmd)
    def load_ticket(self, ticket: bytes) -> None:
@@ -107,9 +128,8 @@ class Title:
        Parameters
        ----------
        ticket : bytes
-            The data for the WAD you wish to load.
+            The data for the Ticket to load.
        """
        # Load Ticket.
        self.ticket.load(ticket)
    def load_content_records(self) -> None:
@@ -119,8 +139,9 @@ class Title:
        """
        if not self.tmd.content_records:
            ValueError("No TMD appears to have been loaded, so content records cannot be read from it.")
-        # Load the content records into the ContentRegion object.
+        # Load the content records into the ContentRegion object, and update the number of contents.
        self.content.content_records = self.tmd.content_records
        self.content.num_contents = self.tmd.num_contents
    def set_title_id(self, title_id: str) -> None:
        """
@@ -137,7 +158,8 @@ class Title:
        self.tmd.set_title_id(title_id)
        title_key_decrypted = self.ticket.get_title_key()
        self.ticket.set_title_id(title_id)
-        title_key_encrypted = encrypt_title_key(title_key_decrypted, self.ticket.common_key_index, title_id)
+        title_key_encrypted = encrypt_title_key(title_key_decrypted, self.ticket.common_key_index, title_id,
                                                self.ticket.is_dev)
        self.ticket.title_key_enc = title_key_encrypted
    def set_title_version(self, title_version: str | int) -> None:
@@ -296,13 +318,9 @@ class Title:
    def set_enc_content(self, enc_content: bytes, index: int, content_size: int, content_hash: bytes, cid: int = None,
                        content_type: int = None) -> None:
        """
-        Sets the content at the provided content index to the provided new encrypted content. The provided hash and
+        Sets the content at the provided index to the provided new encrypted content. The provided hash and content size
-        content size are set in the corresponding content record. A new Content ID or content type can also be
+        are set in the corresponding content record. A new Content ID or content type can also be specified, but if it
-        specified, but if it isn't then the current values are preserved.
+        isn't then the current values are preserved.
        This uses the content index, which is the value tied to each content and used as the IV for encryption, rather
        than the literal index in the array of content, because sometimes the contents end up out of order in a WAD
        while still retaining the original indices.
        This also updates the content records in the TMD after the content is set.
@@ -328,9 +346,9 @@ class Title:
    def set_content(self, dec_content: bytes, index: int, cid: int = None, content_type: int = None) -> None:
        """
-        Sets the content at the provided content index to the provided new decrypted content. The hash and content size
+        Sets the content at the provided index to the provided new decrypted content. The hash and content size of this
-        of this content will be generated and then set in the corresponding content record. A new Content ID or content
+        content will be generated and then set in the corresponding content record. A new Content ID or content type can
-        type can also be specified, but if it isn't then the current values are preserved.
+        also be specified, but if it isn't then the current values are preserved.
        This also updates the content records in the TMD after the content is set.
@@ -356,16 +374,12 @@ class Title:
        sure that it matches the corresponding record. This content will then be encrypted using the title's Title Key
        before being loaded.
        This uses the content index, which is the value tied to each content and used as the IV for encryption, rather
        than the literal index in the array of content, because sometimes the contents end up out of order in a WAD
        while still retaining the original indices.
        Parameters
        ----------
        dec_content : bytes
            The decrypted content to load.
        index : int
-            The content index to load the content at.
+            The index to load the content at.
        """
        # Load the decrypted content.
        self.content.load_content(dec_content, index, self.ticket.get_title_key())
@@ -382,6 +396,7 @@ class Title:
        after any changes to the TMD or Ticket, and before dumping the Title object into a WAD to ensure that the WAD
        is properly fakesigned.
        """
        self.tmd.num_contents = self.content.num_contents  # This needs to be updated in case it was changed
        self.tmd.fakesign()
        self.ticket.fakesign()
--- a/src/libWiiPy/title/tmd.py
+++ b/src/libWiiPy/title/tmd.py
@@ -6,6 +6,7 @@
 import io
 import binascii
 import hashlib
 import math
 import struct
 from typing import List
 from enum import IntEnum as _IntEnum
@@ -82,7 +83,7 @@ class TMD:
            self.signature = tmd_data.read(256)
            # Signing certificate issuer.
            tmd_data.seek(0x140)
-            self.signature_issuer = str(tmd_data.read(64).decode())
+            self.signature_issuer = str(tmd_data.read(64).replace(b'\x00', b'').decode())
            # TMD version, seems to usually be 0, but I've seen references to other numbers.
            tmd_data.seek(0x180)
            self.tmd_version = int.from_bytes(tmd_data.read(1))
@@ -174,7 +175,10 @@ class TMD:
        # Padding to 64 bytes.
        tmd_data += b'\x00' * 60
        # Signing certificate issuer.
-        tmd_data += str.encode(self.signature_issuer)
+        signature_issuer = self.signature_issuer.encode()
        while len(signature_issuer) < 0x40:
            signature_issuer += b'\x00'
        tmd_data += signature_issuer
        # TMD version.
        tmd_data += int.to_bytes(self.tmd_version, 1)
        # Certificate Authority CRL version.
@@ -390,14 +394,71 @@ class TMD:
            raise IndexError("Invalid content record! TMD lists '" + str(self.num_contents - 1) +
                             "' contents but index was '" + str(record) + "'!")
    def get_content_size(self, absolute=False, dlc=False) -> int:
        """
        Gets the installed size of the content listed in the TMD, in bytes. This does not include the size of hash tree
        content, so the size of disc titles will not be calculated. The "absolute" option determines whether shared
        content sizes should be included in the total size or not. This option defaults to False. The "dlc" option
        determines whether DLC content sizes should be included in the total size or not. This option also defaults to
        False.
        Parameters
        ----------
        absolute: bool, optional
            Whether shared contents should be included in the total size or not. Defaults to False.
        dlc: bool, optional
            Whether DLC contents should be included in the total size or not. Defaults to False.
        Returns
        -------
        int
            The installed size of the content, in bytes.
        """
        title_size = 0
        for record in self.content_records:
            if record.content_type == 0x8001:
                if absolute:
                    title_size += record.content_size
            elif record.content_type == 0x4001:
                if dlc:
                    title_size += record.content_size
            elif record.content_type != 3:
                title_size += record.content_size
        return title_size
    def get_content_size_blocks(self, absolute=False, dlc=False) -> int:
        """
        Gets the installed size of the content listed in the TMD, in the Wii's displayed "blocks" format. The
        "absolute" option determines whether shared content sizes should be included in the total size or not. This
        option defaults to False. The "dlc" option determines whether DLC content sizes should be included in the total
        size or not. This option also defaults to False.
        1 Wii block is equal to 128KiB, and if any amount of a block is used, the entire block is considered used.
        Parameters
        ----------
        absolute : bool, optional
            Whether shared contents should be included in the total size or not. Defaults to False.
        dlc: bool, optional
            Whether DLC contents should be included in the total size or not. Defaults to False.
        Returns
        -------
        int
            The installed size of the content, in blocks.
        """
        title_size_bytes = self.get_content_size(absolute, dlc)
        blocks = math.ceil(title_size_bytes / 131072)
        return blocks
    class AccessFlags(_IntEnum):
        AHB = 0
        DVD_VIDEO = 1
    def get_access_right(self, flag: int) -> bool:
        """
-        Gets whether an access rights flag is enabled or not. This is done by checking the specified bit. Possible flags
+        Gets whether the specified access rights flag is enabled or not. This is done by checking the specified bit.
-        and their corresponding bits are defined in the AccessFlags enum.
+        Possible flags and their corresponding bits are defined in AccessFlags.
        Parameters
        ----------
@@ -408,6 +469,10 @@ class TMD:
        -------
        bool
            True if the flag is enabled, False otherwise.
        See Also
        --------
        libWiiPy.title.tmd.TMD.AccessFlags
        """
        return bool(self.access_rights & _bitmask(flag))
--- a/src/libWiiPy/types.py
+++ b/src/libWiiPy/types.py
@@ -1,5 +1,6 @@
 # "types.py" from libWiiPy by NinjaCheetah & Contributors
 # https://github.com/NinjaCheetah/libWiiPy
 from dataclasses import dataclass
Author	SHA1	Message	Date
NinjaCheetah	04d17a58d2	Added missing note about retail vs development root keys	2024-12-16 22:24:27 -05:00
NinjaCheetah	aa9e8fb4ea	Updated placeholder docstrings in cert module	2024-12-16 22:22:11 -05:00
NinjaCheetah	8a15b1e82e	Handle cert chain data in a title as a CertificateChain instead of bytes	2024-12-16 22:14:07 -05:00
NinjaCheetah	ece19177c4	Added error handling to cert module, added support for dev CA cert	2024-12-16 21:55:58 -05:00
NinjaCheetah	3a44eaf2cf	Added new CertificateChain class to manage the certs in a chain Some checks failed Build and publish documentation with Sphinx / build (push) Has been cancelled Build and publish documentation with Sphinx / deploy (push) Has been cancelled	2024-12-15 23:09:13 -05:00
NinjaCheetah	2fdd808137	Added new cert module to parse certs and functions to use them for verification	2024-12-15 22:08:51 -05:00
NinjaCheetah	f98a3703a4	Fixed EmuNAND title installs when the title wasn't loaded from a WAD	2024-12-12 22:29:33 -05:00
NinjaCheetah	1e6952c2b2	Fixed invalid default value for nus.download_title()	2024-12-12 21:54:00 -05:00
NinjaCheetah	944fb896b5	Exclude DLC size from size total in tmd module	2024-12-12 20:05:43 -05:00
NinjaCheetah	3d4d3dc99e	Use .lower() since title paths are lowercase	2024-12-12 17:32:44 -05:00
NinjaCheetah	62f99165c7	Split methods to get the TMD and Ticket in EmuNAND module	2024-12-12 17:25:23 -05:00
NinjaCheetah	e227f4e2be	Added methods to get content size to TMD module	2024-12-12 11:47:15 -05:00
NinjaCheetah	da16259938	Added method to EmuNAND module to get the TMD and Ticket for an installed title	2024-12-11 21:37:56 -05:00
NinjaCheetah	1cce0f14ee	Allow specifying a custom endpoint URL for NUS downloads	2024-12-08 22:06:32 -05:00
NinjaCheetah	c86b44f35c	Restructured IMET header code, now in archive/u8 and not media/banner	2024-11-30 18:54:50 -05:00
NinjaCheetah	1ff4ecdf68	Added method to query all titles installed in EmuNAND	2024-11-28 00:49:54 -05:00
NinjaCheetah	302bd842d1	Remove leftover import now that banner.py has been moved	2024-11-21 19:20:32 -05:00
NinjaCheetah	c5a007e1f5	Small fix for docs	2024-11-21 19:18:03 -05:00
NinjaCheetah	e96f6d9f13	Finished IMETHeader class, can now load, dump, create, and get/set channel names	2024-11-21 19:08:52 -05:00
NinjaCheetah	57b2ed63d4	Disable TMD/Ticket TID match check	2024-11-21 16:22:12 -05:00
NinjaCheetah	855200bb98	Add preliminary support for parsing 00000000.app New module banner.py offers classes for IMD5 and IMET headers, U8 unpacker now supports U8 archives with IMET headers.	2024-11-18 17:00:18 -05:00
NinjaCheetah	cfd105ba81	Updated banner used in README	2024-11-10 23:22:24 -05:00
NinjaCheetah	ed7e928ad8	Updated banner	2024-11-10 23:20:30 -05:00
NinjaCheetah	6b18254edc	Small README change to reflect dev support	2024-10-20 22:41:34 -04:00
NinjaCheetah	1b6e0db26d	Revert changes related to processing content indices Changes released in libWiiPy v0.5.0 and v0.5.1 to how indices were handled ended up way overcomplicating things, resulting in lots of issues now that I'm working with the content module again in WiiPy. These changes have mostly been reverted. The issues were related to handling WADs where the content indices don't align with the actual index of the content, like in cases where content has bene removed. This issue has been fixed again with a new and much simpler patch that should not introduce new bugs.	2024-10-20 19:03:26 -04:00
NinjaCheetah	9ae059b797	Add support for extracting/packing/otherwise handling dev WADs	2024-10-13 21:39:52 -04:00