Print

[undead]

Ok, Guys..

Here is more information to clarify a couple of issues..

First off, yes this is no BS post, we did what we said we did..

Secondly everything we did was done in the EEPROM.. we only mucked with the factory settings (offset 0x30 - 0x5F)


Ok, so here is exactly what we did..

In the EEPROM you get the first 48 bytes which contains:
HASH
Confounder
HDDKey
RegionCode

We left the above 100% in tact, no change..  We used the stock XBOX HDD..

The NEXT 48 Bytes contains:
32bit Checksum of next 44 Bytes
Serial Number
MAC
Online Key (not confirmed)
Region & Video Info

If you change ANYITHING in the above 48 bytes, the stock retail XBOX Does boot fine and you can play any original games, BUT the XBOX LIVE network config Dash does NOT pick up the Serial number, and leaves it Blank, meaning it could not verify the EEPROM contents.. it picks up the MAC address just fine though..

What we then did is Changed the Serial Number and MAC Addres, Re-calculated the 32bit Checksum and This seemed to keep the XBOX LIVE network config Dash happy and it displayed our new Serial and MAC.. Which means hte Checksum is calculated correctly and it could verify the Serial + MAC is "ok"

We could then sign on to XBOX Live and authenticated fine with no problems.. We even played a few games to make sure everything is ok..

This leads us to believe that currently the Online Key (which we are not sure exactly how its calculated yet) has nothing to do with the Serial number or MAC address..  or at least right now LIVE doesnt seem to care..

So basically we left the online key in tact, changed the serial  & MAC, recalculated the Checksum and everything seems to 100% working (For now)

We are looking at trying to figure out exactly where the Online Key comes from.. but thats in the pipes..  

We'll finnish up the Serial, MAC part of the software this weekend and release a "Alpha" version so we can get people out in the field to try and verify our tests...

And I Must stress, that we are 100% againts modded XBOX's playing on XBOX LIVE, this information is solely to try and resurect a banned legal XBOX with all modifications removed.. We heard of cases of people buying second hand XBOX's from ebay just to find out they are banned from LIVE..


Hope this clarifies some issues..

Any more questions ??


[ TEAM ASSEMBLY ]

[Zander]

QUOTE

This leads us to believe that currently the Online Key (which we are not sure exactly how its calculated yet) has nothing to do with the Serial number or MAC address.. or at least right now LIVE doesnt seem to care.. So basically we left the online key in tact, changed the serial & MAC, recalculated the Checksum and everything seems to 100% working (For now) We are looking at trying to figure out exactly where the Online Key comes from.. but thats in the pipes..

I really hope your right. If the online key right now isn't perhaps unique, or even used at all then just changing the serial and MAC should be enough for a negotiation. The odd thing is, this breaks RFC1510, a shared secret key is to be used for the negotation of the session key. :/ This also breaks what MS says they do in the 2K kerberos authentication docs.

What the hell ARE they doing?

Something odd is... the XBOX sends 4 pre-auth fields during the AS-REQ phase of kerberos. Usually a machine sends 1 or 2 pre-auth field max... Maybe the xbox is breaking the kerberos RFC by transmitting the key it wants to use (online key) in some sort of format in one of the pre-auth fields, and the AS-REP from AS.XBOXLIVE.COM uses that key to encrypt the session key needed to get the TGT from the TGS server... dunno.

I will start looking at the pre-auth fields now and try to find a correlation to the online key. Hell it could just be random. I'd LOVE to know what the hell the "online key" is used for dammit!

QUOTE

We'll finnish up the Serial, MAC part of the software this weekend and release a "Alpha" version so we can get people out in the field to try and verify our tests...

sounds great.

QUOTE

And I Must stress, that we are 100% againts modded XBOX's playing on XBOX LIVE, this information is solely to try and resurect a banned legal XBOX with all modifications removed.. We heard of cases of people buying second hand XBOX's from ebay just to find out they are banned from LIVE..

I agree completely.

Z

[DaOne]

And u did this on a banned eeprom image or a valid one. I am aware that this works just fine on a valid one however it wont change the fact that the banned one will still be banned. The ban isnt lifted by changing the serial. Superfr0 and I have been working on this for a while now.

[undead]

I Dont believe the EEPROM I used was banned..  But the Serial Number we changed it to and used was a "new" generated serial, we did NOT use another XBOX's existing Serial...  it would be GREAT if someone could provide me with a image that is banned and I can see what it does...

And correct, I we only changed

Serial
MAC
Checksum...

the fact that it still authenticated tells me that LIVE is not checking a correlation between the KEY and the MAC+Serial..

[undead]

oh,. and yes, i think 0x46 and 0x47 is only padding to word align the las two bytes of the MAC

[upstatenyguy22]

QUOTE (undead @ Nov 21 2002, 05:01 PM)

I Dont believe the EEPROM I used was banned..  But the Serial Number we changed it to and used was a "new" generated serial, we did NOT use another XBOX's existing Serial...  it would be GREAT if someone could provide me with a image that is banned and I can see what it does... And correct, I we only changed Serial MAC Checksum... the fact that it still authenticated tells me that LIVE is not checking a correlation between the KEY and the MAC+Serial..

                                    Exactly,

We've tried using a known unbanned serial and MAC with a banned EEPROM, and it still fails.  But if you can authenticate with a different serial and MAC on an unbanned EEPROM, maybe it's not the serial that's banned, but it's just the online key or just - who knows what still.

For instance, if I take a good online key, put it in the EEPROM of a banned system, will I be able to get on?  Can't check until late tonight, but if somebody else could or has - let me know.  We'd still have to figure out how to generate an online key, as I believe they're still as far as we know unrelated to anything else - but if that's really all that's banned, we know where to look for our fix.

The s/n mac change isn't a way to un-ban your box, but the lack of correlation between online key and s/n I hadn't realized - I believe that's the "news" in this post.

[undead]

and the people testing the mac/serial change, did you calculate the checksum correctly and were you able to see the new MAC and Serial in the LIVE Network config Dash ??

[DaOne]

[ArMaGeDdOn]

[teetu]

this is the news i have been waiting for. good shit fellas!

[jcsickz]

this method sounds good, but what if you cant dissable your mod chip

[ArMaGeDdOn]

[DaOne]

Every mod chip out has a way to disable including a flashed tsop.

[ArMaGeDdOn]

i dunno.  can onboard modchip disabling be trusted against all detection methods that may come out?  i mean, it IS still physically connected to the board, and leaves some room to worry for me.

[DaOne]

If you alter "anything" they can implament a way to detect it.