Print

[InterestedHacker]

QUOTE(gprime @ Nov 25 2005, 11:18 PM)

So now the question is.. where is that checksum coming from?

Is it possible that the package is pre encrypted using part of the XBOX-360's secret key? (the one speculatively hidden in the CPU).  That would explain the path name shown:-

content/584107ef/90226b760a840a3afc759094668da3fbe4df716d.xcp

That's a pretty unique filename, and I bet it's not stock.  It probably does something along the lines of:-

1) User logs into Live
2) User request file
3) Payment checks etc
4) 'Produce' a download file, which contains a checksum already, and is signed to the XBOX 360 unique identifier / other personal key.

This would explain why there is no apparent key exchange, and the path / filename.  DRM...

I am new btw, and just interested in the XBOX 360 for more than games.  If MS didn't lock the damn things down so much I would be in the front of the queue to buy one, to play legitimate purchase games, and to be able to use for home brew stuff, like Linux.

[PedrosPad]

QUOTE(InterestedHacker @ Nov 28 2005, 08:23 PM)

Is it possible that the package is pre encrypted using part of the XBOX-360's secret key? (the one speculatively hidden in the CPU).  That would explain the path name shown:-

content/584107ef/90226b760a840a3afc759094668da3fbe4df716d.xcp

Also a good way to gather usage/marketing information that can be tied back to a specific user.

Similar to those spam emails that contain a gif image - the filename of which was only sent to you (e.g. 90226b760a840a3afc759094668da3fbe4df716d.gif) - so by opening the email - you've verified your email address!

An interesting thought.  One simply proven or disproved by two X360 owners monitoring their traffic and attempting to download the same piece of content.

[InterestedHacker]

QUOTE(PedrosPad @ Nov 28 2005, 08:31 PM)

Also a good way to gather usage/marketing information that can be tied back to a specific user.

Similar to those spam emails that contain a gif image - the filename of which was only sent to you (e.g. 90226b760a840a3afc759094668da3fbe4df716d.gif) - so by opening the email - you've verified your email address!

An interesting thought.  One simply proven or disproved by two X360 owners monitoring their traffic and attempting to download the same piece of content.

My guess is if two people download the same file (not the same physical file, but requested file), it will look differently under a hex editor.  That's just a guess though...

[BiMP]

QUOTE(InterestedHacker @ Nov 28 2005, 10:41 AM)

My guess is if two people download the same file (not the same physical file, but requested file), it will look differently under a hex editor.  That's just a guess though...

In that case, give me ten minutes and I'll let you guys know right away.

Edit: Harder then I thought because the original poster didn't provide which avatar or "large trailer file" he downloaded...

[BiMP]

Alright, some interesting things.

I downloaded the large Narnia trailer off Xbox live and the URL matched exactly to what the original poster posted.  SO, these are not encrypted per Xbox (at least I belive).

Now to find a way to unlock these...

[InterestedHacker]

QUOTE(BiMP @ Nov 28 2005, 09:08 PM)

Alright, some interesting things.

I downloaded the large Narnia trailer off Xbox live and the URL matched exactly to what the original poster posted.  SO, these are not encrypted per Xbox (at least I belive).

Now to find a way to unlock these...

=O

[kfernandes29]

QUOTE

It would be interesting if it is possible to add support for Divx/Xvid codecs etc via some sort of marketplace spoofing, but this would pretty much require devkit access and who knows what all else. I noticed there was an update to add support for AAC files from the iPod "provided by Nellymoser" on live..

if there was some sort of way to add codecs to the media center extender's abilities, then I would be very happy..

Regarding that. If everyone is saying the MCE PC does all the work and the 360 only displays it, then wouldn't it make sense that you would only need the codec on your comp?  (IMG:style_emoticons/default/huh.gif) Since the 360 is only acting as a "monitor for the MCE PC" all the decoding would come from the PC itself and not the 360. Maybe MS has something in the Local Settings for MCX1 in the Documents and Settings folder of the PC that restricts the streaming of other video types. Just speculating......but it does seem to make sense to me. Any thoughts on it?

[InterestedHacker]

QUOTE(kfernandes29 @ Nov 28 2005, 09:31 PM)

Regarding that. If everyone is saying the MCE PC does all the work and the 360 only displays it, then wouldn't it make sense that you would only need the codec on your comp?   Since the 360 is only acting as a "monitor for the MCE PC" all the decoding would come from the PC itself and not the 360. Maybe MS has something in the Local Settings for MCX1 in the Documents and Settings folder of the PC that restricts the streaming of other video types. Just speculating......but it does seem to make sense to me. Any thoughts on it?

Yeah, I agree.  I think it's a bit pointless from what I have read.  It's like having a very limited VNC / Remote Display / Control of the host application.  Interesting that solitaire crashes if you move too quick though.  Maybe it's not flawless.

QUOTE(BiMP @ Nov 28 2005, 09:08 PM)

Alright, some interesting things.

I downloaded the large Narnia trailer off Xbox live and the URL matched exactly to what the original poster posted.  SO, these are not encrypted per Xbox (at least I belive).

Now to find a way to unlock these...

Did you binary compare the two files?

[BiMP]

QUOTE(InterestedHacker @ Nov 28 2005, 11:46 AM)

Yeah, I agree.  I think it's a bit pointless from what I have read.  It's like having a very limited VNC / Remote Display / Control of the host application.  Interesting that solitaire crashes if you move too quick though.  Maybe it's not flawless.
Did you binary compare the two files?

No, because the files were coming from the exact same url.  And since I cant transfer it from the Xbox 360 hard drive, I would just be downloading the file twice from the same url which is pointless.

[InterestedHacker]

QUOTE(BiMP @ Nov 29 2005, 05:26 AM)

No, because the files were coming from the exact same url.  And since I cant transfer it from the Xbox 360 hard drive, I would just be downloading the file twice from the same url which is pointless.

You are probably right, but just because the URL is identical doesn't mean the file hasn't already had DRM applied.  It's very easy to code a web server that will provide the file from the URL, but modify it on transmission to include client specific DRM.

They probably are the same, but someone needs to prove it first, not just assume.

2 people could download a file from my own web server application, and even though the same file can be provided to each, I could very easily write my own unique checksum into each file as it sends, allowing me to trace release code, and illegal copies.

[chortya]

Any news on .xcp files? Our chinese friends also play around with it (just google for "XS Filter -  Expect to be banned for linking to that Torrent Site ** You might Trying to read the rules before you post on a public site moron ** xcp"). I've downloaded nearly 3gb of demos but I think it's impossible to get them on xbox without live connection, so real offline got demos are not possible.

[deadparrot]

QUOTE(chortya @ Jun 5 2007, 08:39 PM)

Any news on .xcp files? Our chinese friends also play around with it (just google for "XS Filter -  Expect to be banned for linking to that Torrent Site ** You might Trying to read the rules before you post on a public site moron ** xcp"). I've downloaded nearly 3gb of demos but I think it's impossible to get them on xbox without live connection, so real offline got demos are not possible.

Wow.  Bumping an ancient thread, admitting to downloading copyrighted content, and linking to a shitlisted torrent site!

Enjoy your suspension!