Print

[XBLamer]

the purpose of the dongle would be to edit your dash not to play games on live. The method of recording and playing back traffic to hack a system is not uncommon.


They can't change the request or every xbox prior to the last time you flashed the dongle would not work with xbox live (the dongle could actually be just a prog running on a PC connected with a cross over cable between pc and XBOX. You run a prog on PC that talks to the nic then invoke xbox live on your xbox. Every time M$ changes the way xbox dash talks to xbox live (that doesn't support back level xboxes) then you just update the prog.

[bzchi]

Dead horse, you are beating.

Ok lets over simplify this.

Dash 1.0: Username request is sent to client using "send me your username" you auth then it updates your dash. This dash is now 1.1

Dash 1.1: Username request is sent to client using "username send me please"

Your dongle has stopped the dashboard being updated so your xbox dash says "what the hell are you talking about?"

You are suggesting that the dongle would be smart enough to know when auth systems are changed... then add a level of complexity (to represent crude encyption)

The XBOX server now asks for the username in a cycle of 500 different ways. Now what are you going to do?

[XBLamer]

You have missed the plot this has nothing to do with xbox live you just use live to find out how it talks to your xbox and how it updates your dash ....

[bzchi]

Ok, I did miss the point, after reading the first post the calirty is that of mud, so I can see why I may have gone off track.

New theoretical. The XBOXDASH on your xbox uses a random challege/response that, when authenticated against lets you update the dash

(not sayin it works like this but it is a distinct possibility)

what then?

[roscoeac]

Wait, has anybody here hacked their Motorola Surfboard modem?  This could be done the same way with the dashboard, couldnt it?

[bzchi]

QUOTE (roscoeac @ Jul 5 2003, 01:02 AM)

Wait, has anybody here hacked their Motorola Surfboard modem?  This could be done the same way with the dashboard, couldnt it?

With that theory I should be able to mod an XBOX with a psx mod, lets try it!

Motorola <> M$

[XBLamer]

QUOTE

New theoretical. The XBOXDASH on your xbox uses a random challege/response that, when authenticated against lets you update the dash

Ok good point didnt think of that. I guess some sampling/comaprisons would tell you if they have a random challenge / response if they do not then it would be in the next version of xbox so we would be no better off then we are with free-x now.

Just throwing Ideas around so don't beat me up to much

[bzchi]

Nah nah, don't mean to smack you up over it im just very to the point on these forums these days.

Its always best to nut out likely shortfalls before you invest your time and money into a project.

[underthebridge]

this is a good idea. If you can get XBox live to somehow replace the font files with the exploited ones
(if it can update the dash it can also theoretically do this), you won't need the 007/mechassault hack anymore! But this would probably be very difficult to do. Actually, has someone tried this yet? If you can get it to work it would be amazing!

[ZakMcRofl]

Actually this idea is very good. It might not be easy to pull it off but maybe M$ made yet another mistake in their system. Since I do not use xbox live I cannot really tell if it can work, though. In theory it should be enough to create a proxy tool that replaces the actual update data in the Live connection.
I've been wondering if someone has been properly looking at the Live protocol using a packetdumper. I mean battle.net has been "cracked"/emulated that way, so don't underestimate the power of reverse engineering. Is all live traffic encrypted?
If not, it might be enough to intercept a live packet UPDATE_FOLLOWS or something like that and resend that after the xbox has authed to the real Xbox Live. This would mean that the xbox is already in the "i am talking to xbox live, maybe there's an update"-state and all you need to do is send that packet followed by the actual data.

Of course this is not gonna work (that easily) if one of the following is true:
1) Xbox live traffic is encrypted
2) The updates are encapsulated/signed in a way that one cannot emulate. I.e. it doesn't transmit the new files directly but as an XBE archive which gets extracted after receiving.
3) Xbox-Fonts cannot be updated via Live (unlikely)

However someone should look into it, I'd happily do it if my xbox wasn't modded.
Steps would be
1) Install a packet dumper on the internet gateway pc
2) connect to live with an outdated dash or game
3) dump all traffic to disk
4) analyze whether its encrypted or cleartext and if there's a way to replace the update's content
5) Code a tool that just forwards traffic until a certain breakpoint, sends UPDATE_FOLLOWS packet (or similar) and the file using adress spoofing (i.e. pretending to be the xbox-life server)

Result would be a non-memcard way to "open" an xbox

[underthebridge]

QUOTE (ZakMcRofl @ Jul 5 2003, 03:14 AM)

Actually this idea is very good. It might not be easy to pull it off but maybe M$ made yet another mistake in their system. Since I do not use xbox live I cannot really tell if it can work, though. In theory it should be enough to create a proxy tool that replaces the actual update data in the Live connection. I've been wondering if someone has been properly looking at the Live protocol using a packetdumper. I mean battle.net has been "cracked"/emulated that way, so don't underestimate the power of reverse engineering. Is all live traffic encrypted? If not, it might be enough to intercept a live packet UPDATE_FOLLOWS or something like that and resend that after the xbox has authed to the real Xbox Live. This would mean that the xbox is already in the "i am talking to xbox live, maybe there's an update"-state and all you need to do is send that packet followed by the actual data. Of course this is not gonna work (that easily) if one of the following is true: 1) Xbox live traffic is encrypted 2) The updates are encapsulated/signed in a way that one cannot emulate. I.e. it doesn't transmit the new files directly but as an XBE archive which gets extracted after receiving. 3) Xbox-Fonts cannot be updated via Live (unlikely) However someone should look into it, I'd happily do it if my xbox wasn't modded. Steps would be 1) Install a packet dumper on the internet gateway pc 2) connect to live with an outdated dash or game 3) dump all traffic to disk 4) analyze whether its encrypted or cleartext and if there's a way to replace the update's content 5) Code a tool that just forwards traffic until a certain breakpoint, sends UPDATE_FOLLOWS packet (or similar) and the file using adress spoofing (i.e. pretending to be the xbox-life server) Result would be a non-memcard way to "open" an xbox

i know, we should totally try this...

[Xeero]

QUOTE (roscoeac @ Jul 4 2003, 08:02 PM)

Wait, has anybody here hacked their Motorola Surfboard modem?  This could be done the same way with the dashboard, couldnt it?

I used to uncap mine when I was on a DOCSIS kick.  The systems have no parallel.

[EvilWays]

To the suggestion of reverse engineering...pay attention to that particular section of the DMCA...

[ZakMcRofl]

QUOTE (EvilWays @ Jul 5 2003, 07:12 AM)

To the suggestion of reverse engineering...pay attention to that particular section of the DMCA...

Well looking at a protocol isn't illegal. Even emulating it is not illegal. Decompiling the xbe might be, but anyhow who cares? I bet free-x used decompiling for finding the exploit and what exactly can M$ do about it? If they wouldn't release with real names, then nothing...