Print

[Angerwound]

Are you sure the IPs are hardcoded into the xbe's?
The information could be stored somewhere else.

[SargeZT]

Angerwound: The IP's, No.  The Domains, Yes.  This REALLY makes it pretty easy to spoof.  Making yourself the same IP on a closed network would be exceptionally hard.  However, setting up a DNS server and working from there makes it's much easier.

[DaddyJ]

This sounds pretty interesting, and actually a great idea.  As MS is a stickler for repeated information, There server(s) could be in the game xbe themselves or build into the Live updated dash, or a combination of both.
There are no known packet sniffers for the xbox (That I know of), due to the lack of background apps running. If we could somehow alter a bios to provide packet logging, we could obtain a better understanding of where these server are located.

[Angerwound]

I believe devz3ro owns a copy of etherpeek(I think is the name).
Maybe he could take a look at the packets being sent to and from the box and servers for you guys.

[chimpanzee]

I faintly remember reading on xbox-linux that the process involve kerbero(as used in W2K server and many *nix system) so the chance of 'middle man attack' is not high.

[DirtyDigitz]

[lmnoq]

QUOTE (SargeZT @ Aug 23 2004, 02:43 AM)

Angerwound: The IP's, No.  The Domains, Yes.  This REALLY makes it pretty easy to spoof.  Making yourself the same IP on a closed network would be exceptionally hard.  However, setting up a DNS server and working from there makes it's much easier.

if there are no coded ip's and just dns names, then, like sarge says- its a piece of cake

just set up your own internal dns server, point the dns entries to your pc for those specific addresses, and forward all other traffic to an outside dns server

i also think this would totally rock

the big issue i think would be legal ramifications.  remember bnetd anyone?

since M$ charges for this service, you'd get in a whole mess of trouble for running one of these.  and you can bet M$ would send out the lawyer hounds on anyone running this online.

still, i would like to see someone create this if its possible.  there are some nice benefits of running this instead of system link for some games (eg: Full spect. warr only supports co-op via xblive, etc)

[remedee]

Yep, by all accounts, everything I've picked apart has at least two (xonlinedash.xbe) but usually 3 (update.xbe, default.xbe) static addresses encoded. I won't be home again until after midnight (eastern) to set up a domain and edit the files. Im assuming I'll need to modify the following files:

C:\
xboxdash.xbe

C:\xodash\
update.xbe
xonlinedash.xbe

D:\ (or hd, but there IS specific partition info coded in, could be another issue)
default.xbe
dashupdate.xbe
update.xbe

Each of those would require changing because they all interact with each other in some way. I haven't broken down the specifics, but it seems like the default.xbe run from a title calls to the update/dashupdate files, which in turn call to the hd files to ensure they are up to date, then updating as needed etc.

All but the xonlinedash appear to need the AS server to ensure validity, and I'm assuming the xonlinedash is validated via one of the other files, or during some check sent down by the server itself, but it doesn't actually connect to the AS server on its own.

[SargeZT]

Ahhh! I just thought of something.  Perhaps we could exploit our old friend Update.XBE!  That downloads code directly from Live, and, if nothing else, we could probably hack it to download the Exploit files from our computers.  Best Case scenario, we could probably make it run some code.

-Sarge

[m.e]

 Keep it up

[DirtyDigitz]

you guys are getting me excited, im loving all the  dedication! keep it up.



Again ,if theres anything i can do to help, let me know!

[SargeZT]

Bigfreak: Hey, way to summarize!  But, to be fair, using a crossover cable and hooking to to a computer will get around the entire router problem.  Someone could easily create an XBox DNS server to do that shit.  

I think the DNS server has more potential, as changing any data in an XBE is risky...  However, both could potentially work, but I think the DNS idea might be a lot easier.

[Master-Chief]

This is a great idea. I really hope this happens! Shouldn't this be in the Xbox Live forum though?

[bigfreak]

maybe if we keep stirring the pot.  something will come of it.  LOL

SargeZT, I happen to agree with you.  I think manipulating the DNS results outside of the xbox is the best way to truely fool the xbe's into connecting to the wrong addresses.  The cross over cable is a good idea, and I was gonna put that in my previous post but left it out.

The one draw back to using a cross over cable is that you have an empty network between the PC and the xbox:  there is no DHCP server, there is no DNS server and there is no router (NAT).  The common solution to this is to enable ICS, which I'm guessing does all three.  I've never had to use ICS, so I have some questions:  1.) can the DNS forwarding be turned off?  2.) and or can the DCHP server be configured to give back a different IP for the DNS

I'm just playing the devels advocate here, but if ICS turns out to be a wash and you can't alter the DNS, you will be left with 2 choices.  1.) create a software package with full NAT router, DHCP server and DNS forwarding or 2.) ask the user to install a more advance NAT package that can be configured to turn off DNS forwarding (winroute would be great).  Then you would only have to code the hacked DNS server or alter an existing package.

I think an all-in-one package would be wonderful, but it would be a monster of a project (and you haven't even tapped the server-side yet).

remedee, you have the XDK.  Surely there must be some Live-Debug facilities?  I mean when Bungie or company X is working on a Live enabled game, they must surely have a means to test it.  I doubt MS gives every company a real Live! server to toy with for development.  Surely the facilities to emulate the AS, MACS and TGS servers are available to xbox game developers.

Also, if you put your xbox, pc and this Live-debug server on the same HUB you should be able to sniff the network from the PC and see the xbox and live-server packets flowing past.  I say HUB because a switch will hide the packets by design.

[lmnoq]

QUOTE

1.) Users would have to have the brains enough to change the DNS settings in their router's DCHP setup. 2.) Users would have to know how to setup a DNS server. 3.) All DNS traffic on the network would pass through the hacked DNS server (xbox, laptop, desktop, tivo -- EVERYTHING)

1.)  Only if you want your xbox pulling a dhcp address.  it would be simpler to leave these settings alone for your other devices and statically define the xbox address

2.)  A homebrew app could likely be created for this purpose

3.)  Like #1, leave everything else set the way it is and define the xbox statically, giving it the address of your dns.  If you are running a router and more than likely, NAT, you should not have any problem setting your box up with a static IP


i agree with the trend here that dns spoofing is a much better approach than XBE editing.  I do see a problem though in keeping track of what is set up for those who go on real Live and the "new" Live.  As we know, it only takes once and you're banned.  Some preventative measures would have to be in place.

QUOTE

You'll make version X that works and within a month MS will force a live dash update and crap on you.

This would only be an issue for someone who plays on Live without the chip enabled.  If you are planning to play only on hacked servers, you don't necessarily need to update your dash every time an update comes out

QUOTE

Also, if you put your xbox, pc and this Live-debug server on the same HUB you should be able to sniff the network from the PC and see the xbox and live-server packets flowing past. I say HUB because a switch will hide the packets by design.

alternatively, if you dont have a hub laying around, but do have 2 nic's in your pc, you can bridge them and use a packet sniffer on your pc that way.

QUOTE

The "dunderheads" at M$ DO have a streamlined protocol... Kerberos...

i'm not a programmer, and hats off to good coders because they can do some amazing stuff, but IIRC, kerberos is an authentication protocol, not the protocol that xbox/xbox live uses to convey information.