Topic: Xbox Live Packets (Read 405 times)

Tp21 · « **Reply #15 on:** October 21, 2005, 08:00:00 AM »

i found some interesting stuff...
i've captured some packets using ethereal, and found out it DIDN'T acces port 88.
not even one time!
it uses some weird ports through...
if you want the captured packets send me an PM.

MercuryTheWhite · « **Reply #16 on:** October 21, 2005, 10:52:00 AM »

QUOTE(fghjj @ Oct 20 2005, 11:01 PM)

I've said it before (on the same subject) and I'll say it again. For a Live! emulator you need someone with broad knowledge of encryption, x86 assembly and a lot of spare time.

d0wnlab · « **Reply #17 on:** October 21, 2005, 12:10:00 PM »

QUOTE(MercuryTheWhite @ Oct 21 2005, 01:03 PM)

You really dont so much. If u could capture a signal from a stock xbox while connecting to live and sacrifice a free trial for a non-stock connection then u could compare the two. Just get a few diff boxes, and chk all their important info and see if u can see it in the messages. or u could find the information about how to see it by watching the xbox encipher it in the 1st place. that would probably be the better idea.

fghjj · « **Reply #18 on:** October 21, 2005, 02:43:00 PM »

QUOTE(Tp21 @ Oct 21 2005, 04:11 PM)

i found some interesting stuff...

Tp21 · « **Reply #19 on:** October 21, 2005, 03:05:00 PM »

if you want i can post the logs somewhere...
i'm not really good with ethereal...
i've captured some things (login logout doing nothing starting a game...)
so...

d0wnlab · « **Reply #20 on:** October 21, 2005, 04:02:00 PM »

QUOTE(fghjj @ Oct 21 2005, 04:54 PM)

I might've read it somewhere in the XDK whitepapers (very quick), but I thought all traffic is encapsulated in UDP, for compatibility with routers that do NAT (google for "NAT punch"). That means there is first the UDP header, then a TCP / UDP header, and then the payload. It's possible that those second headers are encrypted already, I don't know for sure. Logically, it's also possible that the payload for the first _encapsulated_ packet is continued in the second packet, like with segmented TCP (or IP over ATM, I forgot bigtime) frames, so it will be more of a mess.

Correct. All traffic is literally on udp port 3074 (syslink no exception.. i think this applies for live as well). They have modified tcp/udp headers inside these packets.

QUOTE

Maybe you can find the bytes for 88 (0x58) at a logical position somewhere in first captured packet, check the TCP reference and write a Ethereal filter based on that. Oh, and I also heard MS cut out some "useless" bytes here and there in the TCP protocol to save on bandwidth, so good luck with that

I'm pretty sure, in system link context anyways, the only things encrypted are the payload and.. shoot. One other thing. Can't remember atm. But not the remainder of the contained header. It's very well laid out in the XDK documentation (or so I've heard)

Tp21 · « **Reply #21 on:** October 22, 2005, 05:27:00 AM »

i will look up the captured packages...
there are some weird ports in it though...
some other ports than 3074 and only ingame...
i've looked up the first message send
and one of the first data bytes (after the UDP header) are the hex 58 ( that's decimal 88)
it's the six'st byte after the data start (before that comes an UDP header etc)
but after the first 2 packages the whole package changes... it get's smaller (really smaller)...
the six'st byte is the port when the captured message size is:1378 bytes...

you can get the first two packages here:First Data package Second data package

Tp21 · « **Reply #22 on:** October 22, 2005, 06:17:00 AM »

i've tried another game... (conker live&reloaded)
and in that live signin it did send some kerberos packages...
maybe it's just my pc so i will rerecord halo 2 live packages...
ethereal sais the of the request kerberos package that the encryption type is rc4-hmac
yes it was just my computer; halo2 also sends kerberos packages

remedee · « **Reply #23 on:** October 24, 2005, 12:03:00 AM »

btw, since I can't edit my original post, just thought I'd mention that the previously posted thread did ultimately yield some results (anyone heard of Mimesis)?

I'll continue to quitely plug away at this on my own. I still don't doubt that there will eventually be a way to play any/all xbox live enabled games online... FOR FREE! Good luck gents.. enjoy!

edit = stupid punctuation...

Tp21 · « **Reply #24 on:** October 24, 2005, 08:19:00 AM »

Hello, remedee

i'm trying too figure the live connecting out myself...
and the thing i figured is it uses kerberos as packed distributing.
as.xbox.com is the kerberos application server
that distributed the encryption keys
btw, from the ethereal information it uses rc4-hmac as an key destribution system...
(in what type of encryption)
and btw, why would you fear something from MS?
they can't sue you for something that's legal (at least packet logging is legal)
btw, just came trough my mind.
the best way too reroute Live! is though an "fake" dns server somewhere on the internet
just an public dns server with all xbox.com and xboxlive.com Live! addresses (as.xbox.com etc) rerouted to the fake Live! server

Tp21 · « **Reply #25 on:** October 24, 2005, 09:06:00 AM »

look at this:http://www.ietf.org/internet-drafts/draft-jaganathan-rc4-hmac-01.txt
that i found in google using rc4-hmac windows
because ethereal sais that the key is rc4-hmac...

MeanMF · « **Reply #26 on:** October 29, 2005, 10:49:00 PM »

Public service announcement:
What you are trying to do here is NOT legal. It violates the anti-circumvention section of the DMCA. The people who reverse-engineered Blizzard's Battle.net service and released their own free service were sued and lost. They also lost on appeal, and there's practically no chance the Supreme Court is going to take up the case. So if you do somehow manage to break the encryption and authentication protocols, MS will come after you and they will win. The case law is on their side.

Blizzard v. Bnet.d

d0wnlab · « **Reply #27 on:** October 30, 2005, 08:14:00 AM »

Actually I'm interested in cracking System Link encryption to look for buffer overflows in network code as a potential way of booting linux, which is clearly outlined as an exception in 1201 (f) of the DMCA.

Not that that really matters since I'm a Canadian and these here servers are hosted in the EU (iirc).

d0wnlab · « **Reply #28 on:** October 31, 2005, 09:35:00 AM »

Kai and XBC do not crack anything. They just take xbox traffic on one lan, tunnel it over the internet, and recreate the packets on another lan. That combined with "rooms", etc, and you have a tunnelling service. Just because they're routing the packets does not mean they know anything about them.

Tp21 · « **Reply #29 on:** November 18, 2005, 08:50:00 AM »

does anyone know how the system link packets are encrypted (probebly using the system link key thingy in the xbe)
but does anyone know?

Author Topic: Xbox Live Packets (Read 405 times)