Post by: Xenosis0 on November 10, 2009, 01:00:00 AM
Here's my general idea though.
There are currently two XBL alternatives out there being XLink Kai and XBConnect both of which limit the player to playing only system link via the PC using a program. While that is a pretty nice interface and it does have its benefits being free and all, its still very underused. (There are other VPN options as well but again that limits to just system link)
What I would like to theoretically create is an actual server network much like XBL, which the user would just connect to and play normally without the risk of getting banned (not really the main point) or even have to pay much of a fee (just to support server costs). So people would have those two added benefits of switching over to this network.
Now given all the setting up required I do believe it's possible but it would be quite a lot of work and there are several ideas I have. There may have to be an initial set up phase where the user would connect the 360 to a computer and there would be a program on the computer that would keep updated with the server. The program would have to most likely install a new/modified OS so to speak onto the 360 that makes it so it talks directly with my servers instead of XBL. Once the program has modified the 360 it would be able to connect directly to the internet on its own and would connect to my network.
At first it would be quite limited and features would have to be implemented over time but that first initial phase is the most important in terms of whether or not the whole idea is possible.
I think that in the same way you can download and install the NXE updates, you may be able to reconfigure the 360 with a modified dashboard.
There is even a possibility of contacting people playing XBL in this new network. When you create an XBL account you have to register it to an email and it creates a windows live account/MSN handle. The MSN handle is implemented into XBL and you can chat with your MSN handle over live.
Given that, support for an MSN account could be added to this dashboard allowing users to be able to add/chat to people playing XBL.
While this may seem like a minor detail I think it is extremely important in bringing about this new network as people wont want to switch over to it if it is completely disconnected from the current XBL.
An account importer could also be added to the program that will take a gamer-tag and look up the details on XBL to gather friends lists/games played/any other account specific details and link them to your new tag on the new dashboard. This is not a priority though.
I think that this could be a huge success if it is legit and works out and there is already a hell of a community of people that I'm sure would jump on the bandwagon and switch over were they given the option.
There is even possibility of utilizing P2P instead of relying on servers for connections between people. Many games nowadays do this on the PC. There would still have to be a server that the clients would initially connect to but would then be switched to a P2P connection between the clients. (I believe XBL does this similarly).
Anyways that's my idea so feel free to add/comment on anything or offer other suggestions. Rip it apart if you see a way; I consider it all constructive criticism.
Post by: majinsoftware on November 10, 2009, 01:54:00 AM
First off all the settings for network and server stuff is locked in the dash.
This can not be modified with out completely re-writing a new dash.
Hacking these settings from the current ms dash is illegal and 99% of consoles cant have it done as there are no known exploits to get the cpukey for recent dash versions.
So that only leaves the option of running a proxy the redirects and modify data. (Middle man as you can call it)
This also wont work as all data sent from the xbox is encrypted. Some one would need to find a way to crack this encryption. Only problem is once its cracked MS will change it yet again and every one thats unbanned will be updated and no longer be able to play.
So that leaves only 1 feesable option (not being a replacement as it wont be the same)
And that is using system link over a VPN but with a few improvements.
The first improvement would be to have a proxy run on each persons computer and have the xbox run with a VPN through this. But make it report back a fake ping. This will over come the system link ping limit and let people play from all over the world instead of only being able to play with people close enough to be under the limit.
So the best option will be to make a re-write of XLink Kai with the xbox 360 in mind.
Post by: Xenosis0 on November 10, 2009, 02:23:00 AM
That is unfortunate that it would be nearly impossible to overcome to other problems on any permanent ground, but an improved VPN network definitely sounds feasible.
I've always believed in the underground staying underground anyways.
Anyways, instead of each connection being equal in a mesh network as is the case with leaf and hamachi, it may work better to designate a host/server per each vpn or segment part of a servers processing towards each separate vpn.
In that way, one would be able to see all of the available games in system link and by joining one you are joining the vpn associated with that game session.
Though that isn't necessary, given that there are going to be a lot of individuals who don't have as good of a connection, it can be broken up so they don't affect other players as much.
One gateway that everyone connects to initially and then is split into many sub networks.
Not sure if this is possible as I don't remember whole lot from cisco networking, but the client could transmit both a fake ping to override the system link requirement and a real ping to be placed in accordance with speed.
Thoughts?
QUOTE(crashzero @ Nov 10 2009, 04:17 AM) 
Are you shure that is impossible to clone XBL responses to create an alternative live? I think in the same partial solution to create an alternative live, but at first just simulate a good response from XBL that console it`s not banned to maybe have access again to HD.
I think of using a network card on PC for exclusive use of Xbox 360 to redirect the calls to XBL to a local server that simulate XBL responses.
Maybe create a alternative XBL with all theirs services can be impossible but some responses to unlock the HD can me possible.
I don`t see other solution now that MS can detect the moddified firmware. Can be really difficult to make but can be the ony solution for banned consoles.
I really think that your's ideia of create fake packages for make the ping less then 30ms should work too, maybe its time to exploit the network protocol.
Since it's encrypted even if one were to decrypt it and use that to create a fake XBL response on ones own machine, they could very well change the encryption the next day and it would have to be decrypted again on each xbox individually. Not a very realistic solution unfortunately as much as I wish it could be.
MS can't actually detect the modified firmware. It is currently believed that they are detecting the challenges/response timings from the drive. iXtreme out-performers stock firmware in that regard and so MS can detect it in that way.
Post by: majinsoftware on November 10, 2009, 02:38:00 AM
QUOTE(crashzero @ Nov 10 2009, 11:17 AM)
Are you shure that is impossible to clone XBL responses to create an alternative live? I think in the same partial solution to create an alternative live, but at first just simulate a good response from XBL that console it`s not banned to maybe have access again to HD.
I think of using a network card on PC for exclusive use of Xbox 360 to redirect the calls to XBL to a local server that simulate XBL responses.
Maybe create a alternative XBL with all theirs services can be impossible but some responses to unlock the HD can me possible.
I don`t see other solution now that MS can detect the moddified firmware. Can be really difficult to make but can be the ony solution for banned consoles.
I really think that your's ideia of create fake packages for make the ping less then 30ms should work too, maybe its time to exploit the network protocol.
Yes im sure, It was attempted when the xbox first came out and before they were really strict on XBL data.
Also there is no unban code ms can just send you to re-enable the hdd. And if there was there would be no way to recreate this due to the encryption and it being specific to each console.
And finally MS cant detect the firmware, If you believe this go play in the other ban threads.
QUOTE(Xenosis0 @ Nov 10 2009, 11:23 AM)
I guess I didn't do enough research but thanks for the information haha.
That is unfortunate that it would be nearly impossible to overcome to other problems on any permanent ground, but an improved VPN network definitely sounds feasible.
I've always believed in the underground staying underground anyways.
Anyways, instead of each connection being equal in a mesh network as is the case with leaf and hamachi, it may work better to designate a host/server per each vpn or segment part of a servers processing towards each separate vpn.
In that way, one would be able to see all of the available games in system link and by joining one you are joining the vpn associated with that game session.
Though that isn't necessary, given that there are going to be a lot of individuals who don't have as good of a connection, it can be broken up so they don't affect other players as much.
One gateway that everyone connects to initially and then is split into many sub networks.
Not sure if this is possible as I don't remember whole lot from cisco networking, but the client could transmit both a fake ping to override the system link requirement and a real ping to be placed in accordance with speed.
Thoughts?
Since it's encrypted even if one were to decrypt it and use that to create a fake XBL response on ones own machine, they could very well change the encryption the next day and it would have to be decrypted again on each xbox individually. Not a very realistic solution unfortunately as much as I wish it could be.
MS can't actually detect the modified firmware. It is currently believed that they are detecting the challenges/response timings from the drive. iXtreme out-performers stock firmware in that regard and so MS can detect it in that way.
Some very good ideas. A local server is the best idea, This would be better to take care of the fake ping then wasting bandwidth having an external client send that and its real one.
Realistic the best thing to do would be make the local server (proxy) take care of as much as possible and only transmit that which is utterly required to the external clients. This should help to bring down the speed requirement. And over come another of system links down falls for internet play.
System link is alot less optimised and uses alot more data then XBL as it was made to be used with 10/100mbit connection.
Yes a single gateway would be required to bootstrap off, But most important is the ping issue currently at hand. This needs to be addressed before any progress can be made on a working model.
Post by: Xenosis0 on November 10, 2009, 03:12:00 AM
QUOTE(majinsoftware @ Nov 10 2009, 04:38 AM)
Yes im sure, It was attempted when the xbox first came out and before they were really strict on XBL data.
Also there is no unban code ms can just send you to re-enable the hdd. And if there was there would be no way to recreate this due to the encryption and it being specific to each console.
And finally MS cant detect the firmware, If you believe this go play in the other ban threads.
Some very good ideas. A local server is the best idea, This would be better to take care of the fake ping then wasting bandwidth having an external client send that and its real one.
Realistic the best thing to do would be make the local server (proxy) take care of as much as possible and only transmit that which is utterly required to the external clients. This should help to bring down the speed requirement. And over come another of system links down falls for internet play.
System link is alot less optimised and uses alot more data then XBL as it was made to be used with 10/100mbit connection.
Yes a single gateway would be required to bootstrap off, But most important is the ping issue currently at hand. This needs to be addressed before any progress can be made on a working model.
Could it be set up to ping the loopback address as its connection test, and then connect to the gateway?
Also, majinsoftware, I'm not sure if you have seen these pages but you might want to take a look.
http://forums.xbox-s...showtopic=31406
http://www.xboxhacke...hp?topic=7592.0
crashzero and I believe it's possible to decrypt the key that is generated and sent through the kerberos packets. The xbox is what is generating the key which means that they wont be able to do any large scale encryption changes. If it is generated by software that they can update that's another story, but this is still a good lead I think.
Post by: majinsoftware on November 10, 2009, 03:30:00 AM
MS can change everything on the nand, So a update would be able to change it.
They have done it before, Xbox live never use to be encrypted.
Xboxhacker.net has a few other threads of interest on the subject, I dont have a link to them tho as the sites going to slow right now for me to be bothered searching.
Its possible to decrypt the key, thats how the live logs are made and checked.
But the more its done the more reason for MS to use a harder method to crack which would make important things like live logs unavailable.
But on a large scale its not going to happen. To many variables for a program to do it and 99% of the users on this forum dont have the patients nor the skill to accomplish it manually.
Post by: Xenosis0 on November 10, 2009, 03:51:00 AM
I'm guessing it's also not possible for us to read/write what is on the nand?
I ask because MS I don't believe is able to modify their method of reading/writing information on the nand. That is more restricted to how the hardware is set up. So if one were to decrypt these packets and figure out what commands are being sent/received related to the nand, could we not simulate this process?
It would only have to be done once assuming they aren't able to change their methods of accessing data on the nand, only the level of encryption for the communication between their servers and the 360.
I realize that this is probably not possible still by any easy means but I ask more to educate myself in the hopes of perhaps stumbling upon something that hasn't been tried yet or at least to its fullest potential.
Post by: majinsoftware on November 10, 2009, 04:19:00 AM
MS on the other hand have full access to it.
The update boots into the ram and can make any changes they want.
As does the dash with in limitations as it cant over write what its reading from.
To make modifications to the nand image you need your CPUKEY + 1BL KEY.
Which can be obtained by running xell with the j-tag hack. But only works on consoles before 8XXXX dash.
But once you know your cpukey it never changes as its peered with the cpu and the nand.
I dont believe they make direct modifications to the nand over the network but rather instruct the dash to via pre-set commands or via a update.
In theory you could decrypt the packet they are sending to trigger the ban flag on the xbox which stops the hdd. Then make a virus out of it and disable peoples xboxs.
But the usability of such things would be limited on the requirements of what details are need.
Surely enough you would at least need to know the console ID to trigger such a flag.
Post by: Xenosis0 on November 10, 2009, 04:38:00 AM
QUOTE(majinsoftware @ Nov 10 2009, 06:19 AM)
In theory you could decrypt the packet they are sending to trigger the ban flag on the xbox which stops the hdd. Then make a virus out of it and disable peoples xboxs.
I hope the goal would be the other way around if anything, haha.
And it is possible if you fight your banning that they can reverse it, which must mean that they can in fact send a command to either unban the xbox or at the very least return functionality to the hdd. There aren't really enough tests done yet to know for sure but from what it sounds like it may be possible to unban a console in the same way they can. Since you would have access to your own consoles system information you could reverse engineer(term used loosely) the virus and target yourself reversing the effects.
How is the EEPROM and the NAND connected?
If a banned console is marked banned by information in the NAND and replacing the EEPROM in a banned console with that from a good one unbans the console, does it not maybe clear the NAND of at least the banning information?
Making lots of leaps there haha
Post by: majinsoftware on November 10, 2009, 06:24:00 PM
---
Because theres no point, If they could make a server run on the orignal xbox when not make it run on a computer. Would be cheaper and easyer to program as well as a computer being more grunty.
---
As Iv said before ill say it again, Fix the ping limit problem then you will open it up to internet system link games.
Post by: Xenosis0 on November 10, 2009, 08:16:00 PM
It might also be just as useful to log the session in which the console gets banned as it is probably very similar to the opposite.
Mostly hypothetical, but given that it wouldn't be too hard to log the sessions, I think its worth investigating.
Edit: http://forums.xbox-s...howtopic=634465
Post by: majinsoftware on November 10, 2009, 10:40:00 PM
But now they are doing more then that. since they must send a command to the xbox which write the ban flag to the nand and disables some features.
Post by: Xenosis0 on November 11, 2009, 12:24:00 AM
Post by: majinsoftware on November 11, 2009, 12:40:00 AM
But it would come down to how its comprized.
Could be as simple as
to ban you get this command
Ban(Console ID, Mac address)
And to unban
Unban(Console ID, Mac address)
But some one would have to have a packet sniffer and know how to decrypt the packets to be sure.
And the unban command would be more trial and error to discover unless some one with the know how can talk ms into sending them the command while they are logging. Or some one finds it out in the dumped and decrypted nand.
Post by: halleluia on November 11, 2009, 12:52:00 AM
1. Cant we use some kind of a software or something to report a different console id...Might not work cause random no's wont work..maybe
2.We the best possible solution is to hack LIVE srvers and unban everyone..Which I am sure someone is capable of...
I really think giving a fake ping is the best way...Only if someone can mod X Link Kai to do that...
Post by: majinsoftware on November 11, 2009, 01:10:00 AM
QUOTE(halleluia @ Nov 11 2009, 09:52 AM)
Sorry for butting in but
1. Cant we use some kind of a software or something to report a different console id...Might not work cause random no's wont work..maybe
2.We the best possible solution is to hack LIVE srvers and unban everyone..Which I am sure someone is capable of...
I really think giving a fake ping is the best way...Only if someone can mod X Link Kai to do that...
1: Nope, Each console has a unique id. Like a serial number for computer games. Only one console can use it and it needs to match other info such as mac addres, serial number, man date.
And all this stuff needs to match in the MS data base.
2: The database probably doesn't have direct connection to the internet and is probably read only unless your on the local computer.
Its more likely all requests are direct to a computer that connected to the database over a private network.
Also if some one managed to hack this database MS would take it very seriously and if caught jail time for the offender.
Altho Id love for this to happen but even if it did your not likly to benifit from it as they could only add the info that they know. Would be impossible to match every combination. And if it was hacked to just let any one in MS would notice and could easly just restore to a backup they have.
Post by: halleluia on November 11, 2009, 01:38:00 AM
1.Fake ping thing
2.Some guy should come forward and make a custom dashboard and we should make a server. So we can set the dash to use that server for online. And all banned and unbanned people can join and they should put up a small membership fee to cover the costs...Then there will be no need for any stealth or watev er and we can patch games to boot without any updates..SO from what I have read the dash is signed by some kind of a code only MS knows and if anything changes it will change too right? So we need some way around this..And it will possibly mean BANK BANKRUPTCY FOR MS XBOX DIVISION...
So then we can force ms to make GOLD free and unban everyone....LOL
Post by: majinsoftware on November 11, 2009, 01:43:00 AM
QUOTE(halleluia @ Nov 11 2009, 10:38 AM)
So theres only two posible solutions?
1.Fake ping thing
2.Some guy should come forward and make a custom dashboard and we should make a server. So we can set the dash to use that server for online. And all banned and unbanned people can join and they should put up a small membership fee to cover the costs...Then there will be no need for any stealth or watev er and we can patch games to boot without any updates..SO from what I have read the dash is signed by some kind of a code only MS knows and if anything changes it will change too right? So we need some way around this..And it will possibly mean BANK BANKRUPTCY FOR MS XBOX DIVISION...
So then we can force ms to make GOLD free and unban everyone....LOL2: Wont work on 99% of consoles, You need a dash thats hackable first which is only consoles with a version below 8XXXX. Other wise you cant get past the HV.
Post by: halleluia on November 11, 2009, 03:05:00 AM
QUOTE(majinsoftware @ Nov 11 2009, 02:13 PM)
2: Wont work on 99% of consoles, You need a dash thats hackable first which is only consoles with a version below 8XXXX. Other wise you cant get past the HV.
I mean cant we kind of hack NXE from the pc and put it on the 360?
Post by: majinsoftware on November 11, 2009, 03:45:00 AM
Did you even read the question I was answering.
The guy was asking about a custom dash which you would need if you want a replacement xbox live.
It would have to be customised to point to a new server and to disable encryption so we can modify the packets.
Which isnt posiable on a xbox thats played a wave 4 game (because it would of updated the dash past 8XXXX)
Or if you have been on live in the last 3 months.
Theres only one exploit knowen to get past the sighing check (HV) and thats the king kong one. Weather it be though jtag or the disk method and a even older dash.
Not to mention its even more illegal to make a modified dash then it is to hack the firmware on the dvd drive since you are using all MS own code. It could of been done by now instead of having to use Xell but no one wants to be the first person to test the waters for the fire MS will bring down.
So that leave expanding system link as our only method.
And the working model would be more like this
Xbox1 <--> local modifying proxy <--> VPN1 <--> Internet <--> VPN1 <--> local modifying proxy <--> Xbox2
Since using a proxy to change the server is the easiest method because it can be set up in the settings on the xbox. So we might as well make the proxy handle the ping times and a few other things.
The VPN should be able to bring down the bandwidth requirements aswell if you enable compression on it.
And you might aswell have a UI in the proxy for selecting a VPN correct for the game you want to play. And to display peoples real pings so you know which person you want to connect to. I believe a VPN is limited to 256 clients at a time maybe its changed since windows 2000 tho.
halleluia:
Nope its encrypted and needs to be signed. If you try to flash it to the nand with out meeting these requirements you get a rrod or it just bricks it.
Post by: halleluia on November 11, 2009, 05:13:00 AM
QUOTE(majinsoftware @ Nov 11 2009, 04:15 PM)
crashzero:
Did you even read the question I was answering.
The guy was asking about a custom dash which you would need if you want a replacement xbox live.
It would have to be customised to point to a new server and to disable encryption so we can modify the packets.
Which isnt posiable on a xbox thats played a wave 4 game (because it would of updated the dash past 8XXXX)
Or if you have been on live in the last 3 months.
Theres only one exploit knowen to get past the sighing check (HV) and thats the king kong one. Weather it be though jtag or the disk method and a even older dash.
Not to mention its even more illegal to make a modified dash then it is to hack the firmware on the dvd drive since you are using all MS own code. It could of been done by now instead of having to use Xell but no one wants to be the first person to test the waters for the fire MS will bring down.
So that leave expanding system link as our only method.
And the working model would be more like this
Xbox1 <--> local modifying proxy <--> VPN1 <--> Internet <--> VPN1 <--> local modifying proxy <--> Xbox2
Since using a proxy to change the server is the easiest method because it can be set up in the settings on the xbox. So we might as well make the proxy handle the ping times and a few other things.
The VPN should be able to bring down the bandwidth requirements aswell if you enable compression on it.
And you might aswell have a UI in the proxy for selecting a VPN correct for the game you want to play. And to display peoples real pings so you know which person you want to connect to. I believe a VPN is limited to 256 clients at a time maybe its changed since windows 2000 tho.
halleluia:
Nope its encrypted and needs to be signed. If you try to flash it to the nand with out meeting these requirements you get a rrod or it just bricks it.
So cant we just add fake ping thing to X Link Kai or do we need a proxy like you stated....
Post by: majinsoftware on November 11, 2009, 05:19:00 AM
Post by: halleluia on November 11, 2009, 07:51:00 AM
QUOTE(majinsoftware @ Nov 11 2009, 05:49 PM)
If they added it to X Link Kai. But X Link Kai is more like a VPN manager. It doesnt modify any of the data, Thats where the proxy server would be better since you could still use X Link Kai if you wanted or any other VPN things.
Maybe they can make a special XBOX 360 version of it. Otherwise someone needs to ocme foward and host a kind of a proxy that says the ping is lower than 32..