Jump to content


Photo

Inserting File Into Network Traffic?


  • Please log in to reply
3 replies to this topic

#1 Darbness

Darbness

    X-S Enthusiast

  • Members
  • 2 posts

Posted 27 December 2008 - 09:43 AM

Ok im new to the xbox (360) scene but i have an idea,

I was doing some network sniffing of my xbox live connection and i found some stuff out,

1st: the xbox's connection to xbox live is not encrypted in any way (exept a couple of handshakes which are only ssl)

2nd: files (demos) sent over are stored in encrypted cab files (xcp)


3rd: pricing for xbox live content is sent over in unecrpted xml files.


So what i was thinking was possible encrypting other content like a full xbox 360 game into a xcp file,
then packet editing the connection so instead of downloading (from xbox live) and then exstracting a demo it downloads a full game (from comptuer) installes the "demo" but when you goto run this "demo" its aculy a full game.


what you guys think?

#2 No_Name

No_Name

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,154 posts

Posted 27 December 2008 - 11:47 AM

You have just had the same idea at least a dozen other people have had, and you also made the same mistake they did.

The traffic is encrypted, I believe the system used is Kerbos (sp?) if this was possible it would have been done by now and patched already.



#3 Darbness

Darbness

    X-S Enthusiast

  • Members
  • 2 posts

Posted 28 December 2008 - 12:55 AM

QUOTE(No_Name @ Dec 27 2008, 10:23 PM) View Post

You have just had the same idea at least a dozen other people have had.


Damn that sucks sad.gif

QUOTE(No_Name @ Dec 27 2008, 10:23 PM) View Post

The traffic is encrypted, I believe the system used is Kerbos (sp?).



the traffic is not encryted the only thing that is encryted is the actual cab file, i know this because i have seen the traffic.


#4 ssj4android

ssj4android

    X-S X-perience

  • Members
  • PipPip
  • 371 posts
  • Xbox Version:v1.0
  • 360 version:none

Posted 02 January 2009 - 08:00 AM

First, I'm sure the XML info is just for display, the actual point deductions and checks are done server-side.
Second, I think Live gets authorization to play the full version of something separately over the encrypted connection. Demos don't need this, have you sniffed actually making a purchase?

Edited by ssj4android, 02 January 2009 - 08:01 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users