Ping Limit Bypass
Posted 13 December 2009 - 08:22 PM
on my default_mp.exe it doesnt have MZ at ox4000 MZ starts at the very first line
Look at offset 0x4000 of default_mp.xex not "exe".
Idapro already have support for ppc.
Posted 13 December 2009 - 08:32 PM
Posted 20 December 2009 - 04:08 PM
The first 34 bytes are system link hearder:
- 4 bytes : CMD
- 2 bytes : option, .....
We can see a sequence number, a answer number ...
The CMD for ping is 00:00:00:00 00:58 and the answer 00:00:00:00 01:58.
But all bytes after 0x34 are encrypted, if we can found how is this bytes encrypted, we can fake a echo-replay.
Posted 22 December 2009 - 07:37 AM
Posted 22 December 2009 - 11:59 AM
this CMD come out from packets the xbox sends out.
All system link use the same, and are generated by the M$ API.
Not exactly ALL, because some all game don't have this "ping limit", but use the same API.
I see now two possible solutions:
- Found in the nand the key used to encrypt the daya after 0x34 and than fake a echo-reply (the best because no need to have a hacked xbox).
- compare the API call in this old game and a new one. Than modify the XEX to disable this "ping test".
Ledjohnnyboy , you have make a good search, if you found now the call to this API, for sure you can disable this limit.
Posted 23 December 2009 - 12:13 AM
thanks for your help guys!
Posted 28 December 2009 - 08:35 PM
Iv'e said for ages someone needs to crack this ping limit in system link. It would be like the old days - xbox, xlink & halo 2...... rock on.
I would love to help but don't know enough but you guys rule, keep up the good work I'm sure you'll crack it.
full support given
Posted 28 December 2009 - 09:00 PM
This is great stuff
Looking at these kind of threads always makes me smile
Posted 30 December 2009 - 01:18 AM
I got now frigging idea to what you are saying but i think you are close
u have my support
Cant wait to play with those european guys
Posted 31 December 2009 - 07:56 AM
By the way, the episode basically shows how a device responds to windows computers that send a request out for their particular network. I was thinking if it was possible to use a device such as that, or simply a computer to sorta do the same concept. Basically the xbox game sends a packet with certain data to a host, and we just intercept the packet and send a reply packet that shows we are that particular host.
Edited by zrs_guy, 31 December 2009 - 08:01 AM.
Posted 01 January 2010 - 01:50 AM
Posted 01 January 2010 - 05:50 AM
Take a look of the data in that blue selection, obviously those are variables for determining or storing the host name, now maybe by analyzing other files we might be able to find some examples of these Hosts. In my opinion if we can figure out what the packets being sent contain and what the packets being received contain, then we can send a reply packet that duplicates the reply packets being sent by a actual xbox server.
Posted 14 January 2010 - 04:24 AM
Hi, is it just possible to intercept that packets that the 360 game sends so we can fake reply to those packets? Why make it so hard? It seems that it would be possible to just intercept, and send reply packets so the 360 thinks its getting a good connection under 30ms.
I was just going to suggest this as I was reading this thread. This has to be the easiest thing to do. Just have the PC intercept ICMP packets, find out the source information, drop the packet, spoof the reply; you're done.
Am I missing something more complicated?
I feel this would be much more easier than targetting each game.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users