Nov 14 2009, 04:40 PM
real quick since i have to run. Has anyone captured the data from a 360 that is unmodified and compared it to one that is modified. obviously there are factors in the data that are going to be different, but if you have enough 360s data you'd be able to point out similarities such as what is user profile, console id, etc, but more importantly maybe disc id. this is in uber laymans terms but my networking friends out there know what im talking about.
what this allows for is maybe a more concrete idea of what may be caused in the banning of 360s.
Nov 15 2009, 04:50 AM
Quick question, why didnt you search? All your answers could of been solved with out making a new thread.
Dec 11 2009, 12:23 AM
All traffic it's encrypted with one way algorithm.
Dec 15 2009, 06:29 AM
yep i even tried jtaging the card and got about as far as a dev kit can get ....
Jan 21 2010, 06:28 AM
This place has such an awfully pessimistic look toward network manipulation on the 360...
A workaround should be technically possible (though extremely difficult) if you really want it. You would have to spoof the xbox specific kerboros exchange packets (all kerberos packets in the initial authentication excluding the first two) to both the xbox and the SG and maintain control of the middle (and all subsequent exchanges) since the TGT you get from the process is used to access all of live's features (if I remember correctly). You'll also probably have to find a way to beat the challenge in the Xbox-SG key exchange. Oh, and presumably there's some initial shared secret you'd have to dig out from the xbox (as evidenced by the preauth timestamp in the AS-REQ). Ah, and there's a couple of unknown and undocumented sections in those initial kerboros packets that seem to change each session so, if those have any relevance to security, you'd need to reverse engineer the xbox 360 (don't know a thing about that) to understand their implementation. Finally, you'd need the info from a non-banned box to disguise yours.
And that's only covering the security I know and somewhat understand...
Jan 21 2010, 08:39 PM
...or as we now have the ability to make modifications to the kernel, simply hook the encryption routines and dump the raw unencrypted data.
I wish I knew more PPC asm
Jan 22 2010, 02:40 AM
Regardless, having the unencrypted data would be nearly useless; the xbox presumably fails in the authentication stage, which is unencrypted, if it's been banned. I suppose it would be useful to find out when bans occur though...
and somehow reverse engineering the kernel(maybe? Don't know much about that...) to expose the intricate processes of the authentication, SG key and XK exchanges would be invaluable to someone wanting to do anything with the network (from petty packet manipulation to a complete emulation of the xbox live service). I just wish I knew how to do that kind of stuff...
Oct 27 2010, 07:37 PM
New console on first connection to live, reports two keys 128 and 256 bytes. From any console, you can get these keys programmatically.
While not make out as both of them get 16-byte hash of a network password, the traffic is not decrypted.
Dealt with this issue, I would authorize the xbox360 in Windows NT domain. While useless.
Compare the traffic is useless. There is nothing curious.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here