real quick since i have to run. Has anyone captured the data from a 360 that is unmodified and compared it to one that is modified. obviously there are factors in the data that are going to be different, but if you have enough 360s data you'd be able to point out similarities such as what is user profile, console id, etc, but more importantly maybe disc id. this is in uber laymans terms but my networking friends out there know what im talking about.
what this allows for is maybe a more concrete idea of what may be caused in the banning of 360s.
Full Version: Compare Unmod And Mod 360 Traffic
Scenyx Entertainment Community > Xbox360 Forums > Xbox 360 Hacking Forums > Technical USB / Wireless / Network Forum
Quick question, why didnt you search? All your answers could of been solved with out making a new thread.
All traffic it's encrypted with one way algorithm.
yep i even tried jtaging the card and got about as far as a dev kit can get ....
This place has such an awfully pessimistic look toward network manipulation on the 360...
A workaround should be technically possible (though extremely difficult) if you really want it. You would have to spoof the xbox specific kerboros exchange packets (all kerberos packets in the initial authentication excluding the first two) to both the xbox and the SG and maintain control of the middle (and all subsequent exchanges) since the TGT you get from the process is used to access all of live's features (if I remember correctly). You'll also probably have to find a way to beat the challenge in the Xbox-SG key exchange. Oh, and presumably there's some initial shared secret you'd have to dig out from the xbox (as evidenced by the preauth timestamp in the AS-REQ). Ah, and there's a couple of unknown and undocumented sections in those initial kerboros packets that seem to change each session so, if those have any relevance to security, you'd need to reverse engineer the xbox 360 (don't know a thing about that) to understand their implementation. Finally, you'd need the info from a non-banned box to disguise yours.
And that's only covering the security I know and somewhat understand...
A workaround should be technically possible (though extremely difficult) if you really want it. You would have to spoof the xbox specific kerboros exchange packets (all kerberos packets in the initial authentication excluding the first two) to both the xbox and the SG and maintain control of the middle (and all subsequent exchanges) since the TGT you get from the process is used to access all of live's features (if I remember correctly). You'll also probably have to find a way to beat the challenge in the Xbox-SG key exchange. Oh, and presumably there's some initial shared secret you'd have to dig out from the xbox (as evidenced by the preauth timestamp in the AS-REQ). Ah, and there's a couple of unknown and undocumented sections in those initial kerboros packets that seem to change each session so, if those have any relevance to security, you'd need to reverse engineer the xbox 360 (don't know a thing about that) to understand their implementation. Finally, you'd need the info from a non-banned box to disguise yours.
And that's only covering the security I know and somewhat understand...
...or as we now have the ability to make modifications to the kernel, simply hook the encryption routines and dump the raw unencrypted data.
I wish I knew more PPC asm
I wish I knew more PPC asm
Regardless, having the unencrypted data would be nearly useless; the xbox presumably fails in the authentication stage, which is unencrypted, if it's been banned. I suppose it would be useful to find out when bans occur though...
and somehow reverse engineering the kernel(maybe? Don't know much about that...) to expose the intricate processes of the authentication, SG key and XK exchanges would be invaluable to someone wanting to do anything with the network (from petty packet manipulation to a complete emulation of the xbox live service). I just wish I knew how to do that kind of stuff...
and somehow reverse engineering the kernel(maybe? Don't know much about that...) to expose the intricate processes of the authentication, SG key and XK exchanges would be invaluable to someone wanting to do anything with the network (from petty packet manipulation to a complete emulation of the xbox live service). I just wish I knew how to do that kind of stuff...
New console on first connection to live, reports two keys 128 and 256 bytes. From any console, you can get these keys programmatically.
While not make out as both of them get 16-byte hash of a network password, the traffic is not decrypted.
Dealt with this issue, I would authorize the xbox360 in Windows NT domain. While useless.
Compare the traffic is useless. There is nothing curious.
While not make out as both of them get 16-byte hash of a network password, the traffic is not decrypted.
Dealt with this issue, I would authorize the xbox360 in Windows NT domain. While useless.
Compare the traffic is useless. There is nothing curious.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.