Open Source Xbox Live?

Discussion in 'Xbox (Original console)' started by AlexRMC92, Feb 19, 2013.

  1. retro

    retro Moderator Staff Member

    Joined:
    Mar 13, 2004
    Messages:
    11,026
    Likes Received:
    678
    Your posts got caught by the anti-spam system, @DarrenRainey. Thanks for remaining patient until they were approved. I've merged them - try to use the multi-quote system instead of double posting ;)

    Thanks for the update!
     
  2. toad1359

    toad1359 Member

    Joined:
    Jul 3, 2015
    Messages:
    14
    Likes Received:
    1
    I know c++, c, java.... end point is I would love to help. I have networking experience.
     
  3. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,480
    Likes Received:
    139
    Im not sure about this, but it could help keep assemblergames free of spamming "hows it going" and the real "tech info"... but I think it should be open for anyone, just like AG, no closed off forums or whatever. Im fine here.

    I dont think it is restarted, its just going and going :D like many homebrew app, its next to their day jobs, and you can grap the Src, and do your own thing.

    Nice, Im not sure who is in controll (I think noyone) and I think thats not important at this stage, read the sdk/xdk, and think of attack surfaces. Maybe write a server or client, sniff some traffic, decode/encode. Im at that stage (so still very early)
     
  4. toad1359

    toad1359 Member

    Joined:
    Jul 3, 2015
    Messages:
    14
    Likes Received:
    1
    It should be Simple.... redirect all traffic to a server, set it up for a few games, send and recieve data. ....
     
  5. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,480
    Likes Received:
    139
    There has been some discussions and debates over the technicalities already, we have no server code (or for most games at least) and this word "kerberos" (we dont have MS key) please reread the thread from page 1. As some have suggested earlier, and I will do so myself, get familiar with the sdk/xdk set from MS and try setting up a dev setup, for some basic network testing. I think you can go far with that, then we can also see how "simple" it might be. maybe you already took a look at the source code for the kernel (wich some Highly discourage you to do, DONT look if legal or law stuff is important to you) besides, it does not contain a complete xbox server-client over partner net or similar stuff. just the kernel.

    Some knowledgeable people said that we should have enough without the kernel, others say we never will without that key, or need to replace code (basically rewrite xbox live). I might be mistaken, and experts in the field have sometimes proven valuable information towards more awesome leaks, code or just info... most of the time, these were "old" scene members and I have high respect for them, even if they choose now (not) to read this and/or respond to correct me or us. They have shown me the wonderfull world of AG, and its niche parts of the www.
     
  6. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,480
    Likes Received:
    139
    I knew there was a trick I needed to look for, Ive read your post before ;)

    and for others some read food if you havent read it before.
    Just 1 warning, its written in the 360 time period:
    Game Developers Customize Xbox LIVE Raphael Mun (SDE) and John McPherson (SDET)
    https://web.archive.org/web/20100801194528/http://www.xbox.com/en-US/live/engineeringblog/how-game-developers-customize-xbox-live.htm

    It's Virtually Xbox LIVE Raphael Mun (SDE)
    http://www.xbox.com/en-NZ/Live/EngineeringBlog/031010-VirtuallyXboxLive

    more intresting stuff
    https://web.archive.org/web/20101004013624/http://www.xbox.com/en-US/live/engineeringblog/

    MSDN links:
    What is kerberos:
    https://msdn.microsoft.com/en-us/library/bb742516.aspx

    SRF
    Server Response File (https://msdn.microsoft.com/en-us/library/3k1tych8(v=vs.80).aspx) part of ATL server

    ATL Server Architecture
    ATL Server is a set of native C++ classes that allows developers to create Web applications, XML Web services, and
    other server applications. Many classes may also be used in client applications or components.
    https://msdn.microsoft.com/en-us/library/exb5b09w(v=vs.80).aspx

    some URLs Ive found inside xbe files:
    MACS.XBOXLIVE.COM
    AS.XBOXLIVE.COM
    TGS.XBOXLIVE.COM
     
  7. DarrenRainey

    DarrenRainey Member

    Joined:
    Aug 8, 2015
    Messages:
    16
    Likes Received:
    5
    im really interested in how the xbox checks and downloads updates if we can figure that out then maybe we can trick it into installing our own modified os. making it think that its connecting to Microsoft server should be pretty easy if we can find the address it checks for and then spoof the dns so it thinks thats its downloading an update from microsoft. I would also mean that we could install homebrew software much easiler

    The only problem is we would need to know what it checks for on the server side

    I was looking at that code and found some intresting files in the file XBOX\private\idw\setwin95.cmd and various games like snake but I dough that this is the actual kernel code because of all the windows files and unused files.

    some of the more intresting files are :
    xbExplorer.exe
    xbflash.exe
    xbeimport.exe
    and
    xbecopy.exe
     
    Last edited by a moderator: Aug 14, 2015
  8. fate6

    fate6 Haha, I killed a Pumpkin!

    Joined:
    May 16, 2013
    Messages:
    896
    Likes Received:
    304
    Yea I highly doubt that update idea would work, IDK what kind of security it uses but there is no way the system doesn't check the signatures on its files and packages. Plus I highly doubt people haven't tried using a proxy to get the system to download their own files
     
  9. Borman

    Borman Digital Games Curator Staff Member

    Joined:
    Mar 24, 2005
    Messages:
    9,392
    Likes Received:
    1,334
    Anyone dig around enough to figure out if the server info is hardcoded into the kernel, or do individual games also make changes?
     
  10. rso

    rso Not a member. You're imagining things.

    Joined:
    Mar 26, 2010
    Messages:
    2,090
    Likes Received:
    392
    The updater doesn't need to (it probably still does, though, e.g. to catch transfer errors). It would install unsigned files, then when trying to launch those, the BIOS (which does signature checks) will refuse to do so. Replace the wrong file and you might even end up with a bricked console, who knows.

    And I doubt the kernel knows much about XBL, since iirc it was still a looong way off when the first Xboxen were sold. And you should've been able to go on Live with a 1.0 BIOS, so...
     
    CodeAsm likes this.
  11. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,480
    Likes Received:
    139
    These are "leftovers" from the NT source tree MS used to build the xbox source tree.
    There are scripts describing how an employee could "download" the most recent tree to his hard-drive and start making his own build. Also some tools where still needed by the devops for making a working xbox os (kernel + dashboard).
    if im correct, IDW stands for: internal developers workstation
    wich would explain the tools there (games, why not.)
    check the SLM_cmdref.DOC or SLM executables in the very same directory or some nice threads over at the beta archive: http://www.betaarchive.com/forum/viewtopic.php?f=6&t=8306&start=100
    There should even be a project online where they (successfully) compiled windows NT (2000) from the source and they have documented some of the procedures MS does while making NT.
    Because this and the source-code your revering to is kinda tricky legaly speaking, I dont think we need to discus much about it here(yet). there are already some hints without this sourcecode we can try to recreate functions that we need to replicate.
    ive also checked all bat files, and some of them are from MS, and kinda shows how an MS employee would "download", compile, deploy and "checkin" their variation of code.

    To get back to XBox live:
    • xbExplorer.exe is later kind off replaced with the xbox neighborhood if im correct, just an normal xbox tool also included with sdk's. (the next programms are then included in this network discovery tool thing)
    • xbflash.exe a kernel flash tool, probably only works on xboxes with write enabled tsops and dev dashboards running (Recovery executables run a program like this, this is why you dont run it on a modded xbox, it can break your box) modchips make this kinda useless
    • xbeimport.exe shows all imports that a xbe file does. could be helpfull, but we have XBEExplorer.exe and IDA can do also nice things: https://www.hex-rays.com/products/ida/file_formats.shtml wich might be more helpfull understanding whats going on.
    • xbecopy.exe "Xbox image remote copy 1.00.3308.1 [..] both local and remote files must be specified." pretty much self explaining.
    Tip: Try installing a sdk and use it to make a xbe and send it to the xbox. debug it while it runs. Try kernel debugging. Try IDA (first the free edition on some random exe) .

    Im no expert on this field, but I do think we need to keep this up a lvl, know whats in the sourcecode could also help, but more importantly "know your tools", wich im myself working on, hope some of you new guys do too. hope the "experts" or "veterans" accept my explaination, please contribute if seeing mistakes or close, but not so right answers and I hope we can find a way for a Xbox (modded or not) to do handshaking with our own server 1 day. then we see our next goals
     
  12. DarrenRainey

    DarrenRainey Member

    Joined:
    Aug 8, 2015
    Messages:
    16
    Likes Received:
    5
    I feel that the game connects to its own servers but usings the xbox live servers like a proxy for authentication. This could explain why some games still had allot of support and players, even a few games that were not made by Microsoft kept running for a while until Microsoft pulled the plug on the xbox live auth servers

    after reading some of the source files for xbeflash I found this in XBOX\tools\Multi.ini

    Code:
    #
    # Configuration file for xbflash
    #
    # The main RC4 key is NOT provided here, and must be provided
    # in order for xblflash to work!!
    #
    # The offsets/addresses in this file are for an 'original'
    # Xbox Flash ROM.  It's possible that these have changed in
    # future kernel releases.
    #
    # I'm not sure if this will work on 'patched' ROMs - xbflash
    # relies on the data format of an original Xbox Flash ROM.
    #
    # The parser for this config file is not very forgiving -
    # be sure to keep the format of these lines identical to
    # the original if you make changes
    #
    
    #######################################################
    #
    # Main RC4 key (used to decrypt 2BL image)
    #
    #######################################################
    
    #
    # If this is a ROM image for a "1.0" Xbox, enter the 16-byte RC4 key
    # (from inside the MCPX 1.0 ROM) as:
    #
    # RC4_KEY=0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
    #
    #
    #
    # If this is a ROM image for a "1.1" (or higher) Xbox, and you know the *internal* MCPX
    # RC4 key (16-bytes), enter it as:
    #
    # RC4_keymethod=1
    # RC4_KEY=0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
    # (don't forget the "RC4_keymethod=1")
    #
    #
    # If this is a ROM image for a "1.1" (or higher) Xbox, and you don't know the internal
    # 16-byte RC4 key, use the "mcpx 1.1 toolkit" to get the 20-byte RC4 key, and enter as:
    #
    # RC4_KEY=0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
    #
    #
    # (Note that you won't be able to 're-sign' the FBL region (using the TEA RSA hack) unless you have
    # the *internal* MCPX RC4 key for MCPX 1.1/higher)
    #
    # Also note that 'multi' BIOS's aren't supported, so a key of all zeros is invalid
    #
    RC4_key_encrypt=0
    RC4_KEY=0x27 0x45 0xA9 0x10 0x39 0x7E 0x6A 0xA6 0x86 0xFB 0x4B 0x1A 0x4B 0xA9 0x0F 0xD2
    
    #
    # Base address of 2BL in Flash
    #
    2BL_base_ROM_address=0xffff9e00
    
    #
    # Size of 2BL in Flash
    #
    2BL_size=0x6000
    
    #
    # Address in ROM to top-align the KERNEL + KERNEL initialized data segment
    # (normally this is the 2BL_base_ROM_address minus 1)
    #
    KERNEL_top_ROM_address=0xffff9dff
    
    #
    # Base address of KERNEL when executing in RAM (used to adjust
    # pointers into offsets into the KERNEL)
    #
    KERNEL_address_adjust=0x80010000
    
    
    ##############################################################
    #
    # The following are all offsets into the decrypted 2BL image
    #
    ##############################################################
    
    #
    # Offset into 2BL to secondary RC4 key (used to decrypt KERNEL)
    #
    2BL_kernelkey_offset=0x0000008c
    
    #
    # Offset into 2BL to DWORD containing size of KERNEL's initialized
    # data segment
    #
    2BL_dwkerneldatasize_offset=0x00005fdc
    
    #
    # Offset into 2BL to DWORD containing number of bytes at beginning
    # of Flash (x-code, etc) to include in KERNEL SHA-1 hash calculation
    #
    2BL_dwflashstart_hashsize=0x00005fe0
    
    #
    # Offset into 2BL to DWORD containing the size of the COMPRESSED
    # KERNEL image
    #
    2BL_dwkernelsize_offset=0x00005fe8
    
    #
    # Offset into 2BL to 20-byte SHA-1 digest of KERNEL (result of
    # SHA-1 hash on KERNEL, KERNEL initialized data segment, and
    # x-code section of Flash base)
    #
    2BL_sha_digest_offset=0x00005fec
    
    
    
    ##############################################################
    #
    # The following are all offsets into the decrypted/decompressed
    # KERNEL image
    #
    ##############################################################
    
    #
    # Offset into KERNEL to DWORD containing the size of the KERNEL
    # initialized data section
    #
    KERNEL_dwdatasize_offset=0x0000002c
    
    #
    # Offset into KERNEL to DWORD containing the base ROM address of
    # the KERNEL initialized data section
    #
    KERNEL_dwdataROMbase_offset=0x00000030
    
    #
    # Offset into KERNEL to DWORD containing the base RAM address of
    # the KERNEL initialized data section (where it gets copied to
    # at runtime)
    #
    KERNEL_dwdataRAMbase_offset=0x00000034
    however the kernel source im working with is from back in 2003 so ideally we would have a more up to date version or multiple different kernel dumps from the xbox to compare the changes in the code.
     
    Last edited by a moderator: Aug 14, 2015
  13. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,480
    Likes Received:
    139
    This is file is made by the mod-chip makers, the Barnabas files are modified to run unsigned code, boot other dashboards, dont check for media type(not sure). Ive also seen code to be able to run on a later Xbox dashboard i believe. I believe any "source" discussion should go in a separate thread if its not already there. (if correct, all original unmodified file are saved as "Copy of".
    and MS only code is mostly in private and public folders, as of this release.

    I dint check, but the updater code should be there, saw some interesting things tho about VLAN, never really got it, so maybe I look into that this weekend (could be unnecessary, but ive hear too much about it to now skip it)
    SG seems to mean Security Gateway, not sure if the Retail Xbox live kept that structure and/or name convention. (should put that in "that" other thread)
     
  14. Lukew

    Lukew Rapidly Rising Member

    Joined:
    Sep 18, 2015
    Messages:
    98
    Likes Received:
    80
    I've just registered on here after finding this thread. I've been pondering the idea of modifying or replacing the XBL code to allow the building of a new service for a while now. I have the XDK, a dedicated console for debugging, a win XP machine (not virtual) for running VS 2003 and thanks to this thread, the kernel source. If there’s still interest and research going on for this, I'll be more than happy to put time and effort into it :)
     
  15. MonkeyBoyJoey

    MonkeyBoyJoey 70's Robot Anime GEPPY-X (PS1) Fanatic

    Joined:
    Mar 1, 2015
    Messages:
    1,506
    Likes Received:
    227
    If you can do it, go for it! I would love to be able to play Halo 2 online again! Any way to get the old free DLC for games available for download again, like the Halo 2 map packs and that optional update that fixes a lot of things in the game?
     
  16. DarrenRainey

    DarrenRainey Member

    Joined:
    Aug 8, 2015
    Messages:
    16
    Likes Received:
    5
    unless you can get the code and files for the dlc theres not much we can do for free dlc also there would be legal issuses
     
  17. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,480
    Likes Received:
    139
    Titleserver stuff, we can try to deal with that after we have a "working" xbox live, this will definitly take some more time.
    and we dont have sources from bungie, unless some collector stands up.
    And most DLC has been around already with some custom installers if im correct. ;)

    Sure there is, atleast me. Thing is, its kinda difficult, one should do some real coding/reverse engineering some protocols.
    Besides the whole "legal" thing from the kernel source or whatever, you might like to look into how to make a functional MACS server (to get a new "machine account"). Im asuming we can create some certificte/key pairs from the info around this. if you look in the source... if you like to keep it legal, try setting up a KDC and figure out the keys used by a Xbox to connect to it (probably want to use a "fresh" xbox, to create a"machine account"... not sure about this yet.

    This is all still bit new for me, reading docs, reading MS papers... Im not even started writing code, cause well, I take the source route... I think. Reverse engineering from only retail compiled code should be posible, "could" be harder... but maybe shares more light on "released" and "newer" xbox live code. (cause im not sure how legit the leaked source is or how "up to date"... its modified to make modchips runs...)
     
    Lukew likes this.
  18. Lukew

    Lukew Rapidly Rising Member

    Joined:
    Sep 18, 2015
    Messages:
    98
    Likes Received:
    80
    Part of me wonders if, given the age of the platform and the fact that no one makes any money from it any more, would Microsoft or the game developers spend any time worrying that a map pack that now has a resale value of 25 pence has been distributed? Source code and private keys, I can see them getting pissy, but game data they released for a console that's been abandoned for years, is it going to be worth the effort? TheIsoZone has a hefty collection of full games and DLC available for public download, there’s several links in this thread to the kernel source, among other things. Xbins hosts pretty much every hacked kernel that was ever made, original dash data, tools for hacking the console. If money was being made from the distribution of their software then yeah, I can see that being a big bonus for the legal department, but distributing game data that is no longer available new for no cost, I'm not too sure it's worth the effort.

    On the topic of Live, I have setup a kerberos server on my Linux machine, but I can't get iptables to play ball so it's just spitting the auth request out to the passport servers. I may use an old router with dd-wrt as a DHCP, Kerberos and DNS server and use Wireshark to monitor traffic.

    I may break out IDA Pro soon too
     
    CodeAsm likes this.
  19. Borman

    Borman Digital Games Curator Staff Member

    Joined:
    Mar 24, 2005
    Messages:
    9,392
    Likes Received:
    1,334
    The full source tree that was passed around doesnt have XBL server stuff from what Ive been told.
     
    CodeAsm likes this.
  20. WhatIsDaE

    WhatIsDaE Member

    Joined:
    Sep 19, 2015
    Messages:
    8
    Likes Received:
    3
    Is anyone actually interested on a Xbox Live server for the original xbox?
     
    CodeAsm and Syclopse like this.

Share This Page