MySocksAreWet

Does any one no how to hack Xbox live accounts?

14 posts in this topic

Ive always wanted to do this but, I can't find a legit way. So does any one now how to do this?

Edit: Also I have noticed that "no" in the title should be "know" sorry.

Edited by MySocksAreWet
0

Share this post


Link to post
Share on other sites

Why yes! I do.

0

Share this post


Link to post
Share on other sites

Ive always wanted to do this but, I can't find a legit way.

legit from Latin 'legere' meaning ordered, loosely: lawful.

No?

0

Share this post


Link to post
Share on other sites

Well...we all know his type...but his post does beg the question...Does anyone know anything about XBOX Live security in general?

How does it authenticate...how does it maintain data integrity and security?

Has anyone sniffed their XBOX Live connection while authenticating? or while playing a game? This is an interesting hack topic. I wonder if there are injection hacks that people can use..hummm..interesting.

I used to work for Electronic Boutique before they became GameStop and remember when it came out...XBOX live is HOTTT...wish I had time to be a gamer again...:sad:

0

Share this post


Link to post
Share on other sites

I don't know many people that do know anything about xbox security. However, I have met certain person(s) that have access to custom functionality or/and have mod chips soldered through the case(sticking out of the xbox) which provide this custom functionality using the "xbox360 framework"(as far as I know this is a c++ like syntax language designed on top of the .net framework). All I have to say is that there are developers out there who know how to do this stuff(hence the existence of such mod chips currently on the market). Some of these same person(s) have developed custom applications which script certain aspects of xbox live(some of the custom 'functionality' was being able to monitor the state of friends that weren't on your buddylist, other functionality included being able to eavesdrop on voice chat without displaying your presence to the users in that current chat). Clarification: THIS IS WORD OF MOUTH, take it for what it is.

My own two cents:

When I sniffed my xbox360 traffic once, I realized it maintained session using encryption(maybe ssl) over a specialized server(nmap returns port 1026: LSA-or-nterm?)-client connection. If in fact ssl is being used(as well as http(s) protocol), you could run a program like sslstrip sslstrip-homepage(which strips the ssl encryption and rewrites the https traffic to http) enabling us to see more and to further analyze this functionality. I haven't tried using sslstrip yet, but there's a video on the site. So in further speculation, an nterm-like program is potentially running on port 1026.

NTERM - nTerm is a command-based toolbar application that allows you to easily control and launch all of your applications, URLs, documents and directories. It can be used as a universal internet bookmark holder, a toolbar, or a developers tool (automatically open a window of prompt to that obfuscated directory and remember it for later).

This could be part of or a clue about the interface used for calling applications on the xbox360 or using it's resources over the network or locally. So now we need some sort of message debugger that can strip the encryption and tell us what's going on. Try ssl-strip and let me know if you get anywhere with that.

0

Share this post


Link to post
Share on other sites

I don't know many people that do know anything about xbox security. However, I have met certain person(s) that have access to custom functionality or/and have mod chips soldered through the case(sticking out of the xbox) which provide this custom functionality using the "xbox360 framework"(as far as I know this is a c++ like syntax language designed on top of the .net framework). All I have to say is that there are developers out there who know how to do this stuff(hence the existence of such mod chips currently on the market). Some of these same person(s) have developed custom applications which script certain aspects of xbox live(some of the custom 'functionality' was being able to monitor the state of friends that weren't on your buddylist, other functionality included being able to eavesdrop on voice chat without displaying your presence to the users in that current chat). Clarification: THIS IS WORD OF MOUTH, take it for what it is.

My own two cents:

When I sniffed my xbox360 traffic once, I realized it maintained session using encryption(maybe ssl) over a specialized server(nmap returns port 1026: LSA-or-nterm?)-client connection. If in fact ssl is being used(as well as http(s) protocol), you could run a program like sslstrip sslstrip-homepage(which strips the ssl encryption and rewrites the https traffic to http) enabling us to see more and to further analyze this functionality. I haven't tried using sslstrip yet, but there's a video on the site. So in further speculation, an nterm-like program is potentially running on port 1026.

NTERM - nTerm is a command-based toolbar application that allows you to easily control and launch all of your applications, URLs, documents and directories. It can be used as a universal internet bookmark holder, a toolbar, or a developers tool (automatically open a window of prompt to that obfuscated directory and remember it for later).

This could be part of or a clue about the interface used for calling applications on the xbox360 or using it's resources over the network or locally. So now we need some sort of message debugger that can strip the encryption and tell us what's going on. Try ssl-strip and let me know if you get anywhere with that.

That might just work i'll try it tonight. Also I might have just answered my own question, you can use social engineering to get there e-mail then send a message with sniper-spy or win-spy(they are key loggers). Once you get there e-mail passwords with those programs you sign in then send a message to Xbox Live Services saying, "I forgot my password." You should know what to do from there.

0

Share this post


Link to post
Share on other sites

Judging from a packet dump that I just did, all the dashboard data is sent over cleartext HTTP, using JPEGs for the images, an XML file for the main dashboard setup, an encrypted executable format called XEX, and what appears to be a proprietary container format called XZP.

The HTTP User-Agent string used is "Xbox Live Client/2.0.8507.0".

And it appears that they use Kerberos for authentication.

0

Share this post


Link to post
Share on other sites

I decided to dump some packets myself. I picked out the more 'insightful' packets and as far as I can tell there is evidence of some sort of handshake between the Xbox360 and my pc. Look at packets 2,3,4,5 in the end of the SOAPACTION: field. Things like #IsAuthorized, #IsValidated, and #RegisterDevice give me some insight of the Xbox360's communication mechanism. So we know it uses upnp for this handshake and XML content for the rest validation. Then the encrypted conversation starts on packet 5 as the device is registered using upnp with embedded xml content. I noticed that there was a set of data at the beginning of each packet which I stripped that was consistently 16-18 characters in length. There is also a pattern in this bit; I don't know what it means, maybe it's merely padding. Looks interesting:

Pm5ZE@5dfV5itePDp

Pm5ZE @3df5 yPDp

Pm5ZE @3df5 yPDp

Pm5ZE'@3df5#1rPDpR

Pm5ZE.@0df,5$5PDpJ

Pm5ZE/@0df,5$F5PD

I figure whatever is going on inside the <RegistrationReqMsg> tags starting with packet 5 is where the gold is at(maybe the XEX file). Obviously the closing </RegistrationReqMsg> tag exists at the end of this data stream which is probably a few more packets in length. Maybe this can be extracted and decrypted somehow(if only we knew how the 360 did it).


###PACKET-1###

GET /upnphost/udhisapi.dll?content=uuid:4e1f508d-2ff5-483f-9fa9-f1ae5da28a84 HTTP/1.1
User-Agent: Xbox/2.0.8507.0 UPnP/1.0 Xbox/2.0.8507.0
Connection: Keep-alive
Host:192.168.1.102

###PACKET-2###

POST /upnphost/udhisapi.dll?control=uuid:4e1f508d-2ff5-483f-9fa9-f1ae5da28a84+urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar HTTP/1.1
User-Agent: Xbox/2.0.8507.0 UPnP/1.0 Xbox/2.0.8507.0
Connection: Keep-alive
Host:192.168.1.102
SOAPACTION: "urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1#IsAuthorized"
CONTENT-TYPE: text/xml; charset="utf-8"
Content-Length: 304

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:IsAuthorized xmlns:u="urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1">
<DeviceID></DeviceID> </u:IsAuthorized>
</s:Body>
</s:Envelope>

###PACKET-3###

POST /upnphost/udhisapi.dll?control=uuid:4e1f508d-2ff5-483f-9fa9-f1ae5da28a84+urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar HTTP/1.1
User-Agent: Xbox/2.0.8507.0 UPnP/1.0 Xbox/2.0.8507.0
Connection: Keep-alive
Host:192.168.1.102
SOAPACTION: "urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1#IsAuthorized"
CONTENT-TYPE: text/xml; charset="utf-8"
Content-Length: 304

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:IsAuthorized xmlns:u="urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1">
<DeviceID></DeviceID> </u:IsAuthorized>
</s:Body>
</s:Envelope>

###PACKET-4###

POST /upnphost/udhisapi.dll?control=uuid:4e1f508d-2ff5-483f-9fa9-f1ae5da28a84+urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar HTTP/1.1
User-Agent: Xbox/2.0.8507.0 UPnP/1.0 Xbox/2.0.8507.0
Connection: Keep-alive
Host:192.168.1.102
SOAPACTION: "urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1#IsValidated"
CONTENT-TYPE: text/xml; charset="utf-8"
Content-Length: 302

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:IsValidated xmlns:u="urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1">
<DeviceID></DeviceID> </u:IsValidated>
</s:Body>
</s:Envelope>

###PACKET-5###

POST /upnphost/udhisapi.dll?control=uuid:4e1f508d-2ff5-483f-9fa9-f1ae5da28a84+urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar HTTP/1.1
User-Agent: Xbox/2.0.8507.0 UPnP/1.0 Xbox/2.0.8507.0
Connection: Keep-alive
Host:192.168.1.102
SOAPACTION: "urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1#RegisterDevice"
CONTENT-TYPE: text/xml; charset="utf-8"
Content-Length: 10340

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:RegisterDevice xmlns:u="urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1">
<RegistrationReqMsg>AgEAElqtCR4AAAAAAAAAAAAAAAAdPjxjOkNlcnRpZmljYXRlQ29sbGVjdGlvbiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6Yz0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9EUk0vMjAwNC8wMi9jZXJ0IiBjOlZlcnNpb249IjIuMCI+PGM6Q2VydGlmaWNhdGU+PGM6RGF0YSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6Yz0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9EUk0vMjAwNC8wMi9jZXJ0Ij48YzpQdWJsaWNLZXk+PEtleVZhbHVlPjxSU0FLZXlWYWx1ZT48TW9kdWx1cz5tMmZ1cHZSM0pNeE1UNzdYZUd3dm5NV0dLS0FXYVVoMXlQbGVOQis3dnpiVDBvSWl3dHB0TUI1eFpjaThlbmhMdWNiUkpTRUsxU1JRREdYbXZtdDBkMytnbjJacHh1VFNxVU9GTnd1NU1WYWsxa1ZVMWI0N2ZxcWFLblo3Wml5dk15dk1SL3ZyWFRrUVFJN0NvQkcrK1NMaDFqNzgwd1pBQkxxRTRCcjhkN2M9PC9Nb2R1bHVzPjxFeHBvbmVudD5BUUFCPC9FeHBvbmVudD48L1JTQUtleVZhbHVlPjwvS2V5VmFsdWU+PC9jOlB1YmxpY0tleT48YzpLZXlVc2FnZT48YzpFbmNyeXB0S2V5PjE8L2M6RW5jcnl


pwdEtleT48L2M6S2V5VXNhZ2U+PGM6U2VjdXJpdHlMZXZlbD4yMDAwPC9jOlNlY3VyaXR5TGV2ZWw+PGM6TWFudWZhY3R1cmVyRGF0YT48YzpNYW51ZmFjdHVyZXJOYW1lPk1pY3Jvc29mdCBDb3Jwb3JhdGlvbjwvYzpNYW51ZmFjdHVyZXJOYW1lPjxjOk1hbnVmYWN0dXJlclVSTD53d3cubWljcm9zb2Z0LmNvbTwvYzpNYW51ZmFjdHVyZXJVUkw+PGM6TW9kZWxOYW1lPlhib3ggMzYwPC9jOk1vZGVsTmFtZT48YzpNb2RlbE51bWJlcj5mZmZmZmZmZjk4MTBkZmI4PC9jOk1vZGVsTnVtYmVyPjwvYzpNYW51ZmFjdHVyZXJEYXRhPjxjOkZlYXR1cmVzPjxjOldNRFJNUmVjZWl2ZXI+MTwvYzpXTURSTVJlY2VpdmVyPjwvYzpGZWF0dXJlcz48L2M6RGF0YT48U2lnbmF0dXJlPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiPjwvQ2Fub25pY2FsaXphdGlvbk1ldGhvZD48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9EUk0vMjAwNC8wMi9DRVJUL1JzYS1zaGExIj48L1NpZ25hdHVyZU1ldGhvZD48UmVmZXJlbmNlPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL0RSTS8yMDA0LzAyL0NFUlQvRGF0YSI+PC9UcmFuc2Zvcm0+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L0RpZ2VzdE1ldGhvZD48RGlnZXN0VmFsdWU+Mitxd3RmV0ducFhPaE42bmRsTkV3cHF0Y3J3PTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5Ncm5GK2V4ZGZNWWdhUU9xWDdMbmdkY0dZMThmSldsUXE2d1FrOHg5aHhlN3JIZTNnb0dCMmJnOHlpK09sTTVEVkdNQ05rOXVDKzNSL3paZkNqV2RVaXVBZjJadzRoVEYxSWZtbkMvcVlnWDRsd09

0

Share this post


Link to post
Share on other sites

Well the <RegistrationReqMsg> part is just base64 encoded.

Your dump has this in it:

<c:CertificateCollection xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:c="http://schemas.microsoft.com/DRM/2004/02/cert" c:Version="2.0">
<c:Certificate>
<c:Data xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:c="http://schemas.microsoft.com/DRM/2004/02/cert">
<c:PublicKey>
<KeyValue>
<RSAKeyValue>
<Modulus>m2fupvR3JMxMT77XeGwvnMWGKKAWaUh1yPleNB+7vzbT0oIiwtptMB5xZci8enhLucbRJSEK1SRQDGXmvmt0d3+gn2ZpxuTSqUOFNwu5MVak1kVU1b47fqqaKnZ7ZiyvMyvMR/vrXTkQQI7CoBG++SLh1j780wZABLqE4Br8d7c=</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</c:PublicKey>
<c:KeyUsage>
<c:EncryptKey>1</c:Encry

0

Share this post


Link to post
Share on other sites

I decided to dump some packets myself. I picked out the more 'insightful' packets and as far as I can tell there is evidence of some sort of handshake between the Xbox360 and my pc. Look at packets 2,3,4,5 in the end of the SOAPACTION: field. Things like #IsAuthorized, #IsValidated, and #RegisterDevice give me some insight of the Xbox360's communication mechanism. So we know it uses upnp for this handshake and XML content for the rest validation. Then the encrypted conversation starts on packet 5 as the device is registered using upnp with embedded xml content. I noticed that there was a set of data at the beginning of each packet which I stripped that was consistently 16-18 characters in length. There is also a pattern in this bit; I don't know what it means, maybe it's merely padding. Looks interesting:

Pm5ZE@5dfV5itePDp

Pm5ZE @3df5 yPDp

Pm5ZE @3df5 yPDp

Pm5ZE'@3df5#1rPDpR

Pm5ZE.@0df,5$5PDpJ

Pm5ZE/@0df,5$F5PD

I figure whatever is going on inside the <RegistrationReqMsg> tags starting with packet 5 is where the gold is at(maybe the XEX file). Obviously the closing </RegistrationReqMsg> tag exists at the end of this data stream which is probably a few more packets in length. Maybe this can be extracted and decrypted somehow(if only we knew how the 360 did it).


###PACKET-1###

GET /upnphost/udhisapi.dll?content=uuid:4e1f508d-2ff5-483f-9fa9-f1ae5da28a84 HTTP/1.1
User-Agent: Xbox/2.0.8507.0 UPnP/1.0 Xbox/2.0.8507.0
Connection: Keep-alive
Host:192.168.1.102

###PACKET-2###

POST /upnphost/udhisapi.dll?control=uuid:4e1f508d-2ff5-483f-9fa9-f1ae5da28a84+urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar HTTP/1.1
User-Agent: Xbox/2.0.8507.0 UPnP/1.0 Xbox/2.0.8507.0
Connection: Keep-alive
Host:192.168.1.102
SOAPACTION: "urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1#IsAuthorized"
CONTENT-TYPE: text/xml; charset="utf-8"
Content-Length: 304

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:IsAuthorized xmlns:u="urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1">
<DeviceID></DeviceID> </u:IsAuthorized>
</s:Body>
</s:Envelope>

###PACKET-3###

POST /upnphost/udhisapi.dll?control=uuid:4e1f508d-2ff5-483f-9fa9-f1ae5da28a84+urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar HTTP/1.1
User-Agent: Xbox/2.0.8507.0 UPnP/1.0 Xbox/2.0.8507.0
Connection: Keep-alive
Host:192.168.1.102
SOAPACTION: "urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1#IsAuthorized"
CONTENT-TYPE: text/xml; charset="utf-8"
Content-Length: 304

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:IsAuthorized xmlns:u="urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1">
<DeviceID></DeviceID> </u:IsAuthorized>
</s:Body>
</s:Envelope>

###PACKET-4###

POST /upnphost/udhisapi.dll?control=uuid:4e1f508d-2ff5-483f-9fa9-f1ae5da28a84+urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar HTTP/1.1
User-Agent: Xbox/2.0.8507.0 UPnP/1.0 Xbox/2.0.8507.0
Connection: Keep-alive
Host:192.168.1.102
SOAPACTION: "urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1#IsValidated"
CONTENT-TYPE: text/xml; charset="utf-8"
Content-Length: 302

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:IsValidated xmlns:u="urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1">
<DeviceID></DeviceID> </u:IsValidated>
</s:Body>
</s:Envelope>

###PACKET-5###

POST /upnphost/udhisapi.dll?control=uuid:4e1f508d-2ff5-483f-9fa9-f1ae5da28a84+urn:microsoft.com:serviceId:X_MS_MediaReceiverRegistrar HTTP/1.1
User-Agent: Xbox/2.0.8507.0 UPnP/1.0 Xbox/2.0.8507.0
Connection: Keep-alive
Host:192.168.1.102
SOAPACTION: "urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1#RegisterDevice"
CONTENT-TYPE: text/xml; charset="utf-8"
Content-Length: 10340

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:RegisterDevice xmlns:u="urn:microsoft.com:service:X_MS_MediaReceiverRegistrar:1">
<RegistrationReqMsg>AgEAElqtCR4AAAAAAAAAAAAAAAAdPjxjOkNlcnRpZmljYXRlQ29sbGVjdGlvbiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6Yz0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9EUk0vMjAwNC8wMi9jZXJ0IiBjOlZlcnNpb249IjIuMCI+PGM6Q2VydGlmaWNhdGU+PGM6RGF0YSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6Yz0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9EUk0vMjAwNC8wMi9jZXJ0Ij48YzpQdWJsaWNLZXk+PEtleVZhbHVlPjxSU0FLZXlWYWx1ZT48TW9kdWx1cz5tMmZ1cHZSM0pNeE1UNzdYZUd3dm5NV0dLS0FXYVVoMXlQbGVOQis3dnpiVDBvSWl3dHB0TUI1eFpjaThlbmhMdWNiUkpTRUsxU1JRREdYbXZtdDBkMytnbjJacHh1VFNxVU9GTnd1NU1WYWsxa1ZVMWI0N2ZxcWFLblo3Wml5dk15dk1SL3ZyWFRrUVFJN0NvQkcrK1NMaDFqNzgwd1pBQkxxRTRCcjhkN2M9PC9Nb2R1bHVzPjxFeHBvbmVudD5BUUFCPC9FeHBvbmVudD48L1JTQUtleVZhbHVlPjwvS2V5VmFsdWU+PC9jOlB1YmxpY0tleT48YzpLZXlVc2FnZT48YzpFbmNyeXB0S2V5PjE8L2M6RW5jcnl


pwdEtleT48L2M6S2V5VXNhZ2U+PGM6U2VjdXJpdHlMZXZlbD4yMDAwPC9jOlNlY3VyaXR5TGV2ZWw+PGM6TWFudWZhY3R1cmVyRGF0YT48YzpNYW51ZmFjdHVyZXJOYW1lPk1pY3Jvc29mdCBDb3Jwb3JhdGlvbjwvYzpNYW51ZmFjdHVyZXJOYW1lPjxjOk1hbnVmYWN0dXJlclVSTD53d3cubWljcm9zb2Z0LmNvbTwvYzpNYW51ZmFjdHVyZXJVUkw+PGM6TW9kZWxOYW1lPlhib3ggMzYwPC9jOk1vZGVsTmFtZT48YzpNb2RlbE51bWJlcj5mZmZmZmZmZjk4MTBkZmI4PC9jOk1vZGVsTnVtYmVyPjwvYzpNYW51ZmFjdHVyZXJEYXRhPjxjOkZlYXR1cmVzPjxjOldNRFJNUmVjZWl2ZXI+MTwvYzpXTURSTVJlY2VpdmVyPjwvYzpGZWF0dXJlcz48L2M6RGF0YT48U2lnbmF0dXJlPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiPjwvQ2Fub25pY2FsaXphdGlvbk1ldGhvZD48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9EUk0vMjAwNC8wMi9DRVJUL1JzYS1zaGExIj48L1NpZ25hdHVyZU1ldGhvZD48UmVmZXJlbmNlPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL0RSTS8yMDA0LzAyL0NFUlQvRGF0YSI+PC9UcmFuc2Zvcm0+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L0RpZ2VzdE1ldGhvZD48RGlnZXN0VmFsdWU+Mitxd3RmV0ducFhPaE42bmRsTkV3cHF0Y3J3PTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5Ncm5GK2V4ZGZNWWdhUU9xWDdMbmdkY0dZMThmSldsUXE2d1FrOHg5aHhlN3JIZTNnb0dCMmJnOHlpK09sTTVEVkdNQ05rOXVDKzNSL3paZkNqV2RVaXVBZjJadzRoVEYxSWZtbkMvcVlnWDRsd09

Is this during a login at the main Xbox 360 Dashboard?

0

Share this post


Link to post
Share on other sites

No this is when I first turn the unit on. I know that after booting up, the 360 is going to look for upnp services like the media server running on my pc on tcp port 10243, so I thought it would be a good place to start. Since we know that the XML data is encoded in base64 the next step is to decode all base64 related traffic during different scenarios.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now