XboxHacker BBS
 
Home Help Search Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		May 18, 2013, 06:51:44 AM


Login with username, password and session length


XboxHacker BBS > Xbox 360 > Xbox 360 General Discussion (Moderators: SiliconIce, Arakon, Redline99) > Packet Dump from Banned Console
Pages: 1
« previous next »
  Print  
Author Topic: Packet Dump from Banned Console  (Read 3653 times)
ms662412
Master Hacker
****
Posts: 118

Somewhere between a novice and an expert...


View Profile
« on: November 05, 2009, 10:55:35 AM »
0100 5e7f fffa 001d d880 9f00 0800 4500  ..^...........E.
01ac eaa5 0000 0111 c990 0a0a 0a07 efff  ................
fffa 0401 076c 0198 522c 4e4f 5449 4659  .....l..R,NOTIFY
202a 2048 5454 502f 312e 310d 0a48 4f53   * HTTP/1.1..HOS
543a 3233 392e 3235 352e 3235 352e 3235  T:239.255.255.25
303a 3139 3030 0d0a 4e54 3a75 726e 3a73  0:1900..NT:urn:s
6368 656d 6173 2d6d 6963 726f 736f 6674  chemas-microsoft
2d63 6f6d 3a6e 6865 643a 7072 6573 656e  -com:nhed:presen
6365 3a31 0d0a 4e54 533a 7373 6470 3a61  ce:1..NTS:ssdp:a
6c69 7665 0d0a 4c4f 4341 5449 4f4e 3a2a  live..LOCATION:*
0d0a 414c 3a3c 7572 6e3a 7363 6865 6d61  ..AL:<urn:schema
732d 6d69 6372 6f73 6f66 742d 636f 6d3a  s-microsoft-com:
6e68 6564 3a61 7474 7269 6275 7465 733f  nhed:attributes?
7479 7065 3d58 3032 2666 6972 6d77 6172  type=X02&firmwar
6576 6572 3d38 3935 352e 3026 7564 6e3d  ever=8955.0&udn=
7575 6964 3a31 3030 3030 3030 302d 3030  uuid:10000000-00
3030 2d30 3030 302d 3032 3030 2d30 3031  00-0000-0200-001
4444 3838 3039 4630 303e 0d0a 4341 4348  DD8809F00>..CACH
452d 434f 4e54 524f 4c3a 6d61 782d 6167  E-CONTROL:max-ag
653d 340d 0a55 534e 3a75 7569 643a 3030  e=4..USN:uuid:00
3030 3030 3030 2d30 3030 302d 3030 3030  000000-0000-0000
2d30 3230 302d 3030 3144 4438 3830 3946  -0200-001DD8809F
3030 3a3a 7572 6e3a 7363 6865 6d61 732d  00::urn:schemas-
6d69 6372 6f73 6f66 742d 636f 6d3a 6e68  microsoft-com:nh
6564 3a70 7265 7365 6e63 653a 310d 0a53  ed:presence:1..S
4552 5645 523a 6461 7368 626f 6172 642f  ERVER:dashboard/
312e 3020 5570 6e50 2f31 2e30 2078 626f  1.0 UpnP/1.0 xbo
782f 322e 300d 0a0d 0a00                 x/2.0.....



000c 4257 8946 001d d880 9f00 0800 4500  ..BW.F........E.
0040 ea9b 0000 4011 67f6 0a0a 0a07 0a0a  .@....@.g.......
0a01 04e8 0035 002c 9323 ea9a 0100 0001  .....5.,.#......
0000 0000 0000 0558 4554 4753 0858 424f  .......XETGS.XBO
584c 4956 4503 434f 4d00 0001 0001       XLIVE.COM.....



000c 4257 8946 001d d880 9f00 0800 4500  ..BW.F........E.
0040 eab5 0000 4011 67dc 0a0a 0a07 0a0a  .@....@.g.......
0a01 04e8 0035 002c 8a2f eab4 0100 0001  .....5.,./......
0000 0000 0000 0550 4946 4c43 0858 424f  .......PIFLC.XBO
584c 4956 4503 434f 4d00 0001 0001       XLIVE.COM.....



000c 4257 8946 001d d880 9f00 0800 4500  ..BW.F........E.
0040 eabf 0000 4011 67d2 0a0a 0a07 0a0a  .@....@.g.......
0a01 04e8 0035 002c 92ff eabe 0100 0001  .....5.,........
0000 0000 0000 0558 4554 4753 0858 424f  .......XETGS.XBO
584c 4956 4503 434f 4d00 0001 0001       XLIVE.COM.....



0100 5e7f fffa 001d d880 9f00 0800 4500  ..^...........E.
0126 eaaa 0000 0111 ca11 0a0a 0a07 efff  .&..............
fffa 221d 076c 0112 4be2 4e4f 5449 4659  .."..l..K.NOTIFY
202a 2048 5454 502f 312e 310d 0a48 4f53   * HTTP/1.1..HOS
543a 2032 3339 2e32 3535 2e32 3535 2e32  T: 239.255.255.2
3530 3a31 3930 300d 0a4e 543a 2075 706e  50:1900..NT: upn
703a 726f 6f74 6465 7669 6365 0d0a 4e54  p:rootdevice..NT
533a 2073 7364 703a 616c 6976 650d 0a4c  S: ssdp:alive..L
4f43 4154 494f 4e3a 2068 7474 703a 2f2f  OCATION: http://
3130 2e31 302e 3130 2e37 3a31 3032 362f  10.10.10.7:1026/
0d0a 5553 4e3a 2075 7569 643a 3736 3236  ..USN: uuid:7626
3538 3138 2d33 3430 352d 3230 3030 2d30  5818-3405-2000-0
3030 302d 3030 3164 6438 3830 3966 3030  000-001dd8809f00
3a3a 7570 6e70 3a72 6f6f 7464 6576 6963  ::upnp:rootdevic
650d 0a43 4143 4845 2d43 4f4e 5452 4f4c  e..CACHE-CONTROL
3a20 6d61 782d 6167 653d 3138 3030 0d0a  : max-age=1800..
5345 5256 4552 3a20 5862 6f78 2f32 2e30  SERVER: Xbox/2.0
2e38 3935 352e 3020 5550 6e50 2f31 2e30  .8955.0 UPnP/1.0
2058 626f 782f 322e 302e 3839 3535 2e30   Xbox/2.0.8955.0
0d0a 0d0a                                ....



0100 5e7f fffa 001d d880 9f00 0800 4500  ..^...........E.
0126 eaab 0000 0111 ca10 0a0a 0a07 efff  .&..............
fffa 221d 076c 0112 4be2 4e4f 5449 4659  .."..l..K.NOTIFY
202a 2048 5454 502f 312e 310d 0a48 4f53   * HTTP/1.1..HOS
543a 2032 3339 2e32 3535 2e32 3535 2e32  T: 239.255.255.2
3530 3a31 3930 300d 0a4e 543a 2075 706e  50:1900..NT: upn
703a 726f 6f74 6465 7669 6365 0d0a 4e54  p:rootdevice..NT
533a 2073 7364 703a 616c 6976 650d 0a4c  S: ssdp:alive..L
4f43 4154 494f 4e3a 2068 7474 703a 2f2f  OCATION: http://
3130 2e31 302e 3130 2e37 3a31 3032 362f  10.10.10.7:1026/
0d0a 5553 4e3a 2075 7569 643a 3736 3236  ..USN: uuid:7626
3538 3138 2d33 3430 352d 3230 3030 2d30  5818-3405-2000-0
3030 302d 3030 3164 6438 3830 3966 3030  000-001dd8809f00
3a3a 7570 6e70 3a72 6f6f 7464 6576 6963  ::upnp:rootdevic
650d 0a43 4143 4845 2d43 4f4e 5452 4f4c  e..CACHE-CONTROL
3a20 6d61 782d 6167 653d 3138 3030 0d0a  : max-age=1800..
5345 5256 4552 3a20 5862 6f78 2f32 2e30  SERVER: Xbox/2.0
2e38 3935 352e 3020 5550 6e50 2f31 2e30  .8955.0 UPnP/1.0
2058 626f 782f 322e 302e 3839 3535 2e30   Xbox/2.0.8955.0
0d0a 0d0a                                ....


0100 5e7f fffa 001d d880 9f00 0800 4500  ..^...........E.
012f eaac 0000 0111 ca06 0a0a 0a07 efff  ./..............
fffa 221d 076c 011b 9ac4 4e4f 5449 4659  .."..l....NOTIFY
202a 2048 5454 502f 312e 310d 0a48 4f53   * HTTP/1.1..HOS
543a 2032 3339 2e32 3535 2e32 3535 2e32  T: 239.255.255.2
3530 3a31 3930 300d 0a4e 543a 2075 7569  50:1900..NT: uui
643a 3736 3236 3538 3138 2d33 3430 352d  d:76265818-3405-
3230 3030 2d30 3030 302d 3030 3164 6438  2000-0000-001dd8
3830 3966 3030 0d0a 4e54 533a 2073 7364  809f00..NTS: ssd
703a 616c 6976 650d 0a4c 4f43 4154 494f  p:alive..LOCATIO
4e3a 2068 7474 703a 2f2f 3130 2e31 302e  N: http://10.10.
3130 2e37 3a31 3032 362f 0d0a 5553 4e3a  10.7:1026/..USN:
2075 7569 643a 3736 3236 3538 3138 2d33   uuid:76265818-3
3430 352d 3230 3030 2d30 3030 302d 3030  405-2000-0000-00
3164 6438 3830 3966 3030 0d0a 4341 4348  1dd8809f00..CACH
452d 434f 4e54 524f 4c3a 206d 6178 2d61  E-CONTROL: max-a
6765 3d31 3830 300d 0a53 4552 5645 523a  ge=1800..SERVER:
2058 626f 782f 322e 302e 3839 3535 2e30   Xbox/2.0.8955.0
2055 506e 502f 312e 3020 5862 6f78 2f32   UPnP/1.0 Xbox/2
2e30 2e38 3935 352e 300d 0a0d 0a         .0.8955.0....




000c 4257 8946 001d d880 9f00 0800 4500  ..BW.F........E.
0250 eaa6 0000 4006 65e6 0a0a 0a07 0a0a  .P....@.e.......
0a01 8e08 0b0c 24df 5bbb 0633 aaf2 5018  ......$.[..3..P.
4470 47f9 0000 504f 5354 202f 7570 6e70  DpG...POST /upnp
2f63 6f6e 7472 6f6c 2f77 616e 6970 636f  /control/wanipco
6e6e 2d31 2048 5454 502f 312e 310d 0a55  nn-1 HTTP/1.1..U
7365 722d 4167 656e 743a 2058 626f 782f  ser-Agent: Xbox/
322e 302e 3839 3535 2e30 2055 506e 502f  2.0.8955.0 UPnP/
312e 3020 5862 6f78 2f32 2e30 2e38 3935  1.0 Xbox/2.0.895
352e 300d 0a43 6f6e 6e65 6374 696f 6e3a  5.0..Connection:
204b 6565 702d 616c 6976 650d 0a48 6f73   Keep-alive..Hos
743a 3130 2e31 302e 3130 2e31 0d0a 534f  t:10.10.10.1..SO
4150 4143 5449 4f4e 3a20 2275 726e 3a73  APACTION: "urn:s
6368 656d 6173 2d75 706e 702d 6f72 673a  chemas-upnp-org:
7365 7276 6963 653a 5741 4e49 5043 6f6e  service:WANIPCon
6e65 6374 696f 6e3a 3123 4765 7453 7461  nection:1#GetSta
7475 7349 6e66 6f22 0d0a 434f 4e54 454e  tusInfo"..CONTEN
542d 5459 5045 3a20 7465 7874 2f78 6d6c  T-TYPE: text/xml
3b20 6368 6172 7365 743d 2275 7466 2d38; charset="utf-8
220d 0a43 6f6e 7465 6e74 2d4c 656e 6774  "..Content-Lengt
683a 2032 3736 0d0a 0d0a 3c73 3a45 6e76  h: 276....<s:Env
656c 6f70 6520 786d 6c6e 733a 733d 2268  elope xmlns:s="h
7474 703a 2f2f 7363 6865 6d61 732e 786d  ttp://schemas.xm
6c73 6f61 702e 6f72 672f 736f 6170 2f65  lsoap.org/soap/e
6e76 656c 6f70 652f 2220 733a 656e 636f  nvelope/" s:enco
6469 6e67 5374 796c 653d 2268 7474 703a  dingStyle="http:
2f2f 7363 6865 6d61 732e 786d 6c73 6f61  //schemas.xmlsoa
702e 6f72 672f 736f 6170 2f65 6e63 6f64  p.org/soap/encod
696e 672f 223e 0d0a 2020 203c 733a 426f  ing/">..   <s:Bo
6479 3e0d 0a20 2020 2020 203c 753a 4765  dy>..      <u:Ge
7453 7461 7475 7349 6e66 6f20 786d 6c6e  tStatusInfo xmln
733a 753d 2275 726e 3a73 6368 656d 6173  s:u="urn:schemas
2d75 706e 702d 6f72 673a 7365 7276 6963  -upnp-org:servic
653a 5741 4e49 5043 6f6e 6e65 6374 696f  e:WANIPConnectio
6e3a 3122 3e0d 0a20 2020 2020 203c 2f75  n:1">..      </u
3a47 6574 5374 6174 7573 496e 666f 3e0d  :GetStatusInfo>.
0a20 2020 3c2f 733a 426f 6479 3e0d 0a3c  .   </s:Body>..<
2f73 3a45 6e76 656c 6f70 653e 0d0a       /s:Envelope>..




000c 4257 8946 001d d880 9f00 0800 4500  ..BW.F........E.
00a4 eac2 0000 4006 6776 0a0a 0a07 0a0a  ......@.gv......
0a01 b86e 0b0c 3e04 5fee 0dfe 8a69 5018  ...n..>._....iP.
4470 3ac3 0000 4745 5420 2f67 6174 6577  Dp:...GET /gatew
6179 2e78 6d6c 2048 5454 502f 312e 310d  ay.xml HTTP/1.1.
0a55 7365 722d 4167 656e 743a 2058 626f  .User-Agent: Xbo
782f 322e 302e 3839 3535 2e30 2055 506e  x/2.0.8955.0 UPn
502f 312e 3020 5862 6f78 2f32 2e30 2e38  P/1.0 Xbox/2.0.8
3935 352e 300d 0a43 6f6e 6e65 6374 696f  955.0..Connectio
6e3a 204b 6565 702d 616c 6976 650d 0a48  n: Keep-alive..H
6f73 743a 3130 2e31 302e 3130 2e31 0d0a  ost:10.10.10.1..
0d0a

Manual Connection to XBL

000c 4257 8946 001d d880 9f00 0800 4500  ..BW.F........E.
031c eab8 0000 4006 0d2d 0a0a 0a07 4137  ......@..-....A7
2aaf d37a 0050 2727 2f8a fffa 2574 5018  *..z.P''/...%tP.
433c f1d3 0000 4745 5420 2f6d 7367 7365  C<....GET /msgse
7276 6572 2f6c 6f67 7374 7269 6e67 322e  rver/logstring2.
6173 6878 3f76 6964 3d30 3030 3030 3030  ashx?vid=0000000
3030 3030 3030 3030 3026 7632 3d75 6e6b  000000000&v2=unk
6e6f 776e 2676 333d 3125 3341 3030 2676  nown&v3=1%3A00&v
343d 706c 2676 353d 504c 2676 363d 4e6f  4=pl&v5=PL&v6=No
6e65 2676 393d 3132 3830 7837 3230 7025  ne&v9=1280x720p%
3230 5725 3230 4844 4d49 2676 3131 3d31  20W%20HDMI&v11=1
3039 3536 3826 7631 323d 3331 3839 3526  09568&v12=31895&
7631 333d 3130 302e 3030 3026 7631 343d  v13=100.000&v14=
3125 3243 3025 3243 3025 3243 3126 7631  1%2C0%2C0%2C1&v1
353d 3025 3243 3025 3243 3025 3243 3025  5=0%2C0%2C0%2C0%
3243 3025 3243 3025 3243 3026 7631 363d  2C0%2C0%2C0&v16=
756e 6b6e 6f77 6e26 7631 373d 3025 3243  unknown&v17=0%2C
3025 3243 3025 3243 3025 3243 3025 3243  0%2C0%2C0%2C0%2C
3025 3243 3025 3243 3026 7631 383d 3025  0%2C0%2C0&v18=0%
3243 3025 3243 3025 3243 6469 7361 626c  2C0%2C0%2Cdisabl
6564 2676 313d 4c6f 676f 6e46 6169 6c5f  ed&v1=LogonFail_
5467 7326 7632 303d 3839 3535 2676 3231  Tgs&v20=8955&v21
3d30 3833 3830 3946 3030 3426 7632 323d  =083809F004&v22=
4646 4645 3037 4431 2676 3233 3d30 3030  FFFE07D1&v23=000
3030 3038 3826 7632 343d 3830 3135 3139  00088&v24=801519
3044 2676 3235 3d30 3030 3030 3030 4226  0D&v25=0000000B&
7632 363d 3030 3030 4630 3031 2676 3237  v26=0000F001&v27
3d30 3241 3036 3032 3026 7632 383d 3830  =02A06020&v28=80
3135 3139 3044 2676 3239 3d30 4130 4130  15190D&v29=0A0A0
4130 3730 4330 3230 4330 3226 7633 303d  A070C020C02&v30=
6d57 414a 5351 5a26 7633 343d 3030 3030  mWAJSQZ&v34=0000
3030 3030 2676 3335 3d30 3143 4135 4531  0000&v35=01CA5E1
3445 3145 3146 3830 3026 7633 363d 3230  4E1E1F800&v36=20
3232 4642 3030 4646 4646 4646 4646 3030  22FB00FFFFFFFF00
3030 3030 3030 2676 3339 3d50 524f 4426  000000&v39=PROD&
7634 303d 3030 3030 3030 3030 2676 3431  v40=00000000&v41
3d30 3030 3243 4330 3026 7634 323d 6f51  =0002CC00&v42=oQ
5a41 4676 515a 2676 3433 3d74 574a 4356  ZAFvQZ&v43=tWJCV
5425 3230 6462 2665 7665 6e74 733d 6576  T%20db&events=ev
656e 7436 2676 383d 443d 7061 6765 4e61  ent6&v8=D=pageNa
6d65 2665 6e3d 5554 462d 3820 4854 5450  me&en=UTF-8 HTTP
2f31 2e31 0d0a 5573 6572 2d41 6765 6e74  /1.1..User-Agent
3a20 5862 6f78 204c 6976 6520 436c 6965  : Xbox Live Clie
6e74 2f32 2e30 2e38 3935 352e 300d 0a43  nt/2.0.8955.0..C
6f6e 6e65 6374 696f 6e3a 204b 6565 702d  onnection: Keep-
616c 6976 650d 0a48 6f73 743a 5049 464c  alive..Host:PIFL
432e 5842 4f58 4c49 5645 2e43 4f4d 0d0a  C.XBOXLIVE.COM..
582d 4946 4c43 4449 4745 5354 3a20 3238  X-IFLCDIGEST: 28
3342 4539 3544 3146 3736 3930 3842 3237  3BE95D1F76908B27
4646 3035 3339 3932 4241 3739 3036 4544  FF053992BA7906ED
3237 3245 4543 0d0a 0d0a                 272EEC....

Here's the breakdown of the values that are posted to M$s DB.

vid=0000000000000000
v2=unknown
v3=1%3A00
v4=pl&
v5=PL&
v6=None
v9=1280x720p W HDMI
v11=109568
v12=31895 (Zip Code)
v13=100.000
v14=1%2C0%2C0%2C1
v15=0%2C0%2C0%2C0%2C0%2C0%2C0
v16=unknown
v17=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0
v18=0%2C0%2C0%2Cdisabled
v1=LogonFail_Tgs
v20=8955
v21=083809F004
v22=FFFE07D1
v23=00000088
v24=8015190D (Z)
v25=0000000B (W)
v26=0000F0001 (X)
v27=02A06020
v28=8015190D
v29=0A0A0A070C020C02
v30=mWAJSQZ
v34=00000000
v35=01CA5E1AE1E1F800
v36=2022FB00FFFFFF00000000
v39=PROD
v40=00000000
v41=0002CC00
v42=oQZAFvQZ
v43=tWJCVT
« Last Edit: November 05, 2009, 11:58:01 AM by ms662412 » Logged
No_Name
Master Hacker
****
Posts: 285


View Profile
« Reply #1 on: November 05, 2009, 12:07:26 PM »
I am confused as to what this is supposed to show.
Logged
jelle2503
Xbox Hacker
*****
Posts: 1686


elitist prick


View Profile
« Reply #2 on: November 05, 2009, 12:17:52 PM »
nothing to do here.. all traffic is encrypted and cannot be tampered with

guess your main goal is to capture the packages that go to MS servers to tell MS you're using a modified console?
Logged
*
ms662412
Master Hacker
****
Posts: 118

Somewhere between a novice and an expert...


View Profile
« Reply #3 on: November 05, 2009, 12:48:13 PM »
Just to have knowledge to see if it is in the transmisition of connection, but it would take massive amounts of data... I just didn't know if anyone had seen this.
Logged
damox
Master Hacker
****
Posts: 484


View Profile
« Reply #4 on: November 05, 2009, 07:13:20 PM »
I didn't recognize that the 360 was still communicating with live at all after a ban.
Logged
a360
Member
**
Posts: 40


View Profile
« Reply #5 on: November 06, 2009, 07:31:35 PM »
It looks like a soap-webservice thatīs being called here.
I might be wrong, but this does not look encrypted, or is it...
Logged
No_Name
Master Hacker
****
Posts: 285


View Profile
« Reply #6 on: November 06, 2009, 09:23:22 PM »
Quote from: a360 on November 06, 2009, 07:31:35 PM
It looks like a soap-webservice thatīs being called here.
I might be wrong, but this does not look encrypted, or is it...

The whoe system uses a Kerbosh (sp?) system to encrypt the packets with a per session key.
The initial contact and hand off has been documented before and it was clear they took the packet data security seriously and also Microsoft guard live and will go after anyone screwing with it.
Logged
Alesavoria
Newbie
*
Posts: 2



View Profile
« Reply #7 on: November 06, 2009, 11:37:03 PM »
The xbox uses kerboros for authentication of the console and the live account and then some kind of dh to exchange the DES keys. To OP; most of that was xbox>router traffic if I'm not mistaken...

I was working on breaking the DH exchange a while back(wouldn't really help you considering you're probably getting f***ed after the first authentication server request if one is even sent), and I honestly think it's possible via a mitm attack, the only problem is the undocumented structure of the exchange packets.
Logged
Pages: 1
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM