System Link

From xboxdevwiki
Jump to: navigation, search

Secured traffic

Xbox network traffic is secured through IPSec. The implementation appears to be similar to RFC 3498, Section 2.1 from 2005 which was co-authored by Microsoft.

The protocol uses UDP port 3074 which is also registered with the IANA for use in the Xbox[1]. Each Xbox uses the IP, so addressing relies on MAC-addresses[FIXME].

The specific implementation in the Xbox uses TripleDES (RFC 1851) for encryption, and SHA1-96 as HMAC.

Key derivation

The following keys are involved in generating the actual network crypto-keys:

  • XboxLANKey (Kernel export)
  • Game specific LAN Key (XBE Certificate Header)

The algorithm to generate the final keys, is this:

LAN-Hash_1 = HMAC(XboxLANKey, concatenate(0x00, XBE-LAN-Key))
LAN-Hash_2 = HMAC(XboxLANKey, concatenate(0x01, XBE-LAN-Key))

LAN-Hash = concatenate(LAN-Hash_1, LAN-Hash_2)

LAN-SHA = LAN-Hash_0_to_15
LAN-DES = XcDESKeyParity(LAN-Hash_16_to_39)

XcDESKeyParity is the same as the respective function in the Xbox kernel.

Broadcast messages

Because no security association exists for broadcast messages, these are handled differently. A common use case for broadcast messages is a server announce request / response.

Broadcast messages are send to (MAC-address: FF:FF:FF:FF:FF:FF) using SPI 0xFFFFFFFF and Sequence Number 0xFFFFFFFF. A random IV is chosen, but nothing prevents re-using an IV.

Security association

Most messages require an SA between devices[FIXME].



XNet* Functions
function description
XNetCreateKey(&xnkid, &xnkey)
XNetRegisterKey(&xnkid, &xnkey) Register the session key
XNetXnAddrToInAddr( pxnaddr, pxnkid, &pseudoIP ) Convert the address to a winsock usable format
XNetUnregisterKey( &xbc.SessionID )
XNetGetTitleXnAddr( &hostAddr ) Gets your XNADDR. Used by syslink, and lots of other people.