xboxdevwiki - User contributions [en]

User:Master-bob/MACS

2019-01-23T16:23:33Z

Master-bob: /* REQ-BODY */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

// decrypt the EEPROM to get the correct hdd key
rc4_key = SHA1-HMAC of the hdd_key using "60 59 E8 2E DF BF 7F D3 23 35 74 2A 64 8B B1 2C"
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to a custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, and are used to tell the server to include a PUID PAC (20) in the response. Not sure if it's actually needed for AS-REP.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT
** SPPA1 - SHA1 of PPA1
** PPA2 - First 8 bytes of SHA1-HMAC of ths serial number appended to the serial number using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** Xbox Live Dashboard 5849 - XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856

===REQ-BODY===
The remainder of the Kerberos request. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* nonce - a randomly generated number
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===
The following is how the machine account is built ''for transfer''. It is stored in a different fashion.

ULONGLONG uniqueID;
CHAR gamertag[16]; // SN.XXXXXXXXXXXX (the console serial number)
CHAR domain[20]; // xbox.com
CHAR realm[24]; // passport.net
BYTE key[16];

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
salted_nonce = "5F F3 28 92 13 8C 9C 4B 05 84 9A 3C 10 1A DB 5D" // MD5 of "02 04 00 00 00 00 00 00"
nonce_hmac_key = MD5-HMAC of salted_nonce using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

===Encryption===
The machine account is encrypted with the nonce HMAC key and salt 1203 using RC4-HMAC-MD5. The encrypted bytes are packed as a Kerberos EncryptedData object into a PA-DATA TYPE 203 preauthentication header in the AS-REP.

==AS-REP==

User:Master-bob/MACS

2019-01-23T16:20:37Z

Master-bob:

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

// decrypt the EEPROM to get the correct hdd key
rc4_key = SHA1-HMAC of the hdd_key using "60 59 E8 2E DF BF 7F D3 23 35 74 2A 64 8B B1 2C"
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to a custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, and are used to tell the server to include a PUID PAC (20) in the response. Not sure if it's actually needed for AS-REP.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT
** SPPA1 - SHA1 of PPA1
** PPA2 - First 8 bytes of SHA1-HMAC of ths serial number appended to the serial number using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** Xbox Live Dashboard 5849 - XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856

===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* nonce - a randomly generated number
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===
The following is how the machine account is built ''for transfer''. It is stored in a different fashion.

ULONGLONG uniqueID;
CHAR gamertag[16]; // SN.XXXXXXXXXXXX (the console serial number)
CHAR domain[20]; // xbox.com
CHAR realm[24]; // passport.net
BYTE key[16];

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
salted_nonce = "5F F3 28 92 13 8C 9C 4B 05 84 9A 3C 10 1A DB 5D" // MD5 of "02 04 00 00 00 00 00 00"
nonce_hmac_key = MD5-HMAC of salted_nonce using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

===Encryption===
The machine account is encrypted with the nonce HMAC key and salt 1203 using RC4-HMAC-MD5. The encrypted bytes are packed as a Kerberos EncryptedData object into a PA-DATA TYPE 203 preauthentication header in the AS-REP.

==AS-REP==

User:Master-bob/MACS

2019-01-23T04:18:58Z

Master-bob: /* Nonce HMAC Key */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

// decrypt the EEPROM to get the correct hdd key
rc4_key = HMAC-SHA1 of the hdd_key using a magical key
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to a custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, and are used to tell the server to include a PUID PAC (20) in the response.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856 - Xbox Live Dashboard 5849

===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===
The following is how the machine account is built ''for transfer''. It is stored in a different fashion.

ULONGLONG userID;
CHAR gamertag[16]; // SN.XXXXXXXXXXXX (the console serial number)
CHAR domain[20]; // xbox.com
CHAR realm[24]; // passport.net
BYTE key[16];

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
salted_nonce = MD5 of "02 04 00 00 00 00 00 00"
nonce_hmac_key = MD5-HMAC of salted_nonce using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

===Encryption===
The machine account is encrypted with the nonce HMAC key and salt 1203 using RC4-HMAC-MD5. The encrypted bytes are packed as a Kerberos EncrpytedData object into a PA-DATA TYPE 203 preauthentication header in the AS-REP.

==AS-REP==

User:Master-bob/MACS

2019-01-22T04:39:18Z

Master-bob: /* PA-XBOX-CLIENT-VERSION */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

// decrypt the EEPROM to get the correct hdd key
rc4_key = HMAC-SHA1 of the hdd_key using a magical key
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to a custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, and are used to tell the server to include a PUID PAC (20) in the response.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856 - Xbox Live Dashboard 5849

===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===
The following is how the machine account is built ''for transfer''. It is stored in a different fashion.

ULONGLONG userID;
CHAR gamertag[16]; // SN.XXXXXXXXXXXX (the console serial number)
CHAR domain[20]; // xbox.com
CHAR realm[24]; // passport.net
BYTE key[16];

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

===Encryption===
The machine account is encrypted with the nonce HMAC key and salt 1203 using RC4-HMAC-MD5. The encrypted bytes are packed as a Kerberos EncrpytedData object into a PA-DATA TYPE 203 preauthentication header in the AS-REP.

==AS-REP==

User:Master-bob/MACS

2019-01-22T04:38:40Z

Master-bob: /* PA-ENC-TIMESTAMP */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

// decrypt the EEPROM to get the correct hdd key
rc4_key = HMAC-SHA1 of the hdd_key using a magical key
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to a custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, and are used to tell the server to include a PUID PAC (20) in the response.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===
The following is how the machine account is built ''for transfer''. It is stored in a different fashion.

ULONGLONG userID;
CHAR gamertag[16]; // SN.XXXXXXXXXXXX (the console serial number)
CHAR domain[20]; // xbox.com
CHAR realm[24]; // passport.net
BYTE key[16];

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

===Encryption===
The machine account is encrypted with the nonce HMAC key and salt 1203 using RC4-HMAC-MD5. The encrypted bytes are packed as a Kerberos EncrpytedData object into a PA-DATA TYPE 203 preauthentication header in the AS-REP.

==AS-REP==

User:Master-bob/MACS

2019-01-22T04:35:46Z

Master-bob: /* Building the Response */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

rc4_key = HMAC-SHA1 of the hdd_key using a magical key
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to a custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, and are used to tell the server to include a PUID PAC (20) in the response.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===
The following is how the machine account is built ''for transfer''. It is stored in a different fashion.

ULONGLONG userID;
CHAR gamertag[16]; // SN.XXXXXXXXXXXX (the console serial number)
CHAR domain[20]; // xbox.com
CHAR realm[24]; // passport.net
BYTE key[16];

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

===Encryption===
The machine account is encrypted with the nonce HMAC key and salt 1203 using RC4-HMAC-MD5. The encrypted bytes are packed as a Kerberos EncrpytedData object into a PA-DATA TYPE 203 preauthentication header in the AS-REP.

==AS-REP==

User:Master-bob/MACS

2019-01-22T04:24:15Z

Master-bob: /* PA-PAC-REQUEST-EX */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

rc4_key = HMAC-SHA1 of the hdd_key using a magical key
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to a custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, and are used to tell the server to include a PUID PAC (20) in the response.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===
The following is how the machine account is built ''for transfer''. It is stored in a different fashion.

ULONGLONG userID;
CHAR gamertag[16]; // SN.XXXXXXXXXXXX (the console serial number)
CHAR domain[20]; // xbox.com
CHAR realm[24]; // passport.net
BYTE key[16];

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T04:22:36Z

Master-bob: /* PA-PAC-REQUEST-EX */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

rc4_key = HMAC-SHA1 of the hdd_key using a magical key
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, and are used to tell the server to include a PUID PAC (20) in the response

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===
The following is how the machine account is built ''for transfer''. It is stored in a different fashion.

ULONGLONG userID;
CHAR gamertag[16]; // SN.XXXXXXXXXXXX (the console serial number)
CHAR domain[20]; // xbox.com
CHAR realm[24]; // passport.net
BYTE key[16];

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T04:12:58Z

Master-bob: /* The Machine Account */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

rc4_key = HMAC-SHA1 of the hdd_key using a magical key
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===
The following is how the machine account is built ''for transfer''. It is stored in a different fashion.

ULONGLONG userID;
CHAR gamertag[16]; // SN.XXXXXXXXXXXX (the console serial number)
CHAR domain[20]; // xbox.com
CHAR realm[24]; // passport.net
BYTE key[16];

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T04:11:36Z

Master-bob: /* The Machine Account */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

rc4_key = HMAC-SHA1 of the hdd_key using a magical key
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===
The following is how the machine account is built ''for transfer''. It is stored in a different fashion.

ULONGLONG userID;
CHAR gamertag[16]; // SN.XXXXXXXXXXXX
CHAR domain[20]; // xbox.com
CHAR realm[24]; // passport.net
BYTE key[16];

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T03:56:18Z

Master-bob:

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

rc4_key = HMAC-SHA1 of the hdd_key using a magical key
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T03:26:56Z

Master-bob: /* PA-XBOX-PRE-PRE-AUTH */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

rc4_key = HMAC-SHA1 of the hdd_key using "60 59 E8 2E DF BF 7F D3 23 35 74 2A 64 8B B1 2C"
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time

====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T03:23:54Z

Master-bob: /* PA-ENC-TIMESTAMP */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The key is decrypted using:

rc4_key = HMAC-SHA1 of the hdd_key using "60 59 E8 2E DF BF 7F D3 23 35 74 2A 64 8B B1 2C"
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed for. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time
====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T03:23:15Z

Master-bob: /* Online Key */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The following algorithm is used to decrypt it:

rc4_key = HMAC-SHA1 of the hdd_key using "60 59 E8 2E DF BF 7F D3 23 35 74 2A 64 8B B1 2C"
decrypted_online_key = rc4 of online_key using rc4_key

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed for. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time
====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T03:15:36Z

Master-bob: /* Nonce HMAC Key */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The following algorithm is used to decrypt it:

// TODO: Add code

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed for. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time
====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1026) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T03:05:48Z

Master-bob: /* Nonce HMAC Key */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The following algorithm is used to decrypt it:

// TODO: Add code

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed for. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time
====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1203) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
// if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T03:05:22Z

Master-bob: /* Nonce HMAC Key */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The following algorithm is used to decrypt it:

// TODO: Add code

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed for. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time
====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===

===Nonce HMAC Key===
The nonce HMAC key, used to encrypt the machine account, is computed as follows:

temp_key = MD5-HMAC of the null terminated string "signaturekey" using the online key
md5_ctx = MD5 of the salt (1203) as a ULONG and the nonce as a DWORD
nonce_hmac_key = MD5-HMAC of md5_ctx using temp_key

The key can be verified using the signature from the PA-XBOX-CLIENT-VERSION preauth:

test_signature = SHA1-HMAC of the version_string using the nonce_hmac_key
if both signatures match, the key was generated correctly

==AS-REP==

User:Master-bob/MACS

2019-01-22T02:46:59Z

Master-bob:

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The following algorithm is used to decrypt it:

// TODO: Add code

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed for. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time
====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

==Building the Response==
The server must generate a valid machine account and encrypt it using the correct key.

===The Machine Account===

===Nonce HMAC Key===

==AS-REP==

User:Master-bob/MACS

2019-01-22T02:40:38Z

Master-bob: /* PA-PAC-REQUEST-EX */

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''.

The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.

The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.

==AS-REQ==
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.

*PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.

===PADATA===
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.

====PA-ENC-TIMESTAMP====
PA-DATA TYPE 2

An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's '''Online Key''', which Microsoft stored server side on a very well guarded database.

=====Online Key=====
The online key is stored in an encrypted form on the Xbox's [[EEPROM]]. The following algorithm is used to decrypt it:

// TODO: Add code

====PA-PAC-REQUEST-EX====
PA-DATA TYPE 131

This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REQs contain the following data in this section:

SEQUENCE (2 elem)
[0] (1 elem)
BOOLEAN true
[1] (1 elem)
SEQUENCE (2 elem)
INTEGER 13
INTEGER 14

13 and 14 presumably correlate to PAC_CLIENT_IDENTITY and PAC_COMPOUND_IDENTITY, respectively, but I'm not sure about that.

====PA-XBOX-PRE-PRE-AUTH====
PA-DATA TYPE 204

This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed for. Contains the following:

* currentTime - the current time, sent as a FILETIME
* PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
* SPPA2atT - computed as follows
** SPPA1 - SHA1(PPA1)
** PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
** SPPA2atT - SHA1 of PPA2 appended to the current time
====PA-XBOX-CLIENT-VERSION====
PA-DATA TYPE 206

This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:

* signature - a 20 byte array used to verify the encryption key generated for the response
* version - null terminated string with information about the application sending the request
** XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
===REQ-BODY===
The remainder of the Kerberos ticket. '''Bold''' indicates the data are used for response building.

* Padding - 0
* KDC-Options - 0b00010000 (canonicalize)
* '''cname - the serial number of the Xbox'''
* realm - MACS.XBOX.COM
* sname - krbtgt@MACS.XBOX.COM
* till - 2037-09-13 02:48:05 (UTC)
* '''nonce - a randomly generated number'''
* '''etype - RC4-HMAC-MD5'''

User:Master-bob/MACS

2019-01-22T02:36:59Z

Master-bob: /* PA-PAC-REQUEST-EX */

User:Master-bob/MACS

2019-01-22T02:36:04Z

Master-bob:

User:Master-bob

2019-01-22T01:48:20Z

Master-bob: Created page with "The following are links to my research on Xbox Live * Machine Account Creation Service (MACS)"

The following are links to my research on Xbox Live

* [[User:Master-bob/MACS|Machine Account Creation Service (MACS)]]

User:Master-bob/MACS

2019-01-22T01:48:14Z

Master-bob: Created page with "The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''"

The first step of Xbox Live authentication is connecting to the '''Machine Account Creation Service''', located at '''MACS.XBOXLIVE.COM'''