User:Master-bob/MACS
The first step of Xbox Live authentication is connecting to the Machine Account Creation Service, located at MACS.XBOXLIVE.COM.
The Xbox would only connect to MACS once, the first time the console ever connected to Xbox Live. MACS was presumably used to keep banned consoles off of Xbox Live, and is still used to this day for Xbox 360s.
The MACS exchange, like the majority of Xbox Live authentication, is done using the Kerberos system.
Contents
AS-REQ
The first step of MACS authentication is sending an AS-REQ to MACS.XBOXLIVE.COM on UDP port 88. The AS-REQ is composed of several components.
- PVNO and MSG TYPE - These have default values of 5 (Kerberos version 5) and 10 (krb-as-req), respectively.
PADATA
Pre authentication data (PADATA) contains most of what makes this request unique from other Kerberos systems.
PA-ENC-TIMESTAMP
PA-DATA TYPE 2
An official part of the Kerberos standard, this is a Unix timestamp encrypted with the later defined encryption standard (in Xbox's case, RC4-HMAC-MD5). The server attempts to decrypt this to confirm that the client is using the correct password. For MACS, the password is the console's Online Key, which Microsoft stored server side on a very well guarded database.
Online Key
The online key is stored in an encrypted form on the Xbox's EEPROM. The following algorithm is used to decrypt it:
// TODO: Add code
PA-PAC-REQUEST-EX
PA-DATA TYPE 131
This is an Xbox modification to custom Microsoft (PA-PAC-REQUEST) addition to Kerberos, used to define what the client expects in the response. This is encoded in ASN.1 (method of packing data structures into bytes, used by Kerberos). All AS-REPs contain the following data in this section:
SEQUENCE (2 elem) [0] (1 elem) BOOLEAN true [1] (1 elem) SEQUENCE (2 elem) INTEGER 13 INTEGER 14
PA-XBOX-PRE-PRE-AUTH
PA-DATA TYPE 204
This is a custom preauthentication header that was used by Microsoft to quickly look up Xbox information from their database and is probably not needed for. Contains the following:
- currentTime - the current time, sent as a FILETIME
- PPA1 - SHA1-HMAC of the principal name (the Xbox serial number) using the principal key (the online key)
- SPPA2atT - computed as follows
- SPPA1 - SHA1(PPA1)
- PPA2 - First 8 bytes of SHA1-HMAC of PrincipalName appended to PrincipalName using the principal key
- SPPA2atT - SHA1 of PPA2 appended to the current time
PA-XBOX-CLIENT-VERSION
PA-DATA TYPE 206
This is a custom preauthentication header and arguably the most important for MACS authentication from a homebrew perspective. Contains the following:
- signature - a 20 byte array used to verify the encryption key generated for the response
- version - null terminated string with information about the application sending the request
- XboxVersion=1.00.5849.3 Title=0xFFFE0000 TitleVersion=408857856
REQ-BODY
The remainder of the Kerberos ticket. Bold indicates the data are used for response building.
- Padding - 0
- KDC-Options - 0b00010000 (canonicalize)
- cname - the serial number of the Xbox
- realm - MACS.XBOX.COM
- sname - krbtgt@MACS.XBOX.COM
- till - 2037-09-13 02:48:05 (UTC)
- nonce - a randomly generated number
- etype - RC4-HMAC-MD5