Difference between revisions of "Network"

From xboxdevwiki
Jump to: navigation, search
(System Link)
m (Hardware)
 
(9 intermediate revisions by 3 users not shown)
Line 1: Line 1:
The Xbox contains an Ethernet module and one RJ45 connector. Additionally, separate modem and wireless accessories were considered when developing the console. Eventualy an official wireless adapter was released based of a "D-Link 108AG Gaming Adapter" in the end of 2003.
+
The Xbox contains an Ethernet module and one RJ45 connector. Additionally, separate modem and wireless accessories were considered when developing the console. Eventually, an official wireless adapter was released based on a "D-Link 108AG Gaming Adapter" in the end of 2003.
  
The Xbox has a TCP/IP protocol stack complete with a DNS PPTP, DHCP clients.  
+
The XDK provides a TCP/IP protocol stack complete with a DNS PPTP, DHCP clients.
 +
The IANA registered port 3074 (UDP / TCP) is reserved for Xbox communications (See [[System Link]] and [[Xbox Live]]).
  
Port 3074 UDP/TCP is reserved for Xbox communications.
+
== Integrated network adapter ==
  
== Hardware ==
+
Integrated in the Nvidia Southbridge MCPX chip which is similar to the nForce chips.
  
Integrated in the Nvidia Southbridge MCPX chip which is similar to the nForce chips. The Xbox Linux team used the binary drivers from Nvidia.
+
The Xbox MAC address is stored in the [[EEPROM]].
 +
The network driver, including the protocol stack is contained in the XDK.
 +
The kernel only contains a small number of exports to reset and get the state of the NIC.
  
=== Wireless adapter ===
+
The Xbox Linux team used the binary drivers from Nvidia{{citation needed}}{{FIXME|reason=Wasn't the open-source forcedeth driver used?}}.
  
based on the "D-Link 108AG Gaming Adapter", the Xbox MN-740 Wireless Bridge bundled with a Xbox setup disc (wich would update the dashboard if necessary).
+
==== Heartbeat ====
 +
 
 +
    Ethernet II, Src: Microsof_f2:00:00 (00:50:f2:f2:00:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
 +
    MS Network Load Balancing
 +
        Signature: Unknown (0x584f4258)
 +
        Version: 1.1
 +
        Unique Host ID: 3118682055
 +
        Cluster IP: 167.102.81.132 (167.102.81.132)
 +
        Host IP: 4.89.169.109 (4.89.169.109)
 +
        Signature Data - Unknown (1481589336)
 +
 
 +
== Wireless adapter ==
 +
 
 +
based on the "D-Link 108AG Gaming Adapter", the Xbox MN-740 Wireless Bridge bundled with an Xbox setup disc (which would update the dashboard if necessary).
 +
It was also [https://web.archive.org/web/20040508051958/http://www.xbox.com/en-US/live/connect/msmn740.htm described on Microsoft's website].
  
 
==== Hardware ====
 
==== Hardware ====
Line 18: Line 35:
 
* AR5212 RoC (Radio on Chip){{citation needed}} for 2.4 Ghz 802.11b/g{{citation needed}}.  
 
* AR5212 RoC (Radio on Chip){{citation needed}} for 2.4 Ghz 802.11b/g{{citation needed}}.  
 
* KS8721B physical layer transciever
 
* KS8721B physical layer transciever
* some Eeprom wich hold the MAC adress (based of FCC pictures and Firmware analysis){{citation needed}}  
+
* some EEPROM which hold the MAC address (based of FCC pictures and Firmware analysis){{citation needed}}  
 
* IC42S16400 8Mb ram
 
* IC42S16400 8Mb ram
 
* SST39LF0?0A (1 or 2 Mb) (the FCC picture is unclear on the size part due to writing) {{citation needed}}  
 
* SST39LF0?0A (1 or 2 Mb) (the FCC picture is unclear on the size part due to writing) {{citation needed}}  
  
The onboard 3 leds are: Power, Wireless and Xbox(called Ethernet on the PCB).
+
The onboard 3 LEDs are Power, Wireless and Xbox (called Ethernet on the PCB).
The board seems to have Jtag and what apears to be Serial testpins exposed.  
+
The board seems to have Jtag and what appears to be Serial test pins exposed.  
  
 
===== Firmware =====
 
===== Firmware =====
  
This wireless bridge runs a closed source version of the"ThreadX JADE/Green Hills Version G4.0.4.0" RTOS.  
+
This wireless bridge runs a closed source version of the "ThreadX JADE/Green Hills Version G4.0.4.0" RTOS.  
 
The firmware contains a copyright string of: "Copyright (c) Microsoft Corporation All Rights Reserved Device is Xbox Compatible"
 
The firmware contains a copyright string of: "Copyright (c) Microsoft Corporation All Rights Reserved Device is Xbox Compatible"
  
latest firmware is seperated by a boot and runtime firmware {{citation needed}} :  
+
The latest firmware is separated by a boot and runtime firmware {{citation needed}} :  
 
* MN740_01.03.00.0005_BOOT.bin, "Xbox Wireless Adapter (MN-740) boot firmware"
 
* MN740_01.03.00.0005_BOOT.bin, "Xbox Wireless Adapter (MN-740) boot firmware"
 
* MN740_01.00.02.0022_RUNTIME.bin, "Xbox Wireless Adapter (MN-740) runtime firmware"
 
* MN740_01.00.02.0022_RUNTIME.bin, "Xbox Wireless Adapter (MN-740) runtime firmware"
 +
 +
There were at least 2 firmware updates for download:
 +
 +
* [https://web.archive.org/web/20031210155952/http://www.microsoft.com/hardware/broadbandnetworking/readme/readme_mn740_101.htm MN740 1.01]
 +
* [https://web.archive.org/web/20040602231929/http://www.microsoft.com/hardware/broadbandnetworking/readme/readme_mn740_102.htm MN740 1.02]
 +
 +
Judging by the firmware filenames above, there should also be an MN-740 1.00 and MN740 1.03.
  
 
====== WPA2 support ======
 
====== WPA2 support ======
  
 
The shipped firmware does not support WPA or WPA2.
 
The shipped firmware does not support WPA or WPA2.
A "firmware" hack based on the D-Link firmware adds WPA support, rendering Dashboard support unfunctional and changing settings require connecting to the LAN port using a PC (or webbrowser capable application).
+
A "firmware" hack based on the D-Link firmware adds WPA support, rendering Dashboard support unfunctional and changing settings require connecting to the LAN port using a PC (or web browser capable application).
  
 
==== Software (Xbox setup disc) ====
 
==== Software (Xbox setup disc) ====
Line 43: Line 67:
 
The setup disc is a CD[http://redump.org/disc/53586/]. It contains an XISO filesystem that contains only a "default.xbe" which contains a dashboard updater.
 
The setup disc is a CD[http://redump.org/disc/53586/]. It contains an XISO filesystem that contains only a "default.xbe" which contains a dashboard updater.
  
== System Link ==
+
== References and links ==
 
 
=== Secured traffic ===
 
 
 
Xbox network traffic is secured through [[wikipedia:IPSec|IPSec]]. The implementation appears to be similar to [https://tools.ietf.org/html/rfc3948#section-2.1|RFC 3498, Section 2.1] from 2005 which was co-authored by Microsoft.
 
 
 
The protocol uses UDP port 3074 which is also registered with the IANA for use in the Xbox[https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=3074].
 
Each Xbox uses the IP 0.0.0.1, so addressing relies on MAC-addresses{{FIXME|reason=Confirm this}}.
 
 
 
The specific implementation in the Xbox uses TripleDES ([https://tools.ietf.org/html/rfc1851|RFC 1851]) for encryption, and SHA1-96 as [[wikipedia:HMAC|HMAC]].
 
 
 
==== Key derivation ====
 
 
 
The following keys are involved in generating the actual network crypto-keys:
 
 
 
* XboxLANKey (Kernel export)
 
* Game specific LAN Key (XBE Certificate Header)
 
 
 
The algorithm to generate the final keys, is this:
 
 
 
<pre>
 
LAN-Hash_1 = HMAC(XboxLANKey, concatenate(0x00, XBE-LAN-Key))
 
LAN-Hash_2 = HMAC(XboxLANKey, concatenate(0x01, XBE-LAN-Key))
 
 
 
LAN-Hash = concatenate(LAN-Hash_1, LAN-Hash_2)
 
 
 
LAN-SHA = LAN-Hash_0_to_15
 
LAN-DES = XcDESKeyParity(LAN-Hash_16_to_39)
 
</pre>
 
 
 
[[Kernel/XcDESKeyParity|XcDESKeyParity]] is the same as the respective function in the Xbox kernel.
 
 
 
==== Broadcast messages ====
 
 
 
Because no security association exists for broadcast messages, these are handled differently.
 
A common use case for broadcast messages is a server announce request / response.
 
 
 
Broadcast messages are send to 255.255.255.255 (MAC-address: FF:FF:FF:FF:FF:FF) using SPI 0xFFFFFFFF and Sequence Number 0xFFFFFFFF.
 
A random IV is chosen, but nothing prevents re-using an IV.
 
 
 
==== Security association ====
 
 
 
Most messages require an SA between devices{{FIXME|reason=Look into this}}.
 
 
 
=== XDK API ===
 
 
 
{{FIXME|reason=This probably shouldn't be here? there should be dedicated articles for the XDK APIs}}
 
 
 
{| class="wikitable"
 
|+XNet* Functions
 
|-
 
! function
 
! description
 
|-
 
|XNetCreateKey(&xnkid, &xnkey)
 
|
 
|-
 
|XNetRegisterKey(&xnkid, &xnkey)
 
|Register the session key
 
|-
 
|XNetXnAddrToInAddr( pxnaddr, pxnkid, &pseudoIP )
 
|Convert the address to a winsock usable format
 
|-
 
|XNetUnregisterKey( &xbc.SessionID )
 
|
 
|-
 
|XNetGetTitleXnAddr( &hostAddr )
 
|Gets your XNADDR. Used by syslink, and lots of other people.
 
|-
 
|XNetGetEthernetLinkStatus()
 
|
 
|}
 
 
 
== Xbox Live ==
 
Xbox Live is an online multiplayer gaming and digital media delivery service created and operated by Microsoft. It was first made available to the Xbox system in November 2002. ([https://en.wikipedia.org/wiki/Xbox_Live Wikipedia]) Xbox Live support for the original Xbox ended in April 15, 2010.
 
 
 
The Xbox Live architecture consists of authentication servers, matchmaking servers, and game servers.
 
 
 
=== Matchmaking servers ===
 
 
 
=== Game servers ===
 
 
 
=== Authentication servers ===
 
 
 
Authentication and access to Xbox Live services is controlled using the Kerberos protocol with a few proprietary customizations for the Xbox.
 
 
 
Kerberos Authentication Server: macs.xboxlive.com
 
 
 
 
 
{| class="wikitable"
 
|+Xbox PA-DATA
 
|-
 
! padata-type
 
! description
 
|-
 
|131
 
| ?
 
|-
 
|204
 
| ?
 
|-
 
|206
 
| Information about Xbox Version, Title, and Title version
 
|}
 
 
 
=== Xbox Live Functions ===
 
 
 
{| class="wikitable"
 
|+XOnline* Functions
 
|-
 
! function
 
! description
 
|-
 
|XOnlineGetUsers(XONLINE_USER* XBLAccountusers, DWORD* numOfXBLiveAccounts)
 
|The XOnlineGetUsers function will enumerate both the hard disk and any attached memory units looking for user accounts
 
|-
 
|XOnlineTaskClose(XONLINETASK_HANDLE logonHandle)
 
|Called to abort the authentication process.
 
|-
 
|XOnlineStartup( XONLINE_STARTUP_PARAMS* )
 
|
 
|-
 
|XOnlineLogon(XONLINE_USER* XBLLoggedOnUsers, DWORD* XBLservices, DWORD SERVICE_COUNT, NULL, XONLINETASK_HANDLE &logonHandle)
 
|When a title calls XOnlineLogon to sign in, instead of blocking until the authentication completes, an asynchronous task handle is returned. As part of the authentication process a title must specify which services it will be using (XBLservices, SERVICE_COUNT).
 
|-
 
|XOnlineTaskContinue(XONLINETASK_HANDLE logonHandle)
 
|Called to check the status of XOnlineLogon.
 
|-
 
|XOnlineLogonTaskGetResults(XONLINETASK_HANDLE logonHandle)
 
|
 
|-
 
|XOnlineGetLogonUsers()
 
|This returns a pointer to an array of XONLINE USER structures. This array is similar the XONLINE USER array we populated and passed into XOnlineLogon, but is updated with error status and permission flags for each user.
 
|-
 
|XOnlineSetUserGuestNumber(dwUserFlags , 1)
 
|
 
|-
 
|XOnlineTitleUpdate(DWORD)
 
|The XOnlineTitleUpdate function will boot into an updater application, which performs the actual update
 
|-
 
|XOnlineGetServiceInfo(Service, ?)
 
|XOnlineGetServiceInfo returns the connection status for a service
 
|-
 
|XOnlineNotificationSetState
 
|
 
|-
 
|
 
|
 
|-
 
|
 
|
 
|-
 
|
 
|
 
|-
 
|
 
|
 
|-
 
|
 
|
 
|-
 
|
 
|
 
|-
 
|
 
|
 
|}
 
 
 
== Heartbeat ==
 
 
 
    Ethernet II, Src: Microsof_f2:00:00 (00:50:f2:f2:00:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
 
    MS Network Load Balancing
 
        Signature: Unknown (0x584f4258)
 
        Version: 1.1
 
        Unique Host ID: 3118682055
 
        Cluster IP: 167.102.81.132 (167.102.81.132)
 
        Host IP: 4.89.169.109 (4.89.169.109)
 
        Signature Data - Unknown (1481589336)
 
 
 
  
== References and links ==
 
 
* [https://xboxlivehacking.blogspot.de/ https://xboxlivehacking.blogspot.de/]
 
* [https://xboxlivehacking.blogspot.de/ https://xboxlivehacking.blogspot.de/]
* [https://github.com/grayj/Jedi-Academy/blob/master/codemp/xbox/XBLive.cpp https://github.com/grayj/Jedi-Academy/blob/master/codemp/xbox/XBLive.cpp]
 
* [http://discerning.com/pdfbox/test/input/authentication.pdf http://discerning.com/pdfbox/test/input/authentication.pdf]
 
 
* [https://www.google.com/patents/US20040009815 Patent: Managing access to content]
 
* [https://www.google.com/patents/US20040009815 Patent: Managing access to content]
 
* [https://www.google.com/patents/US20030093669 Patent: Network architecture for secure communications between two console-based gaming systems]
 
* [https://www.google.com/patents/US20030093669 Patent: Network architecture for secure communications between two console-based gaming systems]

Latest revision as of 13:56, 8 August 2020

The Xbox contains an Ethernet module and one RJ45 connector. Additionally, separate modem and wireless accessories were considered when developing the console. Eventually, an official wireless adapter was released based on a "D-Link 108AG Gaming Adapter" in the end of 2003.

The XDK provides a TCP/IP protocol stack complete with a DNS PPTP, DHCP clients. The IANA registered port 3074 (UDP / TCP) is reserved for Xbox communications (See System Link and Xbox Live).

Integrated network adapter

Integrated in the Nvidia Southbridge MCPX chip which is similar to the nForce chips.

The Xbox MAC address is stored in the EEPROM. The network driver, including the protocol stack is contained in the XDK. The kernel only contains a small number of exports to reset and get the state of the NIC.

The Xbox Linux team used the binary drivers from Nvidia[citation needed][FIXME].

Heartbeat

   Ethernet II, Src: Microsof_f2:00:00 (00:50:f2:f2:00:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
   MS Network Load Balancing
       Signature: Unknown (0x584f4258)
       Version: 1.1
       Unique Host ID: 3118682055
       Cluster IP: 167.102.81.132 (167.102.81.132)
       Host IP: 4.89.169.109 (4.89.169.109)
       Signature Data - Unknown (1481589336)

Wireless adapter

based on the "D-Link 108AG Gaming Adapter", the Xbox MN-740 Wireless Bridge bundled with an Xbox setup disc (which would update the dashboard if necessary). It was also described on Microsoft's website.

Hardware

The onboard 3 LEDs are Power, Wireless and Xbox (called Ethernet on the PCB). The board seems to have Jtag and what appears to be Serial test pins exposed.

Firmware

This wireless bridge runs a closed source version of the "ThreadX JADE/Green Hills Version G4.0.4.0" RTOS. The firmware contains a copyright string of: "Copyright (c) Microsoft Corporation All Rights Reserved Device is Xbox Compatible"

The latest firmware is separated by a boot and runtime firmware [citation needed] :

  • MN740_01.03.00.0005_BOOT.bin, "Xbox Wireless Adapter (MN-740) boot firmware"
  • MN740_01.00.02.0022_RUNTIME.bin, "Xbox Wireless Adapter (MN-740) runtime firmware"

There were at least 2 firmware updates for download:

Judging by the firmware filenames above, there should also be an MN-740 1.00 and MN740 1.03.

WPA2 support

The shipped firmware does not support WPA or WPA2. A "firmware" hack based on the D-Link firmware adds WPA support, rendering Dashboard support unfunctional and changing settings require connecting to the LAN port using a PC (or web browser capable application).

Software (Xbox setup disc)

The setup disc is a CD[1]. It contains an XISO filesystem that contains only a "default.xbe" which contains a dashboard updater.

References and links