Difference between revisions of "System Link"
(Split from Network article) |
(Fix RFC links) |
||
| Line 1: | Line 1: | ||
=== Secured traffic === | === Secured traffic === | ||
| − | Xbox network traffic is secured through [[wikipedia:IPSec|IPSec]]. The implementation appears to be similar to [https://tools.ietf.org/html/rfc3948#section-2.1 | + | Xbox network traffic is secured through [[wikipedia:IPSec|IPSec]]. The implementation appears to be similar to [https://tools.ietf.org/html/rfc3948#section-2.1 RFC 3498, Section 2.1] from 2005 which was co-authored by Microsoft. |
The protocol uses UDP port 3074 which is also registered with the IANA for use in the Xbox[https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=3074]. | The protocol uses UDP port 3074 which is also registered with the IANA for use in the Xbox[https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=3074]. | ||
Each Xbox uses the IP 0.0.0.1, so addressing relies on MAC-addresses{{FIXME|reason=Confirm this}}. | Each Xbox uses the IP 0.0.0.1, so addressing relies on MAC-addresses{{FIXME|reason=Confirm this}}. | ||
| − | The specific implementation in the Xbox uses TripleDES ([https://tools.ietf.org/html/rfc1851 | + | The specific implementation in the Xbox uses TripleDES ([https://tools.ietf.org/html/rfc1851 RFC 1851]) for encryption, and SHA1-96 as [[wikipedia:HMAC|HMAC]]. |
==== Key derivation ==== | ==== Key derivation ==== | ||
Latest revision as of 03:28, 5 October 2018
Contents
Secured traffic
Xbox network traffic is secured through IPSec. The implementation appears to be similar to RFC 3498, Section 2.1 from 2005 which was co-authored by Microsoft.
The protocol uses UDP port 3074 which is also registered with the IANA for use in the Xbox[1]. Each Xbox uses the IP 0.0.0.1, so addressing relies on MAC-addresses[FIXME].
The specific implementation in the Xbox uses TripleDES (RFC 1851) for encryption, and SHA1-96 as HMAC.
Key derivation
The following keys are involved in generating the actual network crypto-keys:
- XboxLANKey (Kernel export)
- Game specific LAN Key (XBE Certificate Header)
The algorithm to generate the final keys, is this:
LAN-Hash_1 = HMAC(XboxLANKey, concatenate(0x00, XBE-LAN-Key)) LAN-Hash_2 = HMAC(XboxLANKey, concatenate(0x01, XBE-LAN-Key)) LAN-Hash = concatenate(LAN-Hash_1, LAN-Hash_2) LAN-SHA = LAN-Hash_0_to_15 LAN-DES = XcDESKeyParity(LAN-Hash_16_to_39)
XcDESKeyParity is the same as the respective function in the Xbox kernel.
Broadcast messages
Because no security association exists for broadcast messages, these are handled differently. A common use case for broadcast messages is a server announce request / response.
Broadcast messages are send to 255.255.255.255 (MAC-address: FF:FF:FF:FF:FF:FF) using SPI 0xFFFFFFFF and Sequence Number 0xFFFFFFFF. A random IV is chosen, but nothing prevents re-using an IV.
Security association
Most messages require an SA between devices[FIXME].
XDK API
[FIXME]
| function | description |
|---|---|
| XNetCreateKey(&xnkid, &xnkey) | |
| XNetRegisterKey(&xnkid, &xnkey) | Register the session key |
| XNetXnAddrToInAddr( pxnaddr, pxnkid, &pseudoIP ) | Convert the address to a winsock usable format |
| XNetUnregisterKey( &xbc.SessionID ) | |
| XNetGetTitleXnAddr( &hostAddr ) | Gets your XNADDR. Used by syslink, and lots of other people. |
| XNetGetEthernetLinkStatus() |
