Hacking Xbox 360 + Network bridge + Fiddler to alter XBL download system ?

iyenal

Well-Known Member
OP
Member
Joined
Feb 11, 2016
Messages
194
Trophies
0
XP
1,113
Country
United States
Hello,

I am currently researching how to replace demos downloaded by the Xbox 360 with full games to try if it would work, and in the case of a checksum alter it, but everything have to be done through network sniffing, to edit responses done to the console. So I tried by making a network bridge and start Fiddler, but it don't detect any traffic, after I tried with Wireshark it show succesfully the traffic, so I know now how the Xbox do to get from servers the games and I dumped some on my PC (XCP files), but I figured that Wireshark can't modify network responses only view them.
So the question is, 1- is this theorically possible (that the Xbox accept the altered download) and 2- How can I set Fiddler proxy between the Xbox and internet on the PC with a network bridge ?

I already tried port forwarding, but it didn't worked for me. As for transparent proxy, I just don't know how to set it with the Fiddler proxy on a network bridge using Windows.
Thanks in advance.

PS: I know thais this is quite a recurrent subject, but I didn't find any relevant solution to do this.
 

iyenal

Well-Known Member
OP
Member
Joined
Feb 11, 2016
Messages
194
Trophies
0
XP
1,113
Country
United States
Sure ? Where is the problem ?

Also why I would break the container if I will not change as I use other official one on the server ?
As for JTAG/RGHing, I will use a Xkey, but I do that to find another alternative, if people stop to research after one (not easy) solution has been found, how we could progress.
 
Last edited by iyenal,

DinohScene

Gay twink catboy
Global Moderator
Joined
Oct 11, 2011
Messages
22,048
Trophies
4
Location
Восторг
XP
19,586
Country
Antarctica
GOD containers are tied to a license.
If that license doesn't match the ones on your console, it doesn't boot.

Unlocking a trial game means MS shifts a few bits and ties the container to a license on your console.
That will allow you to play that game anywhere you want (home 360, 360 away from home)
MS still signs the container with their keys.

There was a "non-JTAG" exploit which involved copying games + profiles into your 360 but MS caught wind of that and banned users over it.

Trust me, the 360 is 11 years old, people have tried everything.
JTAG/RGH for unsigned code
Xkey/DVD flashes for backupped retail games.
You can extract certain GOTY games and copy the DLC off off it and there was some PIRS/LIVE stuff but the latter isn't to much.

Anyway, you're literally wasting your time.
If it would be that easy, why would you think JTAG/RGH machines still exist?
 

iyenal

Well-Known Member
OP
Member
Joined
Feb 11, 2016
Messages
194
Trophies
0
XP
1,113
Country
United States
GOD containers are tied to a license.
If that license doesn't match the ones on your console, it doesn't boot.

Unlocking a trial game means MS shifts a few bits and ties the container to a license on your console.
That will allow you to play that game anywhere you want (home 360, 360 away from home)
MS still signs the container with their keys.

There was a "non-JTAG" exploit which involved copying games + profiles into your 360 but MS caught wind of that and banned users over it.

Trust me, the 360 is 11 years old, people have tried everything.
JTAG/RGH for unsigned code
Xkey/DVD flashes for backupped retail games.
You can extract certain GOTY games and copy the DLC off off it and there was some PIRS/LIVE stuff but the latter isn't to much.

Anyway, you're literally wasting your time.
If it would be that easy, why would you think JTAG/RGH machines still exist?

Thanks for your reply, I understand better now.
11 years... that's why I felt that it was strange that the Xbox 360 still don't have a softmod solution...

But just curiosity, about MS sigining, so even if I use the original and official files from Live servers, they will still cause sign verification problem. Because for example, I downloaded a game that I deliberately corrupted the download, but the game launched (checksum ?) and stopped after PEGI thing and then the Xbox told "please out the disc and..." even on a USB drive. What happened and can I exploit this for something ? And thanks again.
 

DinohScene

Gay twink catboy
Global Moderator
Joined
Oct 11, 2011
Messages
22,048
Trophies
4
Location
Восторг
XP
19,586
Country
Antarctica
Technically, you can count DVD flashing as softmodding.
And the KK hack could be seen as a "softmod"..

Traditional savegame exploits are a thing of the past unfortunately.
Maybe when the 360 is put out of its misery by closing off the XBL servers, then perhaps someone could release a softmod.
But I doubt that's happening.


It's likely part of the container that doesn't work then anymore.
You can't exploit it.
Everything that gets loaded into RAM gets checked by the Hypervisor.
If it detects unsigned code, it simply refuses to execute.
Unless you somehow manage to forge MS's signatures ofcourse.

The KK hack made use of King Kongs shaders not being checked for signatures.
But that was patched in 4552, back in 2007.
The 360 itself being from Nov 2005.
 

iyenal

Well-Known Member
OP
Member
Joined
Feb 11, 2016
Messages
194
Trophies
0
XP
1,113
Country
United States
Yes the KK exploit... OK but there a last thing that I doesn't understand : why always this IBM made hypervisor ?
I don't search to execute custom code so no unsigned code (unless I have the SDK...) but signed code of the games stored on Live servers, so theorically I don't have to touch to the hypervisor it don't matter in this case, like ODDE do to run copied games. There a thing that I forgot ?
 
Last edited by iyenal,

DinohScene

Gay twink catboy
Global Moderator
Joined
Oct 11, 2011
Messages
22,048
Trophies
4
Location
Восторг
XP
19,586
Country
Antarctica
Consoles need to be secured in order to deter pirates from pirating games and cheaters from cheating in games.
Hence the hypervisor does a lot of checking.

I don't blame them.
Cheaters ruin the game and piracy is illegal.
 

iyenal

Well-Known Member
OP
Member
Joined
Feb 11, 2016
Messages
194
Trophies
0
XP
1,113
Country
United States
Consoles need to be secured in order to deter pirates from pirating games and cheaters from cheating in games.
Hence the hypervisor does a lot of checking.

I don't blame them.
Cheaters ruin the game and piracy is illegal.

Yes I know this, it's their business, but I still don't have the reply to my last question...
The hypervisor problem matter in a case of running signed code ? If it's not the case, so all the executable signature problems aren't the case here, unless I don't know a technical thing about that.
 

DinohScene

Gay twink catboy
Global Moderator
Joined
Oct 11, 2011
Messages
22,048
Trophies
4
Location
Восторг
XP
19,586
Country
Antarctica
HV makes sure that the game is signed by MS.
The kernel then checks if the license for that game is on the console.
If it is, it boots successfully.
If it doesnt, it doesn't boot or pops up an error.

It doesn't just reject unsigned code, it also checks for valid signatures, makes sure nothing leaves their sandboxes n what not.
 

iyenal

Well-Known Member
OP
Member
Joined
Feb 11, 2016
Messages
194
Trophies
0
XP
1,113
Country
United States
HV makes sure that the game is signed by MS.
The kernel then checks if the license for that game is on the console.
If it is, it boots successfully.
If it doesnt, it doesn't boot or pops up an error.

It doesn't just reject unsigned code, it also checks for valid signatures, makes sure nothing leaves their sandboxes n what not.
Oh. So this is the thing that I didn't thought about. The hypervisor also verify licenses. Thanks.
So I have to search how the Xbox get the license, and how I can change it through MITM so he meets the full game downloaded, unless licenses are hardcoded like fuses.
 

DinohScene

Gay twink catboy
Global Moderator
Joined
Oct 11, 2011
Messages
22,048
Trophies
4
Location
Восторг
XP
19,586
Country
Antarctica
If you could obtain licenses via MITM attacks then why'd you think JTAG/RGH consoles still exist?
It has been tried before.

MS issues your console a license the moment you purchase it.
There's no way to fake it.

So in short.
There's literally no way you can pirate XBLA/DLC other then ripping them from GOTY games and or having a JTAG/RGH console.
 

iyenal

Well-Known Member
OP
Member
Joined
Feb 11, 2016
Messages
194
Trophies
0
XP
1,113
Country
United States
I am sorry to have bothered you with this, add thanks again.
But I will continue my research, I know that chances that I find something are very low if not inexistant, if there are no way.
So about licenses download nothing on the packet record... oh there are a LZP file. It seems to embed a content and RSA key before download. Maybe it is this the license. But I can't test anything as I have to find how to use Fiddler with the Xbox.
 

iyenal

Well-Known Member
OP
Member
Joined
Feb 11, 2016
Messages
194
Trophies
0
XP
1,113
Country
United States
Thanks. I just play Sonic Generations demo every 5 minutes. But the fact is that I have a very powerful PC, so I have already pretty finished it. What a pity to have a Xbox without games sitting here, just 23 demos. But I should receive the Xkey in some weeks, I wonder what is the true price of this PCB.
 

You may also like...

General chit-chat
Help Users
    M4x1mumReZ @ M4x1mumReZ: Okay, sorry