public AsnElt Encode(byte[] OnlineKey)
{
List <string> snames = new List <string>()
{
"krbtgt",
"XBOX.COM"
};
List <AsnElt> allNodes = new List <AsnElt>();
sname = new PrincipalName(snames, 2);
AsnElt tkt_vnoAsn = AsnElt.MakeInteger(5);
AsnElt tkt_vnoSeq = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { tkt_vnoAsn });
tkt_vnoSeq = AsnElt.MakeImplicit(AsnElt.CONTEXT, 0, tkt_vnoSeq);
allNodes.Add(tkt_vnoSeq);
// realm [1] Realm
AsnElt realmAsn = AsnElt.MakeString(AsnElt.IA5String, "PASSPORT.NET");
realmAsn = AsnElt.MakeImplicit(AsnElt.UNIVERSAL, AsnElt.GeneralString, realmAsn);
AsnElt realmAsnSeq = AsnElt.Make(AsnElt.SEQUENCE, realmAsn);
realmAsnSeq = AsnElt.MakeImplicit(AsnElt.CONTEXT, 1, realmAsnSeq);
allNodes.Add(realmAsnSeq);
// sname [2] PrincipalName
AsnElt snameAsn = sname.Encode();
snameAsn = AsnElt.MakeImplicit(AsnElt.CONTEXT, 2, snameAsn);
allNodes.Add(snameAsn);
// TODO: Find proper key type
encdata = new EncryptedData((int)Interop.KERB_ETYPE.rc4_hmac, 1, KerberosCrypto.KerberosEncrypt(Interop.KERB_ETYPE.rc4_hmac, Interop.KRB_KEY_USAGE_AS_REP_EP_SESSION_KEY, OnlineKey, SessionKey));
AsnElt enc_partAsn = encdata.Encode();
AsnElt enc_partSeq = AsnElt.Make(AsnElt.SEQUENCE, enc_partAsn);
enc_partSeq = AsnElt.MakeImplicit(AsnElt.CONTEXT, 3, enc_partSeq);
allNodes.Add(enc_partSeq);
AsnElt seq = AsnElt.Make(AsnElt.SEQUENCE, allNodes.ToArray());
AsnElt seq2 = AsnElt.Make(AsnElt.SEQUENCE, seq);
AsnElt seq3 = AsnElt.Make(AsnElt.APPLICATION, 1, seq2);
seq3 = AsnElt.MakeImplicit(AsnElt.APPLICATION, 0, seq3);
return(seq3);
}
public bool VerifyTSXClient(byte[] OnlineKey, byte[] EncryptedTS)
{
// Still figuring out how I am going to deal with this so I am going to cheat a bit :P
byte[] dec_ts = KerberosCrypto.KerberosDecrypt(Interop.KERB_ETYPE.rc4_hmac,
Interop.KRB_KEY_USAGE_AS_REQ_PA_ENC_TIMESTAMP, OnlineKey, EncryptedTS);
string actualts = Encoding.UTF8.GetString(dec_ts.Skip(6).Take(15).ToArray());
if (actualts != null)
{
return(true);
}
return(false);
}
public bool VerifyTSXClient(byte[] OnlineKey, byte[] EncryptedTS)
{
byte[] dec_ts = KerberosCrypto.KerberosDecrypt(Interop.KERB_ETYPE.rc4_hmac,
Interop.KRB_KEY_USAGE_AS_REQ_PA_ENC_TIMESTAMP, OnlineKey, EncryptedTS);
Logger.Info(BitConverter.ToString(dec_ts).Replace("-", ""));
AsnElt timestamp_encoded = AsnElt.Decode(dec_ts, false);
DateTime timestamp = timestamp_encoded.Sub[0].Sub[0].GetTime(24);
long usec = timestamp_encoded.Sub[1].Sub[0].GetInteger();
if (timestamp != null && usec != null)
{
Logger.Info("Successfully decrypted & decoded timestamp/usec");
Logger.Info(timestamp + " : " + usec);
return(true);
}
else
{
return(false);
}
}
public void BuildResponse()
{
// Possible suspects as to why the Xbox won't accept AS_REP
// - cname/sname
// - ticket
// - enckdcpart
// TODO: Find out what the MD4 hashed key is.
AsnElt accountInfo = new PA_DATA().Encode203(1, Client.GamerTag, Client.Domain, Client.Realm, Encoding.UTF8.GetBytes(new char[16]));
List <string> cnames = new List <string>()
{
Client.SerialNumber,
Client.Realm
};
List <AsnElt> allNodes = new List <AsnElt>();
// Header
AsnElt pvnoASN = AsnElt.MakeInteger(5);
AsnElt pvnoSEQ = AsnElt.Make(AsnElt.SEQUENCE, pvnoASN);
pvnoSEQ = AsnElt.MakeImplicit(AsnElt.CONTEXT, 0, pvnoSEQ);
allNodes.Add(pvnoSEQ);
AsnElt msg_typeASN = AsnElt.MakeInteger(11);
AsnElt msg_typeSEQ = AsnElt.Make(AsnElt.SEQUENCE, msg_typeASN);
msg_typeSEQ = AsnElt.MakeImplicit(AsnElt.CONTEXT, 1, msg_typeSEQ);
allNodes.Add(msg_typeSEQ);
// End
// Machine Account Info PA_DATA
EncryptedData encryptedAccount = new EncryptedData((int)Interop.KERB_ETYPE.rc4_hmac, KerberosCrypto.KerberosEncrypt(Interop.KERB_ETYPE.rc4_hmac, Interop.KRB_KEY_USAGE_KRB_PRIV_ENCRYPTED_PART, nonceHmac, accountInfo.Encode()));
AsnElt typeElt = AsnElt.MakeInteger(203);
AsnElt nameTypeSeq = AsnElt.Make(AsnElt.SEQUENCE, typeElt);
nameTypeSeq = AsnElt.MakeImplicit(AsnElt.CONTEXT, 2, nameTypeSeq);
AsnElt padataSeq = AsnElt.Make(AsnElt.SEQUENCE, nameTypeSeq, encryptedAccount.Encode());
allNodes.Add(padataSeq);
// End
// crealm
AsnElt crealmElt = AsnElt.MakeString(AsnElt.UTF8String, "PASSPORT.NET");
AsnElt crealmSeq = AsnElt.Make(AsnElt.SEQUENCE, crealmElt);
crealmSeq = AsnElt.MakeImplicit(AsnElt.CONTEXT, 3, crealmSeq);
allNodes.Add(crealmSeq);
// End
// cname
cname = new PrincipalName(cnames, 1);
AsnElt cnameElt = cname.Encode();
cnameElt = AsnElt.MakeImplicit(AsnElt.CONTEXT, 4, cnameElt);
allNodes.Add(cnameElt);
// End
// ticket
reqTicket = new Ticket();
AsnElt ticketElt = reqTicket.Encode(OnlineKey);
ticketElt = AsnElt.MakeImplicit(AsnElt.CONTEXT, 5, ticketElt);
allNodes.Add(ticketElt);
// End
// enckdcpart
EndPart = new EncKDCRepPart();
{
EndPart.key = new EncryptionKey();
{
EndPart.key.keytype = (int)Interop.KERB_ETYPE.rc4_hmac;
EndPart.key.keyvalue = OnlineKey; // fill it with 0's :P
}
EndPart.lastReq = new LastReq();
{
// 0 - no info
// 1 - last intial TGT request
// 2 - last intial request
// 3 - newest TGT used
// 4 - last renewal
// 5 - last request (of any type)
EndPart.lastReq.lr_type = 6;
EndPart.lastReq.lr_value = DateTime.Now;
}
EndPart.nonce = (uint)(new Random(1206).Next(1000, 10000));
EndPart.key_expiration = new DateTime(2021, 12, 5);
EndPart.flags = Interop.TicketFlags.enc_pa_rep;
EndPart.authtime = DateTime.Now;
EndPart.starttime = DateTime.Now;
EndPart.endtime = new DateTime(2019, 8, 7);
EndPart.renew_till = new DateTime(2021, 12, 5);
EndPart.realm = "MACS.XBOX.COM";
}
// TODO: Move encryption to EncryptedData class
byte[] EndPartData = EndPart.Encode().Encode();
EndPartData = KerberosCrypto.KerberosEncrypt(Interop.KERB_ETYPE.rc4_hmac,
Interop.KRB_KEY_USAGE_AS_REP_EP_SESSION_KEY, Client.Key, EndPartData);
EncryptedData encData = new EncryptedData((int)Interop.KERB_ETYPE.rc4_hmac, EndPartData);
AsnElt encPart = AsnElt.MakeImplicit(AsnElt.CONTEXT, 6, encData.Encode());
allNodes.Add(encPart);
// End
AsnElt seq = AsnElt.Make(AsnElt.SEQUENCE, allNodes.ToArray());
byte[] toSend = seq.Encode();
Console.WriteLine("AS-REQ: Response -> " + BitConverter.ToString(toSend).Replace("-", ""));
this.Client.Send(toSend);
Program.AuthAttempts += 1;
}
public void BuildResponse()
{
// Possible suspects as to why the Xbox won't accept AS_REP
// - cname/sname
// - ticket
// - enckdcpart
// TODO: Find out what the MD4 hashed key is.
AsnElt accountInfo = new PA_DATA().Encode203(1, Client.GamerTag, Client.Domain, Client.Realm, Encoding.UTF8.GetBytes("e8e17429c4701a494f7e0baadfbabc55"));
List <string> cnames = new List <string>()
{
Client.SerialNumber,
Client.Realm
};
List <AsnElt> allNodes = new List <AsnElt>();
// Header
AsnElt pvnoASN = AsnElt.MakeInteger(5);
AsnElt pvnoSEQ = AsnElt.Make(AsnElt.SEQUENCE, pvnoASN);
pvnoSEQ = AsnElt.MakeImplicit(AsnElt.CONTEXT, 0, pvnoSEQ);
allNodes.Add(pvnoSEQ);
AsnElt msg_typeASN = AsnElt.MakeInteger(11);
AsnElt msg_typeSEQ = AsnElt.Make(AsnElt.SEQUENCE, msg_typeASN);
msg_typeSEQ = AsnElt.MakeImplicit(AsnElt.CONTEXT, 1, msg_typeSEQ);
allNodes.Add(msg_typeSEQ);
// End
// Machine Account Info PA_DATA
EncryptedData encryptedAccount = new EncryptedData((int)Interop.KERB_ETYPE.rc4_hmac, 1, KerberosCrypto.KerberosEncrypt(Interop.KERB_ETYPE.rc4_hmac, Interop.KRB_KEY_USAGE_KRB_PRIV_ENCRYPTED_PART, nonceHmac, accountInfo.Encode()));
AsnElt typeElt = AsnElt.MakeInteger(203);
AsnElt nameTypeSeq = AsnElt.Make(AsnElt.SEQUENCE, typeElt);
nameTypeSeq = AsnElt.MakeImplicit(AsnElt.CONTEXT, 2, nameTypeSeq);
AsnElt padataSeq = AsnElt.Make(AsnElt.SEQUENCE, nameTypeSeq, encryptedAccount.Encode());
//allNodes.Add(padataSeq);
// End
// crealm
AsnElt crealmElt = AsnElt.MakeString(AsnElt.GeneralString, "PASSPORT.NET");
AsnElt crealmSeq = AsnElt.Make(AsnElt.SEQUENCE, crealmElt);
crealmSeq = AsnElt.MakeImplicit(AsnElt.CONTEXT, 3, crealmSeq);
allNodes.Add(crealmSeq);
// End
// cname
cname = new PrincipalName(cnames, 2);
AsnElt cnameElt = cname.Encode();
cnameElt = AsnElt.MakeImplicit(AsnElt.CONTEXT, 4, cnameElt);
allNodes.Add(cnameElt);
// End
// ticket
reqTicket = new Ticket();
AsnElt ticketElt = reqTicket.Encode(OnlineKey);
ticketElt = AsnElt.MakeImplicit(AsnElt.CONTEXT, 5, ticketElt);
allNodes.Add(ticketElt);
// End
// enckdcpart
EndPart = new EncKDCRepPart();
{
// Used to send the online key, now we're sending an arbitrary session key
EndPart.key = new EncryptionKey();
{
EndPart.key.keytype = (int)Interop.KERB_ETYPE.rc4_hmac;
EndPart.key.keyvalue = SessionKey;
}
EndPart.lastReq = new LastReq();
{
// 0 - no info
// 1 - last intial TGT request
// 2 - last intial request
// 3 - newest TGT used
// 4 - last renewal
// 5 - last request (of any type)
EndPart.lastReq.lr_type = 6;
EndPart.lastReq.lr_value = DateTime.Now;
}
EndPart.nonce = (uint)(new Random(1206).Next(1000, 10000));
EndPart.flags = Interop.TicketFlags.initial | Interop.TicketFlags.pre_authent;
EndPart.authtime = DateTime.Now;
EndPart.endtime = new DateTime(2019, 8, 7);
EndPart.realm = "MACS.XBOX.COM";
}
// TODO: Move encryption to EncryptedData class
byte[] EndPartData = EndPart.Encode().Encode();
EndPartData = KerberosCrypto.KerberosEncrypt(Interop.KERB_ETYPE.rc4_hmac,
Interop.KRB_KEY_USAGE_AS_REP_EP_SESSION_KEY, Client.Key, EndPartData);
EncryptedData encData = new EncryptedData((int)Interop.KERB_ETYPE.rc4_hmac, 1, EndPartData);
AsnElt encPart = AsnElt.MakeImplicit(AsnElt.CONTEXT, 6, encData.Encode());
allNodes.Add(encPart);
// End
AsnElt seq = AsnElt.Make(AsnElt.SEQUENCE, allNodes.ToArray());
AsnElt seq2 = AsnElt.Make(AsnElt.SEQUENCE, seq);
seq2 = AsnElt.MakeImplicit(AsnElt.APPLICATION, 11, seq2);
byte[] toSend = seq2.Encode();
this.Client.Send(toSend);
}
