private byte[] GetXMACsLogonKey(KVInfo KVI)
{
RSACryptoServiceProvider Provider = LoadXMACs();
byte[] TimeTick = new byte[0x10];
new Random(Environment.TickCount).NextBytes(TimeTick);
byte[] EncryptedTick = Provider.Encrypt(TimeTick, true);
Array.Reverse(EncryptedTick);
byte[] DestBuffer = Keys.XMACS_REQ;
Array.Copy(EncryptedTick, 0, DestBuffer, 0x2C, 0x100);
byte[] InputBuffer = FileEx.ReadBytes(KVI.Location, 0xB0, 12);
byte[] Source = FileEx.ReadBytes(KVI.Location, 0x9C8, 0x1A8);
byte[] Exponent = FileEx.ReadBytes(KVI.Location, 0x29C, 4);
byte[] KeyParams = FileEx.ReadBytes(KVI.Location, 0x2A8, 0x1C0);
byte[] ConsoleID = FileEx.ReadBytes(KVI.Location, 0x9CA, 5);
byte[] ClientName = ComputeClientName(ConsoleID);
byte[] UTCTime = BitConverter.GetBytes(DateTime.UtcNow.ToFileTime());
Array.Reverse(UTCTime);
KVI.Serial = Conversion.BytesToHexString(ConsoleID);
byte[] TimeStamp = Conversion.HexStringToBytes("301aa011180f32303132313231323139303533305aa10502030b3543");
Array.Copy(Encoding.ASCII.GetBytes(DateTime.Now.ToUniversalTime().ToString("yyyyMMddHHmmssZ")), 0, TimeStamp, 6, 15);
byte[] EncryptedHMAC = RC4HMACEncrypt(TimeTick, 0x10, TimeStamp, TimeStamp.Length, 1);
byte[] TickChecksum = SHA1.Create().ComputeHash(TimeTick);
SHA1CryptoServiceProvider SHAProvider = new SHA1CryptoServiceProvider();
SHAProvider.TransformBlock(TimeTick, 0, 8, null, 0);
SHAProvider.TransformBlock(InputBuffer, 0, 12, null, 0);
SHAProvider.TransformFinalBlock(TickChecksum, 0, 20);
byte[] HeaderChecksum = SHAProvider.Hash;
RSACryptoServiceProvider Key = LoadConsolePrivateKey(Exponent, KeyParams);
RSAPKCS1SignatureFormatter Formatter = new RSAPKCS1SignatureFormatter(Key);
Formatter.SetHashAlgorithm("SHA1");
byte[] Signature = Formatter.CreateSignature(HeaderChecksum);
Array.Reverse(Signature);
// Build the final packet
Array.Copy(TimeTick, 0, DestBuffer, 300, 8);
Array.Copy(InputBuffer, 0, DestBuffer, 0x134, 12);
Array.Copy(Signature, 0, DestBuffer, 320, 0x80);
Array.Copy(Source, 0, DestBuffer, 0x1C0, 0x1A8);
Array.Copy(EncryptedHMAC, 0, DestBuffer, 0x3E0, 0x34);
Array.Copy(ClientName, 0, DestBuffer, 0x430, 15);
// Connect and send packet
UdpClient XEAS = new UdpClient();
XEAS.Connect("XEAS.XBOXLIVE.COM", 0x58);
XEAS.Send(DestBuffer, DestBuffer.Length);
IPEndPoint RemoteEP = new IPEndPoint(0L, 0);
int Wait = 0;
while (true)
{
try {
Thread.Sleep(10);
if (XEAS.Available > 0)
{
byte[] RecBuffer = XEAS.Receive(ref RemoteEP);
byte[] Buffer = new byte[0x6C];
Array.Copy(RecBuffer, 0x35, Buffer, 0, 0x6C);
byte[] DecryptNoonce = RC4HMACDecrypt(ComputeKdcNoonce(TimeTick, 0x10), 0x10, RecBuffer, 0x6C, 0x4B3);
byte[] SecondaryBuffer = new byte[0x10];
Array.Copy(DecryptNoonce, 0x4C, SecondaryBuffer, 0, 0x10);
return(SecondaryBuffer);
}
Thread.Sleep(500);
if (Wait++ == 10)
{
return(null);
}
} catch { }
}
}
public void CheckKV(KVInfo KVI)
{
byte[] XMACsLogonKey = null;
for (int i = 0; i < 2; i++)
{
XMACsLogonKey = GetXMACsLogonKey(KVI);
KVI.LastLog = "Getting XMACsLogonKey... Try " + i.ToString() + "/2";
if (XMACsLogonKey != null)
{
break;
}
if (i >= 2 && XMACsLogonKey == null)
{
KVI.LastLog = "Failed to get XMACs... Skipping.";
return;
}
}
byte[] ConsoleID = FileEx.ReadBytes(KVI.Location, 0x9CA, 5);
byte[] SourceArray = SHA1.Create().ComputeHash(FileEx.ReadBytes(KVI.Location, 0x9C8, 0xA8));
byte[] Destination = Keys.APReq1;
byte[] ClientName = ComputeClientName(ConsoleID);
KVI.LastLog = "Creating Kerberos AS-REQ...";
Array.Copy(ClientName, 0, Destination, 0x102, 0x18);
Array.Copy(SourceArray, 0, Destination, 0x24, 20);
byte[] TimeStamp = GenerateTimeStamp();
Array.Copy(RC4HMACEncrypt(XMACsLogonKey, 0x10, ClientName, ClientName.Length, 1), 0, Destination, 0xB0, 0x34);
UdpClient Client = new UdpClient();
Client.Connect("XEAS.gtm.XBOXLIVE.COM", 0x58);
Client.Send(Destination, Destination.Length);
KVI.LastLog = "Sending Kerberos AS-REQ...";
IPEndPoint RemoteEP = new IPEndPoint(0L, 0);
byte[] ResponseBuff = null;
try {
for (int i = 0; i < 2; i++)
{
Thread.Sleep(10);
if (Client.Available > 0)
{
ResponseBuff = Client.Receive(ref RemoteEP);
break;
}
else
{
if (i >= 2)
{
KVI.LastLog = "Couldn't get response from M$! S******g myself...";
return;
}
else
{
Client.Send(Destination, Destination.Length);
}
}
}
} catch { KVI.LastLog = "We hit an exception. What log? Oh dis one. Skipping..."; return; }
Client.Close();
KVI.LastLog = "Creating Pre-Auth Kerberos AS-REQ...";
Destination = Keys.APReq2;
byte[] TempBuffer = new byte[0x10];
Array.Copy(ResponseBuff, ResponseBuff.Length - 0x10, TempBuffer, 0, 0x10);
Array.Copy(TempBuffer, 0, Destination, 0x44, 0x10);
Array.Copy(ClientName, 0, Destination, 0x11E, 0x18);
Array.Copy(SourceArray, 0, Destination, 0x24, 20);
TimeStamp = GenerateTimeStamp();
Array.Copy(RC4HMACEncrypt(XMACsLogonKey, 0x10, TimeStamp, TimeStamp.Length, 1), 0, Destination, 0xCC, 0x34);
Client = new UdpClient();
Client.Connect("XEAS.XBOXLIVE.COM", 0x58);
Client.Send(Destination, Destination.Length);
KVI.LastLog = "Sending Kerberos Pre-Auth...";
try {
for (int i = 0; i < 2; i++)
{
Thread.Sleep(10);
if (Client.Available > 0)
{
ResponseBuff = Client.Receive(ref RemoteEP);
break;
}
else
{
if (i >= 2)
{
KVI.LastLog = "Couldn't get response from M$! S******g myself...";
return;
}
else
{
Client.Send(Destination, Destination.Length);
}
}
}
} catch { KVI.LastLog = "We hit an exception. What log? Oh dis one. Skipping..."; return; }
Client.Close();
KVI.LastLog = "Creating Kerberos TGS-REQ...";
TempBuffer = new byte[210];
Array.Copy(ResponseBuff, ResponseBuff.Length - 210, TempBuffer, 0, 210);
byte[] DecryptedRep = RC4HMACDecrypt(XMACsLogonKey, 0x10, TempBuffer, 210, 8);
TempBuffer = new byte[0x10];
Array.Copy(DecryptedRep, 0x1B, TempBuffer, 0, 0x10);
KVI.LastLog = "Setting TGS ticket...";
byte[] ACutOfResp = new byte[0x159];
Array.Copy(ResponseBuff, 0xA8, ACutOfResp, 0, 0x159);
byte[] PreAuthDest = Destination;
Destination = Keys.TGSReq;
Array.Copy(ACutOfResp, 0, Destination, 0x1B5, 0x159);
byte[] Authenticator = Keys.Authenticator;
Array.Copy(ResponseBuff, 0, Authenticator, 40, 15);
Array.Copy(Encoding.ASCII.GetBytes(DateTime.Now.ToUniversalTime().ToString("yyyyMMddHHmmssZ")), 0, Authenticator, 0x6D, 15);
Array.Copy(MD5.Create().ComputeHash(Destination, 0x3BA, 0x4B), 0, Authenticator, 0x37, 150);
Array.Copy(RC4HMACEncrypt(TempBuffer, 0x10, Authenticator, Authenticator.Length, 7), 0, Destination, 0x31F, 0x99);
byte[] Noonce = ComputeKdcNoonce(TempBuffer, 0x10);
Array.Copy(RC4HMACEncrypt(Noonce, 0x10, Keys.ServiceReq, Keys.ServiceReq.Length, 0x4B1), 0, Destination, 0x37, 150);
byte[] TitleAuthData = new byte[0x42];
Array.Copy(PreAuthDest, 0x74, TitleAuthData, 0, 0x42);
Array.Copy(GetTitleAuthData(TempBuffer, 0x10, TitleAuthData), 0, Destination, 0xDD, 0x52);
Client = new UdpClient();
Client.Connect("XETGS.XBOXLIVE.COM", 0x58);
Client.Send(Destination, Destination.Length);
KVI.LastLog = "Sending TGS-REQ";
try {
for (int i = 0; i < 2; i++)
{
Thread.Sleep(10);
if (Client.Available > 0)
{
ResponseBuff = Client.Receive(ref RemoteEP);
break;
}
else
{
if (i >= 2)
{
KVI.LastLog = "Couldn't get response from M$! S******g myself...";
return;
}
else
{
Client.Send(Destination, Destination.Length);
}
}
}
} catch { KVI.LastLog = "We hit an exception. What log? Oh dis one. Skipping..."; return; }
KVI.LastLog = "Decrypting logon status...";
byte[] EncryptedLogonStatus = new byte[0x54];
Array.Copy(ResponseBuff, 50, EncryptedLogonStatus, 0, 0x54);
byte[] DecryptedLogonStatus = RC4HMACDecrypt(TempBuffer, 0x10, EncryptedLogonStatus, 0x54, 0x4B2);
uint ZStatus = BitConverter.ToUInt32(DecryptedLogonStatus, 8);
KVI.LastLog = "ZStatus: " + ZStatus.ToString("X2");
switch (ZStatus)
{
case 0x8015190D: // Banned
KVI.Banned = true;
KVI.ZStatus = "Banned";
return;
case 0x80150000:
KVI.ZStatus = "Error";
break;
case 0x80151907: // Unknown
KVI.ZStatus = "Unknown Error";
break;
case 0x80151904: // NODNS
KVI.ZStatus = "No DNS";
break;
case 0x80151007: // Update Required
KVI.ZStatus = "Update Required";
break;
default:
KVI.ZStatus = "Unknown ZStatus: " + ZStatus.ToString("X2");
break;
}
KVI.Banned = false;
}
