[nhellman]

> So that's basically most of the lowest layers of the Xbox Live protocol as well. Simply game discovery happens over local broadcast instead of through the Live servers. There's some other specifics that change, such as logging into a host xbox doesn't diffie-hellman anymore but instead key sets are distributed by the server backends with the session information. Additionally the auth side is basically non existent on system link.

Ah, cool, there has been some similar work done before! Is there any documented resources or write-ups of the Xbox Live protocol somewhere?

> Great RE work!

Thanks!

> Disclaimer: I created a proof of concept implementation of the Xbox Live server infrastructure here: https://github.com/xombieonline

That is a really cool project! How does one make sure the console connects to the server instead of the (now shutdown) Xbox Live servers? Does it e.g. have a hardcoded domain so one can simply add a DNS entry?

[monocasa]

> Ah, cool, there has been some similar work done before! Is there any documented resources or write-ups of the Xbox Live protocol somewhere?

I talked at defcon a bit last year. https://www.youtube.com/watch?v=HLyZfZMu-5E Otherwise I've been a "source is documentation" kind of guy so far. Could definitely use a high level walkthrough as good as you've done here; I should probably get on that.

> That is a really cool project! How does one make sure the console connects to the server instead of the (now shutdown) Xbox Live servers? Does it e.g. have a hardcoded domain so one can simply add a DNS entry?

Yeah, they bootstrap off of a set of hardcoded domains. The config screens on the boxes let you specify a DNS server, so the project runs it's own DNS server that's basically when obi-wan says "of course I know him, he's me". Then the relative lack of any public/private crypto lets us take over as long as we know the preshared key in the individual xbox's eeprom.