[dinartem]

Nice work! Always fun to see something I wrote long ago reverse engineered. The packet format was indeed inspired by ESP over UDP, and I named it XSP. After system link shipped with the original launch of the console, I also worked on Xbox Live networking, including the client/server interactions and the design and implementation of the front-end Security Gateways that all Xboxes would talk to, first to authenticate themselves to the service, and then to maintain a heartbeat connection to the service (to keep NAT ports open during idle time), and to facilitate NAT traversal.

[monocasa]

Nice! You did a great job on the protocol. Probably my only complaint on the XSP side of things is the fact that you have to do relatively complex parsing of the XSP packets before you can get to the point of verifying the signature of the packet. Seems like all of the corner cases were handled well in the implementation on the boxes, but as someone who does auth/cryptography in my day job, it kind of gives me the heebie-jeebies.

Do you know if the auth side was carried into deeper parts of the backend? So like, did the SG decorate incoming connections with the auth information as they made their way to the different services? There seemed to be more auth information than I expected in headers on some of those HTTP calls into services like matchmaking.

[dinartem]

That's a valid point about complex parsing. I remember being very concerned about adding unnecessary overhead to each packet during encapsulation.

As for the SG, it primarily authenticated the Xbox machine account using Kerberos and then maintained a security association, accepted heartbeats, authenticated and decrypted incoming ESP-UDP packets into IP packets that it forwarded to the backend servers. Responses from the backend would be encrypted, authenticated, and encapsulated before sending back to the Xbox. I don't think the SG had any knowledge of higher level connections running through it, such as TCP or HTTP, so it would not have manipulated HTTP headers as they passed through.

[monocasa]

Ok, cool. That's about what I figured at this point. Originally while REing the protocol I thought that it was holistically handling auth at that XSP layer, but then was surprised when a box would the identify it's XID to matchmaking as well, which should have been stored in the krb ticket to bootstrap that connection.

Thanks so much, I really appreciate your candor here!

[courage]

The SG had to do a few TCP-level things for NAT purposes like rewriting checksums, and it would sometimes synthesize a RST. No layer 7 processing at all

There was a low level protocol allowing backends to get some extra metadata about a connection

[sosodev]

Very cool. Have you written a blog or anything about these experiences? I would love to read it.

[nhellman]

Heh, what a coincidence!

Does XSP stand for anything?

[dinartem]

Xbox Security Protocol. We liked to add X to things back then.

[CYR1X]

Since you branded it, did you use it in any other games by chance?

[monocasa]

What they're talking about is the base protocol for all Xbox system link and Xbox live games.

AFAIK, it persists to this day, extended with newer features (and crypto primitives).

[ultrahax]

I've had many an adventure with secure gateways on varied xenon Call of Duty games. Nice to meet the person behind them!

[bradfox2]

Have you ever connected with the folks behind XBConnect?

[dinartem]

No, I never spoke with them.

[networkchad]

Thanks for all your hard work. Many a hours (days?) of entertainment amongst my friends were possible due to it :-)