theyettihunta Posted November 4, 2010 Share Posted November 4, 2010 Hey guys im a noob with an interesting idea. Is it possible to capture packets from an xbox 360 to your router over wifi in order to get the credentials of an xbox live account? * Let me know if you have any similar ideas * Any help is appreciated thanks! Quote Link to comment Share on other sites More sharing options...
theSuperman Posted November 4, 2010 Share Posted November 4, 2010 What do you mean by the credentials of an xbox live account? It's not like itll be a simple username/password combination. Plus, I would imagine it would be encrypted. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted November 4, 2010 Share Posted November 4, 2010 I haven't tried sniffing Xbox traffic yet, but its an interesting idea. But I am pretty certain some of its traffic would be encrypted. You could find it out by running wireshark on a PC and if you have a switch that is capable of port mirroring, you could mirror your Xbox Ethernet port and send all its traffic to your computer. Quote Link to comment Share on other sites More sharing options...
theyettihunta Posted November 8, 2010 Author Share Posted November 8, 2010 Thanks for the advice. i tried {grep -a xbox} and I did find plain text unfortunately it was only xbox.com and a lot of encryptions. I will try port mirroring as well but im new to it so i will have to look into it. is there a way to decrypt these codes? Quote Link to comment Share on other sites More sharing options...
theyettihunta Posted November 8, 2010 Author Share Posted November 8, 2010 @theSuperman I do mean username and password and i as well assumed that it would be encrypted. My question is ; 1. Are the credentials in the traffic? 2. is there anyway to decrypt it? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted November 8, 2010 Share Posted November 8, 2010 (edited) @theSuperman I do mean username and password and i as well assumed that it would be encrypted. My question is ; 1. Are the credentials in the traffic? 2. is there anyway to decrypt it? I am pretty certain the credentials will be encrypted. Secondly, decrypting the credentials will be a challenging task, since you will need to know what encryption type/method was used to encrypt your credentials in the first place. On a side note, your credentials would most likely be stored somewhere else besides the Xbox itself, unless you set it to remember, but even if the Xbox remembers your credentials it would definitely be encrypted, which would be back to square one. Anyway, just some of my thoughts. Edited November 8, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
dr0p Posted November 8, 2010 Share Posted November 8, 2010 Yes, they're transmitted, and yes they're encrypted. Quote Link to comment Share on other sites More sharing options...
Alias Posted November 8, 2010 Share Posted November 8, 2010 My guess is that the XBox would transmit via SSL in which case you could probably use SSLstrip to get the cleartext packet data however from there the username and password itself would probably be encrypted, going off of other Microsoft products it's a reasonable guess that it would be in NTLM which these days is not as secure as it once was. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted November 8, 2010 Share Posted November 8, 2010 My guess is that the XBox would transmit via SSL in which case you could probably use SSLstrip to get the cleartext packet data however from there the username and password itself would probably be encrypted, going off of other Microsoft products it's a reasonable guess that it would be in NTLM which these days is not as secure as it once was. That's why there is already NTLM V2 Quote Link to comment Share on other sites More sharing options...
Netshroud Posted November 8, 2010 Share Posted November 8, 2010 It probably hardcodes the SSL URL, making SSLstrip pointless. I know that the Wii does something similar. Quote Link to comment Share on other sites More sharing options...
digip Posted November 8, 2010 Share Posted November 8, 2010 I wonder if you can SSL strip the login process? Is it straight SSL? What about spoofing the xbox login site it posts to, do a wired setup between the xbox and desktop with a crossover cable and then internally on the desktop set up a fake domain or hosts file redirect to localhost or VM IP address for the site it tries to reach and impersonate the site with something like a IIS Virtual machine. See what kind of data you can get out of the xbox and what you can force it to tell you in the process. Maybe even use some kind of self signed/forged certificate, see if the xbox cares. I did something similar when I first got my wifes Windows 7 box and we tried to figure out why we couldn't get online with it. It wasnt that she couldn't get online, but it was that the way windows 7 is setup, it tries to ping a certain site for DNS resolution, and then access a specific page on the site. If DNS is down or site is down, then windows would not load any web pages for some reason and always tell you they timed out, but trace routes and pings showed the sites could be reached. It was some weird stuff I blogged about a while back, but through a wireshark capture I was able to see where it was trying to go and what it was requesting. I in turn setup a local web server and redirected traffic from her machine to my box and in the process was able to spoof the MS site and then get online. You can read more about it here: http://www.twistedpairrecords.com/blog/200...ctivity-issues/ I'm not sure how you would implement any of this, but just some ideas to throw out there, might be able to spoof the xbox into giving up the creds. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted November 8, 2010 Share Posted November 8, 2010 That's a very nice theory Digip I might try that on my Xbox at home to see what kind of results I get. Quote Link to comment Share on other sites More sharing options...
Alias Posted November 8, 2010 Share Posted November 8, 2010 Man I'd really love to investigate this more but I don't have an XBox :( Quote Link to comment Share on other sites More sharing options...
theSuperman Posted November 8, 2010 Share Posted November 8, 2010 @theSuperman I do mean username and password and i as well assumed that it would be encrypted. My question is ; 1. Are the credentials in the traffic? 2. is there anyway to decrypt it? There is no username/password for Xbox Live. Your gamertag is tied to your email address and a password (mine is my Live account). Your profile is only allowed on one device at a time. The only time you enter those is to recover(download) your gamertag. I doubt the console stores the email address/password on the device and uses that to login. Plus, if you were to figure out the email address and password for someone elses account, it would be pointless to download that onto your console, since they will know the next time the login to theirs (it wont let them sign onto Xbox Live. Quote Link to comment Share on other sites More sharing options...
theyettihunta Posted November 9, 2010 Author Share Posted November 9, 2010 Yes I am aware of all this. But when i sign into my account xbox doesn't do an auto verification of the email? I would think that it would have to to get access to my account I was thinking that when you download your gamertag in a gt recovery it was for gamerscore, credit card info, and avatars and such not just so it can auto login. Quote Link to comment Share on other sites More sharing options...
theSuperman Posted November 9, 2010 Share Posted November 9, 2010 Yes I am aware of all this. But when i sign into my account xbox doesn't do an auto verification of the email? I would think that it would have to to get access to my account I was thinking that when you download your gamertag in a gt recovery it was for gamerscore, credit card info, and avatars and such not just so it can auto login. My Gamer Profile is 11 megabytes, which would be quite large for just gamerscore, CC info, etc. Quote Link to comment Share on other sites More sharing options...
theyettihunta Posted November 9, 2010 Author Share Posted November 9, 2010 My Gamer Profile is 11 megabytes, which would be quite large for just gamerscore, CC info, etc. [/quote So what are you suggesting fills that space? My gamertag is only 2mb Quote Link to comment Share on other sites More sharing options...
theSuperman Posted November 10, 2010 Share Posted November 10, 2010 [/quote So what are you suggesting fills that space? My gamertag is only 2mb Well, I have my 360 at my apartment. Before the update that allowed USB drives to be used as memory cards, I would have to recover my gamertag when I went over to friends places. When I would get back to my apartment, I couldnt sign into my profile until I recovered my gamertag on my home console. I postulate that it is like a private key to sign in. When you recover your gamertag via Xbox Live and download it to a new console, the old key is disabled and you are given a new one. Anyway, that is pure speculation. Quote Link to comment Share on other sites More sharing options...
theyettihunta Posted November 10, 2010 Author Share Posted November 10, 2010 So what your saying is this key would replace the credentials Quote Link to comment Share on other sites More sharing options...
theSuperman Posted November 10, 2010 Share Posted November 10, 2010 So what your saying is this key would replace the credentials Well it is pure speculation on my part. What you can do is attempt to recover a gamertag and after you enter in the email address + password, check to see what packets are sent. I doubt the email address+password would be sent plaintext...but you never know. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.