ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 1658

XboxLive network reversed, emualtion code and reason (not made by me just a repost)

by XeniaReal - 04-27-2020 - 11:00 PM
#1
He is also the same retard that went by the name Dark Empire that is the one that made 17526->17544 XBLBallin that was actualyl renting an API off me, funny shit I know!

Message to Cabbage:
We will continue to attack your shit pStealth rename service and any service you are a part of, you are part of the reason this community is going downhill.
Do everyone a favor and fuck off already.

You may ask "why emulate a free server?". Well I've listed some reason below!
1) the kid is a prick
2) the kid is the defition of scum
3) the kid is a money hungry prick and his shit never stays free, now it will :)
4) I've waited months for an opportunity to ruin this cunt, the time has finally come

Below I have reversed a lot of their shit xex, it is confirmed a Teapot V2/XBLS/pStealth rename and reskin. The service is a joke!

// Network connections:
// IP Address: 66.70.137.46
//Port: 4040

// Network packet structures:
// Authentication:
// Notes: Yeah, they store the KV for later use.Probably trying to keep them for their 'amazing No KV mode' that's on its way!
struct AUTH
{
DWORD Command;
DWORD RequestSize;
DWORD TitleId;
BYTE CPUKey[0x10];
BYTE SHA1ModuleHash[0x14]; // XeCryptSha((PBYTE)ReadFile("SkidLive:\\SkidLive.xex"), GetFileSize(SkidLive:\\SkidLive.xex), 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, (PBYTE)PacketAlloc + 0x1C, 0x14);
BYTE KV[0x4000]
};

// Presence:
// Notes: The calls to create the presence thread were nopped as they are not needed since this server has been officially fucked :) no updates here!
// .text:90DF4BA8                bl        ExCreateThread // nop ExCreateThread
// .text:90DF4BC8                bl        sub_90DF8330 // nop ResumeThread

// XeKeysExecute:
// Notes: Not too sure on the last 4 bytes, most likely the serialbyte to identify console board version
struct XKEC
{
DWORD Command;
DWORD RequestSize;
BOOL Crl;
BOOL Fcrt;
BYTE AOEPKey[0x10]; // (The joke that calls himself a crypto programmer doesnt even know what this key is for lmfao) // XeCryptRandom(*(PBYTE)0x90E0AC48, 0x10);
BYTE CPUKey[0x10];
BOOL IsType1KV;
DWORD Unk;
};

// XamExecuteAsyncChallenge:
// Notes: The call to PatchInJump has been nopped because I couldn't be bothered to reverse their shitty leeched XOSC, the chances are the stock XOSC is more correct than theirs lmfao
// .text:90DF5884                bl        sub_90DF6D10 // nop PatchInJump 0x8169CD98

// Server response schema:
enum Responses
{
Authed = 0x5A00,
Freemode = 0x7A00,
Unk = 0x6400, // banned? time expires? idc.
ModuleUpdate = 0x9F00
};

// Schema:
// lis gpr, 0x5A00
DWORD gpr = (Response << 0x10); // (the response is the Low part of the HighLowKey, it has to be shifted by 0x10 to make it the High part of the HighLowKey)
Reply
#2
Looks like something giths would say lol
Reply
#3
(04-28-2020 - 04:23 AM)D3R8NK Wrote: Looks like something giths would say lol

lmao true. imagine taking months to do this to a pStealth source...
Reply

Users browsing: 2 Guest(s)