Profile:Account: Difference between revisions
Jump to navigation
Jump to search
imported>Stoker25 mNo edit summary |
imported>Stoker25 m (updated with more info, thx godzcheater (: not sure of the membership byte but hope you can fill us in (:) |
||
Line 31: | Line 31: | ||
|- | |- | ||
| 0 | | 0 | ||
| | | 2 | ||
| | | ushort | ||
| Status (Recovering:0,Offline: | | Status (Recovering: 0, Offline: 0x1000, Online: 0x2000, Password Protected: 0x3000) | ||
|- | |- | ||
| 8 | | 8 | ||
| 15 | | 15 | ||
| | | Unicode | ||
| | | Gamertag | ||
|- | |||
| 44 | |||
| 0x8 | |||
| ulong | |||
| PUID | |||
|- | |- | ||
| | | 52 | ||
| 4 | | 4 | ||
| ASCII | | ASCII string | ||
| Service | | Service | ||
|- | |- | ||
| | | 46 | ||
| 4 | | 4 | ||
| | | Bytes | ||
| Password | | Password | ||
|- | |||
| 50 | |||
| 20 | |||
| ASCII string | |||
| Server | |||
|- | |||
| 70 | |||
| 24 | |||
| ASCII string | |||
| Passport | |||
|- | |||
| 94 | |||
| 16 | |||
| Bytes | |||
| Online Key | |||
|- | |- | ||
| | | | ||
Line 55: | Line 75: | ||
| Membership (Offline:0,Silver:48,Gold:96) | | Membership (Offline:0,Silver:48,Gold:96) | ||
|} | |} | ||
==Passcode== | |||
The passcode is made up of these bytes: | |||
{| border=1 | |||
|- | |||
! Byte | |||
! Button | |||
|- | |||
| 0 | |||
| Null | |||
|- | |||
| 1 | |||
| DPad Up | |||
|- | |||
| 2 | |||
| DPad Down | |||
|- | |||
| 3 | |||
| DPad Left | |||
|- | |||
| 4 | |||
| DPad Right | |||
|- | |||
| 5 | |||
| X | |||
|- | |||
| 6 | |||
| Y | |||
|- | |||
| 7 | |||
| A | |||
|- | |||
| 8 | |||
| B | |||
|- | |||
| 9 | |||
| Left Trigger | |||
|- | |||
| 10 | |||
| Right Trigger | |||
|- | |||
| 11 | |||
| Left Bumper | |||
|- | |||
| 12 | |||
| Right Bumper | |||
|} |
Revision as of 04:58, 10 August 2011
The Account file is a HMAC-RC4 encrypted file stored in profiles to hold things such as the profiles gamertag, PUID (Passport User ID), online key and more.
Encryption
The file is encrypted with a custom form of HMAC-RC4, which is handled by the XeKeysUnobfuscate function. The key differs between retail and development consoles and is stored in key index 0x19.
- Retail key
0xE1 0xBC 0x15 0x9C 0x73 0xB1 0xEA 0xE9 0xAB 0x31 0x70 0xF3 0xAD 0x47 0xEB 0xF3
- Devkit key
0xDA 0xB6 0x9A 0xD9 0x8E 0x28 0x76 0x4F 0x97 0x7E 0xE2 0x48 0x7E 0x4F 0x3F 0x68
To decrypt the file:
- Copy the first 16 bytes of the file to a buffer. This is the HMAC-SHA1 hash of the file which is made using one of the keys above.
- Use HMAC-SHA1 on that buffer with a key from above to create the RC4 key, which is 0x10 bytes.
- Decrypt 8 bytes after the hash of the file (at offset 0x10) using RC4. This is the confounder.
- Decrypt 380 bytes after the confounder using RC4. This is the decrypted account data.
- Make a hash of the confounder and decrypted data using HMAC-SHA1 and a key above and compare it to the first 16 bytes of the file, if it doesn't match then the decryption failed.
To encrypt the file:
- Copy the decrypted data to offset 0x18
- Create a random 8 byte confounder and copy this to offset 0x10.
- Make a hash of the confounder and decrypted data using HMAC-SHA1 and a key above, resize it to 16 bytes and then copy that to the beginning of the file.
- Use HMAC-SHA1 on that hash with a key from above to create the RC4 key, which is 0x10 bytes.
- Encrypt 388 bytes from position 0x10 using RC4.
Decrypted File
Offset | Length | Type | Information |
---|---|---|---|
0 | 2 | ushort | Status (Recovering: 0, Offline: 0x1000, Online: 0x2000, Password Protected: 0x3000) |
8 | 15 | Unicode | Gamertag |
44 | 0x8 | ulong | PUID |
52 | 4 | ASCII string | Service |
46 | 4 | Bytes | Password |
50 | 20 | ASCII string | Server |
70 | 24 | ASCII string | Passport |
94 | 16 | Bytes | Online Key |
1 | Byte | Membership (Offline:0,Silver:48,Gold:96) |
Passcode
The passcode is made up of these bytes:
Byte | Button |
---|---|
0 | Null |
1 | DPad Up |
2 | DPad Down |
3 | DPad Left |
4 | DPad Right |
5 | X |
6 | Y |
7 | A |
8 | B |
9 | Left Trigger |
10 | Right Trigger |
11 | Left Bumper |
12 | Right Bumper |