Profile:Account: Difference between revisions
Jump to navigation
Jump to search
imported>Stoker25 m (updated with more info, thx godzcheater (: not sure of the membership byte but hope you can fill us in (:) |
imported>Stoker25 m (fixed a few wrong offsets) |
||
Line 36: | Line 36: | ||
|- | |- | ||
| 8 | | 8 | ||
| 15 | | 15 chars/30 bytes | ||
| Unicode | | Unicode | ||
| Gamertag | | Gamertag | ||
|- | |- | ||
| | | 40 | ||
| 0x8 | | 0x8 | ||
| ulong | | ulong | ||
| PUID | | PUID | ||
|- | |||
| 48 | |||
| 0x1 | |||
| byte | |||
| unknown | |||
|_ | |||
| 49 | |||
| 0x1 | |||
| byte | |||
| Membership type (Offline: 0, Silver: 0x30, Gold: 0x60) | |||
|- | |||
| 50 | |||
| 0x2 | |||
| ushort | |||
| unknown | |||
|- | |- | ||
| 52 | | 52 | ||
Line 70: | Line 85: | ||
| Online Key | | Online Key | ||
|- | |- | ||
|} | |} | ||
==Passcode== | ==Passcode== |
Revision as of 04:11, 12 August 2011
The Account file is a HMAC-RC4 encrypted file stored in profiles to hold things such as the profiles gamertag, PUID (Passport User ID), online key and more.
Encryption
The file is encrypted with a custom form of HMAC-RC4, which is handled by the XeKeysUnobfuscate function. The key differs between retail and development consoles and is stored in key index 0x19.
- Retail key
0xE1 0xBC 0x15 0x9C 0x73 0xB1 0xEA 0xE9 0xAB 0x31 0x70 0xF3 0xAD 0x47 0xEB 0xF3
- Devkit key
0xDA 0xB6 0x9A 0xD9 0x8E 0x28 0x76 0x4F 0x97 0x7E 0xE2 0x48 0x7E 0x4F 0x3F 0x68
To decrypt the file:
- Copy the first 16 bytes of the file to a buffer. This is the HMAC-SHA1 hash of the file which is made using one of the keys above.
- Use HMAC-SHA1 on that buffer with a key from above to create the RC4 key, which is 0x10 bytes.
- Decrypt 8 bytes after the hash of the file (at offset 0x10) using RC4. This is the confounder.
- Decrypt 380 bytes after the confounder using RC4. This is the decrypted account data.
- Make a hash of the confounder and decrypted data using HMAC-SHA1 and a key above and compare it to the first 16 bytes of the file, if it doesn't match then the decryption failed.
To encrypt the file:
- Copy the decrypted data to offset 0x18
- Create a random 8 byte confounder and copy this to offset 0x10.
- Make a hash of the confounder and decrypted data using HMAC-SHA1 and a key above, resize it to 16 bytes and then copy that to the beginning of the file.
- Use HMAC-SHA1 on that hash with a key from above to create the RC4 key, which is 0x10 bytes.
- Encrypt 388 bytes from position 0x10 using RC4.
Decrypted File
Offset | Length | Type | Information | |||||
---|---|---|---|---|---|---|---|---|
0 | 2 | ushort | Status (Recovering: 0, Offline: 0x1000, Online: 0x2000, Password Protected: 0x3000) | |||||
8 | 15 chars/30 bytes | Unicode | Gamertag | |||||
40 | 0x8 | ulong | PUID | |||||
48 | 0x1 | byte | unknown | _ | 49 | 0x1 | byte | Membership type (Offline: 0, Silver: 0x30, Gold: 0x60) |
50 | 0x2 | ushort | unknown | |||||
52 | 4 | ASCII string | Service | |||||
46 | 4 | Bytes | Password | |||||
50 | 20 | ASCII string | Server | |||||
70 | 24 | ASCII string | Passport | |||||
94 | 16 | Bytes | Online Key |
Passcode
The passcode is made up of these bytes:
Byte | Button |
---|---|
0 | Null |
1 | DPad Up |
2 | DPad Down |
3 | DPad Left |
4 | DPad Right |
5 | X |
6 | Y |
7 | A |
8 | B |
9 | Left Trigger |
10 | Right Trigger |
11 | Left Bumper |
12 | Right Bumper |