The Account file is a HMAC-RC4 encrypted file stored in profiles to hold things such as the profiles gamertag, PUID (Passport User ID), online key and more.

Encryption

The file is encrypted with a custom form of HMAC-RC4, which is handled by the XeKeysUnobfuscate function. The key differs between retail and development consoles and is stored in key index 0x19.

• Retail key

0xE1 0xBC 0x15 0x9C 0x73 0xB1 0xEA 0xE9 0xAB 0x31 0x70 0xF3 0xAD 0x47 0xEB 0xF3

• Devkit key

0xDA 0xB6 0x9A 0xD9 0x8E 0x28 0x76 0x4F 0x97 0x7E 0xE2 0x48 0x7E 0x4F 0x3F 0x68

To decrypt the file:

• Copy the first 16 bytes of the file to a buffer. This is the HMAC-SHA1 hash of the file which is made using one of the keys above.
  
• Use HMAC-SHA1 on that buffer with a key from above to create the RC4 key, which is 0x10 bytes.
• Decrypt 8 bytes after the hash of the file (at offset 0x10) using RC4. This is the confounder.
• Decrypt 380 bytes after the confounder using RC4. This is the decrypted account data.
• Make a hash of the confounder and decrypted data using HMAC-SHA1 and a key above and compare it to the first 16 bytes of the file, if it doesn't match then the decryption failed.

To encrypt the file:

• Copy the decrypted data to offset 0x18
• Create a random 8 byte confounder and copy this to offset 0x10.
• Make a hash of the confounder and decrypted data using HMAC-SHA1 and a key above, resize it to 16 bytes and then copy that to the beginning of the file.
• Use HMAC-SHA1 on that hash with a key from above to create the RC4 key, which is 0x10 bytes.
• Encrypt 388 bytes from position 0x10 using RC4.

Decrypted File

Passcode

The passcode is made up of these bytes: