WingNews logo WingNews
top | item 37589731

(no title)

dinartem | 2 years ago

Nice work! Always fun to see something I wrote long ago reverse engineered. The packet format was indeed inspired by ESP over UDP, and I named it XSP. After system link shipped with the original launch of the console, I also worked on Xbox Live networking, including the client/server interactions and the design and implementation of the front-end Security Gateways that all Xboxes would talk to, first to authenticate themselves to the service, and then to maintain a heartbeat connection to the service (to keep NAT ports open during idle time), and to facilitate NAT traversal.

discuss

order

monocasa|2 years ago

Nice! You did a great job on the protocol. Probably my only complaint on the XSP side of things is the fact that you have to do relatively complex parsing of the XSP packets before you can get to the point of verifying the signature of the packet. Seems like all of the corner cases were handled well in the implementation on the boxes, but as someone who does auth/cryptography in my day job, it kind of gives me the heebie-jeebies.

Do you know if the auth side was carried into deeper parts of the backend? So like, did the SG decorate incoming connections with the auth information as they made their way to the different services? There seemed to be more auth information than I expected in headers on some of those HTTP calls into services like matchmaking.

dinartem|2 years ago

That's a valid point about complex parsing. I remember being very concerned about adding unnecessary overhead to each packet during encapsulation.

As for the SG, it primarily authenticated the Xbox machine account using Kerberos and then maintained a security association, accepted heartbeats, authenticated and decrypted incoming ESP-UDP packets into IP packets that it forwarded to the backend servers. Responses from the backend would be encrypted, authenticated, and encapsulated before sending back to the Xbox. I don't think the SG had any knowledge of higher level connections running through it, such as TCP or HTTP, so it would not have manipulated HTTP headers as they passed through.

sosodev|2 years ago

Very cool. Have you written a blog or anything about these experiences? I would love to read it.

nhellman|2 years ago

Heh, what a coincidence!

Does XSP stand for anything?

dinartem|2 years ago

Xbox Security Protocol. We liked to add X to things back then.

ultrahax|2 years ago

I've had many an adventure with secure gateways on varied xenon Call of Duty games. Nice to meet the person behind them!

bradfox2|2 years ago

Have you ever connected with the folks behind XBConnect?

dinartem|2 years ago

No, I never spoke with them.

networkchad|2 years ago

Thanks for all your hard work. Many a hours (days?) of entertainment amongst my friends were possible due to it :-)