                              
			                             
                                                       
               ۰߰     ܰ۰  
             ۱      ܱ߰    ۰
             ۱          ۱      ۰  
                 ܰ߱    ߰۲    
              Outbreak Magazine Issue #11 - Article 10 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

--------------------------------------------------------------------------
A small look at Xbox LIVE

By: Turbanator
--------------------------------------------------------------------------

  When Microsoft first released details about their new online gaming 
service for the Xbox, people were skeptical.  "Do I have to give out a 
credit card over my console?", "Will my information be hacked?", and 
"Where does this information go?" were just some of the questions people 
asked about the service.  Microsoft responded that they have "Military 
Grade encryption" with the Xbox LIVE service, and I recently found out 
how close that is to the truth.

  Now, I dont know alot about encryption, so pardon me if I get 
something wrong.  I originally sought out to "hack" into the Microsoft servers 
to get into Xbox LIVE account, but found out that it was impossible.  
Why?  Because the packets of data sent between an Xbox and the LIVE 
server are UDP, which cannot be connected to, BUT, they can be intercepted 
>:]

  I managed to capture about 5 minutes worth of activity on the Xbox 
LIVE service, all of which I will not display here.  But I will point out 
some things that caught my eye.

  In this log, you can clearly see that the communication between my 
xbox, and the live server, change ports frequently (and this is about 10 
seconds worth of activity!).

21:39:22.087612 IP turbanator.3074 > 207.46.246.6.3074: udp 1404
21:39:22.176623 IP 207.46.246.6.3074 > turbanator.3074: udp 795
21:39:22.201939 IP turbanator.3074 > 207.46.246.6.3074: udp 320
21:39:22.275442 IP 207.46.246.6.3074 > turbanator.3074: udp 24
21:39:22.341035 IP turbanator.3074 > 207.46.246.6.3074: udp 36
21:39:22.415943 IP 207.46.246.6.3074 > turbanator.3074: udp 36
21:39:22.416038 IP turbanator.3074 > 207.46.246.6.3074: udp 32
21:39:22.469919 IP turbanator.3074 > 207.46.246.6.3074: udp 224

  So what Microsoft said about "Military Grade encryption" is somewhat 
true, though im not an encryption expert, so I dont know if the packets 
are encrypted or not.  Its also a good idea to have the ports change 
constantly, and to have them UDP, so no one can connect to the server.  
I've also noticed that Xbox LIVE never uses the same server when it logs 
on, it switches everytime you log out of the service.  This is also a 
good security measure.  If one day the Xbox LIVE service is infact 
cracked one day, it will be intresting to see how its done, because it would 
take alot!

  BIG thanks to dropcode for helping me with the packet interception! 
:)

--------------------------------------------------------------------------
This text file was written by:Turbanator
For:Outbreak
The author can be contacted at:turbanator2k2@yahoo.com, 
AIM=Turbanator2k2
--------------------------------------------------------------------------
 

 
  
 
