landaire/xval.py

## xval.py
# XVal.py By Redline99
# Decrpyts the "X:" Value from the Xbox 360 dashboard
# This can indicate if the console has been flagged
# for some types of security violations
# Originally posted at XboxHacker: http://www.xboxhacker.org/index.php?topic=16401.0
import sha, hmac, struct, sys

FLAG_SSB_NONE                           = 0x0000
FLAG_SSB_AUTH_EX_FAILURE                = 0x0001
FLAG_SSB_AUTH_EX_NO_TABLE               = 0x0002
FLAG_SSB_AUTH_EX_RESERVED               = 0x0004
FLAG_SSB_INVALID_DVD_GEOMETRY           = 0x0008
FLAG_SSB_INVALID_DVD_DMI                = 0x0010
FLAG_SSB_DVD_KEYVAULT_PAIR_MISMATCH     = 0x0020
FLAG_SSB_CRL_DATA_INVALID               = 0x0040
FLAG_SSB_CRL_CERTIFICATE_REVOKED        = 0x0080
FLAG_SSB_UNAUTHORIZED_INSTALL           = 0x0100
FLAG_SSB_KEYVAULT_POLICY_VIOLATION      = 0x0200
FLAG_SSB_CONSOLE_BANNED                 = 0x0400
FLAG_SSB_ODD_VIOLATION                  = 0x0800


try:
	import Crypto.Cipher.DES as DES
except ImportError:
	print "Error importing Crypto.Cipher.DES - please install python-crypto!"
	print "You can get it from http://www.dlitz.net/software/pycrypto/"
	print "Win32 version from http://www.voidspace.org.uk/python/modules.shtml"
	sys.exit(-1)

def ByteToHex( byteStr ):
    return ''.join( [ "%02X " % ord( x ) for x in byteStr ] ).strip()

def HexToByte( hexStr ):
    bytes = []
    hexStr = ''.join( hexStr.split(" ") )
    for i in range(0, len(hexStr), 2):
        bytes.append( chr( int (hexStr[i:i+2], 16 ) ) )
    return ''.join( bytes )

def DecryptXVal(console_serial, console_xval):
    # convert to bytes in needed
    if console_xval.find("-") or console_xval.hexdigits:
        console_xval = HexToByte(console_xval.replace("-",""))

    # get our decrypt key
    assert len(console_serial) == 0xC
    des_key = hmac.new(console_serial + "\0", "XBOX360SSB", sha).digest()[0:8]
    # set our decrypt key
    assert len(des_key) == 8
    des = DES.new(des_key)
    # decrypt
    assert len(console_xval) == 8
    decrypted_data = des.decrypt(console_xval)
    DisplayResults(decrypted_data)
    print "Data:", ByteToHex(decrypted_data)

def DisplayResults(xval):
    (xval_h, xval_l) = struct.unpack(">LL", xval)               # extract our integers formt the buffer
    if(xval_h == 0 and xval_l == 0):                            # nothing is flagged in secdata.bin, all is good from this standpoint
            print "Secdata is Clean"
    elif(xval_h == 0xFFFFFFFF and xval_l == 0xFFFFFFFF):        # secdata was prob tampered with
            print "Secdata is invalid"
    elif (xval_h != 0 and xval_l != 0):	                        # most likely the serial or xval is incorrect
            print "Secdata decryption error"
    else:                                                       # the high dword = 0 and low dword not 0
                                                                # afaik best check. have to look at disassembly more
            if(xval_l & FLAG_SSB_AUTH_EX_FAILURE):
                    print "AuthEx Challenge Failure"	        # AP25 related
            if(xval_l & FLAG_SSB_AUTH_EX_NO_TABLE):
                    print "AuthEx Table missing"		# AP25 related
            if(xval_l & FLAG_SSB_AUTH_EX_RESERVED):
                    print "AuthEx Reserved Flag"		# AP25 related
            if(xval_l & FLAG_SSB_INVALID_DVD_GEOMETRY):
                    print "Invalid DVD Geometry"
            if(xval_l & FLAG_SSB_INVALID_DVD_DMI):
                    print "Invalid DVD DMI"
            if(xval_l & FLAG_SSB_DVD_KEYVAULT_PAIR_MISMATCH):
                    print "DVD Keyvault Pair Mismatch"
            if(xval_l & FLAG_SSB_CRL_DATA_INVALID):
                    print "Invalid CRL Data"
            if(xval_l & FLAG_SSB_CRL_CERTIFICATE_REVOKED):
                    print "CRL Certificate Revoked"
            if(xval_l & FLAG_SSB_UNAUTHORIZED_INSTALL):
                    print "Unauthorized Install"
            if(xval_l & FLAG_SSB_KEYVAULT_POLICY_VIOLATION):
                    print "Keyvault Policy Violation"
            if(xval_l & FLAG_SSB_CONSOLE_BANNED):
                    print "Console Banned"
            if(xval_l & FLAG_SSB_ODD_VIOLATION):
                    print "ODD Violation"
            if(xval_l & 0xFFFFF000):                            # mask for bits we dont have a description for,
                                                                # note: we are not looking at the hi dword yet
                    print "Unknown Violation(s)"
    return
	# XVal.py By Redline99
	# Decrpyts the "X:" Value from the Xbox 360 dashboard
	# This can indicate if the console has been flagged
	# for some types of security violations
	# Originally posted at XboxHacker: http://www.xboxhacker.org/index.php?topic=16401.0
	import sha, hmac, struct, sys

	FLAG_SSB_NONE = 0x0000
	FLAG_SSB_AUTH_EX_FAILURE = 0x0001
	FLAG_SSB_AUTH_EX_NO_TABLE = 0x0002
	FLAG_SSB_AUTH_EX_RESERVED = 0x0004
	FLAG_SSB_INVALID_DVD_GEOMETRY = 0x0008
	FLAG_SSB_INVALID_DVD_DMI = 0x0010
	FLAG_SSB_DVD_KEYVAULT_PAIR_MISMATCH = 0x0020
	FLAG_SSB_CRL_DATA_INVALID = 0x0040
	FLAG_SSB_CRL_CERTIFICATE_REVOKED = 0x0080
	FLAG_SSB_UNAUTHORIZED_INSTALL = 0x0100
	FLAG_SSB_KEYVAULT_POLICY_VIOLATION = 0x0200
	FLAG_SSB_CONSOLE_BANNED = 0x0400
	FLAG_SSB_ODD_VIOLATION = 0x0800


	try:
	import Crypto.Cipher.DES as DES
	except ImportError:
	print "Error importing Crypto.Cipher.DES - please install python-crypto!"
	print "You can get it from http://www.dlitz.net/software/pycrypto/"
	print "Win32 version from http://www.voidspace.org.uk/python/modules.shtml"
	sys.exit(-1)

	def ByteToHex( byteStr ):
	return ''.join( [ "%02X " % ord( x ) for x in byteStr ] ).strip()

	def HexToByte( hexStr ):
	bytes = []
	hexStr = ''.join( hexStr.split(" ") )
	for i in range(0, len(hexStr), 2):
	bytes.append( chr( int (hexStr[i:i+2], 16 ) ) )
	return ''.join( bytes )

	def DecryptXVal(console_serial, console_xval):
	# convert to bytes in needed
	if console_xval.find("-") or console_xval.hexdigits:
	console_xval = HexToByte(console_xval.replace("-",""))

	# get our decrypt key
	assert len(console_serial) == 0xC
	des_key = hmac.new(console_serial + "\0", "XBOX360SSB", sha).digest()[0:8]
	# set our decrypt key
	assert len(des_key) == 8
	des = DES.new(des_key)
	# decrypt
	assert len(console_xval) == 8
	decrypted_data = des.decrypt(console_xval)
	DisplayResults(decrypted_data)
	print "Data:", ByteToHex(decrypted_data)

	def DisplayResults(xval):
	(xval_h, xval_l) = struct.unpack(">LL", xval) # extract our integers formt the buffer
	if(xval_h == 0 and xval_l == 0): # nothing is flagged in secdata.bin, all is good from this standpoint
	print "Secdata is Clean"
	elif(xval_h == 0xFFFFFFFF and xval_l == 0xFFFFFFFF): # secdata was prob tampered with
	print "Secdata is invalid"
	elif (xval_h != 0 and xval_l != 0): # most likely the serial or xval is incorrect
	print "Secdata decryption error"
	else: # the high dword = 0 and low dword not 0
	# afaik best check. have to look at disassembly more
	if(xval_l & FLAG_SSB_AUTH_EX_FAILURE):
	print "AuthEx Challenge Failure" # AP25 related
	if(xval_l & FLAG_SSB_AUTH_EX_NO_TABLE):
	print "AuthEx Table missing" # AP25 related
	if(xval_l & FLAG_SSB_AUTH_EX_RESERVED):
	print "AuthEx Reserved Flag" # AP25 related
	if(xval_l & FLAG_SSB_INVALID_DVD_GEOMETRY):
	print "Invalid DVD Geometry"
	if(xval_l & FLAG_SSB_INVALID_DVD_DMI):
	print "Invalid DVD DMI"
	if(xval_l & FLAG_SSB_DVD_KEYVAULT_PAIR_MISMATCH):
	print "DVD Keyvault Pair Mismatch"
	if(xval_l & FLAG_SSB_CRL_DATA_INVALID):
	print "Invalid CRL Data"
	if(xval_l & FLAG_SSB_CRL_CERTIFICATE_REVOKED):
	print "CRL Certificate Revoked"
	if(xval_l & FLAG_SSB_UNAUTHORIZED_INSTALL):
	print "Unauthorized Install"
	if(xval_l & FLAG_SSB_KEYVAULT_POLICY_VIOLATION):
	print "Keyvault Policy Violation"
	if(xval_l & FLAG_SSB_CONSOLE_BANNED):
	print "Console Banned"
	if(xval_l & FLAG_SSB_ODD_VIOLATION):
	print "ODD Violation"
	if(xval_l & 0xFFFFF000): # mask for bits we dont have a description for,
	# note: we are not looking at the hi dword yet
	print "Unknown Violation(s)"
	return