Created
August 12, 2017 19:32
-
-
Save thejsa/d8f77f322742c4bd54bbe71bf37351a3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* Xbox 360 Xval Decryption | |
* Ported to PHP (from C#) by Brandon Wilson | |
* Ported to C# (from...something) by CLK | |
* Original code by Redline99: http://www.xboxhacker.org/index.php?topic=16401.msg125000#msg125000 | |
*/ | |
function decryptXValue($serial, $xval) | |
{ | |
$deskey = @substr(@hash_hmac("sha1", "XBOX360SSB", $serial."\0", TRUE), 0, 8); | |
$result = @unpack("N*", @mcrypt_decrypt(MCRYPT_DES, $deskey, @pack("H*", @strtoupper($xval)), | |
MCRYPT_MODE_CBC, @str_repeat("\0", @mcrypt_get_iv_size(MCRYPT_DES, MCRYPT_MODE_CBC)))); | |
$flags = ($result[1] << 32) | $result[2]; | |
return $flags; | |
} | |
function addFlag($flag, $description) | |
{ | |
echo "<TR><TD><FONT COLOR=\"red\"><B>".$flag."</B></FONT></TD><TD>".$description."</TD></TR>"; | |
} | |
function displayInfo() | |
{ | |
?> | |
<P><H3>Xbox 360 X Value Decrypter/Parser</H3></P> | |
<P>This is a simple mobile-friendly page that can show you the meaning of the encrypted "X value" from your Xbox 360 dashboard's "Console Information" screen.</P> | |
<P>Just enter your console serial number and the X value displayed in the dashboard (you can omit any dashes) and it'll show you whether you've been flagged for various Xbox Live ban-worthy events.</P> | |
<P>If your console has been flagged, <B>don't ask me, I can't help you</B> -- I just threw this up for convenience (for example, if you are out and about and need to check from your phone whether a potential used console purchase is worth it (or whatever other use you can think of)).</P> | |
<P>Do you not trust me not to do evil things with your console serial number, or do you just want to host this yourself (or see how it's done)? <A HREF="view.php">Click here to view the entire source</A>.</P> | |
<P>All credit goes to people in the Xbox 360 scene (CLK, Redline99, etc.), I had nothing to do with anything, just saw some code and ported it to PHP -- but if you want to contact me, <A HREF="mailto:brandonlw@gmail.com">go right ahead</A>.</P> | |
<P>My understanding is that there's now an "S value" and other stuff that probably obsoletes this, but hopefully it helps somebody out.</P> | |
<P>Want to test this out but don't want to use your personal information? Use these very public test cases from Google Images (if you recognize these numbers, shame on you):<BR />024025192407/B055-CB85-949B-0AB1<BR />306170493905/063C-7513-583D-C95D</P> | |
<?php | |
} | |
function displayResults() | |
{ | |
define(FLAG_SSB_NONE, 0x0000); | |
define(FLAG_SSB_AUTH_EX_FAILURE, 0x0001); | |
define(FLAG_SSB_AUTH_EX_NO_TABLE, 0x0002); | |
define(FLAG_SSB_AUTH_EX_RESERVED, 0x0004); | |
define(FLAG_SSB_INVALID_DVD_GEOMETRY, 0x0008); | |
define(FLAG_SSB_INVALID_DVD_DMI, 0x0010); | |
define(FLAG_SSB_DVD_KEYFAULT_PAIR_MISMATCH, 0x0020); | |
define(FLAG_SSB_CRL_DATA_INVALID, 0x0040); | |
define(FLAG_SSB_CRL_CERTIFICATE_REVOKED, 0x0080); | |
define(FLAG_SSB_UNAUTHORIZED_INSTALL, 0x0100); | |
define(FLAG_SSB_KEYVAULT_POLICY_VIOLATION, 0x0200); | |
define(FLAG_SSB_CONSOLE_BANNED, 0x0400); | |
define(FLAG_SSB_ODD_VIOLATION, 0x0800); | |
$serial = strtoupper(ereg_replace("[^A-Za-z0-9]", "", strip_tags($_POST['ConsoleSerial']))); | |
$xval = strtoupper(ereg_replace("[^A-Za-z0-9]", "", strip_tags($_POST['XValue']))); | |
$flags = decryptXValue($serial, $xval); | |
echo "Decrypted X value is: <B>".sprintf("0x%08X", $flags)."</B><BR /><BR />"; | |
if ($flags == FLAG_SSB_NONE) | |
{ | |
echo "<FONT COLOR=\"green\"><B>Secdata is clean!</B></FONT>"; | |
} | |
else if ($flags == 0xFFFFFFFFFFFFFFFF) | |
{ | |
echo "<FONT COLOR=\"red\"><B>Secdata is invalid (all 0xFF)!</B></FONT>"; | |
} | |
else if (($flags >> 32) != 0) | |
{ | |
echo "<FONT COLOR=\"red\"><B>Secdata decryption error!</B></FONT>"; | |
} | |
else | |
{ | |
echo "<TABLE BORDER=\"1\">"; | |
if ($flags & FLAG_SSB_AUTH_EX_FAILURE) | |
addFlag("FLAG_SSB_AUTH_EX_FAILURE", "AuthEx Challenge Failure (AP25)"); | |
if ($flags & FLAG_SSB_AUTH_EX_NO_TABLE) | |
addFlag("FLAG_SSB_AUTH_EX_NO_TABLE", "AuthEx Table Missing"); | |
if ($flags & FLAG_SSB_AUTH_EX_RESERVED) | |
addFlag("FLAG_SSB_AUTH_EX_RESERVED", "AuthEx Reserved Flag"); | |
if ($flags & FLAG_SSB_INVALID_DVD_GEOMETRY) | |
addFlag("FLAG_SSB_INVALID_DVD_GEOMETRY", "Invalid DVD Geometry"); | |
if ($flags & FLAG_SSB_INVALID_DVD_DMI) | |
addFlag("FLAG_SSB_INVALID_DVD_DMI", "Invalid DVD DMI"); | |
if ($flags & FLAG_SSB_DVD_KEYFAULT_PAIR_MISMATCH) | |
addFlag("FLAG_SSB_DVD_KEYVAULT_PAIR_MISMATCH", "DVD Keyvault Pair Mismatch"); | |
if ($flags & FLAG_SSB_CRL_DATA_INVALID) | |
addFlag("FLAG_SSB_CRL_DATA_INVALID", "Invalid CRL Data"); | |
if ($flags & FLAG_SSB_CRL_CERTIFICATE_REVOKED) | |
addFlag("FLAG_SSB_CRL_CERTIFICATE_REVOKED", "CRL Certificate Revoked"); | |
if ($flags & FLAG_SSB_UNAUTHORIZED_INSTALL) | |
addFlag("FLAG_SSB_UNAUTHORIZED_INSTALL", "Unauthorized Install"); | |
if ($flags & FLAG_SSB_KEYVAULT_POLICY_VIOLATION) | |
addFlag("FLAG_SSB_KEYVAULT_POLICY_VIOLATION", "Keyvault Policy Violation"); | |
if ($flags & FLAG_SSB_CONSOLE_BANNED) | |
addFlag("FLAG_SSB_CONSOLE_BANNED", "Console Banned"); | |
if ($flags & FLAG_SSB_ODD_VIOLATION) | |
addFlag("FLAG_SSB_ODD_VIOLATION", "ODD Violation"); | |
if ($flags & 0xFFFFF000) | |
addFlag(sprintf("0x%08X", $flags & 0xFFFFF000), "Unknown Violation(s)"); | |
echo "</TABLE>"; | |
} | |
echo "<P><A HREF=\"index.php\">Return</A></P>"; | |
} | |
echo "<HTML><HEAD>"; | |
echo "<TITLE>Xbox 360 - Check X Value Flags</TITLE>"; | |
echo "</HEAD><BODY STYLE=\"font-family: Verdana\">"; | |
displayInfo(); | |
if ($_POST['submit'] == "Display") | |
{ | |
displayResults(); | |
} | |
else | |
{ | |
?> | |
<FORM METHOD="post" ACTION="index.php"> | |
<TABLE> | |
<TR><TD>Console Serial Number:</TD><TD><INPUT TYPE="text" NAME="ConsoleSerial" /></TD></TR> | |
<TR><TD>Console X Value:</TD><TD><INPUT TYPE="text" NAME="XValue" /></TD></TR> | |
<TR><TD COLSPAN="2"><INPUT TYPE="submit" NAME="submit" VALUE="Display" /></TD></TR> | |
</TABLE> | |
</FORM> | |
<?php | |
} | |
echo "</BODY></HTML>"; | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment