XboxWirelessAdapter/extract_secrets.py at main · agarmash/XboxWirelessAdapter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env python3

import hashlib
import os
import sys

# Version MD5 Hashes
MD5_185EAD00 = bytes.fromhex('8149654a030d813bcc02a24f39fd3ce9')
MD5_NLM_MEM  = bytes.fromhex('A9A58ADC4CEAEC337BAAB64F018FBA7F')
# TODO: Add extraction logic for version 185a6100 (MD5: 01dd6c8aa72b473ba1523c73c6527d86)

def md5(file):
    hash_md5 = hashlib.md5()
    file.seek(0)
    for chunk in iter(lambda: file.read(4096), b''):
        hash_md5.update(chunk)
    return hash_md5.digest()

def main():
    if len(sys.argv) < 2:
        print(f"Usage: {sys.argv[0]} <input_file>")
        exit(1)

    input_file_name = sys.argv[1]
    input_file = open(input_file_name, 'rb')

    file_md5 = md5(input_file)

    # Configuration based on file identity
    if file_md5 == MD5_185EAD00:
        print("Detected version: 185ead00 (Dashboard)")
        salt_off, salt_len = 0x16098, 0x75
        auth_off, auth_len = 0x16110, 0x54
        key_off = 0x92986
        is_sparse = True  # Original dashboard 1-skip-3 pattern
    elif file_md5 == MD5_NLM_MEM:
        print("Detected version: NLM.MEM (Firmware Image)")
        salt_off, salt_len = 0xBC364, 117
        auth_off, auth_len = 0xBC3DC, 84
        key_off = 0xBF520
        is_sparse = False # Contiguous read for firmware
    else:
        print(f"Incompatible file version (MD5: {file_md5.hex().upper()}), aborting...")
        input_file.close()
        exit(1)

    dir_name = 'secrets'
    if not os.path.isdir(dir_name):
        os.mkdir(dir_name)

    # Extract HMAC Salt
    input_file.seek(salt_off, 0)
    with open(os.path.join(dir_name, 'hmac_salt.bin'), 'wb') as f:
        f.write(input_file.read(salt_len))

    # Extract Auth Copyright
    input_file.seek(auth_off, 0)
    with open(os.path.join(dir_name, 'auth_copyright.bin'), 'wb') as f:
        f.write(input_file.read(auth_len))

    # Extract HMAC Key
    input_file.seek(key_off, 0)
    if is_sparse:
        hmac_key = b''
        for i in range(16):
            hmac_key += input_file.read(1)
            input_file.seek(3, 1)
    else:
        hmac_key = input_file.read(16)

    with open(os.path.join(dir_name, 'hmac_key.bin'), 'wb') as f:
        f.write(hmac_key)

    input_file.close()
    print(f"Extraction complete. Secrets saved to ./{dir_name}/")

if __name__ == "__main__":
    main()