Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

productingestionbin1.blob.core.windows.net / MSIXVC / XVC Support #20

Open
rtm516 opened this issue May 22, 2022 · 7 comments
Open

productingestionbin1.blob.core.windows.net / MSIXVC / XVC Support #20

rtm516 opened this issue May 22, 2022 · 7 comments
Assignees
@TitleOS
Labels
enhancement New feature or request

Comments

@rtm516
Copy link
Contributor

rtm516 commented May 22, 2022

Any apps/games that use the XVC package format and provide "https://productingestionbin1.blob.core.windows.net" as PackageDownloadUris is unable to be downloaded using the tool, could you add support for this or point me in the direction of something that will help me work out how the store does it?

Example product listings:
https://gist.github.com/rtm516/b8fcfb8282a27abc4662c2b09fc04ca3
@TitleOS TitleOS self-assigned this May 24, 2022
@TitleOS
Copy link
Member

TitleOS commented May 24, 2022

Looks like I have some more reversing to do, thanks for the example gist, I'll get to it when I have time in a week or two. Appreciate the support from you!

@TitleOS TitleOS added the enhancement New feature or request label May 24, 2022
@rtm516
Copy link
Contributor Author

rtm516 commented May 25, 2022

Could you put a brief desc of how you work it out so I can have a crack at it as well, I've tried in the past but never managed to mitm the XML calls the library does.

@LukeFZ
Copy link

LukeFZ commented Jun 13, 2022

I was also interested in this topic and took a stab at reversing it: The MSIXVC downloading is not handled through Windows Update, but instead through the GamingServices service and the "https://packagespc.xboxlive.com" and "https://updatepc.xboxlive.com" Endpoints. I wrote a small Proof-of-Concept tool based on XboxWebApi to generate download links for a specific package ContentId through those Endpoints: LukeFZ/MsixvcPackageDownloader

@TitleOS
Copy link
Member

TitleOS commented Jun 13, 2022

Could you put a brief desc of how you work it out so I can have a crack at it as well, I've tried in the past but never managed to mitm the XML calls the library does.

The reason you can't MITM the calls is because the Store employs Windows Update as mentioned by LukeFZ for the actual package downloading and stuff (FE3), which makes use of cert-pinning in wuaeng.dll. It was necessary to patch out the cert-pinning in the dll (which is no simple task being a system dll) to be able to use something like Fiddler to capture the juicy calls, otherwise the Store will just error out until you drop the proxy. It's been years however since I've needed to make that patch but if I remember correctly, there is a PDB offered for it, and the function is literally called something along the lines of certpinning.

@alanfox2000software
Copy link

alanfox2000software commented Oct 19, 2022
edited
Loading

https://github.com/skydevil88/XboxDownload
https://xbox.skydevil.xyz/

@pl4nty
Copy link

pl4nty commented Apr 28, 2023
edited
Loading

@TitleOS would EnableBypassCertificatePinningForMicrosoftStore be helpful for MITMing? It's pretty new, but I've seen it used successfully with winget

@TitleOS
Copy link
Member

TitleOS commented Apr 28, 2023

@TitleOS would EnableBypassCertificatePinningForMicrosoftStore be helpful for MITMing? It's pretty new, but I've seen it used successfully with winget

Will investigate, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TitleOS TitleOS

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rtm516 @LukeFZ @pl4nty @TitleOS @alanfox2000software