Xbox Live sts auth working

2024-10-25 09:06:54 -06:00 · 2024-10-25 09:06:54 -06:00 · 16ad6e7427
commit 16ad6e7427
parent b6f54f0687
2 changed files with 70 additions and 2 deletions
--- a/main.go
+++ b/main.go
@ -1,6 +1,7 @@
 package main

 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"io"
@ -29,6 +30,44 @@ type authenticationResp struct {
 	Error_description string
 }

+type xboxAuthProperties struct {
+	AuthMethod string
+	SiteName   string
+	RpsTicket  string
+}
+
+type xboxAuthRequest struct {
+	Properties   xboxAuthProperties
+	RelyingParty string
+	TokenType    string
+}
+
+type xboxDisplayClaim struct {
+	Uhs string
+}
+
+type xboxDisplayClaims struct {
+	Xui []xboxDisplayClaim
+}
+
+type xboxAuthResponse struct {
+	IssueInstant  time.Time
+	NotAfter      time.Time
+	Token         string
+	DisplayClaims xboxDisplayClaims
+}
+
+type XSTSProperties struct {
+	SandboxId  string
+	UserTokens []string
+}
+
+type XSTSRequest struct {
+	Properties   XSTSProperties
+	RelyingParty string
+	TokenType    string
+}
+
 func main() {

 	resp, err := http.PostForm("https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode", url.Values{
@ -68,13 +107,42 @@ func main() {
 			authResp := authenticationResp{}
 			json.Unmarshal(data, &authResp)
 			if authResp.Error == "" {
-				fmt.Printf("Authenticated!")
+				fmt.Printf("Authenticated!\n")
 				authentication = authResp
 				break
 			}

 		}
-		fmt.Printf("Auth Response: %+v\n", authentication)
+		req, _ := json.Marshal(xboxAuthRequest{Properties: xboxAuthProperties{AuthMethod: "RPS", SiteName: "user.auth.xboxlive.com", RpsTicket: "d=" + authentication.Access_token}, RelyingParty: "http://auth.xboxlive.com", TokenType: "JWT"})
+		client := http.Client{}
+		httpReq, _ := http.NewRequest("POST", "https://user.auth.xboxlive.com/user/authenticate", bytes.NewBuffer(req))
+		httpReq.Header.Add("x-xbl-contract-version", "1")
+		httpReq.Header.Add("Content-Type", "application/json")
+		httpReq.Header.Add("Accept", "application/json")
+		httpResp, err := client.Do(httpReq)
+		if err != nil {
+			fmt.Printf("XboxLive Error: %s\n", err)
+		}
+		defer httpResp.Body.Close()
+		if httpResp.StatusCode != 200 {
+			fmt.Printf("XboxLive Error: %s\n", httpResp.Status)
+		}
+		d, _ := io.ReadAll(httpResp.Body)
+		xboxAPI := xboxAuthResponse{}
+		json.Unmarshal(d, &xboxAPI)
+		xstsData, _ := json.Marshal(XSTSRequest{Properties: XSTSProperties{SandboxId: "RETAIL", UserTokens: []string{xboxAPI.Token}}, RelyingParty: "http://xboxlive.com", TokenType: "JWT"})
+		httpXstsReq, _ := http.NewRequest("POST", "https://xsts.auth.xboxlive.com/xsts/authorize", bytes.NewBuffer(xstsData))
+		httpXstsReq.Header.Add("Content-Type", "application/json")
+		httpResp, err = client.Do(httpXstsReq)
+		if err != nil {
+			fmt.Printf("XboxLive STS error: %s\n", err)
+		}
+		defer httpResp.Body.Close()
+		if httpResp.StatusCode != 200 {
+			fmt.Printf("XboxLive STS error: %s\n", httpResp.Status)
+		}
+		d, _ = io.ReadAll(httpResp.Body)
+		fmt.Printf("XboxLive STS Response: %s\n", d)
 	}

 	/*
--- a/BIN
+++ b/BIN