WIP XUser

[olivi-r]

This PR adds:

• Stubs for the XUser interfaces
• Minimal XLauncher implementation (moved to XLauncher Implementation #37)
• Completed json parsing in windows.web.dll
  • This has been upstreamed (!10443 & !10457), it is included here until it makes its way down
• Xbox Live token requesting
  • Currently missing login ui, requires manually adding an oauth refresh code to [HKLM\Software\Wine\WineGDK]"RefreshToken"
• Most of the trivial XUser methods

The XUserGetTokenAndSignature methods seem to be the main roadblock to full online services, token requesting can be adapted from what is here already, but signature generation requires the appropriate keys to be provisioned to crypt32 during package installation, which will likely require more work with XStore

Currently the oauth client_id / MSAAppId has to be manually set as MicrosoftGame.config parsing is not here yet.

[Syntist]

Is this related to be able to login into Microsoft account? like in Minecraft Bedrock?

[olivi-r]

Is this related to be able to login into Microsoft account? like in Minecraft Bedrock?

Yes that is the purpose, although it is not yet complete

[ItsbaileyX3525]

Thank you for working on this! Can't wait to see a working product

[ChristopherHX]

Somehow while pulling this into the default branch locally, for debugging purposes, I had a duplicated type definition error and applied this patch

diff --git a/include/xuser.idl b/include/xuser.idl
index 2f7292b..877c59c 100644
--- a/include/xuser.idl
+++ b/include/xuser.idl
@@ -37,7 +37,6 @@ typedef enum XUserState XUserState;
 typedef enum XUserPlatformOperationResult XUserPlatformOperationResult;
 typedef enum XUserPlatformSpopOperationResult XUserPlatformSpopOperationResult;
 
-typedef struct APP_LOCAL_DEVICE_ID APP_LOCAL_DEVICE_ID;
 typedef struct XUserDeviceAssociationChange XUserDeviceAssociationChange;
 typedef struct XUserGetTokenAndSignatureData XUserGetTokenAndSignatureData;
 typedef struct XUserGetTokenAndSignatureHttpHeader XUserGetTokenAndSignatureHttpHeader;
@@ -53,6 +52,20 @@ typedef void (__stdcall *XUserPlatformRemoteConnectShowPromptEventHandler)( PVOI
 typedef void (__stdcall *XUserPlatformRemoteConnectClosePromptEventHandler)( PVOID context, UINT32 userIdentifier, XUserPlatformOperation operation );
 typedef void (__stdcall *XUserPlatformSpopPromptEventHandler)( PVOID context, UINT32 userIdentifier, XUserPlatformOperation operation, LPCSTR modernGamertag, LPCSTR modernGamertagSuffix );
 
+cpp_quote("#if 0")
+typedef unsigned __int64 uint64_t;
+typedef __int64 int64_t;
+typedef unsigned __int3264 size_t;
+typedef unsigned int uint32_t;
+typedef int int32_t;
+typedef unsigned short uint16_t;
+typedef unsigned char uint8_t;
+typedef boolean bool;
+typedef struct APP_LOCAL_DEVICE_ID
+{
+    BYTE value[32];
+} APP_LOCAL_DEVICE_ID;
+cpp_quote("#endif")
 
 enum XUserAddOptions
 {
@@ -170,11 +183,6 @@ enum XUserPlatformSpopOperationResult
     XUserPlatformSpopOperationResult_Canceled       = 3
 };
 
-struct APP_LOCAL_DEVICE_ID
-{
-    BYTE value[32];
-};
-
 struct XUserLocalId {
     UINT64 value;
 };

Didn't come to the point where my breakpoints hit reliable within wine gdk (somehow winegdk stopped in the wrong dll with a similar main.c)) / XUser was called for me. Fixed itself after recompiling via make clean, but now winedbg freezes if I make a small break of 20s and do not keep it running long enough.
Want to experiment with the XUser api, coming from the dark minecraft-linux side of things. Which has xbox auth for years.

[olivi-r]

Somehow while pulling this into the default branch locally, for debugging purposes, I had a duplicated type definition error and applied this patch

Didn't come to the point where my breakpoints hit reliable within wine gdk (somehow winegdk stopped in the wrong dll with a similar main.c)) / XUser was called for me. Fixed itself after recompiling via make clean, but now winedbg freezes if I make a small break of 20s and do not keep it running long enough. Want to experiment with the XUser api, coming from the dark minecraft-linux side of things. Which has xbox auth for years.

Thanks, I'm aware of this issue, I just haven't got round to pushing my changes yet.

To elaborate more on the auth hold up, the XUserGetTokenAndSignature methods return both the XToken for the authorization header and also a signature header of the provided message body, in my understanding the signature cannot be generated without the private key and encryption and key provisioning hasn't yet been worked out for msixvc packages, hence why they first have to be 'decrypted' through a windows installation.

Although I couldn't say for sure without further testing, as I am not super familiar with other projects, Minecraft/PlayFabApi may not verify the message integrity, which may allow a semi-stub of XUserGetTokenAndSignature methods to work albeit only for certain games. Either that or the clients act as mobile platforms in terms of auth which use a slightly different api, and would allow a mitm method, which isn't as useful here without a lot of game specific code.

The last part might be completely incorrect and if you know more please let me know 🙂

[ChristopherHX]

Minecraft/PlayFabApi may not verify the message integrity

I hope so (and understood this from your original post), but I almost had the conclusion that I have a much bigger problem that I do not have stub idl files of the unknown interfaces that might or not be other xbox live libraries.
Or could I somehow do the same as gameservices.dll.threading and try to load the ms binaries like I do on android?

My general Idea is to intercept the XCurl http client, if it finds the fake signature and remove that from the url. Since I would expect that a provied signature would be validated. Based on examples on msdocs, it reads like signature might be optional and could be NULL, however this depends on how the code interacts with the result.

I also read all cross platform games needs to somehow lift such a requirement, but anyhow ms might be able to apply this only on supported platforms.

XUserGetTokenAndSignature

I wonder did the game call this XUserGetTokenAndSignature function on your end? Could failed for me, since I yet have to figure out how you got the authenticated user credentials for injection.

The last part might be completely incorrect and if you know more please let me know 🙂

Yes I let you know once I have more time with experimenting with winegdk, till now no news.

[ChristopherHX]

One blocker for proper validation the xtoken code is this requested class and interface:

973a344e_24bf_4d0f_8457_56c534892b29: XGame or whatever
2549f142_6419_4a06_97b5_931aab7c2f34: subinterface or whatever
XGameGetXboxTitleId: 0x18 : 3
XLaunchNewGame: 4
XLaunchRestartOnCrash: 5

The titleid is most likely used to call XblInitialize. (xbox-live GDK calls this method itself during init based on source code via a Xal Wrapper)

https://github.com/microsoft/Xbox-GDK-Samples/blob/0a55b37c94dcab36e84b44227e331baa535ace57/Kits/LiveTK/LiveResources.cpp#L68-L79

Maybe it would help me to compile some gdk samples with debug info and link with the debug variant of xbox live static library, which is statically linked into minecraft.

An invalid titleid would possible result in errors.

[olivi-r]

TitleId is another field in MicrosoftGame.config, (for Minecraft this is 35760C07) which still needs parsing to retrieve the MSAAppId which is passed as the client_id field when requesting an oauth token. That's two things that can be done at once, and should probably be handled in GDKC_InitApi.

I've been very busy recently but I will try to make some time to get that part working, although as mentioned prior, XUserGetTokenAndSignature is more of the main focus as xsapi is built on top of xgameruntime rather than being wholly separate. Which still cannot be completed fully until more is understood about the drm.

[ChristopherHX]

TitleId is another field in MicrosoftGame.config, (for Minecraft this is 35760C07)

Yes it is, I am still learning slowly how to implement missing class stubs due to almost no documentation how the com impl had been created here.

TLDR hiding the long message

I might really hardcode this in my local hacks, it is fully understandable for a good implementation this needs to be read from the game.

XUserGetTokenAndSignature

If I return garbage here, the game seem to repeatedly call this with playfab urls, but trying to understand where the http calls actually flow. XS api does not look to use XCurl, but playfab uses XCurl. Given I never tried protongdk, I do not know if XCurl has connectivity issues itself.

minecraft android xsapi also uses it's own httpclient, just it makes verbose java native interface calls and we have the httpclient c++ source code, actually I might be able to compile the http client for GDK from scratch that is based on WinHttp for debugging. wine is really shocking me, just recompiled once and the debugger ignores breakpoints again..m

• https://github.com/microsoft/cpprestsdk
• https://github.com/microsoft/libHttpClient
• https://github.com/microsoft/xbox-live-api

XUserGetTokenAndSignature is more of the main focus as xsapi is built on top of xgameruntime rather than being wholly separate.

My focus might be a bit different :) and specially target xsapi that might use XUser to some extend.

EDIT Added sourcecode to xs-api on GitHub, the last time I searched for xbox api code the repo was empty as far as I remember, interesting

EDIT2
https://github.com/microsoft/xbox-live-api/blob/dd61050a95039108489b9deef7ba5c0945573850/Source/Shared/http_call_wrapper_internal.cpp#L710-L718

The public xbox sdk used in GDK does not require signature.

[ChristopherHX]

Further research the XalUserGetTokenAndSignatureSilentlyAsync I have running in mcpelauncher, does generate the signature part of XUserGetTokenAndSignatureAsync that GDK wants. It using sha + ecdsa signing on android / mcpelauncher linux + macOS, for this. In a MVP, Minecraft ChromeOS Trial that is available free of charge could be used by my reference implementation that generates even the signature for winegdk. The android xal sdk has debug symbols, that possible can provide insights how to generate the signature directly in wine.

I believe that I need to debug also on windows, to get to know why the XUser api usage get stuck

Both GDK and android have similar behavior here, up to a point where my GDK setup has problems.

• SignInSilently (GDK|android)
• GetGamerTag + displaying it (GDK|android) /* altering the first returned string ends up on the home screen */
• GetTokenAndSignature for playfab (Marketplace, inbox etc.) (GDK|android) => successful marketplace login both /* only in winedbg for gdk, since login has a phantom abort in winegdk and just hangs without debugger without attempting to abort the blocking load operation to allow marketplace */
• XblContextCreateHandle (android) GDK unknown, no debug symbols like on android
  • GetGamerTagComponent (GDK|android) not called by GDK
• GetTokenAndSignature the signature part is ignored until here, but since GDK does not run to this point yet that field is no longer the most important one.

XCurl is libcurl built from source with debug symbols

• XCurl from MS hangs up in winegdk, possible similar issue why xbl init hangs up

[olivi-r]

Fixed the APP_LOCAL_DEVICE_ID include as well as reworked token methods into a separate interface.

Additionally left the msaAppId hard-coded with Minecraft's until I get MicrosoftGame.config parsing done.

Additional details on how to get refresh token working for now

curl 'https://login.live.com/oauth20_connect.srf' -d 'client_id=0000000040159362&scope=service::user.auth.xboxlive.com::MBI_SSL&response_type=device_code' -H 'Content-Type: application/x-www-form-urlencoded'

Visit https://microsoft.com/link and enter the user_code field from the response and sign in.

Then using the device_code field:

curl 'https://login.live.com/oauth20_token.srf' -d 'device_code=<device_code>&client_id=0000000040159362&grant_type=device_code' -H 'Content-Type: application/x-www-form-urlencoded'

Finally update the registry with the refresh_token from the response:

wine reg add 'HKLM\Software\Wine\WineGDK' /v RefreshToken /d <refresh_token>