Anybody working on this?

Oct 9, 2008 at 3:04 AM
I took a little break from this project due to family stuff going on.  Was wondering if anyone has picked up where I left off.  I know I didn't get real far with this but was hoping someone would see this and pick it up.  I have had a lot of requests for people to be added to the project which gave me hope.  I am sure you took one look at the code and went "That's it?".   Anyways, let me know if you are working this currently. 


Oct 9, 2008 at 3:13 AM

Hi Jason,

Sorry, progress has been slow!

I did have a look at the code and try to get my head around a few of the protocol dumps, but I’d like to set up a Vista Virtual Machine instead of starting to butcher into the eHome assemblies on my ‘production’ HTPC.  Work has become very busy recently, so I haven’t got anywhere near as far along as I would have hoped... but things will start winding down a bit work-wise early next month and I certainly hope to get a few solid weekends / evenings work in on this before Christmas holidays.



From: jlambert []
Sent: Thursday, 9 October 2008 2:04 PM
Subject: Anybody working on this? [softsled:37344]

From: jlambert

I took a little break from this project due to family stuff going on. Was wondering if anyone has picked up where I left off. I know I didn't get real far with this but was hoping someone would see this and pick it up. I have had a lot of requests for people to be added to the project which gave me hope. I am sure you took one look at the code and went "That's it?". Anyways, let me know if you are working this currently.



Read the full discussion online.

To add a post to this discussion, reply to this email (

To start a new discussion for this project, email

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at

Oct 9, 2008 at 4:52 AM
Edited Dec 31, 2008 at 5:31 PM
I totally understand. I am just curious because I was thinking of getting back into it but didn't want to have to redo stuff if somebody has made some head way.

Nov 13, 2008 at 4:55 PM
Hello folks.  Just wibbled across this project, and I've been searching for a software MCE.  I do have UPnP experience, but alas all in Java, so it will take me a bit to get up to speed (but hey I'm an unemployed programmer, so I've got the time!).  What resources would you suggest for someone to start coding on this with no Windows coding experience?
Nov 14, 2008 at 2:35 AM
Well, with your UPnP experience, you have more knowledge then I had when I started.  If you have an extender then I would say use wireshark or something like it to see the communication between VMC and it.  Right now we are just working on registering Softsled with VMC.  We need to figure out how they encode the information as it passes back and forth and how the security is implemented.  I would also say read all of the discussions on this site.  There is some good information about what we have done so far.  Also dig into the code.  If you know java then the c# language shouldn't be too hard to pick up.
Nov 14, 2008 at 1:56 PM
Edited Nov 14, 2008 at 1:57 PM

Ok great.  I've actually got a C# book lying around.  Now in terms of the crypto, what algorithms are they using?  Is it public private key-pairs?  Does the Extender require a Microsoft signed key?  Are they using X509 or some other variety?  I know MS came up with their own keyspec back in the day that was horribly in-compatible with the RSA specs, one of their embrace entext extinguish attempts that failed.

The biggest issue I see is if they require a signed key that's gonna be pretty difficult to crack.  However the caveat to that is if you take a look at the scheme that the Blu Ray / HDDVD folks came up with, there's always a means of attack.  If they were using MD5, it would be fairly trivial to crack the key/cert, as there have been research papers written on utilizing some of the flaws in the MD5 hashing algorithm to attack X509 keys.  I'll dig up some of my crypto links and put them in here for everyone.

Oh yeah, and I do have some PKI experience too lol.  Also I don't currently have an extender so I may need to coordinate with some folks to get some wireshark dumps.

Nov 14, 2008 at 2:41 PM
FYI, bouncy castle is what I use in Java for cert/key mangling/creation.  They have a .NET library at the aforementioned link.
Nov 14, 2008 at 6:12 PM
Yeah, I believe they do require a signed key.  I put one in the code that I found in the communication back and forth.  It is a X509 cert.  So yeah that is going to be a problem.  But so far I don't think it has actually used the cert for any of the communication.  I don't think that it will be used until we get to the actual user interface.  I would just like to get the softsled setup as an extender in vmc.  If you need more dumps I can get them for you.  We put a lot of the communication on this site in the discussions.  We also have a lot of them in the folders in the code as well.  If you need more I can get you more.  Just let me know.

I came across the bouncy castle stuff when I was trying to figure some of the stuff out.  Sounds like you know a lot more then me when it comes to the encryption stuff.  Hopefully you can take this project farther and we can at least get the softsled registered in VMC.  I think that would be a big accomplishment.  The biggest thing I haven't been able to figure out is how the 8 digit code is used in the communication. 

Let me know if you figure anything out.
Nov 14, 2008 at 8:11 PM

Well in a nutshell, what I'm guessing (haven't had time to completely dig through all the code, discussions & whatnot... got a few house fixing projects :) is happening is the handshaking process is where the cert(s) get sent across the wire.  Then a series of signed messages will be sent to verify each party is who they say they are.  The issue is going to be getting the private key that's associated with that cert being sent across the wire (the XBox 360 private key).  It's going to be in that XBox somewhere, but due to the way keypairs function, it won't be sent across the wire.

This all of course is assuming that the handshaking process is doing something similar to SSL/SSH.  In those two you essentially trade public keys (generally X509 certs, which are signed by a "trusted" third party, in this case would be Microsoft), and once each endpoint sends a message encrypted by the private key associated with the cert just sent, they negotiate a secret (or symmetric) key (e.g. AES, triple DES, etc.) which is then used to send and receive data.  The primary reason for the key switchoff is that in terms of computational power needed, asymmetric encryption is far more expensive than symmetric encryption.  But symmetric encryption doesn't offer Authentication, and Non-Repudiation, which I would gather MS would want to guarantee (e.g. is this extender an authorized extender).

So essentially what I'm guessing off the top of my head, is that in order to completely negotiate a connection to an WMC server, we'll need both the public & private keypair of an authorized MCE, or "create" one.  Assuming that's the case, MS could theoretically release a patch to change their keying system.  Again, these are a lot of if's and without a detailed crypto-analysis of their system, I'm speaking out my ass, but that is the worst case scenario I'd see.

Also, since the WMC is technically going to be a machine under your control, their has to be a mechanism on it to generate a public private keypair for it to use on it's enpoint of the connection.  There's literally no way for the keypair to be signed by MS (aside from a dial home, which I doubt is happening), so that means it's somehow generating it's own keypair, which means we can generate our own (big if there).

OK enough textual vomiting for now, time to climb on the roof lol

Nov 25, 2008 at 6:26 PM
Ok, finally have enough time to work on this!  Got VS08 setup, and digging through all the info on here, as well as the existing codebase.  I'll probably have some additional questions, and perhaps some patches soon.  Oh and a little FYI, my end goal is to figure this out in order to integrate some of this into MythTV (or some other *nix project).
Nov 26, 2008 at 1:42 PM
Ok, up to speed, however, I am missing something.  The cert included in the source is a hand-rolled/self signed one, and I'm curious as to whether the one(s) sent over the wire are signed by someone else.  I tried to grab the one in the Linksys MCX dump, but I didn't recognize the format.  What format is it, and if you've gotten it already, can someone just send me a copy of the cert(s) being sent over the wire?
Nov 26, 2008 at 2:55 PM
Edited Dec 31, 2008 at 5:31 PM
I can get you it when I get to a computer I think. The cert was encoded in one of the transmissions. It just starts like 6 or 8 bytes into it. I just saved the binary data to a file and it was a cert. If you look online you will see what hex codes the cert should start with. I will look and see if I can find the one I had.

Nov 26, 2008 at 8:49 PM
Ok great thanks much!  (taking a look at the post on greenbutton, so I will hopefully be able to reproduce the results).  Also do we have any info on the UPnP XML schemas in use by microsoft for all this?  Would be useful so we could guarantee our stuff spit out is conforming to said schemas.
Dec 17, 2008 at 9:04 PM
Sorry I didn't get back to you on this.  If you look in the source code under KeyExchange / 2 you will see the certs from both the Vista host and the 360 client.  Have you gotten anywhere on this.

Dec 25, 2008 at 12:31 AM
Heyya Jason, unfortunately I have not.  I had to leave town for a couple weeks due to a family emergency, then my workstation crashed.  Formatted, reinstalled and setting up my dev environment again.  I should hopefully have something for you guys in the next week or so, until then have a happy & safe holidays!
Dec 28, 2008 at 11:36 PM
Haven't we already got a full skeleton collection of UPnP classes which correspond to the schema used by the pika v2 extenders?
Dec 31, 2008 at 5:30 PM
We have the schema of the UPnP protocols.  But we don't have any documentation about what should be passed back and forth and what to do with the information that is being passed.  The last thing that I was working on was figuring out how the 8 digit number verification worked.  Never did get that working.
Jul 22, 2009 at 6:33 PM

Has anyone made any progress on this of late? I'm looking into making an extender for Android, and you guys seem like the only other people on the internet working on something similar. I have a some crypto experience myself, so I might be able to help on that. I've just downloaded the code, so I'm going to start digging through it.

Jul 22, 2009 at 8:40 PM

Welcome aboard.  Hopefully you can breathe some new life into this.  I worked on it for a while but without having any crypto experience I kept hitting dead ends and working a long time just figuring out what I think would be simple if i knew more about it.  I think some of the guys were looking at short circuting some of the extender setup and going at it a different way.  Let me know if you have any questions on the code.  I would love for somebody to be able to help us move this forward.