TitleOS
commented
2 years ago Looks like I have some more reversing to do, thanks for the example gist, I'll get to it when I have time in a week or two. Appreciate the support from you!
Open rtm516 opened 2 years ago
TitleOS
commented
2 years ago Looks like I have some more reversing to do, thanks for the example gist, I'll get to it when I have time in a week or two. Appreciate the support from you!
rtm516
commented
2 years ago Could you put a brief desc of how you work it out so I can have a crack at it as well, I've tried in the past but never managed to mitm the XML calls the library does.
LukeFZ
commented
2 years ago I was also interested in this topic and took a stab at reversing it: The MSIXVC downloading is not handled through Windows Update, but instead through the GamingServices service and the "https://packagespc.xboxlive.com" and "https://updatepc.xboxlive.com" Endpoints. I wrote a small Proof-of-Concept tool based on XboxWebApi to generate download links for a specific package ContentId through those Endpoints: LukeFZ/MsixvcPackageDownloader
TitleOS
commented
2 years ago Could you put a brief desc of how you work it out so I can have a crack at it as well, I've tried in the past but never managed to mitm the XML calls the library does.
The reason you can't MITM the calls is because the Store employs Windows Update as mentioned by LukeFZ for the actual package downloading and stuff (FE3), which makes use of cert-pinning in wuaeng.dll. It was necessary to patch out the cert-pinning in the dll (which is no simple task being a system dll) to be able to use something like Fiddler to capture the juicy calls, otherwise the Store will just error out until you drop the proxy. It's been years however since I've needed to make that patch but if I remember correctly, there is a PDB offered for it, and the function is literally called something along the lines of certpinning.
alanfox2000software
commented
1 year ago 
pl4nty
commented
1 year ago @TitleOS would EnableBypassCertificatePinningForMicrosoftStore be helpful for MITMing? It's pretty new, but I've seen it used successfully with winget
TitleOS
commented
1 year ago @TitleOS would EnableBypassCertificatePinningForMicrosoftStore be helpful for MITMing? It's pretty new, but I've seen it used successfully with winget
Will investigate, thanks.
Any apps/games that use the XVC package format and provide
"https://productingestionbin1.blob.core.windows.net"asPackageDownloadUrisis unable to be downloaded using the tool, could you add support for this or point me in the direction of something that will help me work out how the store does it?Example product listings: https://gist.github.com/rtm516/b8fcfb8282a27abc4662c2b09fc04ca3