I'm reverse engineering the MN-740 Microsoft Xbox wireless adaptor, it has a custom protocol (NLB heartbeat) that sends and receives configuration info from the dashboard of the Xbox to set up the adaptor in a very simular format to WPS except it is over NLB instead of EAP,
When I plug it into my network after several seconds my OpenWrt router reboots, it gets stuck in a reboot loop and crashes several seconds after the web interface becomes live.
After removing the adaptor and depowering the router it still continues to reboot, the only way to recover the router is to factory reset it or quickly go into the menu and factory reset the device.
Any ideas?
The device works fine if I plug it into an Xbox directly. but it i plug it into a switch port on my router reboot loop without fail.
I'm wondering if anyone has any idea because I'm completely baffled!!!
MS NLB operates at a specific layer (Layer 4) within the Windows networking stack and has unique operational modes (unicast or multicast) that often require specific switch configurations and do not interface with non-Windows systems like OpenWrt as a cluster member.
Therefore, you cannot directly integrate an OpenWrt router as a node in a Microsoft NLB cluster or use the OpenWrt firmware to manage an MS NLB cluster.
the thing is i want to be able to do a few things that will help with xlinkai and insignia service, yes i can use any wireless bridge but you need to configure that device to connect to wifi also you end up with double nat that blocks insignia and you need a tunneling client for xlinkkai on a pc behind it to work.
i plan to do that all on the adaptor.
As I am handling the adaptor info response in a stateful response, I can hide from the Xbox that you are connecting to a wpa3 network etc... and configure any network from within the Xbox dash as long as the password is within the WEP 128 constraints. the Xbox will think I'm using an official adaptor.
That is what I'm doing I'm trying to do.
I'm planning to use generic OpenWrt hardware so I can attach it to the Xbox and setup Wi-Fi from the Xbox dash like I can from the official Wi-Fi adaptor.
The official adaptor only does WEP is it is useless, I'm trying to make a modern replacement
There are a few single board modules for $5 that I can put this emulator/ bridge on and embed in the console.
I'm creating an emulator/ bridge to control OpenWrt from the Xbox dash to set up an ap to connect to the internet.
Sadly, NLB is just used as the transport medium, for basically an altered WPA handshake.
It follows the same idea as WPS, but the thing was made lightweight to fit all responses within a single Ethernet frame.
The WPS protocol and TLV tag structure has been handy, but the device has a single binary rom and opening it up in ghidra finding the address for the NLB heartbeat, then finding the entry point and looking for memory copy commands revealed a lot of tags, not to mention the amount of text strings everywhere.
The device has a webpage (but disabled) and much of the responses were in plain view or stored as c struct that were easyish to guess the test on the device, the rom and is very telling.
I mostly have the bones done just refining things now.
But the ability for the NLB broadcast from this adaptor to crash my router is kind of unbelievable.
It was never designed to plug in to a lan segment but only an Xbox so I don't know, the emulator does not crash the router that I have seen, but I have been fuzzing the interface on both the Xbox and the adaptor to learn things from the proprietary protocol.
The tool is scripted to upload a text file with a hex string and the tool reads the nonce if the signs the HMAC calcs the checksums the data and spits it out and you get a response and it works both ways, as you can just listen too it has the option to use your pc as a bridge in the middle to capture real traffic, as port mirroring it a pain and this way all the logs spit out are the same format.
Frankly I fail to see how it relates to OpenWrt.
In threadx every network service handles raw packets, all logic is in fixed c structs. Like packet fragmentation or congestion control...