WIP XUser

[olivi-r]

This PR adds:

• Stubs for the XUser interfaces
• Minimal XLauncher implementation (moved to XLauncher Implementation #37)
• Completed json parsing in windows.web.dll
  • This has been upstreamed (!10443 & !10457), it is included here until it makes its way down
• Xbox Live token requesting
  • Currently missing login ui, requires manually adding an oauth refresh code to [HKLM\Software\Wine\WineGDK]"RefreshToken"
• Most of the trivial XUser methods

The XUserGetTokenAndSignature methods seem to be the main roadblock to full online services, token requesting can be adapted from what is here already, but signature generation requires the appropriate keys to be provisioned to crypt32 during package installation, which will likely require more work with XStore

Currently the oauth client_id / MSAAppId has to be manually set as MicrosoftGame.config parsing is not here yet.

[Syntist]

Is this related to be able to login into Microsoft account? like in Minecraft Bedrock?

[olivi-r]

Is this related to be able to login into Microsoft account? like in Minecraft Bedrock?

Yes that is the purpose, although it is not yet complete

[ItsbaileyX3525]

Thank you for working on this! Can't wait to see a working product

[ChristopherHX]

Somehow while pulling this into the default branch locally, for debugging purposes, I had a duplicated type definition error and applied this patch

diff --git a/include/xuser.idl b/include/xuser.idl
index 2f7292b..877c59c 100644
--- a/include/xuser.idl
+++ b/include/xuser.idl
@@ -37,7 +37,6 @@ typedef enum XUserState XUserState;
 typedef enum XUserPlatformOperationResult XUserPlatformOperationResult;
 typedef enum XUserPlatformSpopOperationResult XUserPlatformSpopOperationResult;
 
-typedef struct APP_LOCAL_DEVICE_ID APP_LOCAL_DEVICE_ID;
 typedef struct XUserDeviceAssociationChange XUserDeviceAssociationChange;
 typedef struct XUserGetTokenAndSignatureData XUserGetTokenAndSignatureData;
 typedef struct XUserGetTokenAndSignatureHttpHeader XUserGetTokenAndSignatureHttpHeader;
@@ -53,6 +52,20 @@ typedef void (__stdcall *XUserPlatformRemoteConnectShowPromptEventHandler)( PVOI
 typedef void (__stdcall *XUserPlatformRemoteConnectClosePromptEventHandler)( PVOID context, UINT32 userIdentifier, XUserPlatformOperation operation );
 typedef void (__stdcall *XUserPlatformSpopPromptEventHandler)( PVOID context, UINT32 userIdentifier, XUserPlatformOperation operation, LPCSTR modernGamertag, LPCSTR modernGamertagSuffix );
 
+cpp_quote("#if 0")
+typedef unsigned __int64 uint64_t;
+typedef __int64 int64_t;
+typedef unsigned __int3264 size_t;
+typedef unsigned int uint32_t;
+typedef int int32_t;
+typedef unsigned short uint16_t;
+typedef unsigned char uint8_t;
+typedef boolean bool;
+typedef struct APP_LOCAL_DEVICE_ID
+{
+    BYTE value[32];
+} APP_LOCAL_DEVICE_ID;
+cpp_quote("#endif")
 
 enum XUserAddOptions
 {
@@ -170,11 +183,6 @@ enum XUserPlatformSpopOperationResult
     XUserPlatformSpopOperationResult_Canceled       = 3
 };
 
-struct APP_LOCAL_DEVICE_ID
-{
-    BYTE value[32];
-};
-
 struct XUserLocalId {
     UINT64 value;
 };

Didn't come to the point where my breakpoints hit reliable within wine gdk (somehow winegdk stopped in the wrong dll with a similar main.c)) / XUser was called for me. Fixed itself after recompiling via make clean, but now winedbg freezes if I make a small break of 20s and do not keep it running long enough.
Want to experiment with the XUser api, coming from the dark minecraft-linux side of things. Which has xbox auth for years.

[olivi-r]

Somehow while pulling this into the default branch locally, for debugging purposes, I had a duplicated type definition error and applied this patch

Didn't come to the point where my breakpoints hit reliable within wine gdk (somehow winegdk stopped in the wrong dll with a similar main.c)) / XUser was called for me. Fixed itself after recompiling via make clean, but now winedbg freezes if I make a small break of 20s and do not keep it running long enough. Want to experiment with the XUser api, coming from the dark minecraft-linux side of things. Which has xbox auth for years.

Thanks, I'm aware of this issue, I just haven't got round to pushing my changes yet.

To elaborate more on the auth hold up, the XUserGetTokenAndSignature methods return both the XToken for the authorization header and also a signature header of the provided message body, in my understanding the signature cannot be generated without the private key and encryption and key provisioning hasn't yet been worked out for msixvc packages, hence why they first have to be 'decrypted' through a windows installation.

Although I couldn't say for sure without further testing, as I am not super familiar with other projects, Minecraft/PlayFabApi may not verify the message integrity, which may allow a semi-stub of XUserGetTokenAndSignature methods to work albeit only for certain games. Either that or the clients act as mobile platforms in terms of auth which use a slightly different api, and would allow a mitm method, which isn't as useful here without a lot of game specific code.

The last part might be completely incorrect and if you know more please let me know 🙂

[ChristopherHX]

Minecraft/PlayFabApi may not verify the message integrity

I hope so (and understood this from your original post), but I almost had the conclusion that I have a much bigger problem that I do not have stub idl files of the unknown interfaces that might or not be other xbox live libraries.
Or could I somehow do the same as gameservices.dll.threading and try to load the ms binaries like I do on android?

My general Idea is to intercept the XCurl http client, if it finds the fake signature and remove that from the url. Since I would expect that a provied signature would be validated. Based on examples on msdocs, it reads like signature might be optional and could be NULL, however this depends on how the code interacts with the result.

I also read all cross platform games needs to somehow lift such a requirement, but anyhow ms might be able to apply this only on supported platforms.

XUserGetTokenAndSignature

I wonder did the game call this XUserGetTokenAndSignature function on your end? Could failed for me, since I yet have to figure out how you got the authenticated user credentials for injection.

The last part might be completely incorrect and if you know more please let me know 🙂

Yes I let you know once I have more time with experimenting with winegdk, till now no news.