Annoying the xbox dev team ?
I have been meaning to write about a project I did about 5months ago and how it got attention of Major Nelson and was kinda shut down shortly after.
It was built with javascript and hosted on github.
What did you make?
Well for people who dont know, the Xbox One allows you to record and share game clips and screenshots. Cool right ?
I bought an Xbox One and play it most nights while listing to podcasts. While listing to the Rooster teeth podcast episode 355. In it they where talking about being able to share and view each others videos and that it was impossible to see the stuff the user doesn’t share (private ones).
Well I got a moment of madness and started to make a javascript script and website that would allow you to get the videos and gameclips of user by there gamertag.
How did it work ?
Well I first went onto the xbox.com website , as you can view your own gameclips and screenshots there. I opened up the developer tools in chrome and looked at the network tab for any JSON files being loaded.
I noticed two files being loaded
https://account.xbox.com/en-us/gameclips/loadByUser?gamerTag=rob%20gabriel
and
https://account.xbox.com/en-us/gameclips/loadByUser?gamerTag=rob%20gabriel
well the funny thing was there was no sort of authorisation on these calls, so by replacing my gamertag with anyone else’s it would load that gamertags videos or screenshots.
So the json file looked like this
{
"result":true,
"data":{
"ContinuationToken":null,
"Screenshots":[
{
"Id":"9e8a5803-a495-4a29-b21a-c64602434393",
"Scid":"c4060100-4951-4a51-a630-dce26c15b8c5",
"Name":"",
"Uri":"http://screenshotscontent-t5002.xboxlive.com/000900000284f400-9e8a5803-a495-4a29-b21a-c64602434393/Screenshot-Original.png?sv=2014-02-14\u0026sr=c\u0026sig=K8Tn%2FgFZeSH8hi6porRPNC18RXkIIfveQoKa00D6zp4%3D\u0026st=2015-09-07T21%3A31%3A54Z\u0026se=2015-09-07T22%3A36%3A54Z\u0026sp=r\u0026__gda__=1441665414_1a6bf18ae80dc665c7f877f53f10d049",
"Preview":"http://screenshotscontent-t5002.xboxlive.com/000900000284f400-9e8a5803-a495-4a29-b21a-c64602434393/Thumbnail_Large.PNG",
"Thumbnail":"http://screenshotscontent-t5002.xboxlive.com/000900000284f400-9e8a5803-a495-4a29-b21a-c64602434393/Thumbnail_Small.PNG",
"Expiration":"2015-09-07T22:36:54.5126079Z",
"Duration":0,
"CaptureTime":"Uploaded 8/5/2015",
"ViewCount":4,
"Views":"4 views",
"TitleId":1813362885,
"TitleName":"FIFA 14",
"TitleLink":"https://store.xbox.com/en-US/Xbox-One/Games/FIFA-14/f04f7029-01ea-4d65-988b-56f583fb7f6c",
"OwnerGamerTag":null,
"OwnerProfile":null,
"OwnerGamerPic":null
},
{
"Id":"196aad38-cc91-4760-9beb-fb0c07e0c8a5",
"Scid":"1b180100-2e72-4297-a9e6-b79d5a9771a4",
"Name":"",
"Uri":"http://screenshotscontent-t4002.xboxlive.com/000900000284f400-196aad38-cc91-4760-9beb-fb0c07e0c8a5/Screenshot-Original.png?sv=2014-02-14\u0026sr=c\u0026sig=s9dqA1I%2Bdjv1oTxM%2FmX%2B0tYj8RD2eysCWgp1XAQ6xA4%3D\u0026st=2015-09-07T21%3A31%3A54Z\u0026se=2015-09-07T22%3A36%3A54Z\u0026sp=r\u0026__gda__=1441665414_379050eaf43b062e85d9af7811df2300",
"Preview":"http://screenshotscontent-t4002.xboxlive.com/000900000284f400-196aad38-cc91-4760-9beb-fb0c07e0c8a5/Thumbnail_Large.PNG",
"Thumbnail":"http://screenshotscontent-t4002.xboxlive.com/000900000284f400-196aad38-cc91-4760-9beb-fb0c07e0c8a5/Thumbnail_Small.PNG",
"Expiration":"2015-09-07T22:36:54.5126079Z",
"Duration":0,
"CaptureTime":"Uploaded 5/30/2015",
"ViewCount":0,
"Views":"0 views",
"TitleId":1519874468,
"TitleName":"Forza Horizon 2 Presents Fast \u0026 Furious",
"TitleLink":"https://store.xbox.com/en-US/Xbox-One/Games/Forza-Horizon-2-Presents-Fast-Furious/aaae1849-53dc-453f-8b38-27955610925d",
"OwnerGamerTag":null,
"OwnerProfile":null,
"OwnerGamerPic":null
}
]
}
}Some highlights is the ContinuationToken, which gameclips and screenshot are loaded only 12 at a time. so if you had more then 12 you would have to pass the ContinuationToken in the parameter like so
https://account.xbox.com/en-us/gameclips/loadByUser?gamerTag=rob%20gabriel&ContinuationToken=token
Reminder you can access the code here. I built some fixtures to allow for valuation and options like so.
<body onload="xboxOneMedia.Init(0,'screenshots','Rob Gabriel',899,899,1);">So the paratmars (Flags) you need to send are the following
- Flag : 1 equals all screenshots/videos, 0 equals random screenshot/video.
- Type : screenshots means screenshot. gameclips means videos
- gamerTag : The Gamer Tag you want to get videos from.
- width : The width of the Video Player.
- height : The height of the video player.
- Number of Videos/images : Incase you want to limit it.
What happened ?
So after two hours of developing it. At 3am I posted it on reddit here. To the rooster teeth fans who gave great feedback, comments and shared it online. But it was one comment that made it turn into a a hit. Its to be noted I allowed you to download and save the videos and screen shots.
