Print

[uk-hitman]

Nice try bro ..
But I think M$ will have the Serial Number Linked to the MAC Address.

I think  every brand of Network cards has its own range of MAC's  ? (could someone confirm this)

Thanks

[Gn0ver]

QUOTE (inVinCiBleGaMa @ Nov 14 2004, 03:58 PM)

I dunnno..... like DVD Drives and HDDs they probqbly are all mismatched anywway. AND it would be too much wok on the Xbox Assembly Line to keep track of every MAC ID and every EEPRom.  Gn0ver, you may just have help me find my answers. And i've also seen a poll on these forumz that said "Made my own EEPROm using Config Magic" and a few ppl said yes so maybe it can be done.

I agree with inVinCiBleGaMa, keeping track of EEPROM's and MAC Adresses would be too much work, especially when you thing a lot of boxes are repaired and stuff.

The only thing we need is confirmation of two things:
- Does the EEPROM really contains information about the Xbox hard drive, and is this used during the check as described in the marriged theory (EEPROM+HDD_ID=unique)
- Can we alter and 'build' our own valid (for xblive) EEPROM using configmagic?

[Panick]

Yes EEPROM really contains information about the HD that was shipped with the machine (serial number and model), yes the EEPROM really contains the MAC address and serial number of the XBox in question. Ask yourself this: if they can put the serial in the EEPROM and on the sticker on the bottom of the XBox and on the warranty card that comes with the XBox, how much extra effort do you think it would take for them to record the MACs? They may not know exactly what MAC is in a particular box but I bet they know the range of MACs for a given range of serial numbers.

If you could build a legit EEPROM for Live I think someone would've figured this out by now instead of buying new EEPROMs at $8-10 a pop.

Now if the EEPROM is what is checked during the Marriage Theory test (and there's a good chance it is) is it possible to change just the HD model and serial to the one that you swapped into the box? And if so, will that stop you from being banned?

[bengu]

I don’t think it would be to much work, to me it would just be a matter of righting two sets of numbers down the eeprom serial, and the mac adress and then putting them into a data base.  But maybe it is more work then it sounds.

[Lord-Icon]

QUOTE (Panick @ Nov 14 2004, 05:39 PM)

Yes EEPROM really contains information about the HD that was shipped with the machine (serial number and model), yes the EEPROM really contains the MAC address and serial number of the XBox in question. Ask yourself this: if they can put the serial in the EEPROM and on the sticker on the bottom of the XBox and on the warranty card that comes with the XBox, how much extra effort do you think it would take for them to record the MACs? They may not know exactly what MAC is in a particular box but I bet they know the range of MACs for a given range of serial numbers. If you could build a legit EEPROM for Live I think someone would've figured this out by now instead of buying new EEPROMs at $8-10 a pop. Now if the EEPROM is what is checked during the Marriage Theory test (and there's a good chance it is) is it possible to change just the HD model and serial to the one that you swapped into the box? And if so, will that stop you from being banned?

Err I don't think so ...

The eeprom doesn't hold information of the HDD ...
I have hacked into it and it only holds the xbox s/n and MAC address ...

[Lord-Icon]

I have two xboxes  one modde ,
I swapped the HDD form th modded xbox into my working xbox , and Im still connected to live .

As I have said in the past , no HDD s/n is passed to M$ ....   fact !

[Panick]

QUOTE (Lord-Icon @ Nov 14 2004, 05:51 PM)

Err I don't think so ... The eeprom doesn't hold information of the HDD ... I have hacked into it and it only holds the xbox s/n and MAC address ...

First off, watch the ConfigMagic video. The EEPROM does store the HD serial and HD model (and apparently it can be changed).

This is everything stored in the EEPROM:

XBOX VERSION
KERNEL VERSION
XBOX RAM
XBOX SERIAL NUMBER
XBOX MAC ADDRESS
XBOX ONLINE KEY
XBOX VIDEO MODE
XBOX XBE REGION
XBOX HDD KEY
XBOX CONFOUNDER
XBOX HDD MODEL  
XBOX HDD SERIAL  
XBOX HDD PASSWORD
XBOX DVD MODEL

It's highly probable that MS is checking the EEPROM against whatever HD is currently in the machine. If they're different, the box gets banned.

[syntaxx_error]

QUOTE (Panick @ Nov 14 2004, 07:19 PM)

First off, watch the ConfigMagic video. The EEPROM does store the HD serial and HD model (and apparently it can be changed). This is everything stored in the EEPROM: XBOX VERSION KERNEL VERSION XBOX RAM XBOX SERIAL NUMBER XBOX MAC ADDRESS XBOX ONLINE KEY XBOX VIDEO MODE XBOX XBE REGION XBOX HDD KEY XBOX CONFOUNDER XBOX HDD MODEL  XBOX HDD SERIAL  XBOX HDD PASSWORD XBOX DVD MODEL It's highly probable that MS is checking the EEPROM against whatever HD is currently in the machine. If they're different, the box gets banned.

Is there a way to view what is stored in my eeprom ?
Are we ban again if we buy a new xbox ?

[mrjkwik]

from what i've seen, the eeprom auto-updates.  if my xbox came with a seagate, and i install a maxtor, then the eeprom changest to reflect that there is a maxtor in there.  it doesnt still say seagate.  so m$ doesnt have to scan both the eeprom and the hdd, because the eeprom tells them what kind of hdd you got.  all they have to do is scan the eeprom.  when i ran config magic to take a look at my eeprom, it had updated that i had in fact changed my seagate to a maxtor.  it also knew that i had changed my dvd drive from a tommy to a sammy.

now, if we knew for a fact that all they scanned was the eeprom, we may be able to disable the "write to" on the eeprom, where it would retain the original info.

only chink in anything i've said is, i have "write to eeprom" enabled in avaluanch.  if i didnt have it enabled, would it still have updated my hdd?

[Panick]

QUOTE (mrjkwik @ Nov 14 2004, 07:36 PM)

only chink in anything i've said is, i have "write to eeprom" enabled in avaluanch.  if i didnt have it enabled, would it still have updated my hdd?

More importantly, have you been banned yet?

If you have then we can rule out the EEPROM reading as a possibility. If not it's still a good possibility.

[mrjkwik]

yes, i have been banned.  but if they were reading eeproms, then the initial scan would have had the stock hdd.  and if the did the new scans around the halo launch, then my eeprom would have showed the new drive.  i installed my new drive in sept.  so yeah, i've been banned.  but that doesnt rule out reading eeproms.  

now, if it does autoupdate, and the eeprom writes in new data when new hardware is put in, then it may not matter whether or not i have "enable eeprom writing" in ava or not.

if that is the case, someone responded to another post i made with a link to a switch that could be installed to prevent writing to eeprom.  so my thinking goes to IF, always an IF because i dont know everything.  but IF, you were to install this switch, flip it to off to disable any eeprom writing, then change your drive, that may be a work around.  just a matter will the xbox operate without the eeprom being updated to what hdd is in it.  

can people with upgraded drives check their eeproms and see if it reflects the new drive, or the stock drive?

[Panick]

Even if you can make the EEPROM hold the original HD info that doesn't rule out them doing a very trivial scan on the local system and finding the real HD model and serial number.

Without cracking the encrypted stream that gets sent to Live (which borders on the impossible to do within a decent timeframe) there is simply no way to know for sure what they are scanning for the bans.

[rob_ocelot]

QUOTE (Gn0ver @ Nov 14 2004, 09:19 PM)

Ok, so if the eeprom really updates automatically, MS is just checking your new EEPROM against your old one, perhaps by serial number (and MAC-address?). Which means that some vital changes in the EEPROM bans you from xboxlive. This makes the check less advanced as we think it is. It might just be an EEPROM to EEPROM check. If your HDD differ you get banned, but may be also if your xbe region or videomode gets changed.

I think you may be on to something here.  It certainly does explain why some people have been banned and others have not.  The changing EEPROM into is the ONLY way M$ knows we have changed something.

My take on this is that M$ tried a 'shotgun' approach.  Back in April (amd since then) the new live code reported your EEPROM info. Six months later they send out a 'blast' and took out as many modders as they could in one go by doing a second automatic EEPROM comparison. Halo 2 had this code, but also sent out a shot the day before to get the ones who didn't buy H2.

Before this point though EEPROM info was NOT automatically compared unless a different BIOS was detected -- which usually resulted in a ban.

In situations like these where there are conflicting results and confusion usually Occam's Razor applies  -- The simplist solution is more than likely the correct one.

My theory is that M$ simply modified their code now to send EEPROM data every time you log on and a compare is done.  This might be happening only with gamertags that have been previously banned or with everyone.

There is still room for yet another check on top of an EEPROM compare but the preliminary results from the banning survey are ruling out any specific configurations (alternate dashboards on c: with no upgraded HD, etc).

This 'Mutating EEPROM' theory would give the exact same results as the Marriage theory, with the added bennefit that it's much simpler for M$ to implement with a slight change in code -- rather than trying to shoehorn in a new way to scan the Xbox for something they could not detect before.

[Lord-Icon]

Well I have been doing a packet scan on a banned and working xbox .
and both xboxes send
1 your sbox serial number
2 your MAC address

I have not found and s/n for HDD's

Further more ther eeprom dosn't hold any information of your stock drive . it will scan what ever is connected to the ide port

[mrjkwik]

QUOTE

Gn0ver     Posted on Nov 14 2004, 03:19 PM      Ok, so if the eeprom really updates automatically, MS is just checking your new EEPROM against your old one, perhaps by serial number (and MAC-address?). Which means that some vital changes in the EEPROM bans you from xboxlive. This makes the check less advanced as we think it is. It might just be an EEPROM to EEPROM check. If your HDD differ you get banned, but may be also if your xbe region or videomode gets changed. We still need to know if we would be able to make a valid EEPROM by just changing the serial. Could any banned xbox user please try this with configmagic? And what if we could make the eeprom sort of 'locked, so it doesn't changes it's content automatically. It would perhaps than be able to show your stock hard drive, while it is actually not there?! These things are all just theory, but are worth exploring!

nice to see someone saying that.  i've posted it in several threads on about the 11th, and even started one for it, but i just got ignored due to the panic i guess.  here's the link to that thread if you/anyone wants to take a look and weigh in on it. i said it because obviouslyt m$ already has easy access to the eeprom if they can ban it, and it contains all the info that people were talking about in the "marriage" theory.  so why go through the effort to scan the drive itself for the serial/model.

on a side note on my previous post, good in theory i think, flawed in execution.  sure, it would be great if we could trick them to think that it has the stock hdd by preventing writing the new hdd to eeprom, but i didnt think about the fact that it writes the new lock key there as well.  so even IF we could prevent it, the the key wouldnt be present unless its saved somewhere else other than the eeprom.