Topic: I Think I Have Just Cracked It Re: Bans (Read 1086 times)

KingProzak · « **Reply #180 on:** May 20, 2007, 12:20:00 PM »

QUOTE(MickRick @ May 20 2007, 07:49 PM)

Wrong. As I said in an earlier post in this thread, I installed the Autumn (Fall) update prior to flashing my drive and I haven't been banned. Yet.

Begging your pardon but, as it stands, nearly everyone else who flashed after the fall update has been caught. If you can find something else as blatantly in common then please tell us.

Notice how I make a clear mention of the fact that flashing back to stock before doing the spring update actually BANNED a machine that had previously not been on live in over a month? Don't you think that's a little strange?

Sorry but if you're going to tell people they're just "wrong" then provide an example. As it stands you are the exception to the rule, not the model for it.

Winchy · « **Reply #181 on:** May 20, 2007, 12:49:00 PM »

Err I dunno much on the topic, of how firmware is read and all that.. just thought I'd throw this out there..
Seems as though the ones not being banned are mostly 78fk and ms28s.
Just went through the first 6 pages of this and didn't see one person with 78 being banned.
One or maybe two with ms28 being banned.
Could this perhaps be the was the ms28 was modded? Maybe the resistor trick makes MS able to read the persons firmware when they previously could not?
Just thought I'd point it out, I don't think I've solved anything in the slightest, just something I noticed.

FOOLVER · « **Reply #182 on:** May 20, 2007, 02:15:00 PM »

i have readed the post just until page 15 (but i have read a lots of others threads)... therefore.. no one think there must be more than just one method MS used to find modded xbox? If MS has used these 2 combined method : fingerprint + stealth games check ?

my idea of fingerprint method:
in the fingerprint method i think that if you have flashed your xbox out of the box the live services have stored as "good" the fake crc32 signature that the xtreme firmware had returned instead of its original ones, allowing ulterior upgrade of the firmware (who returned always the same fake crc32 signature), however many users tell us that this method is not the perfect one (for not to come banned) therefore i think it is combined with the stealth games check.

i am almost sure that there are not xbox banned that are flashed out of the box (since the 3.0 [stealth media implemented] or 4.0[FirmGuard] version of the xtreme firm on samsung drives) and have always used fully stealth games

sorry for my english.. i am not very good

MickRick · « **Reply #183 on:** May 20, 2007, 02:19:00 PM »

QUOTE(KingProzak @ May 20 2007, 07:56 PM)

Begging your pardon but, as it stands, nearly everyone else who flashed after the fall update has been caught. If you can find something else as blatantly in common then please tell us.

You said you were "100% certain", I dispelled that theory, what's the problem We can theorise till the cows come home about it but the fact is, no one knows what info M$ is using to ban consoles.

FOOLVER · « **Reply #184 on:** May 20, 2007, 02:31:00 PM »

QUOTE(jubilex @ May 20 2007, 10:59 PM)

This theory doesn't seem entirely plausible to me.

Say your (un-modified) dvd drive fails. You send it in to Microsoft (under warranty or not). They replace the optical drive. You get it back. Under this theory, you would be banned as soon as you login to Live because your OD fingerprint no longer matches what it used to be.

maybe they can reset your fingerprint (as long as they sent you the same console)

Thracky · « **Reply #185 on:** May 20, 2007, 02:43:00 PM »

QUOTE(jubilex @ May 20 2007, 09:59 PM)

This theory doesn't seem entirely plausible to me.

Say your (un-modified) dvd drive fails. You send it in to Microsoft (under warranty or not). They replace the optical drive. You get it back. Under this theory, you would be banned as soon as you login to Live because your OD fingerprint no longer matches what it used to be.

This has been the complaint of many apparently unmodded people on live, is that they sent it out for repair at some point and now they are banned, however I don't think it has happened to everyone. Maybe only those who had an optical drive replaced?

MickRick · « **Reply #186 on:** May 20, 2007, 02:55:00 PM »

That is what I was saying in the closed thread. That M$ have sent out "refurbished" consoles instead of repairing originals and now they have been banned. I can see a huge lawsuit on the horizon unless M$ does backtrack and un-ban all banned consoles.

FOOLVER · « **Reply #187 on:** May 20, 2007, 03:23:00 PM »

QUOTE(jubilex @ May 20 2007, 11:35 PM)

Possible, but these are the same repair techs that seem to overlook the missing security stickers and obvious signs of tampering in many cases. And if they were going to be setting fingerprints there, why wouldn't they just do it before the 360s ship in the first place -- i.e., before you even purchase it? Then it wouldn't make a difference if you modded it before plugging it in; the original factory fingerprint would already have been logged.

There's also the seemingly obvious fact (unless I'm overlooking something) that there is no difference between recognizing a changed dvd "fingerprint" and recognizing an altered firmware. They know what drives they're installing and what "fingerprint" those drives should be reporting without first needing you to log in to Live with it. Any change from that stock fingerprint would obviously mean altered firmware.

(as long as what i think is true) They aren't signed the fingerprint before the shipment cuz they ignored the dvd vulnerability or dunno why.

You overlook the fact that a stealth firmware looked as it is original, or it is a mistake?

Tribis · « **Reply #188 on:** May 20, 2007, 03:36:00 PM »

My question is if this footprint is stored on M$ servers or on the machine itself (and I dont mean HDD).

Also I asked this a while ago but because of the ban hammer it went unanswered. What kernel version are coming preloaded on newer consoles? Any of them pre-Fall update.

tc214 · « **Reply #189 on:** May 20, 2007, 03:38:00 PM »

my theory could be that they are detecting modded drives by drive speed alone...

dirty discs usually read slower in the drive if I am not mistaken...(explains hitachis/unmoddified consoles being banned)

also explains ms25's and ms28's flashed with the speed changing fw getting banned...

just a theory. does it hold any merit?

tc214

IIroutII · « **Reply #190 on:** May 20, 2007, 03:46:00 PM »

my theory is the put some kindof spyware on your 360 via Spring Update, and the spyware detects if you change your FW, i know this has prob. alreay been said but im just sayin its what i beileve

MickRick · « **Reply #191 on:** May 20, 2007, 04:42:00 PM »

QUOTE(tc214 @ May 20 2007, 11:14 PM)

my theory could be that they are detecting modded drives by drive speed alone...

dirty discs usually read slower in the drive if I am not mistaken...(explains hitachis/unmoddified consoles being banned)

also explains ms25's and ms28's flashed with the speed changing fw getting banned...

just a theory. does it hold any merit?

tc214

My drive has Xtreme 5.3b which slows the drive down for backups, normal speed for originals. Still not banned.

savagepoop · « **Reply #192 on:** May 20, 2007, 05:12:00 PM »

I flashed my bro's hitatchi drive chirstmas day before even tryin the console its self or connecting to live.
and now he's banned..... so ur theory cant be right

XLNC · « **Reply #193 on:** May 20, 2007, 05:18:00 PM »

I think its most likely to do with the games not being stealth.

slumberpod77 · « **Reply #194 on:** May 20, 2007, 05:26:00 PM »

as I have already posted before, my source inside MS tells me they are doing detection based on drive performance using remote diagnostics. They have no way to properly read / detect the firmware of your drive at this point in time. There is no "big brother" style tracking of your system or anything like that, and such theories in that direction are completely wrong.

I have an Elite system with a Hitachi 78k drive which I purchased from my store brand new, factory sealed box. I got the Spring update and was playing online, then installed the most recent hacked firmware, then was able to play online using a backup copy of a game. My first burned copy of C&C 3 worked 100% fine, no problems except my lack of skills causing me to get owned. I am very glad I started using backups, as clumsy people + messy room has already lead to a very scratched/ringed backup of Guitar Hero 2. Anyways, I am still not banned, but no longer wish to take chances by playing backups while connected to Live. Many people have had the same experiences I have just detailed, which blows to shit the "fingerprint" idea some of you have been floating around.

Also, your system cannot be unbanned. My MS source tells me they mark the EEPROM just like back in the old Xbox days, and marked systems cannot connect to Live, so you'll have to RTV such systems or wait until someone figures out a way to unmark an EEPROM (if thats even possible). If you read the above information it may beg the question "what about false positives?". Indeed, if a system has a defective DVD-ROM drive which is not performing correctly it can cause that system to be banned. This is why we have seen many stories about incorrectly banned people.

Author Topic: I Think I Have Just Cracked It Re: Bans (Read 1086 times)