Print

[calloused labia]

It has been mentioned on xboxhacker.net that spoofing Samsungs as BenQs is "detectable".
The member who posted it was asked to elaborate but never did.

After spoofing BenQs as Samsungs and Samsungs as BenQs using Firmtool 1.2 , I ran across something that indicated a Samsung spoofed to a BenQ is detectable. At least by Firmware Toolbox.

   
After spoofing a Benq to appear as a Samsung using Firmtool 1.2  I opened the spoofed firmware in Firmware Toolbox. Firmware Toolbox lists the "ROM version" of a "Samsung Spoofed" BenQ exactly how the original Samsung Firmware is seen. This is good.

=====================================================================
This is the original TS 25 firmware as seen by Firmware Toolbox

(IMG:http://i443.photobucket.com/albums/qq159/callousedlabia/360/orig25.jpg)

=========================================================================

This Benq iXtreme firmware spoofed as a Samsung TS 25 using Firmtool 1.2  . Firmware Toolbox sees the Rom Version as the same.  


(IMG:http://i443.photobucket.com/albums/qq159/callousedlabia/360/ftoolbox.jpg)

The Rom version is identical!

============================================================================
============================================================================


But when I use Firmtool 1.2 to make a Samsung appear like a BenQ, Firmware Tool Toolbox lists the ROM version with strange characters in it. ( I have been able to duplicate it several times ).

=============================================================================
=============================================================================
Original BenQ Firmware

(IMG:http://i443.photobucket.com/albums/qq159/callousedlabia/360/stock.jpg)

===========================================================================

Samsung xtreme Firmware spoofed as BenQ using Firmtool 1.2. Firmware Toolbox has an issue with the ROM Version

(IMG:http://i443.photobucket.com/albums/qq159/callousedlabia/360/wierd.jpg)

Wierd characters
==========================================================================

If Firmware Toolbox can see this difference then could MS?

( Scuba where is Firmtool version 1.3? You told me last month on a separate but another spoofing related scenario that I should use that)

This post has been edited by calloused labia: Sep 7 2008, 05:01 AM

[darkshadow2k8]

see that could be possible but its to hard to tell thats why i dont spoof drives unless it was the new lite on at least until its hacked

[CasioNo15]

No it has nothing to do with this wrong displayed characters.
If you open up an iXtreme firmware with toolbox, for example a benq firmware, it will detect it as iXtreme and go to an specific offset to look which iXtreme version this firmware is.
For Benq this could be 0x5FE0. I don´t know if it´s the same offset for all Benq´s.
Now when you take a MS25 firmware and spoof it as Benq, the toolbox thinks it is a Benq firmware and goes to offset 0x5FE0 and reads out the iXtreme version, but it´s written at a different offset on a MS25 firmware.

As written on xboxhacker, the detection has to do with the SS generation.

Casio

This post has been edited by CasioNo15: Sep 7 2008, 11:53 AM

[calloused labia]

QUOTE(CasioNo15 @ Sep 7 2008, 06:52 AM)

No it has nothing to do with this wrong displayed characters.
If you open up an iXtreme firmware with toolbox, for example a benq firmware, it will detect it as iXtreme and go to an specific offset to look which iXtreme version this firmware is.
For Benq this could be 0x5FE0. I don´t know if it´s the same offset for all Benq´s.
Now when you take a MS25 firmware and spoof it as Benq, the toolbox thinks it is a Benq firmware and goes to offset 0x5FE0 and reads out the iXtreme version, but it´s written at a different offset on a MS25 firmware.

As written on xboxhacker, the detection has to do with the SS generation.

Casio

Thanks. I knew about the SS  but I did not know where Firmware Toolbox got the Rom Version from. That makes sense.

[calloused labia]

QUOTE(CasioNo15 @ Sep 7 2008, 06:52 AM)

As written on xboxhacker, the detection has to do with the SS generation.

Casio

Wait! I just re-read your post. At first I though you were saying the only way of any type of detection was bad SS on games. But after re-reading it, I realize you mean something completely different.

So spoofing a Samsung as a BenQ is detectable? Is there anybody working on this? Is there any way to work on it?

[podger]

5 bytes of the ss are drive specific. So a Sammy spoofed as benq will return a different ss to a benq... I believe this is the case even with originals.... Cross-spoofing has never been considered safe...

[calloused labia]

QUOTE(podger @ Sep 7 2008, 12:20 PM)

5 bytes of the ss are drive specific. So a Sammy spoofed as benq will return a different ss to a benq... I believe this is the case even with originals.... Cross-spoofing has never been considered safe...

 

ouch. I am just going to put the drives back in their original 360s then. I guess since the hard drive install update will be released soon, any problems with the Benq load times will be irrelevant.

[podger]

Of course you could produce f/w for say a Sammy that is optimal for spoofing as Benq/Lite-On.... but you would need to know what you are doing.... As far as I know C4 is working on this....

But it gets very complicated when it comes to Hitachi, coz there is so many of them... 64 or so variants..... only 4 for samsung

This post has been edited by podger: Sep 7 2008, 09:13 PM

[calloused labia]

QUOTE(podger @ Sep 7 2008, 04:11 PM)

Of course you could produce f/w for say a Sammy that is optimal for spoofing as Benq/Lite-On.... but you would need to know what you are doing.... As far as I know C4 is working on this....

But it gets very complicated when it comes to Hitachi, coz there is so many of them... 64 or so variants..... only 4 for samsung

Cool .. then maybe I will wait. What about the other way around. What about a BenQ drive spoofed as a Samsung? Is also detectable? Does it also send back a different response?

[calloused labia]

I put both drives back in the original 360s with the latest ix stealth, No more spoofing

[Ranger72]

How is Microsoft going to determine what is a spoofed drive from their repair centers and what is a spoofed drive from a hacker? I have received more than a few refurbished 360's that has a different drive in the console than the one that was originally there.

So if Microsoft is spoofing drives themselves when they replace them then how could they use that as a determination of a Live banning without also banning their legit customers?

[Traviss63]

QUOTE(Ranger72 @ Sep 10 2008, 05:43 PM)

How is Microsoft going to determine what is a spoofed drive from their repair centers and what is a spoofed drive from a hacker? I have received more than a few refurbished 360's that has a different drive in the console than the one that was originally there.

So if Microsoft is spoofing drives themselves when they replace them then how could they use that as a determination of a Live banning without also banning their legit customers?

Yes, I had two..."friends" who both claim to have just got back their console (when they brought them to me) from a M$ repair center. When I read/dumped the firmware with iprep it said it was spoofed, I think it was a Samsung spoofed as a Hitachi for one and I can't recall the other, anyhow this was a first for me. I had never even heard of spoofing until then.

I always assumed M$ didn't need to spoof the drive. I thought they could just reset that shit how they saw fit, but unless my custome... I mean "friends", were BOTH lying about their consoles coming from M$( Why lie?) then this suggest exactly what Ranger says...

How would they tell the difference between drives spoofed at a M$ RC or Hacker spoofed drives?
 (IMG:style_emoticons/default/uhh.gif)

[calloused labia]

QUOTE(Traviss63 @ Sep 10 2008, 01:33 PM)

Yes, I had two..."friends" who both claim to have just got back their console (when they brought them to me) from a M$ repair center. When I read/dumped the firmware with iprep it said it was spoofed, I think it was a Samsung spoofed as a Hitachi for one and I can't recall the other, anyhow this was a first for me. I had never even heard of spoofing until then.

I always assumed M$ didn't need to spoof the drive. I thought they could just reset that shit how they saw fit, but unless my custome... I mean "friends", were BOTH lying about their consoles coming from M$( Why lie?) then this suggest exactly what Ranger says...

How would they tell the difference between drives spoofed at a M$ RC or Hacker spoofed drives?
 

I also thought MS could "reset" anything how they wanted. Has anybody dumped the firmware they got back from MS service to see if there are differences? Perhaps their method of spoofing the drives is a little different and when they spoof, the drive returns the right SS responses?

[calloused labia]

ERR EDIT

QUOTE(calloused labia @ Sep 11 2008, 04:41 AM)

I also thought MS could "reset" anything how they wanted. Has anybody dumped the firmware from an MS spoofed drive? Perhaps their method of spoofing the drives is a little different and when they spoof, the drive returns the right SS responses?




 

[ghaladream]

I would like to know this as well. I just spoofed my old BenQ drive as a Samsung because of the poor BenQ backup load times, and because of another issue I've been having with my BenQ:

http://forums.xbox-scene.com/lofiversion/i...hp/t658021.html

http://forums.maxconsole.net/showthread.php?p=1029558

Also.. about that 5 bytes of the SS being different when cross-spoofing.. Have there been any reports of bannings due to people who have done this?

This post has been edited by ghaladream: Oct 9 2008, 11:36 PM