Topic: Possible Spoof Detection? (Read 88 times)

caster420 · « **Reply #15 on:** October 09, 2008, 04:51:00 PM »

QUOTE(calloused labia @ Sep 7 2008, 12:00 AM)

If Firmware Toolbox can see this difference then could MS?

This isnt firmware toolbox seeing the difference, it is a bug in firmware toolbox. Firmtool changes both the inquiry and identify string and 360 firmware toolbox does not. Compare the two files you created in hex and you'll see exactly what i'm talking about...

Caster.

caster420 · « **Reply #16 on:** October 09, 2008, 04:41:00 PM »

Here is your example...

(1) Firmware created with firmtool
IPB Image

2) Firmtool created firmware opened with 360 Firmware Toolbox (same error you noted above, plus key is incorrect, as i would assume yours was as well!!!)
IPB Image

3) 360 Firmware Toolbox v4.7 spoofing the same type of firmware...
IPB Image

4) Hex comparison of two generated firmware...

IPB Image

Notice that 360 Firmware Toolbox does not spoof the identify string (one on top). This is how it 'detects' spoofed firmware. Since firmtool changes both strings, 360 Firmware Toolbox does not detect it properly and does not find the key properly. There is nothing wrong with the firmware firmtool created but rather with 360 Firmware Toolbox.

Regards,

Caster.

ghaladream · « **Reply #17 on:** October 09, 2008, 05:28:00 PM »

Thanks for the info caster

calloused labia · « **Reply #18 on:** October 09, 2008, 05:45:00 PM »

Thanks for clearing that up Caster.

I didn't notice any discrepancy with the key when I was testing so I decided to go back and open the Samusng spoofed BenQ firmware with FWTB and Firmtool.

Sure enough.. the key in FWTB is wrong!!

(IMG:http://i443.photobucket.com/albums/qq159/callousedlabia/360/WTF.jpg)

caster420 · « **Reply #19 on:** October 09, 2008, 08:06:00 PM »

No problem. It appears as though he has fixed my above example (spoofed samsung firmware) with v4.8 but not spoofed benq firmware, as you noted.

Regards,

Caster.

ghaladream · « **Reply #20 on:** October 09, 2008, 08:21:00 PM »

QUOTE(podger @ Sep 7 2008, 01:20 PM)

5 bytes of the ss are drive specific. So a Sammy spoofed as benq will return a different ss to a benq... I believe this is the case even with originals.... Cross-spoofing has never been considered safe...

So, should I be worried about this?

test123123 · « **Reply #21 on:** October 10, 2008, 04:24:00 AM »

If I purely used Firmware Toolbox 4.8 to flash Hitachi drive and NOT using the spoof function. Is it OK?

calloused labia · « **Reply #22 on:** October 10, 2008, 10:16:00 AM »

QUOTE(test123123 @ Oct 10 2008, 06:24 AM)

If I purely used Firmware Toolbox 4.8 to flash Hitachi drive and NOT using the spoof function. Is it OK?

Yes, it should be fine.

QUOTE(ghaladream @ Oct 9 2008, 10:57 PM)

So, should I be worried about this?

I was, I removed the spoofed Samsung from my 360 and but back the BenQ.

Author Topic: Possible Spoof Detection? (Read 88 times)