Actually this idea is very good. It might not be easy to pull it off but maybe M$ made yet another mistake in their system. Since I do not use xbox live I cannot really tell if it can work, though. In theory it should be enough to create a proxy tool that replaces the actual update data in the Live connection.
I've been wondering if someone has been properly looking at the Live protocol using a packetdumper. I mean battle.net has been "cracked"/emulated that way, so don't underestimate the power of reverse engineering. Is all live traffic encrypted?
If not, it might be enough to intercept a live packet UPDATE_FOLLOWS or something like that and resend that after the xbox has authed to the real Xbox Live. This would mean that the xbox is already in the "i am talking to xbox live, maybe there's an update"-state and all you need to do is send that packet followed by the actual data.
Of course this is not gonna work (that easily) if one of the following is true:
1) Xbox live traffic is encrypted
2) The updates are encapsulated/signed in a way that one cannot emulate. I.e. it doesn't transmit the new files directly but as an XBE archive which gets extracted after receiving.
3) Xbox-Fonts cannot be updated via Live (unlikely)
However someone should look into it, I'd happily do it if my xbox wasn't modded.
Steps would be
1) Install a packet dumper on the internet gateway pc
2) connect to live with an outdated dash or game
3) dump all traffic to disk
4) analyze whether its encrypted or cleartext and if there's a way to replace the update's content
5) Code a tool that just forwards traffic until a certain breakpoint, sends UPDATE_FOLLOWS packet (or similar) and the file using adress spoofing (i.e. pretending to be the xbox-life server)
Result would be a non-memcard way to "open" an xbox
![smile.gif](http://forums.xboxscene.org/html/emoticons/smile.gif)