Let me get this straight. You'd use an exploit to run a habibi signed avalaunch.xbe, which has been treated with fuckms. That would then return the kernel to retail, then you'd launch the default.xbe created by a game auto-update, which would be perfectly fine since it's HDD signed with the retail key. I don't get how a hash scan would stop this. The same thing stopping people who renamed their default.xbe to xboxdash.xbe would stop people here? How does it know? Are there some paramaters passed by the original .xbe? If then, could you just use fuckms on the xbe from the DVD, which would then execute the HDD signed one in TDATA? Seems like a rather simple thing to after this exploit, so I assume it doesn't work. Does MS scan for modified dash files now? If worst comes to worst, MS would just make sure you get banned if you use any softmod at all.