Utter Chaos' Notes

Monday, May 21, 2007

My thougths on the recent XBL-banning (Part 1)

Theory 1: The FW-change theory
This theory describes the possibility MS has to checksum the Firmware of the DVD-drive. At a certain moment the drives firmware gets checksummed and the value will be stored either locally or remotely. At a later moment (during each bootup and/or logging into XBL) the FW gets checksummed again. If the stored value is different from the newly obtained checksum the drives FW has been altered which results in a ban.

Possibility: VERY UNLIKELY

Although this theory is quite popular I believe it's a very unlikely scenario. A Firmware change can have other reasons than just modding a drive. A large number of drives are replaced during repair centers every day around the world with other brands/types (and therefore different chekcsums). I also like to add the fact I own a single box using different drives/firmwares (Hitachi/Samsung) and have not been banned (yet). Lastly: MS wants to block the use of backups on XBL, logging differences in FW-checksums is a long shot to accomplish such a thing. Just think of all the modders who flashed the DVD-firmware out of the box, there would be no changes recorded so every backup should still be playable online without the risk of getting banned!

Theory 2: Monitoring backup-usage over a period of time
This theory describes the possibility MS has to detect the use of backups and storing such information localy. When the user logs into XBL the locally stored information about backup-usage is sent to MS along with the unique console-id. Once the console-id is flagged as capable of running backups it will be added to the ban-list.

Possibility: UNLIKELY

I believe this is also an unlikely scenario. Keep in mind the statement MS has made on the subject: MS wants to block the use of backups on XBL. However when this theory would be fact it would mean people can get banned for XBL while they have never been on XBL using a backup. This looks like incosistent since MS would ban people for a mistake they could possibly make in the future but haven't made so far! I'd like to add my personal experience also: I've been using a number of backups offline and originals online. So far I have not been banned (yet).


Theory 3: Monitoring backup-usage on/logged into XBL
This theory describes the possibility MS has to detect the usage of backups once logged onto XBL. Once backup-usage has been confirmed when logged into XBL the unique console-id gets flagged and sent to MS to add to the BAN-list.

Possibility: LIKELY

I believe this is scenario is the most plausible as it does exactly what MS has in mind: Stop the usage of backups on XBL. If this theory holds up the main question remains when did MS start collecting data on backup-usage. Despite the "Stealth" Firmware and images there are a whole bunch of (documented) ways to differentiate an original from a backup. Since the first news of the bannings I've only used originals when logged in to XBL on an unaltered drive. So for I have not been banned (yet). Since it's unclear when the logging started (if all) my console-id could be flagged already and a ban could become reality in one of the following "ban-batches".

To wrap things up:
- Respect for the nicely executed action from MS. Especially the fact bannings have been done "randomly" kept us in the dark (and probably still does).
- Even if you're not banned NOW is no guarantee it won't happen in the (near) future, this is especially true if you're already flagged but the hammer has yet to fall!

And finally:
This is/was all just a game.. so don't whine when you're banned: YOU WIN SOME... YOU LOSE SOME! :)

Useful links:
http://www.majornelson.com/archive/2007/05/17/xbox-live-security-5-17.aspx
http://gamerscoreblog.com/team/archive/2007/05/17/545414.aspx
http://www.xboxhacker.net/index.php?topic=7566.0

-UC-

(As you may have guessed English is not my native language, sorry for all the mistakes!)