Slashdot Mirror
Hackers Dodge Xbox Live Shutout
An Ars Technica post at their games column Opposable Thumbs points out that, despite Microsoft's best efforts, hacked Xbox 360s are once again playing on Xbox Live. "Steadfast in their pursuits, the hackers of the Xbox 360 scene have managed to best Microsoft's Xbox Live Banning protocol: a system of checks in place to identify hacked Xbox 360s and deny them access to the Xbox Live Network. The current method of hacking the 360 involves exploiting the firmware of the DVD drive (the preferable method), and this latest patch does just that. In fact, the creators are so confident in their breakthrough that the info file remarks that the new firmware 'defeats all current and some future Xbox Live detection attempts.'"
I've heard that line before. Weren't the last firmware hacks designed to be "undetectable by Microsoft"?
Huh weird my GoW multiplayer perfect...my Cod3 (24 people) no issues...so either your connection sucks or you are talking out your ass.
Hacked XBox 360s can only play copied games, there's no other additional features and no homebrew games exist, as the hack still only lets you run signed code from Microsoft.
A couple of things:
1) To re-iterate what others are saying, the firmware hack does not defeat executable signatures, so the integrity of game code has not been compromised, however, game data files can be, and have been, compromised (Exo's GoW hacks). The simple solution is to update the executable with hard-coded data file checksums to go along with their weak signature security (in this case, on the GoW data files). So it's not entirely true that the firmware hack doesn't allow cheaters - but Microsoft has other avenues they can pursue in preventing cheaters. This wave of bannings represents an escalation in Microsoft's policy toward modders.
2) Something that many here miss, is that Microsoft has no direct access to the firmware for some models of the DVD drive they are using. Toshiba-Samsung MS28 drives, for example, have "Firmguard" - an attempt to thwart modders that has backfired on Microsoft. Why? Because powercycling the DVD with the correct VIA SATA chipset bypasses Firmguard as part of it's "Bad Flash" recovery mode. Microsoft cannot do this on the 360. This means they cannot read, nor write firmware to these drives.
There were several techniques Microsoft employed against modders in this last wave, verified by special debugging firmware employed - Microsoft was using an anomaly in the firmware's fetch of special sectors to determine if backups were employed (moddded Hitachi drives gave up the goods on this one), as well as more strict checking of those sectors (catching non-"stealth" backups), and finally, using Challenge/Response commands to do threshold timing (many used slower or faster timings on the firmware, which was detectable as being outside of thresholds).
There are still less reliable checks Microsoft may employ, but that dragnet will scoop up some legitmate users, too (No DVD Error code check, used to see who's been using their Xbox 360 as a power supply for the drive as they flashed it). If I was on the team, I'd rule that one out. There are a few other techniques, which I won't mention, since they haven't been discussed publicly, as the others I mentioned have (besides, Microsoft KNOWS how they are checking currently) - which have been identified and "fixed" in the current iXtreme 1.0 firmware.
For what it's worth, many, many 360 modders have NOT been banned. It may be these checks were only performed when they were actively playing a backup on Live... no pattern has emerged, and much of the data is suspect (panicky users, usual liars, etc...).
If Microsoft wants to defeat cheaters, all they need to do is employ a couple of interns to surf the scene sites for hack news, then simply order up special bannin' updates for those hacked games, to detect cheater's data files and ban those specific machines. Future game releases could incorporate some security libraries to make data files more secure (the code currently cannot be hacked).