From what i can see there are several ways to detect an illegal console that are almost entirely foolproof
1: Checksum on firmware
All things a computer does is done through a combination of "bits" these are represented as ones and zeros, string 8 of them together and you get a byte and so forth, elementary stuff here but for the sake of our less technicly minded patrons i figured it could use an explination.
Original firmware will have a specific binary profile that can be authenticated, you change the code thats running and the checksums value will change radicaly.
Take firmware for instance you can break it up into blocks or bytes. This is done because a byte has a very a limited range of values 00000000 for 0, 00000001 for 1, 00000010 for 2 all the way up to 11111111 for 255
[byte 0 :serial number] 01111111 = 127 (hex value of 7F)
[byte1] 00000001 = 1
[byte2] 11111101 = 235
[byte3] 00011010 = 26
[byte4] 11111100 = 252
[byte5] 10011010 = 154
[byte6] 11000001 = 193
[byte7] 11111111 = 255
[byte8] 11101101 = 237
This is all well and good but how exactly does this tanslate to microsoft bricking my box?
The easiest way is to generate a checksum by adding up all the values of each byte [127],1,235,26,252,154,193,255,237
Now the first block or byte will be variable so theres no way to acurately predict its contents, the rest of the code however is a set program that wont change unless its between drive manufacturers, but even then it will be consisten among every device of that manufacturer.
So by dropping the first byte and adding them up you get an accurate "constant" value of 1611 and to shorten this down to a bytes length you perform some math jiggery pokery by first dividing the total by 256 to get 6.292.
This is then rounded to the nearest integer (whole number) so 6
then this is multiplied by 256 to give 1536 (the rounded number)
Then you subtract that from the initial total 1611-1536 = 75 (01001011) thats the checksum of this fictional piece of 7F firmware.
Now this is only small scale, in real firmware the code will be much longer and several bytes are used for the serial number alone, but it illustraits the point that if you cange a single byte of the original firmware you will get a substantialy different checksum.
You could write a binary with the same checksum value, but if they use MD5 or CRC32 (simmilar procedure with more complex math to guarantee a consistant unique number) instead it would still be detected.
If i was microsoft this would be the first thing i would implement straight from release date (i would however hold back on pressing the ban button at this point for reasons i'll discuss further)
2: vidya gaems
Commonly transported to people on plastic wafers called DVD's dvd's are interesting in that they have a standardised bootsector that differs between commercial releases and recordable media. that is to say if you look at a bootsector of an official game it looks different than one copied to a blank dvd.
there are all kinds of interesting flags like timestamps, architecture type, serial numbers, a few "reserved for special purposes" and so forth on recordables theres also manufacturer and dye type flags to contend with.
Its not hard to read these from a disk (writing is another story entirely) and to store these values in the bowels of the achievements table or elsewhere in a gamertag.
It would be relatively straightforward to copy these over and check in on them from time to time. A retail version of Borderlands for instance wont have an oxonol dye flag for instance and will have a timestamp and factory code to suggest where and when it was pressed.
Its fairly straightforward to surmise that if someone is playing borderlands with a recorded dye flag and no legitimate date or location flag then its an illegal copy and you can bring down the hammer.
3: Release date
Computers like to Log things, for everything thats ever been done on a computer theres been a log created somewhere. this helps programmers and developers trace back faults, it takes very little in terms of compouting power to write a timestamp to somewhere and helps immensely when theres problems down the line.
That being said installs often go wrong so theyre meticulouly logged for this reason, file A was copied to the hard drive at whatever date and so forth.
The side effect of this is that it also offers increased security, that is to say when Modern Warfare 2 was leaked to the scene before its retail release then installed on a machine the log will say copied over at xxxdate whereas the release date was yyy so its a faitly straightforward task to ban every console with an install date of xxx on a yyy game.
This one is fairly straightforward to circumvent, i mean the caveat is that if its installed before release its going to flag up, so dont try to mess with something before its released. even then there will be a recorded medium timestamp to ponder over and a lack of commercial press data like factory of origin that could be logged.
Simply put these are what i consider to be the easiest 3 in terms of detection and accuracy, there are litteraly millions of wayyd to find out whos playing without paying so to speak getting ever more elaborate as we go on.
BANWAVES
What surprises me is the way banwaves happen, i mean using any of the above i could write up a few lines of code to autoban everyone found using them. Microsoft dont seem to do this though.
I mean look at their strategy from a few angles:
Developer
Im a games developer, ive got a kickass game and im sure everyone will love my new tekken 655646 but before i can launch it to the unsuspecting public on an ecksbawks i need to sit down in a room with microsoft and discuss my licensing fee.
This is where i pay microsoft to allow me to distribute my new game on their platform. If i want to make any money from their platform im essentialy going to have to pay them a fee to allow my game to run on their machine.
This comes in two parts, the initial fee for a run of x ammount of copies and then a small percentage of every other unit past that fee.
Monopilist
Im a microsoft executive, ive just been approached by "the great unwashed" games studio, they have a new tekken game, kids love tekken. They want to play it, ive managed to strong arm the dumbass into giving me the exclusive rights to allow it to only run on my machines by offering him a slight discount on how much he will pay me to launch it on my machines. It should be a good christmass season, revinues will be through the roof!
The guy just paid me a huge lump sum of money on the initial release and we haggled over the royalties, sure i'll take a hit over the next 6 months from this but it was a good deal.
All the more so once i hit this shiny red button and ban a few thousand users from their xboxes.
Gamer
OOOooooh new Tekken! i r loev teh tekkenz!
WTF NOEZ! I R TEH BANNED!???!?
FUUUUUUUUUUUuuuuuuuuuuuuuuck i just bought a 12 month subscription!
Must aquire ecksbawcks, must palay tekkenz.
Monopolist
Sweet of those 5000 live subscriptions that went dead from my banhammer over 3500 of them are back up again, this means theyve bought another xbox to play these new games
the shareholders are going to be impressed!
By banhammering people at this time of year they drive up sales and figures of "xbox humps ps3 in terms of units shifted" looks good to investors which in turn makes even more money
the developer gets humped because microsoft still make money off his back from the lisencing fee and off their live subscriptions regardless if the game gets pirated or not throughout the rest of the year. Therefore microsoft can hold off the banhammer till the shareholders get nervous and need to inject the cashcow with some more growth hormone.
Id like to say this is all rampant conspiricy theory, but the fact is its just damned good business.
This is also where the waters get murky on the PS3. The Sony business model is radicly different, they dont charge for subscriptions, so they will inevitably handle piracy with much differently, they will rely on the additional revinue from the developers to allow their code to run on their platform so piracy will afect this system to a much harsher degree in terms of revinues per year. There also isnt the incentive of "dear god i just paid for another year and now im banned i need a new box asap" so reuptake from banned boxes will be far slower without sufficcient killer exclusives.
Consoles for Sony also come off the line with more expense, its safe to say by now that Microsoft have not only recouped the development and manufacture costs of their hardware but are well into a sizable profit margin through their business model.
Sony wont be so fortunate, they dont have the additional revinue streams comming in to recoup, and manufacturing more boxes will therefore impact their profit margin, so a banned box winds up costing them money initialy, wheereas MS has learned to profit from it
1: Checksum on firmware
All things a computer does is done through a combination of "bits" these are represented as ones and zeros, string 8 of them together and you get a byte and so forth, elementary stuff here but for the sake of our less technicly minded patrons i figured it could use an explination.
Original firmware will have a specific binary profile that can be authenticated, you change the code thats running and the checksums value will change radicaly.
Take firmware for instance you can break it up into blocks or bytes. This is done because a byte has a very a limited range of values 00000000 for 0, 00000001 for 1, 00000010 for 2 all the way up to 11111111 for 255
[byte 0 :serial number] 01111111 = 127 (hex value of 7F)
[byte1] 00000001 = 1
[byte2] 11111101 = 235
[byte3] 00011010 = 26
[byte4] 11111100 = 252
[byte5] 10011010 = 154
[byte6] 11000001 = 193
[byte7] 11111111 = 255
[byte8] 11101101 = 237
This is all well and good but how exactly does this tanslate to microsoft bricking my box?
The easiest way is to generate a checksum by adding up all the values of each byte [127],1,235,26,252,154,193,255,237
Now the first block or byte will be variable so theres no way to acurately predict its contents, the rest of the code however is a set program that wont change unless its between drive manufacturers, but even then it will be consisten among every device of that manufacturer.
So by dropping the first byte and adding them up you get an accurate "constant" value of 1611 and to shorten this down to a bytes length you perform some math jiggery pokery by first dividing the total by 256 to get 6.292.
This is then rounded to the nearest integer (whole number) so 6
then this is multiplied by 256 to give 1536 (the rounded number)
Then you subtract that from the initial total 1611-1536 = 75 (01001011) thats the checksum of this fictional piece of 7F firmware.
Now this is only small scale, in real firmware the code will be much longer and several bytes are used for the serial number alone, but it illustraits the point that if you cange a single byte of the original firmware you will get a substantialy different checksum.
You could write a binary with the same checksum value, but if they use MD5 or CRC32 (simmilar procedure with more complex math to guarantee a consistant unique number) instead it would still be detected.
If i was microsoft this would be the first thing i would implement straight from release date (i would however hold back on pressing the ban button at this point for reasons i'll discuss further)
2: vidya gaems
Commonly transported to people on plastic wafers called DVD's dvd's are interesting in that they have a standardised bootsector that differs between commercial releases and recordable media. that is to say if you look at a bootsector of an official game it looks different than one copied to a blank dvd.
there are all kinds of interesting flags like timestamps, architecture type, serial numbers, a few "reserved for special purposes" and so forth on recordables theres also manufacturer and dye type flags to contend with.
Its not hard to read these from a disk (writing is another story entirely) and to store these values in the bowels of the achievements table or elsewhere in a gamertag.
It would be relatively straightforward to copy these over and check in on them from time to time. A retail version of Borderlands for instance wont have an oxonol dye flag for instance and will have a timestamp and factory code to suggest where and when it was pressed.
Its fairly straightforward to surmise that if someone is playing borderlands with a recorded dye flag and no legitimate date or location flag then its an illegal copy and you can bring down the hammer.
3: Release date
Computers like to Log things, for everything thats ever been done on a computer theres been a log created somewhere. this helps programmers and developers trace back faults, it takes very little in terms of compouting power to write a timestamp to somewhere and helps immensely when theres problems down the line.
That being said installs often go wrong so theyre meticulouly logged for this reason, file A was copied to the hard drive at whatever date and so forth.
The side effect of this is that it also offers increased security, that is to say when Modern Warfare 2 was leaked to the scene before its retail release then installed on a machine the log will say copied over at xxxdate whereas the release date was yyy so its a faitly straightforward task to ban every console with an install date of xxx on a yyy game.
This one is fairly straightforward to circumvent, i mean the caveat is that if its installed before release its going to flag up, so dont try to mess with something before its released. even then there will be a recorded medium timestamp to ponder over and a lack of commercial press data like factory of origin that could be logged.
Simply put these are what i consider to be the easiest 3 in terms of detection and accuracy, there are litteraly millions of wayyd to find out whos playing without paying so to speak getting ever more elaborate as we go on.
BANWAVES
What surprises me is the way banwaves happen, i mean using any of the above i could write up a few lines of code to autoban everyone found using them. Microsoft dont seem to do this though.
I mean look at their strategy from a few angles:
Developer
Im a games developer, ive got a kickass game and im sure everyone will love my new tekken 655646 but before i can launch it to the unsuspecting public on an ecksbawks i need to sit down in a room with microsoft and discuss my licensing fee.
This is where i pay microsoft to allow me to distribute my new game on their platform. If i want to make any money from their platform im essentialy going to have to pay them a fee to allow my game to run on their machine.
This comes in two parts, the initial fee for a run of x ammount of copies and then a small percentage of every other unit past that fee.
Monopilist
Im a microsoft executive, ive just been approached by "the great unwashed" games studio, they have a new tekken game, kids love tekken. They want to play it, ive managed to strong arm the dumbass into giving me the exclusive rights to allow it to only run on my machines by offering him a slight discount on how much he will pay me to launch it on my machines. It should be a good christmass season, revinues will be through the roof!
The guy just paid me a huge lump sum of money on the initial release and we haggled over the royalties, sure i'll take a hit over the next 6 months from this but it was a good deal.
All the more so once i hit this shiny red button and ban a few thousand users from their xboxes.
Gamer
OOOooooh new Tekken! i r loev teh tekkenz!
WTF NOEZ! I R TEH BANNED!???!?
FUUUUUUUUUUUuuuuuuuuuuuuuuck i just bought a 12 month subscription!
Must aquire ecksbawcks, must palay tekkenz.
Monopolist
Sweet of those 5000 live subscriptions that went dead from my banhammer over 3500 of them are back up again, this means theyve bought another xbox to play these new games
the shareholders are going to be impressed!By banhammering people at this time of year they drive up sales and figures of "xbox humps ps3 in terms of units shifted" looks good to investors which in turn makes even more money
the developer gets humped because microsoft still make money off his back from the lisencing fee and off their live subscriptions regardless if the game gets pirated or not throughout the rest of the year. Therefore microsoft can hold off the banhammer till the shareholders get nervous and need to inject the cashcow with some more growth hormone.
Id like to say this is all rampant conspiricy theory, but the fact is its just damned good business.
This is also where the waters get murky on the PS3. The Sony business model is radicly different, they dont charge for subscriptions, so they will inevitably handle piracy with much differently, they will rely on the additional revinue from the developers to allow their code to run on their platform so piracy will afect this system to a much harsher degree in terms of revinues per year. There also isnt the incentive of "dear god i just paid for another year and now im banned i need a new box asap" so reuptake from banned boxes will be far slower without sufficcient killer exclusives.
Consoles for Sony also come off the line with more expense, its safe to say by now that Microsoft have not only recouped the development and manufacture costs of their hardware but are well into a sizable profit margin through their business model.
Sony wont be so fortunate, they dont have the additional revinue streams comming in to recoup, and manufacturing more boxes will therefore impact their profit margin, so a banned box winds up costing them money initialy, wheereas MS has learned to profit from it
...sigpic
Comment