Here are some details about the Xbox360 LIVE bans I got directly and indirectly from GaryOPA, Commodore4eva (C4E), Iriez and others. Of course don’t take any of this info as 100% confirmed, noone knows exactly based on what data MS is banning … it’s just an analysis of what they think is happening and what MS might/can be checking.
C4E thinks MS is probably detecting and banning consoles from LIVE by tracking usage of backups via timing of the challenge response (c/r) on the drive over the last few weeks or months. A modified FW will reply much faster to the the Challenges requests (stored in a table) than an original firmware (seek on drive). They probably do this test more than once and can ban you if you’re above a certain average.
FuzzyLogic also found that microsoft is sometimes doing additional checks on discs: PFI/DMI (so images without these sectors (or if using an old FWs without support for PFI/DMI) can probably be detected easily), drive inquiry (reads ascii string from drive), and capacity (reports capacity of disc) are requested. Strange thing here is MS requests 0×8000 bytes for PFI and DMI, while it should normally be 0×0800 bytes. TheSpecialist pointed out that the remaining 0×7800 bytes contains the relocated SS and PFI on burned discs … which would make it very easy to detect backups for MS. C4E however told us this would not work on TS drives as its cut off to 0800 even if more data is asked, it’s unconfirmed how modified HLG FWs drives respond to this atm.
The “read capacity check” will also work as detection on HLG because, unlike the newest TS FWs, it doesn’t have true ’stealth media’ yet, these drives are reporting back the burned disc based size of PFI instead of the correct PFI.
Apparently there’s also an issue with SS (Security Sector) extracted from Hitachi-LG, some necessary data is screwed … which means that probably only the Toshiba-Samsung / kreon setup has been extracting correct SS.
Another thing they are probably detecting (but probably not using yet to decide to ban or not) and log/flag is if you ever booted your Xbox360 with DVD SATA cable not connected to your Xbox360 (E64). Many people did this to power their drive when they wanted to flash it (power connected to 360, SATA to PC). So it’s highly suggested to use an external power to flash next time.
It’s also possible MS also bans based on stuff like bad credit card info for your country, running a NTSC machine with euro-address/credit card (or inverse), having out-of-region (arcade) games and demos on your HDD, unofficial 360 HDD, internet downloaded gamesaves etc. There’s no clear view on all this yet.
For now, C4E believes Microsoft is not detecting modified FWs or detecting FW changes/updates. Using a special FW they did not detect any debug commands sent to the drive by MS (they went through the dash/kernel updates with the special FW as well and did not detect any debug commands there either). So they think either:
A/ MS is not doing any FW detection right now, and only previously (maybe on request of MS servers while playing on LIVE?), or
B/ MS is banning based only on the timings of the drive, ss/pfi/dmi checks, capacity, drive inquiry and c/r verification.
We also got information C4E is working on an “iXtreme Online” FW for Toshiba-Samsung drives, a Hitachi-LG version and maybe even BenQ version might follow later.
The new FW will have less features than the current Xtreme FWs: no single-layer (DVD5) support, no ripping of games (0800 mode), but more features to safely play from burned discs (emulate the exact speed and timings of the original games) and prevent booting from un-safe discs (without PFI and DMI or bad SS - so discs not passing the ‘Stealth Check’ (using Xbox Backup Creator(info)(info) for example) are not going to boot on the new firmware), or images that aren’t exact dumps of the original.
There’s no official ETA (maybe this weekend though for TS drives), and of course no guarantee MS will never ban you based on new checks (that’s the risk it takes if you want to be part of the modding community ;)) The HLG FW will take a bit longer as it’ll require true ‘Stealth media’ etc added.
This new FW will of course be made mostly for new consoles being modded, because even if you’re not banned from LIVE yet there’s no way to know if MS already has info/logs on your console ID regarding timings or other stuff so even changing to this new firmware in the near future may not stop that console ID from being banned in the next wave of MS bans.
If your console is not banned yet, it’s highly suggested you don’t boot any burned discs, originals should be ok, even when offline (MS might be storing results of some checks in flash), until the release of the new FW.
If your console is already banned this will of course not help you … just enjoy the offline playing on that console for now (with some games you could try using 3rd party networks like XLink Kai(info)) and maybe some day a new exploit will allow you to do more with that console.