Warning: Consoles Still Connect To Xbox Live Despite Family Settings, Confirmed by sniffing outgoing UDP network traffic Options

[Kiewee123]

I can confirm that only enabling restrictions 'Xbox LIVE Access' and 'Xbox Live Membership Creation' in 'Console Control' (in Family Settings) is NOT adequate protection for your Jtag flashed console.

I sniffed outgoing connections whilst running an Xbox1 game (this is in FSD if anyone is interested) because I was curious as to why I was greeted with 'you need to update' despite not being logged in to any profile, let alone on xbox live. This message would disappear if I removed the Ethernet cable (used to update FSD + FTP on LAN).

The console successfully connects to 65.55.42.183 using the kerbose service (handshake?), then connecting again afterward on 65.55.42.180 on UDP port 3074. The IP range 65.55.42.* is owned by Microsoft Corp, and is located in Bellevue in the US.

Evidently, despite the suggested precautions, our consoles are still capable of connecting online beknown to us. Microsoft could quite easily pull one off again and 'surprise us', as they did with the Ixtreme banning, with a forced update or such.

I highly suggest you either block all outgoing/incoming WAN traffic on your console's MAC address, or remove the ethernet cable entirely, particular if your console's R3T6 resistor has not been removed/shorted.

Finally, exercise extreme caution in all future updates, 9199 onwards. Microsoft could quite easily not only impose a ban on your Xbox LIVE account and console, but could remove your console's exploitabilty therefore rendering your jtag useless.

I thought I aught to share my findings with the community - please share your thoughts, I hope someone can prove me wrong.

This post has been edited by Ranger72: Aug 1 2010, 09:33 PM

[brandogg]

I've run FSD on my JTAG'ed Jasper, and XBL is blocked in the family settings. This console is connected to my home network 100% of the time - I can still install to NXE the regular way, my profile and HDD work fine on other consoles. I'm pretty sure it's just the dashboard saying, "Hey Xbox Live, are you awake?" and Xbox Live replying "Yep!" I don't think your console is sending any specific information to the service, especially if you don't have any XBL accounts on the HDD at all (I don't), since you have not agreed to the XBL TOS if you don't have a Live account.

[Haygar]

I've run FSD on my JTAG'ed Jasper, and XBL is blocked in the family settings. This console is connected to my home network 100% of the time - I can still install to NXE the regular way, my profile and HDD work fine on other consoles. I'm pretty sure it's just the dashboard saying, "Hey Xbox Live, are you awake?" and Xbox Live replying "Yep!" I don't think your console is sending any specific information to the service, especially if you don't have any XBL accounts on the HDD at all (I don't), since you have not agreed to the XBL TOS if you don't have a Live account.

This should be stickied.

Either way we need to build up a clear picture of what has happened and could happen.

@ Maximize: You say u got banned in 15 seconds. Do u know the entire history of your jtag? Did u mod it yourself/never used it online? ...It's strange that your ban doesn't corrupt saves/achievement's between consoles, a 'normal' ban would corrupt data/not sign off trusted content.

...Have you redumped your NAND and checked the secdata to compare before and after?
What brandogg said makes sense, i.e. the 'yes I'm alive' handshake, but without any h/w or user specific console data going out/in.

I really hope you guys are right !!! But are'nt we being a bit naive thinking that no console specific info is being transfered?

Does anyone know how we could check/interpret the traffic while in this idle state?

This post has been edited by Haygar: Aug 1 2010, 02:42 PM