Microsoft has been on a banning spree over the last month or so removing all the xbox live members who play backup copies of their games. How right or wrong this is is a discussion for a different platform but from a technical perspective there are many looking into how this happened and ways to get around it. Firmware updates are currently being worked on as are offline validation checks. I have posted below another angle to tackle the problem.

One thing we can all say is that something is telling the xbox live servers that consoles are banned. How can they do this? Who knows how they are tagging the consoles but one thing is for sure something is being sent to their servers that tells Microsoft whether or not the console that is trying to log in is banned.

This gives me an idea. If we monitor our network traffic (what is being passed back and forward between us and the live servers) we would probably notice the console id is being sent back and if the machine is banned it is stored on the server (to be compared when request for online access is made).

If changing the console id (this has been a noted "fix") is enough to "fake" the system then it means we can spoof console IDs and send fake ids back to the server. Microsoft would have a bunch of fake IDs banned and nothing more. I'm no mathematician but if someone could figure out the algorithm used to generate these ids it seems like this could be a solution

The question is, does MS rely on console unique ids in order to determine who is banned. If so, a spoofed console id would do the trick (the anti-ban).

Incidentally the same approach is used to hijack users website sessions. Every user has a session created when the log onto a website; this session can be generated (usually through complex mathematical algorithms) and passed into the server. The servers in turn treat the generated session id as the real one and the data can in that way be captured.

Please leave your thoughts and/or suggestions on this thread. This approach seems viable to me.