Notifications
Clear all

XBOX Live

Chris3792
(@chris3792)
New Member

Hi everyone.

As part of my final year project at university, I am investigating games consoles and performing a forensic analysis of the XBOX 360.

I have purchased some downloadable content as part of an experiment. Presently I have found the content purchased (Untold Stories bundle for Resident Evil 5) and using siggggggy, the gamertag of the XBOX Live account that is registered to the console. However, I would also like to recover my bank details that were used to make the purchase. Can anyone please tell me if this is possible and if it is, how it could be done?

Thanks

Chris.

Quote
Topic starter Posted : 08/04/2014 3:42 am
Novunix
(@novunix)
Junior Member

Surely that would be part of your project? Research?
A scientific experiment if you will, proposing a hypothesis, detailing your procedures, keeping notes and writing down your results?

If you were able to recover bank details used in making a purchase, I have to say that I would be rather concerned. Have you ever successfully recovered such information from a computer or mobile phone?

Xbox is encrypted to the hardware so it is difficult to parse, but I understand IEF can get some information from it.

However, my experience with these consoles is to create an image and IEF it, then clone the drive, replace the clone in the Xbox and view it "live", with a camera handy.

ReplyQuote
Posted : 08/04/2014 3:18 pm
Chris55728
(@chris55728)
Junior Member

As Novunix said, the chances of you recovering bank details on the XBOX hard drive are very unlikely.

IEF will recover IE Internet history from an XBOX hard drive and you can also use Party Buffalo to preview an XBOX hard drive to see games installed and friends list. I'm sure there's more information to be had but I've not had a chance to look into this.

I've never managed to get a cloned hard drive to work in an XBOX hard drive in the same way as you can in a PS3.

From what I recall, the XBOX hard drive has a 'security sector' at the beginning of the hard drive which contains the hard drive make and model which is connected to the console that the drive comes with. Attempts to duplicate this, by making a clone, fail. I'm sure someone has managed to get around this by now but I've not seen anything that would indicate this.

Cheers,

Chris

ReplyQuote
Posted : 08/04/2014 3:47 pm
Chris3792
(@chris3792)
New Member

As Novunix said, the chances of you recovering bank details on the XBOX hard drive are very unlikely.

IEF will recover IE Internet history from an XBOX hard drive and you can also use Party Buffalo to preview an XBOX hard drive to see games installed and friends list. I'm sure there's more information to be had but I've not had a chance to look into this.

I've never managed to get a cloned hard drive to work in an XBOX hard drive in the same way as you can in a PS3.

From what I recall, the XBOX hard drive has a 'security sector' at the beginning of the hard drive which contains the hard drive make and model which is connected to the console that the drive comes with. Attempts to duplicate this, by making a clone, fail. I'm sure someone has managed to get around this by now but I've not seen anything that would indicate this.

Cheers,

Chris

The way I have been working is that I have created a "Forensically Sound" image and worked off the image. I haven't tried to work off the physical hard drive itself.

I have obtained a 30 day free trial of IEF and ran a quick scan. I found that the only websites on there are w3.org and the Microsoft Website.

Are you saying that after I have run IEF on the image, I should replace the contents of the original hard drive with that image used?

You are right in the fact the XBOX needs security sectors to work. Sector 4 being the "Josh" sector as the 4 byte header represents Josh in ASCII. There is also sector 16 which has all the information about the hard drive (Manufacturer, Model number etc.) on there and finally from sectors 17 - 22 there is a 2754 byte long PNG image of the Microsoft logo. Without these, the XBOX 360 will not recognise the hard drive.

ReplyQuote
Topic starter Posted : 10/04/2014 3:41 pm
Chris3792
(@chris3792)
New Member

I think the only way to get around it is by putting the clone drive onto the original physical drive as the details in sector 16 are specific to each individual hard drive used.

I also had a chat to an XBOX.com support worker who told me that all the billing details aren't stored on the hard drive itself. More like a database or a cloud server at their end.

ReplyQuote
Topic starter Posted : 10/04/2014 3:45 pm
jaclaz
(@jaclaz)
Community Legend

From what I recall, the XBOX hard drive has a 'security sector' at the beginning of the hard drive which contains the hard drive make and model which is connected to the console that the drive comes with. Attempts to duplicate this, by making a clone, fail. I'm sure someone has managed to get around this by now but I've not seen anything that would indicate this.

In the "game scene" there are programs to alter the hard disk firmware (on selected make/model only) and write a security sector to it.
Like
http//www.se7ensins.com/forums/threads/how-to-create-a-xbox-360-hard-drive-from-scratch-western-digital-only.897465/
though how much forensic "sound" (or actually "useful") this procedure might be, is entirely to be seen.

jaclaz

ReplyQuote
Posted : 10/04/2014 5:11 pm
Share: