Sync Signal

[psychoticpengwn]

You could try sniffing out the packet with a program called wpe pro what it does is you pick a packet and can send it over again as many times as you want most virus scans detect it as a Trojan though because it sends and sniffs packets but its worth a shoot I have used it quite a few mmorpg games I play for god mode and it hasnt hurt the PC and i have had it for years now so its not a trojan you can get it from here www.wpepro.net I am going to try a few zune hacks I have in mind after I get enough to but another one don't want to hurt the precious now :P


Edit: Didn't want to double post i installed snoopy and decided what the hell ill give it a look and what i am seeing here is that where it says # up and then # down it means first packet uploaded and then packet downloaded so if you can find a way to spoof the upload packets you will be set ill continue to take a look and see if i can come up with any way to help.

[Marshillboy]

WPE PRO is only for packets sent over the winsock protocol (I.E. Internet packets). What we are looking at here is USB packets. Therefore, I do not believe that WPE will work in this case.

[psychoticpengwn]

Just goes to show how much attention i pay i was thinking it worked with all packets thanks for the info i grabed a few books that may help and am looking them over havent had any real experience with hardware hacking yet.

[wyersman]

I looked at zuney for like 2 mins then I was like wait this site is too brite I quit you like a bad job X-D

[Superaison]

Well, or you could havvev your zune triccked into thinking its cconnected via usb, instead its cconnected via wifi, and you can dl from your computer via wifi..

kidding..

btw my keyboard is broken

just an idea, idk if this is right placce or not, but is that possible?

[Messaline]

I think the key is in that earlier post; there are 2 conditions that can be spoofed. the Hresult can be spoofed if we can read what it SHOULD be for an open connection . and the timeout values can be changed to allow longer transfers/open close trnasations. right now >100 <1000 = .1 to 1 second. . if the Zune hasn't acknowledged in that time, it closes the connection. change the high value =to MaxInt , around 65k probably for the Zune, and you'll get 65k seconds...1000 minutes per transfer session.
all of this is theory until someone tries it . then figure out a way to spoof the hresult and you'll have your hdd open access. in the meantime the old method of opening a sync session and piggybacking will work for longer sessions.

[crjmcc]

Without doing any investigation (so finger in the air moment here) I'd guess the Zune software was passing temporary certificates from the machine to the zune. The zune security manager allows sync for the life of the certificate. Resending the same certificate would be useless as it would be expired.

Thats how I would have written it anyway. I've not looked in to hacking the zune yet as I'm a java bod, but I am tempted to start at the least sniffing the usb data and seeing whats what.

[BioRad]

Does anyone know someone who either helped develop the zune or does software for it?

If someone did then the microsoft employee(poor person) would in therey know how the software works and could help develop a patch or program that will allow this to happen

[sandys]

the libmtp guys have attempted this to create an open-source (and better) replacement for a MTP driver library for Mac and Linux.
The log of the Zune handshaking format is on the libmtp website under the "Compatibilty" section

[Omnidragon]

Nice find i know one of the H&M crew is re looking into a USB packet hijack-esque mod