[Theory] Xbox One Cold Boot Exploit

Chr0m3 x MoDz

Knowledge is power, Power is corruption
VIP
Messages
5,385
Reaction score
7,923
Interesting to see what little progress is being made, if anyone wants to test anything ever I have a very old system that is console banned (it's on windows 8 OS still), yes it's that old.

Few notes, I'm not interested in working with people who will be releasing / selling what's found, I've been in enough lawsuits thanks.

But if anyone serious ever needs a console that old to test on PM me, goes without saying that I won't be sharing anything that comes out of it, and I'd hope you don't either.

I'd even be happy to just possibly give the console to someone (if they pay shipping) if they are actually going to make use out of it and get somewhere.

Don't bother messaging me just for a free xbox, as I said you'd have to actually be able to prove you are able to put it to good use.

I also have an Ex-ERA xbox one devkit if that'd be of use (doubt it), important to note the Ex, I use it as a retail now lol.
 

schitzotm

Contributor
Messages
2,113
Reaction score
2,151
The card itself isnt the exploitable part. The consoles code for seeking wifi however is.
One pf the biggest problems with this is there is nothing to go off of released. The person that found this bug refuses to share to public. It would be building from scratch. And very short lived. I would expect a patch soon. And since nobody was working on this for the xbox one it just remains a theory. The console could very well protect itself against this kind of intrusion.
I would bet not though.
Bigger question would be what access would you have after entry?
 

Sketch

Enthusiast
Messages
524
Reaction score
475
The card itself isnt the exploitable part. The consoles code for seeking wifi however is.
One pf the biggest problems with this is there is nothing to go off of released. The person that found this bug refuses to share to public. It would be building from scratch. And very short lived. I would expect a patch soon. And since nobody was working on this for the xbox one it just remains a theory. The console could very well protect itself against this kind of intrusion.
I would bet not though.
Bigger question would be what access would you have after entry?
It'd most likely end up with Host OS kernel execution. From there you could pull off an alright amount but it comes down to the implementation.
 

Sycc

Custom Title:
Messages
1,870
Reaction score
510
if you could do this on an xbox one the xbox one engineers would have already been fired.
 

KittenMilkshake

Enthusiast
Messages
56
Reaction score
6
if you could do this on an xbox one the xbox one engineers would have already been fired.
Don't be so skeptic. Developers cannot know of every exploit they missed and couldn't patch. There is a vulnerability to the Xbone as with every other single piece of tech. The issue is we do not know that exploit.

Thing about exploits is they like to hide. You do not know until they are there until you push the system beyond what it can do. Developers know this but they are not perfect. You should study penetration testing buddy.

Note: I never thought I would get 8k views I was just spit balling here.
 

schitzotm

Contributor
Messages
2,113
Reaction score
2,151
Don't be so skeptic. Developers cannot know of every exploit they missed and couldn't patch. There is a vulnerability to the Xbone as with every other single piece of tech. The issue is we do not know that exploit.

Thing about exploits is they like to hide. You do not know until they are there until you push the system beyond what it can do. Developers know this but they are not perfect. You should study penetration testing buddy.

Note: I never thought I would get 8k views I was just spit balling here.
Did you ever get anything from cold booting?
I have dumped something from the security processor. Not sure if I have it all though. Seems a bit small. Now waiting on a blank chip and gonna try to image it to the blank then im going to cap it.
 

Skudge

Getting There
Messages
462
Reaction score
349
Did you ever get anything from cold booting?
I have dumped something from the security processor. Not sure if I have it all though. Seems a bit small. Now waiting on a blank chip and gonna try to image it to the blank then im going to cap it.
You ever get anywhere with this?
 

schitzotm

Contributor
Messages
2,113
Reaction score
2,151
You ever get anywhere with this?
I did. I learned I should stick to building games within a game engine.
I have spent a ton of money to get basically no where. I dumped the security processor. I wrote it back to a blank chip. I used a very expensive machine a installed the copy chip to the console. It functions completely.
So yay successful dump.
Best I can see is the two processors work as a shared logical process.
I had no luck with capping. (Likely because I really didnt know what I was doing there)
The more I look at the flash the more it appears to almost be its own os. Not much of one but enough to process signed headers.
This is where I stopped. (Basically no further)
Work has gotten in the way of fun for now.
 

NIGHTDEAMON

Newbie
Messages
2
Reaction score
0
... what if we just build another console that runs xb1 games, but allows cfw? Much like the N64 but, more advanced. Is it even possible?
 

schitzotm

Contributor
Messages
2,113
Reaction score
2,151
... what if we just build another console that runs xb1 games, but allows cfw? Much like the N64 but, more advanced. Is it even possible?
Not needed
Don’t listen to sketch. He doesnt know what he talking about.... lol
All anyone has to do is ask cortana to run custom firmware on the xbox one and she will. It’s simple but nobody ever thought to just ask cortana.
I asked her to give me godmode on the new cod and just as fast as I asked I was in call of duty with godmode.
Then I asked her to hack the console and she did. Then I asked her to pirate some games and now I have every game out for xbox.
 

AzzidReign

Honcho with a Poncho
Administrator
Messages
21,435
Reaction score
27,170
Don’t listen to sketch. He doesnt know what he talking about.... lol
All anyone has to do is ask cortana to run custom firmware on the xbox one and she will. It’s simple but nobody ever thought to just ask cortana.
I asked her to give me godmode on the new cod and just as fast as I asked I was in call of duty with godmode.
Then I asked her to hack the console and she did. Then I asked her to pirate some games and now I have every game out for xbox.
That's incredible. Care to write up a tutorial on the process? I want Godmode on Pokemon Go...so all I gotta do is ask Cortana and she can mod my android phone?! This is next level ****.
 

schitzotm

Contributor
Messages
2,113
Reaction score
2,151
That's incredible. Care to write up a tutorial on the process? I want Godmode on Pokemon Go...so all I gotta do is ask Cortana and she can mod my android phone?! This is next level ****.
Lol, truth be told on windows at least cortana has full access. On xbox one I do not know if this is the case. I would assume the same permissions are granted. And actually it is likely cortana was not written custom for the xbox so there would be a slim chance the ai could be key. Hehe.
(Even siri on iphone is given low level access)
 

Tyguy13455

Getting There
Messages
64
Reaction score
52
Lol, truth be told on windows at least cortana has full access. On xbox one I do not know if this is the case. I would assume the same permissions are granted. And actually it is likely cortana was not written custom for the xbox so there would be a slim chance the ai could be key. Hehe.
(Even siri on iphone is given low level access)
Interesting stuff buddy, I think the whole reason everyone is struggling with any xb1 exploitation’s so far is that #1 it’s running basically it’s own os (yes kinda a subversion if win 10) but every time I think of it as “windows” type os it throws me a curve ball. If you want my opinion the trust zone exploit was and may be the only way to get past this consoles sand box
 

CycloneXCry

Newbie
Messages
12
Reaction score
0
Don't be so skeptic. Developers cannot know of every exploit they missed and couldn't patch. There is a vulnerability to the Xbone as with every other single piece of tech. The issue is we do not know that exploit.

Thing about exploits is they like to hide. You do not know until they are there until you push the system beyond what it can do. Developers know this but they are not perfect. You should study penetration testing buddy.

Note: I never thought I would get 8k views I was just spit balling here.
Still down to link up? because im ready for this thing to get a crack
 
Top Bottom