What's new

[Theory] Xbox One Cold Boot Exploit

  • Thread starter KittenMilkshake
  • Start date
  • Views 23,473

Chr0m3 x MoDz

Knowledge is power, Power is corruption
VIP
Messages
5,384
Reaction score
7,925
Interesting to see what little progress is being made, if anyone wants to test anything ever I have a very old system that is console banned (it's on windows 8 OS still), yes it's that old.

Few notes, I'm not interested in working with people who will be releasing / selling what's found, I've been in enough lawsuits thanks.

But if anyone serious ever needs a console that old to test on PM me, goes without saying that I won't be sharing anything that comes out of it, and I'd hope you don't either.

I'd even be happy to just possibly give the console to someone (if they pay shipping) if they are actually going to make use out of it and get somewhere.

Don't bother messaging me just for a free xbox, as I said you'd have to actually be able to prove you are able to put it to good use.

I also have an Ex-ERA xbox one devkit if that'd be of use (doubt it), important to note the Ex, I use it as a retail now lol.
 

schitzotm

Contributor
Messages
2,117
Reaction score
2,163
Here is a interesting article
Wifi card for Xbox one was I guess is exploitable https://www.google.com/amp/s/www.zd...s-laptops-smartphones-routers-gaming-devices/
The card itself isnt the exploitable part. The consoles code for seeking wifi however is.
One pf the biggest problems with this is there is nothing to go off of released. The person that found this bug refuses to share to public. It would be building from scratch. And very short lived. I would expect a patch soon. And since nobody was working on this for the xbox one it just remains a theory. The console could very well protect itself against this kind of intrusion.
I would bet not though.
Bigger question would be what access would you have after entry?
 

Sketch

Enthusiast
Messages
526
Reaction score
478
The card itself isnt the exploitable part. The consoles code for seeking wifi however is.
One pf the biggest problems with this is there is nothing to go off of released. The person that found this bug refuses to share to public. It would be building from scratch. And very short lived. I would expect a patch soon. And since nobody was working on this for the xbox one it just remains a theory. The console could very well protect itself against this kind of intrusion.
I would bet not though.
Bigger question would be what access would you have after entry?
It'd most likely end up with Host OS kernel execution. From there you could pull off an alright amount but it comes down to the implementation.
 

Sycc

Custom Title:
Messages
1,870
Reaction score
510
if you could do this on an xbox one the xbox one engineers would have already been fired.
 

KittenMilkshake

Enthusiast
Messages
56
Reaction score
6
if you could do this on an xbox one the xbox one engineers would have already been fired.
Don't be so skeptic. Developers cannot know of every exploit they missed and couldn't patch. There is a vulnerability to the Xbone as with every other single piece of tech. The issue is we do not know that exploit.

Thing about exploits is they like to hide. You do not know until they are there until you push the system beyond what it can do. Developers know this but they are not perfect. You should study penetration testing buddy.

Note: I never thought I would get 8k views I was just spit balling here.
 

schitzotm

Contributor
Messages
2,117
Reaction score
2,163
Don't be so skeptic. Developers cannot know of every exploit they missed and couldn't patch. There is a vulnerability to the Xbone as with every other single piece of tech. The issue is we do not know that exploit.

Thing about exploits is they like to hide. You do not know until they are there until you push the system beyond what it can do. Developers know this but they are not perfect. You should study penetration testing buddy.

Note: I never thought I would get 8k views I was just spit balling here.
Did you ever get anything from cold booting?
I have dumped something from the security processor. Not sure if I have it all though. Seems a bit small. Now waiting on a blank chip and gonna try to image it to the blank then im going to cap it.
 

Skudge

Getting There
Messages
462
Reaction score
349
Did you ever get anything from cold booting?
I have dumped something from the security processor. Not sure if I have it all though. Seems a bit small. Now waiting on a blank chip and gonna try to image it to the blank then im going to cap it.
You ever get anywhere with this?
 

schitzotm

Contributor
Messages
2,117
Reaction score
2,163
You ever get anywhere with this?
I did. I learned I should stick to building games within a game engine.
I have spent a ton of money to get basically no where. I dumped the security processor. I wrote it back to a blank chip. I used a very expensive machine a installed the copy chip to the console. It functions completely.
So yay successful dump.
Best I can see is the two processors work as a shared logical process.
I had no luck with capping. (Likely because I really didnt know what I was doing there)
The more I look at the flash the more it appears to almost be its own os. Not much of one but enough to process signed headers.
This is where I stopped. (Basically no further)
Work has gotten in the way of fun for now.
 

NIGHTDEAMON

Newbie
Messages
5
Reaction score
0
... what if we just build another console that runs xb1 games, but allows cfw? Much like the N64 but, more advanced. Is it even possible?
 

schitzotm

Contributor
Messages
2,117
Reaction score
2,163
... what if we just build another console that runs xb1 games, but allows cfw? Much like the N64 but, more advanced. Is it even possible?
Not needed
Don’t listen to sketch. He doesnt know what he talking about.... lol
All anyone has to do is ask cortana to run custom firmware on the xbox one and she will. It’s simple but nobody ever thought to just ask cortana.
I asked her to give me godmode on the new cod and just as fast as I asked I was in call of duty with godmode.
Then I asked her to hack the console and she did. Then I asked her to pirate some games and now I have every game out for xbox.
 

AzzidReign

Man with the plan
Administrator
Messages
21,609
Reaction score
27,464
Don’t listen to sketch. He doesnt know what he talking about.... lol
All anyone has to do is ask cortana to run custom firmware on the xbox one and she will. It’s simple but nobody ever thought to just ask cortana.
I asked her to give me godmode on the new cod and just as fast as I asked I was in call of duty with godmode.
Then I asked her to hack the console and she did. Then I asked her to pirate some games and now I have every game out for xbox.
That's incredible. Care to write up a tutorial on the process? I want Godmode on Pokemon Go...so all I gotta do is ask Cortana and she can mod my android phone?! This is next level ****.
 

schitzotm

Contributor
Messages
2,117
Reaction score
2,163
That's incredible. Care to write up a tutorial on the process? I want Godmode on Pokemon Go...so all I gotta do is ask Cortana and she can mod my android phone?! This is next level ****.
Lol, truth be told on windows at least cortana has full access. On xbox one I do not know if this is the case. I would assume the same permissions are granted. And actually it is likely cortana was not written custom for the xbox so there would be a slim chance the ai could be key. Hehe.
(Even siri on iphone is given low level access)
 

Tyguy13455

Getting There
Messages
64
Reaction score
52
Lol, truth be told on windows at least cortana has full access. On xbox one I do not know if this is the case. I would assume the same permissions are granted. And actually it is likely cortana was not written custom for the xbox so there would be a slim chance the ai could be key. Hehe.
(Even siri on iphone is given low level access)
Interesting stuff buddy, I think the whole reason everyone is struggling with any xb1 exploitation’s so far is that #1 it’s running basically it’s own os (yes kinda a subversion if win 10) but every time I think of it as “windows” type os it throws me a curve ball. If you want my opinion the trust zone exploit was and may be the only way to get past this consoles sand box
 

CycloneXCry

Newbie
Messages
12
Reaction score
0
Don't be so skeptic. Developers cannot know of every exploit they missed and couldn't patch. There is a vulnerability to the Xbone as with every other single piece of tech. The issue is we do not know that exploit.

Thing about exploits is they like to hide. You do not know until they are there until you push the system beyond what it can do. Developers know this but they are not perfect. You should study penetration testing buddy.

Note: I never thought I would get 8k views I was just spit balling here.
Still down to link up? because im ready for this thing to get a crack
 

NoHacksAllowed

Enthusiast
Messages
75
Reaction score
9
Still down to link up? because im ready for this thing to get a crack
I'm down to sick of thinking myswell get to work. Even if we can't hide from xbl and can't go online a retail console with full permissions is all I ask for
 
Top Bottom