Discussion Xbox one windows exploit

Discussion in 'Xbox One Modding' started by Lipton01, Aug 26, 2019 with 38 replies and 4,287 views.

Thread Status:
Not open for further replies.
  1. Sketch

    Sketch Enthusiast

    Messages:
    696
    Ratings:
    316
    It doesn't use the standard Windows rendering that we know (Chrome bar with min, max an close buttons, title, etc) and is run under a custom shell that hosts every application under it (this is how we get overlays, guide popup, notifications is because **** is hosted under XboxUI (Shell)).

    >bios sequence
    Scratch that off completely. Maybe reword needed.

    >shell exploit could work
    While schitzo was kinda right about existing exploits not carrying over, they generally just need ported. But again, I can't go into too much detail since that goes into a grey area for me. I can say though that it's a lot of work and you need to have experience with Windows internals, browser exploitation and more. I've still not grasped everything.
     
  2. OP
    Lipton01

    Lipton01 Enthusiast

    Messages:
    91
    Ratings:
    12
    as far as the console mapping goes, ill leave that to you but browser exploits etc you know thats me i used to exploit linux boxes and php boxes all the time
     
  3. OP
    Lipton01

    Lipton01 Enthusiast

    Messages:
    91
    Ratings:
    12
    after weeks of debugging and going through consoles an exploit on the console has been found
     
  4. Name1514

    Name1514 Newbie

    Messages:
    3
    Ratings:
    1
    Epic : ) do you know what's possible with it?
     
  5. Sketch

    Sketch Enthusiast

    Messages:
    696
    Ratings:
    316
    Nothing because it's non-existent :smile:
     
    • Like Like x 3
  6. Name1514

    Name1514 Newbie

    Messages:
    3
    Ratings:
    1
    Nice : )
     
  7. schitzotm

    schitzotm Contributor

    Messages:
    2,116
    Ratings:
    1,882
    How do we get from asking if a rat will work on a xbone on august 26th to “after weeks of debugging” having a functional exploit? Oh wait... I already know. He doesnt.

    Out of the two edge exploits I never escalated permissions. Did you? Im not sure anyone did.
    From what I can tell making it out of any of the apps will require an exterior exploit being ran when the app begins to load.

    If the OP has a functional exploit good for him. (Highly unlikely)
     
    • Like Like x 1
  8. Sketch

    Sketch Enthusiast

    Messages:
    696
    Ratings:
    316
    Nope. I mean, you could utilise [redacted] to elevate in Edge / run out of process (any process as well) due to the severe... bugs in certain implementations that has been present since Windows 2000. But no, the claim was made that he could interact with the hypervisor which of course to anyone who understands the consoles OS architecture will raise eyebrows.
     
    • Like Like x 1
  9. schitzotm

    schitzotm Contributor

    Messages:
    2,116
    Ratings:
    1,882
    Doing some research on this type of escalation and starting to see some prior hv exploits that functioned in windows as late as 2018. Also found some on breaking out of vm. It looks as though many techniques were used for credit card theft and stealing info from servers. Also looks like many that know these exploits to their fullest are spending time in a federal prison. They were also working with a regular windows os and not a custom variant.
    They all have the same thing in common though. They are changing a function for a com port. I am not certain yet if this is just for access after the poison though. (Likely is since it seems this is how they maintained access after the breach)
    In the hv exploit they seemed to actually force a security exploit that the hv will shut down in order to exploit it.
    So I guess if someone had enough knowledge and time they might actually be able to leap from the userland and control the hv. But I would doubt it would be as simple as debugging for a couple weeks. Hehe
     
  10. OP
    Lipton01

    Lipton01 Enthusiast

    Messages:
    91
    Ratings:
    12
    Let me clear some things up here.

    I’m an investor with a team who’s currently reversing the Xbox one . Seeing that the sdk was leaked it doesn’t take a rocket scientist to learn about the console(or does it) when it comes to people like sketch and this other kid who I’ve never heard of understand that none of us are working alone. There’s been multiple exploits found. On the console. But due to Microsoft’s exploit submission page a lot of people have sold out instead of releasing things for the community . I mean what would you do ? Unlike a lot of people in this community I still care about the future of this scene and has since heavily invested into it. So when you have regular people who doesn’t get enough attention in they’re daily lives they keep things from others and try to seem cool because they have something no body else doesn’t. Big woop . Now in terms of the exploit there are MANY things you can do to create an exploit but your going to need a console that was released 2012-2013 the console is vulnerable to timed attacks or glitching, there’s also save game exploits like in the original King Kong of the Xbox . I don’t care what anyone else says I’ll do my own reasearch and fund my devs with as many xboxes they need to get somewhere .
    [doublepost=1567617761][/doublepost]Oh and by the way anyone who knows me knows I used to root windows and Linux boxes if there’s one thing I can read it’s sysinst. Lrn2elevatefromsandboxusingphpnerd
     
  11. ddxcb

    ddxcb Contributor

    Messages:
    1,654
    Ratings:
    266
    What in the hell did I just read, this just proves you don't know what the hell you are talking about.
     
    • Like Like x 2
  12. jezza3813

    jezza3813 Enthusiast

    Messages:
    53
    Ratings:
    7
    I swear he is talking nonsense a console from 2012-2013 the Xbox one wasn't even released in 2012 and glitching and timing I think he talking about rgh and the xbox360 he has no clue what his saying
     
  13. schitzotm

    schitzotm Contributor

    Messages:
    2,116
    Ratings:
    1,882
    Well... he isnt wrong about a timing attack. The console can be soft reset as well. Im not sure how useful it would be though. Also not sure if anything could even be loaded as a result of it either. Pretty much anything running a hypervisor can be reset glitched. But I don’t think there is a vulnerability there.
    BTW I have two xbox one original consoles that have a manufacture date in 2012.
    I didnt get them until november of 13 though.
    All that said I dont think anything he has said is close to true. I mean with all his experience and everything he was asking how to root an android. One would think that someone with his “ability” would know how to use google at least. Hehe
     
    • Like Like x 1
  14. OP
    Lipton01

    Lipton01 Enthusiast

    Messages:
    91
    Ratings:
    12
    I’m off a tab rn and I just wanted to let you know uou’re A nerd. I don’t do mobile hacking yet alone google it lol , I literally have an exploit running on a windows 8 Xbox it’s not connected to live and it allows me to execute custom code . The exploit needs to be modified to gain more permissions from the host os
     
  15. jezza3813

    jezza3813 Enthusiast

    Messages:
    53
    Ratings:
    7
    Proof or not real lol
     
    • Like Like x 1
  16. OP
    Lipton01

    Lipton01 Enthusiast

    Messages:
    91
    Ratings:
    12
    Update.

    A software exploit is possible to execute custom code some drivers are encrypted but are some vulns in a few drivers. Not too sure what to do for the hardware exploit as I’m not familiar with the board, but the hardware exploit is needed as sort as an attack to null some security features but even then Microsoft wasn’t playing when it came to locking this console down. But
    Messed up hosting the console on windows os instead of a custom os like ps. There’s also a lot of fun things you can do in dev mode and you can escalate user privileges and use root. With that being said the system is exploitable. More so of doing things a regular console can’t etc etc but as far as modding games goes. Save games and player data editing seems the best way to go . Vantage was great but rushed
     
  17. jezza3813

    jezza3813 Enthusiast

    Messages:
    53
    Ratings:
    7
    We have known about dev mode and the escalated privileges, and the more other features in dev mode. You said something about save game modding how are you planning on doing this/what kind of exploit and are you going to use.
     
  18. schitzotm

    schitzotm Contributor

    Messages:
    2,116
    Ratings:
    1,882
    Huh?
    I would buy this. But, have a few questions first. 1: how are you getting the key for boot? 2: what part of the bootloader are we resetting? 3: how are we pointing it to our mmc?
    (I already know these answers and I know this is the only way in.)
    4: (this is where we are stuck) how are you hiding it from being noticed on xbl?
    For that matter what are you glitching and resetting? What are you connecting to?

    BTW Vantage was horrible. Pointing the cloud save to remote server to edit and push along is a horrible idea. You need pc level editing. And for that you need decrypted saves. And for that you need keys.
    And as far as modding games goes RTM is always the best way.

    And microsoft didn't mess up using windows. The ps scene has working mods. And if you know the right people you know they have online at current firmware exploits.
    The use of windows and a hyper v has been what has made huge hurdles to overcome. The fact the keys from the secure processor don't just dump to memory has made it even more difficult. (sony console will dump the keys in memory).
     
  19. Cakes

    Cakes !doge Administrator

    Messages:
    20,714
    Ratings:
    17,798
     

Share This Page

Thread Status:
Not open for further replies.