Discussion Xbox one windows exploit

Status
Not open for further replies.

Sketch

Enthusiast
Messages
524
Reaction score
475
basically going on edge and visiting a java drive by site which can exectue scripts once the user visits the page.

if you need more information i suggest checking this link out.

with a shell exploit you can escalate privlages easily
 

interesting. i would like to see the system os and seeing that the xbox has a task manager im almost possible a shell exploit could work but from what im reading it seems alot depends on privileges and bios sequence
It doesn't use the standard Windows rendering that we know (Chrome bar with min, max an close buttons, title, etc) and is run under a custom shell that hosts every application under it (this is how we get overlays, guide popup, notifications is because **** is hosted under XboxUI (Shell)).

>bios sequence
Scratch that off completely. Maybe reword needed.

>shell exploit could work
While schitzo was kinda right about existing exploits not carrying over, they generally just need ported. But again, I can't go into too much detail since that goes into a grey area for me. I can say though that it's a lot of work and you need to have experience with Windows internals, browser exploitation and more. I've still not grasped everything.
 

Lipton01

Enthusiast
Messages
92
Reaction score
18
It doesn't use the standard Windows rendering that we know (Chrome bar with min, max an close buttons, title, etc) and is run under a custom shell that hosts every application under it (this is how we get overlays, guide popup, notifications is because **** is hosted under XboxUI (Shell)).

>bios sequence
Scratch that off completely. Maybe reword needed.

>shell exploit could work
While schitzo was kinda right about existing exploits not carrying over, they generally just need ported. But again, I can't go into too much detail since that goes into a grey area for me. I can say though that it's a lot of work and you need to have experience with Windows internals, browser exploitation and more. I've still not grasped everything.
as far as the console mapping goes, ill leave that to you but browser exploits etc you know thats me i used to exploit linux boxes and php boxes all the time
 

Lipton01

Enthusiast
Messages
92
Reaction score
18
after weeks of debugging and going through consoles an exploit on the console has been found
 

schitzotm

Contributor
Messages
2,113
Reaction score
2,151
Nothing because it's non-existent :smile:
How do we get from asking if a rat will work on a xbone on august 26th to “after weeks of debugging” having a functional exploit? Oh wait... I already know. He doesnt.

Out of the two edge exploits I never escalated permissions. Did you? Im not sure anyone did.
From what I can tell making it out of any of the apps will require an exterior exploit being ran when the app begins to load.

If the OP has a functional exploit good for him. (Highly unlikely)
 

Sketch

Enthusiast
Messages
524
Reaction score
475
How do we get from asking if a rat will work on a xbone on august 26th to “after weeks of debugging” having a functional exploit? Oh wait... I already know. He doesnt.

Out of the two edge exploits I never escalated permissions. Did you? Im not sure anyone did.
From what I can tell making it out of any of the apps will require an exterior exploit being ran when the app begins to load.

If the OP has a functional exploit good for him. (Highly unlikely)
Nope. I mean, you could utilise [redacted] to elevate in Edge / run out of process (any process as well) due to the severe... bugs in certain implementations that has been present since Windows 2000. But no, the claim was made that he could interact with the hypervisor which of course to anyone who understands the consoles OS architecture will raise eyebrows.
 

schitzotm

Contributor
Messages
2,113
Reaction score
2,151
Nope. I mean, you could utilise [redacted] to elevate in Edge / run out of process (any process as well) due to the severe... bugs in certain implementations that has been present since Windows 2000. But no, the claim was made that he could interact with the hypervisor which of course to anyone who understands the consoles OS architecture will raise eyebrows.
Doing some research on this type of escalation and starting to see some prior hv exploits that functioned in windows as late as 2018. Also found some on breaking out of vm. It looks as though many techniques were used for credit card theft and stealing info from servers. Also looks like many that know these exploits to their fullest are spending time in a federal prison. They were also working with a regular windows os and not a custom variant.
They all have the same thing in common though. They are changing a function for a com port. I am not certain yet if this is just for access after the poison though. (Likely is since it seems this is how they maintained access after the breach)
In the hv exploit they seemed to actually force a security exploit that the hv will shut down in order to exploit it.
So I guess if someone had enough knowledge and time they might actually be able to leap from the userland and control the hv. But I would doubt it would be as simple as debugging for a couple weeks. Hehe
 

Lipton01

Enthusiast
Messages
92
Reaction score
18
Let me clear some things up here.

I’m an investor with a team who’s currently reversing the Xbox one . Seeing that the sdk was leaked it doesn’t take a rocket scientist to learn about the console(or does it) when it comes to people like sketch and this other kid who I’ve never heard of understand that none of us are working alone. There’s been multiple exploits found. On the console. But due to Microsoft’s exploit submission page a lot of people have sold out instead of releasing things for the community . I mean what would you do ? Unlike a lot of people in this community I still care about the future of this scene and has since heavily invested into it. So when you have regular people who doesn’t get enough attention in they’re daily lives they keep things from others and try to seem cool because they have something no body else doesn’t. Big woop . Now in terms of the exploit there are MANY things you can do to create an exploit but your going to need a console that was released 2012-2013 the console is vulnerable to timed attacks or glitching, there’s also save game exploits like in the original King Kong of the Xbox . I don’t care what anyone else says I’ll do my own reasearch and fund my devs with as many xboxes they need to get somewhere .
 
Oh and by the way anyone who knows me knows I used to root windows and Linux boxes if there’s one thing I can read it’s sysinst. Lrn2elevatefromsandboxusingphpnerd
 

ddxcb

Contributor
Messages
1,647
Reaction score
311
Now in terms of the exploit there are MANY things you can do to create an exploit but your going to need a console that was released 2012-2013 the console is vulnerable to timed attacks or glitching, there’s also save game exploits like in the original King Kong of the Xbox .
What in the hell did I just read, this just proves you don't know what the hell you are talking about.
 

jezza3813

Enthusiast
Messages
55
Reaction score
14
What in the hell did I just read, this just proves you don't know what the hell you are talking about.
I swear he is talking nonsense a console from 2012-2013 the Xbox one wasn't even released in 2012 and glitching and timing I think he talking about rgh and the xbox360 he has no clue what his saying
 

schitzotm

Contributor
Messages
2,113
Reaction score
2,151
I swear he is talking nonsense a console from 2012-2013 the Xbox one wasn't even released in 2012 and glitching and timing I think he talking about rgh and the xbox360 he has no clue what his saying
Well... he isnt wrong about a timing attack. The console can be soft reset as well. Im not sure how useful it would be though. Also not sure if anything could even be loaded as a result of it either. Pretty much anything running a hypervisor can be reset glitched. But I don’t think there is a vulnerability there.
BTW I have two xbox one original consoles that have a manufacture date in 2012.
I didnt get them until november of 13 though.
All that said I dont think anything he has said is close to true. I mean with all his experience and everything he was asking how to root an android. One would think that someone with his “ability” would know how to use google at least. Hehe
 

Lipton01

Enthusiast
Messages
92
Reaction score
18
Well... he isnt wrong about a timing attack. The console can be soft reset as well. Im not sure how useful it would be though. Also not sure if anything could even be loaded as a result of it either. Pretty much anything running a hypervisor can be reset glitched. But I don’t think there is a vulnerability there.
BTW I have two xbox one original consoles that have a manufacture date in 2012.
I didnt get them until november of 13 though.
All that said I dont think anything he has said is close to true. I mean with all his experience and everything he was asking how to root an android. One would think that someone with his “ability” would know how to use google at least. Hehe
I’m off a tab rn and I just wanted to let you know uou’re A nerd. I don’t do mobile hacking yet alone google it lol , I literally have an exploit running on a windows 8 Xbox it’s not connected to live and it allows me to execute custom code . The exploit needs to be modified to gain more permissions from the host os
 

jezza3813

Enthusiast
Messages
55
Reaction score
14
I’m off a tab rn and I just wanted to let you know uou’re A nerd. I don’t do mobile hacking yet alone google it lol , I literally have an exploit running on a windows 8 Xbox it’s not connected to live and it allows me to execute custom code . The exploit needs to be modified to gain more permissions from the host os
Proof or not real lol
 

Lipton01

Enthusiast
Messages
92
Reaction score
18
Update.

A software exploit is possible to execute custom code some drivers are encrypted but are some vulns in a few drivers. Not too sure what to do for the hardware exploit as I’m not familiar with the board, but the hardware exploit is needed as sort as an attack to null some security features but even then Microsoft wasn’t playing when it came to locking this console down. But
Messed up hosting the console on windows os instead of a custom os like ps. There’s also a lot of fun things you can do in dev mode and you can escalate user privileges and use root. With that being said the system is exploitable. More so of doing things a regular console can’t etc etc but as far as modding games goes. Save games and player data editing seems the best way to go . Vantage was great but rushed
 

jezza3813

Enthusiast
Messages
55
Reaction score
14
Update.

A software exploit is possible to execute custom code some drivers are encrypted but are some vulns in a few drivers. Not too sure what to do for the hardware exploit as I’m not familiar with the board, but the hardware exploit is needed as sort as an attack to null some security features but even then Microsoft wasn’t playing when it came to locking this console down. But
Messed up hosting the console on windows os instead of a custom os like ps. There’s also a lot of fun things you can do in dev mode and you can escalate user privileges and use root. With that being said the system is exploitable. More so of doing things a regular console can’t etc etc but as far as modding games goes. Save games and player data editing seems the best way to go . Vantage was great but rushed
We have known about dev mode and the escalated privileges, and the more other features in dev mode. You said something about save game modding how are you planning on doing this/what kind of exploit and are you going to use.
 

schitzotm

Contributor
Messages
2,113
Reaction score
2,151
Update.

A software exploit is possible to execute custom code some drivers are encrypted but are some vulns in a few drivers. Not too sure what to do for the hardware exploit as I’m not familiar with the board, but the hardware exploit is needed as sort as an attack to null some security features but even then Microsoft wasn’t playing when it came to locking this console down. But
Messed up hosting the console on windows os instead of a custom os like ps. There’s also a lot of fun things you can do in dev mode and you can escalate user privileges and use root. With that being said the system is exploitable. More so of doing things a regular console can’t etc etc but as far as modding games goes. Save games and player data editing seems the best way to go . Vantage was great but rushed
Huh?
I would buy this. But, have a few questions first. 1: how are you getting the key for boot? 2: what part of the bootloader are we resetting? 3: how are we pointing it to our mmc?
(I already know these answers and I know this is the only way in.)
4: (this is where we are stuck) how are you hiding it from being noticed on xbl?
For that matter what are you glitching and resetting? What are you connecting to?

BTW Vantage was horrible. Pointing the cloud save to remote server to edit and push along is a horrible idea. You need pc level editing. And for that you need decrypted saves. And for that you need keys.
And as far as modding games goes RTM is always the best way.

And microsoft didn't mess up using windows. The ps scene has working mods. And if you know the right people you know they have online at current firmware exploits.
The use of windows and a hyper v has been what has made huge hurdles to overcome. The fact the keys from the secure processor don't just dump to memory has made it even more difficult. (sony console will dump the keys in memory).
 
Status
Not open for further replies.
Top Bottom