(chep game ) XBox One is getting a (software-based) kernel exploit

admin

More than decade after its release, the XBox One is apparently getting an exploit, based on a proof of concept by hacker Carrot_c4k3.

I’m certainly no expert on the XBox One, let alone its security aspects, but as I understand this would be the first public exploit ever to grant kernel/root access on retail, and not from Development mode (correct me if wrong). Hackers on the XBox One Research wiki are warning that the exploit will get (or might already have been) patched with future firmware updates of the console.

There are specific steps you need to follow in order to run the upcoming hack: in particular, you need to download and install the Game Script App, but then need to make sure you don’t update your console beyond the vulnerable firmware (which is apparently 10.0.25398.4478). It appears anyone who updated in the past 24h is already out of luck, but don’t quote me on this.

https://platform.twitter.com/embed/Tweet.html?creatorScreenName=frwololo&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1799563058869612592&lang=en&origin=https%3A%2F%2Fwololo.net%2F2024%2F06%2F10%2Fxbox-one-is-getting-a-software-based-kernel-exploit-but-latest-firmware-update-probably-patched-it-already%2F&sessionId=e0a6b9680455bfef4a352c2c7da46d5eeb107d13&siteScreenName=frwololo&theme=light&widgetsVersion=2615f7e52b7e0%3A1702314776716&width=550px

Specifically (source):

Notice for users who would like code execution in SystemOS in the future
On 2024/06/08 a method for gaining user- and kernel-level code execution SystemOS was announced. It is likely to be patched soon (in next System Update).

To prepare, do the following:

  1. Ensure your Xbox Live account Login-Type is configured as “No barriers” aka. auto-login with no password prompt
  2. Set your console as “Home Console” for this account
  3. Download the App Game Script
  4. Start the app (to ensure license is downloaded/cached)
  5. Take your console offline! To make extra sure it cannot reach the internet, set a manual primary DNS address of 127.0.0.1
  6. Get a device/microcontroller that can simulate a Keyboard (rubber ducky or similar) – otherwise you have to type a lot manually 

Youtuber Michael Crump has a video showcasing the process (of getting his console ready for the exploit) here:

https://youtube.com/watch?v=MxJr586K5uo%3Fversion%3D3%26rel%3D1%26showsearch%3D0%26showinfo%3D1%26iv_load_policy%3D1%26fs%3D1%26hl%3Den-US%26autohide%3D2%26wmode%3Dtransparent

There’s been quite some activity on Xbox One over the past few weeks, with game dumps having apparently become a possibility recently, Hacker torusHyperV open-sourcing some of their repair boards, and hardware exploits being hinted as well:

https://platform.twitter.com/embed/Tweet.html?creatorScreenName=frwololo&dnt=false&embedId=twitter-widget-1&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1789845232382517330&lang=en&origin=https%3A%2F%2Fwololo.net%2F2024%2F06%2F10%2Fxbox-one-is-getting-a-software-based-kernel-exploit-but-latest-firmware-update-probably-patched-it-already%2F&sessionId=e0a6b9680455bfef4a352c2c7da46d5eeb107d13&siteScreenName=frwololo&theme=light&widgetsVersion=2615f7e52b7e0%3A1702314776716&width=550px

What we know about the upcoming Xbox One hack so far

June 11, 2024

Xbox One hack: Xbox One Exploit Proof of Concept released, based on Chakra exploit (unconfirmed)

March 31, 2017

PS5 Jailbreak – The Status in 2023

May 4, 2023

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *