Modder Discovered Kernel-Level Exploit in Xbox One Consoles
10 June 2024 at 19:18
'Game Script' Xbox Console Kernel-Level Exploit
carrot_c4k3, the individual behind the discovery, disclosed on X that the exploit, which is not a jailbreak, works against the System OS software that exists on newer Xbox consoles such as the Xbox One. System OS exists to enable developers to run a wide variety of applications on these consoles through the use of virtualization technology. Applications downloaded from the Microsoft Store run on this layer. Xbox users can typically gain access to this environment by enabling developer mode on their consoles. However, carrot_c4k3 stated that while the exploit allows full control over vm homebrews on retail Xbox, it did not enable the use of pirated software upon usage. The method currently relies on the Game Script UWA application available on the Microsoft Store, which allows users to run and execute custom languages on the devices. The exploit consists of two components:- User mode: Initial steps where the user gains native code execution in the context of UWP (Microsoft Store) applications.
- Kernel exploit: In this step the user exploits a Kernel vulnerability on these devices to gain full read/write permissions, which would then enable them to elevate the privileges of a particular running process.
Exploit Might Have Been Patched In Newer Xbox Firmware Versions
A set of steps to be performed for the hack was shared on the Xbox One Research Github page:The page states that the exploit is "likely to be patched soon (in next System Update)." A thread on GBAtemp.net, a forum for discussing various video game platforms, stated that the latest firmware update for the Xbox One console has reportedly already patched the exploit, making the firmware 10.0.25398.4478 the last exploitable version. While the full consequences of this exploit and the one that will be shared are unknown, it highlights the interest that console players have in bypassing manufacturer-intended device limits. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
- Ensure your Xbox Live account Login-Type is configured as βNo barriersβ aka. auto-login with no password prompt
- Set your console as βHome Consoleβ for this account
- Download the App Game Script
- Start the app (to ensure license is downloaded/cached)
- Take your console offline! To make extra sure it cannot reach the internet, set a manual primary DNS address of 127.0.0.1
- Get a device/microcontroller that can simulate a Keyboard (rubber ducky or similar) - otherwise you have to type a lot manually :D