Hacking Xbox One OS system files retrieved

  • Thread starter Deleted User
  • Start date
  • Views 15,342
  • Replies 33
D

Deleted User

Guest
OP
This has been possible from day one with the Developer Mode. Anyone can do it on both retail and Dev Mode. It's most definitely real. I may have to update the wiki but we did show and demonstrate how to do it:

https://xosft.dev/wiki/setup-dev-mode/

Read the bottom.

Also to answer this specific question: the main operating system files that are interesting are outside the system apps are more so system services, libraries and drivers.

They are not encrypted when they are mounted and accessed at runtime. This can depend on your application and user privileges and also depending on what flags the target Xbox Virtual Drive is given.
 
Last edited by ,
MeAndHax

MeAndHax

Impolite person with some modding knowledge.
Member
Level 10
Joined
Feb 7, 2017
Messages
719
Trophies
0
XP
2,037
Country
Germany
XVMM said:
This has been possible from day one with the Developer Mode. Anyone can do it on both retail and Dev Mode. It's most definitely real. I may have to update the wiki but we did show and demonstrate how to do it:

https://xosft.dev/wiki/setup-dev-mode/

Read the bottom.

Also to answer this specific question: the main operating system files that are interesting are outside the system apps are more so system services, libraries and drivers.

They are not encrypted when they are mounted and accessed at runtime. This can depend on your application and user privileges and also depending on what flags the target Xbox Virtual Drive is given.
Click to expand...
Can you replace them with other files tho? Probably not, right?
 
Last edited by MeAndHax,
hullpop

hullpop

Member
Newcomer
Level 1
Joined
Jul 30, 2020
Messages
7
Trophies
0
Age
26
XP
58
Country
United States
XVMM said:
No, any executable or any data located on a read-only mounted XVD cannot be tampered. Only temporary data. This can't be bypassed normally and would, as usual, require a much more lower-level exploit.
Click to expand...
Do you know any exploits that can bypass a read only mounted partition and make it a writable partition?
 
D

Deleted User

Guest
OP
hullpop said:
Do you know any exploits that can bypass a read only mounted partition and make it a writable partition?
Click to expand...
It's not possible. There's a "bug" within Developer Mode to trick Windows to mount another disk on the same volume but ultimately, there's nothing. Again, without any low-level exploit you can't.
 
hullpop

hullpop

Member
Newcomer
Level 1
Joined
Jul 30, 2020
Messages
7
Trophies
0
Age
26
XP
58
Country
United States
XVMM said:
It's not possible. There's a "bug" within Developer Mode to trick Windows to mount another disk on the same volume but ultimately, there's nothing. Again, without any low-level exploit you can't.
Click to expand...
Have you looked tho any of the files yet maybe you can find something wait does this mean dev mode is not sandbox?
 
hullpop

hullpop

Member
Newcomer
Level 1
Joined
Jul 30, 2020
Messages
7
Trophies
0
Age
26
XP
58
Country
United States
XVMM said:
It's not possible. There's a "bug" within Developer Mode to trick Windows to mount another disk on the same volume but ultimately, there's nothing. Again, without any low-level exploit you can't.
Click to expand...
and one more thing there maybe a vulnerability in the hardware that might allow you to flash files but I think that is unlikely especially if it's unsigned code.
 
D

Deleted User

Guest
OP
hullpop said:
Have you looked tho any of the files yet maybe you can find something wait does this mean dev mode is not sandbox?
Click to expand...
I've been reversing a lot of the OS when I can and sometimes I might come across a couple minor exploits but it's difficult to pull off in retail scenarios. Also, Developer Mode is essentially sandboxed. While it can use the same host, system and game OS XVD's, they use a separate set of other XVD's for storing other temporary data. Sure, it's a little bit more open but it also has certain limited capabilities - even more so limited in retail except certain scenarios.

hullpop said:
and one more thing there maybe a vulnerability in the hardware that might allow you to flash files but I think that is unlikely especially if it's unsigned code.
Click to expand...
You can modify your flash but there are certain critical, encrypted and signed data such as: host.xvd, system,xvd, boot.bin and more. Some files are readable and some are not.
 
hullpop

hullpop

Member
Newcomer
Level 1
Joined
Jul 30, 2020
Messages
7
Trophies
0
Age
26
XP
58
Country
United States
XVMM said:
I've been reversing a lot of the OS when I can and sometimes I might come across a couple minor exploits but it's difficult to pull off in retail scenarios. Also, Developer Mode is essentially sandboxed. While it can use the same host, system and game OS XVD's, they use a separate set of other XVD's for storing other temporary data. Sure, it's a little bit more open but it also has certain limited capabilities - even more so limited in retail except certain scenarios.


You can modify your flash but there are certain critical, encrypted and signed data such as: host.xvd, system,xvd, boot.bin and more. Some files are readable and some are not.
Click to expand...
Try to find a buffer overflow exploit best case scenario in my opinion.

--------------------- MERGED ---------------------------

XVMM said:
I've been reversing a lot of the OS when I can and sometimes I might come across a couple minor exploits but it's difficult to pull off in retail scenarios. Also, Developer Mode is essentially sandboxed. While it can use the same host, system and game OS XVD's, they use a separate set of other XVD's for storing other temporary data. Sure, it's a little bit more open but it also has certain limited capabilities - even more so limited in retail except certain scenarios.


You can modify your flash but there are certain critical, encrypted and signed data such as: host.xvd, system,xvd, boot.bin and more. Some files are readable and some are not.
Click to expand...
Maybe you can dump the hypervisor sorry if I don't know what I'm talking about but I'm only use to the ps3 system I was one of the first ones to flash a patched nand to my ps3 system.

Is the kernel readable?
 
Last edited by hullpop,
D

Deleted User

Guest
OP
hullpop said:
Try to find a buffer overflow exploit best case scenario in my opinion.
Click to expand...
It's not quite as simple. Even with execution in System OS, you now have to find another exploit in Host. Even then, it becomes more diluted.
 
  • Like
Reactions: hullpop
T

trav57

New Member
Newbie
Level 1
Joined
Aug 5, 2021
Messages
3
Trophies
0
Age
30
XP
33
Country
United States
so im trying to get my xbox working again, and if you still have these files can you upload them again?
links are dead, sorry for necro post
 
NotStupidAhaAha

NotStupidAhaAha

Well-Known Member
Member
Level 3
Joined
Jun 1, 2023
Messages
104
Trophies
0
XP
358
Country
United Kingdom
Deleted User said:
--------------------- MERGED ---------------------------


DM me on Discord, I can give you everything. X86#0001
Click to expand...
Pretty sure the mods edited that. #0001???
For some reason, I'm wondering if deleted users... might have been forced to by Microsoft.
Post automatically merged:

trav57 said:
so im trying to get my xbox working again, and if you still have these files can you upload them again?
links are dead, sorry for necro post
Click to expand...
Use https://store.rg-adguard.net/ with the CategoryID if you're still interested. This thread is an interesting find, and also sorry for necrooing
 

Site & Scene News

Go to forum More news

Popular threads in this forum

XBOX One S Power On and then Off Q9F2

Xbox one fat original - help HDD replacement

Xbox One/Series dumping exploit AND Xbox One hardware-level exploit discovered!

General chit-chat
Help Users
  • No one is chatting at the moment.
  • Quincy @ Quincy:
    Usually when such a big title leaks the Temp will be the first to report about it (going off of historical reports here, Pokemon SV being the latest one I can recall seeing pop up here)
  • K3Nv2 @ K3Nv2:
    I still like how a freaking mp3 file hacks webos all that security defeated by text yet again
  • BigOnYa @ BigOnYa:
    They have simulators for everything nowdays, cray cray. How about a sim that shows you playing the Switch.
  • K3Nv2 @ K3Nv2:
    That's called yuzu
     +1
  • K3Nv2 @ K3Nv2:
    https://www.verizon.com/home/intern...0a82b82a&vendorid=CJM&PID=552179&AID=11365093 can I cancel and keep the switch lol
     +1
  • BigOnYa @ BigOnYa:
    I want a 120hz 4k tv but crazy how more expensive the 120hz over the 60hz are. Or even more crazy is the price of 8k's.
  • K3Nv2 @ K3Nv2:
    No real point since movies are 30fps
  • BigOnYa @ BigOnYa:
    Not a big movie buff, more of a gamer tbh. And Series X is 120hz 8k ready, but yea only 120hz 4k games out right now, but thinking of in the future.
  • K3Nv2 @ K3Nv2:
    Mostly why you never see TV manufacturers going post 60hz
  • BigOnYa @ BigOnYa:
    I only watch tv when i goto bed, it puts me to sleep, and I have a nas drive filled w my fav shows so i can watch them in order, commercial free. I usually watch Married w Children, or South Park
  • K3Nv2 @ K3Nv2:
    Stremio ruined my need for nas
  • BigOnYa @ BigOnYa:
    I stream from Nas to firestick, one on every tv, and use Kodi. I'm happy w it, plays everything. (I pirate/torrent shows/movies on pc, and put on nas)
  • K3Nv2 @ K3Nv2:
    Kodi repost are still pretty popular
  • BigOnYa @ BigOnYa:
    What the hell is Kodi reposts? what do you mean, or "Wut?" -xdqwerty
  • K3Nv2 @ K3Nv2:
    Google them basically web crawlers to movie sites
  • BigOnYa @ BigOnYa:
    oh you mean the 3rd party apps on Kodi, yea i know what you mean, yea there are still a few cool ones, in fact watched the new planet of the apes movie other night w wifey thru one, was good pic surprisingly, not a cam
  • K3Nv2 @ K3Nv2:
    https://www.aliexpress.us/item/3256...acdffdfd18f8a017742186da306980d9cf365d&gclid= lol ali
     +1
  • BigOnYa @ BigOnYa:
    Damn, only $2.06 and free shipping. Gotta cost more for them to ship than $2.06
     +1
  • BigOnYa @ BigOnYa:
    I got my Dad a firestick for Xmas and showed him those 3rd party sites on Kodi, he loves it, all he watches anymore. He said he has got 3 letters from AT&T already about pirating, but he says f them, let them shut my internet off (He wants out of his AT&T contract anyways)
  • K3Nv2 @ K3Nv2:
    That's where stremio comes to play never got a letter about it
  • BigOnYa @ BigOnYa:
    I just use a VPN, even give him my login and password so can use it also, and he refuses, he's funny.
  • BigOnYa @ BigOnYa:
    I had to find and get him an old style flip phone even without text, cause thats what he wanted. No text, no internet, only phone calls. Old, old school.
  • K3Nv2 @ K3Nv2:
    https://youtu.be/z9E_uv5IT-o?si=0qMdVEnRK8mmclzS
  • K3Nv2 @ K3Nv2:
    @BigOnYa, https://m.youtube.com/watch?v=qRJog...com/&source_ve_path=MjM4NTE&feature=emb_title
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    @BigOnYa, Lol I bought a new USB card reader thing on AliExpress last month for I think like 87 cents. Free shipping from China... It arrived it works and honestly I don't understand how it was so cheap.
     +1
    Psionic Roshambo @ Psionic Roshambo: @BigOnYa, Lol I bought a new USB card reader thing on AliExpress last month for I think like 87... +1