Rumors surfaced a few hours ago that hackers have made major progress towards hacking the Xbox One.
The piece of news, originating from IRC EFnet lobby #xbonehack, seems to imply that hacker Iriez (known for his work on the Xbox 360) has found access to some encryption/decryption keys on the Xbox. Although he is not explicitly stating it in the IRC discussion, he hints strongly at it:
[3:49pm] <+Iriez> think of the most radical situation that could have possibly happened. The thing that would most hurt the security [3:49pm] <+Iriez> the thing that others have tried to get for other consoles and never succeeded (though they did with ps3)
I have witnessed the excitement of many console hackers in the past for wrong reasons. People who thought they had found a kernel exploit on the PSP but were only looking at the wrong data dump. People who thought they had found a major flaw on a system, only to realize it was actually their debugging tool that was having a problem. Or, very often, people getting very excited for what only represents 1% of the total amount of work to achieve.
As a result of this, I wouldn’t be so excited so soon, if I were an Xbox One owner looking to hack my device. Xbox Hacker TyDye81 (GLoader) also apparently came back to confirm there was much excitement over only a very tiny thing:
[16:07.40] <@tydye81> nah this is super old news [16:07.44] <@tydye81> to anyone with common sense [16:08.07] <@tydye81> they encrypt all the xvd files wth private key then put the public key on the console [16:08.11] <@tydye81> so only it can decrypt them [16:08.14] <@tydye81> then theres signing lol [16:08.20] <@tydye81> sure you can look at the files [16:08.28] <@tydye81> but thats been done months ago [16:08.55] <@tydye81> iriez did find something [16:09.12] <@tydye81> but hes freakin out over something I dont think he quite understands yet..
Moreover, even though these are known hackers of the xbox scene, there is of course no proof from a mere IRC log.
The full log can be found below:
[3:08pm] <Iriez> wow [3:08pm] <Iriez> wowowowowowow [3:08pm] <Iriez> I just got GREAT news for xboxone hacking [3:09pm] <+giglife> Iriez Â¦ I just got GREAT news for xboxone hacking | lets hear the big news [3:10pm] <Iriez> lets just say its already done. [3:10pm] <Iriez> games over [3:10pm] <Iriez> 🙂 [3:11pm] <herbz42o> homebrew? [3:22pm] <Iriez> *** im *** excited [3:22pm] <Iriez> There’s no beans to spill [3:23pm] <Iriez> it just…is what it is 🙂 [3:23pm] <Iriez> We will see examples within the following months….right now is the discovery phase, development must be done [3:49pm] <+Iriez> think of the most radical situation that could have possibly happened. The thing that would most hurt the security [3:49pm] <+Iriez> the thing that others have tried to get for other consoles and never succeeded (though they did with ps3) [3:49pm] <+Iriez> thats what happened [3:49pm] keys? [3:49pm] <@hordak> keys? [3:49pm] <@hordak> heh [3:49pm] * +Iriez neener neener not sayin [3:49pm] <@hordak> yes then [3:50pm] <+Iriez> well, theoretically if the keys were leaked [3:50pm] <+Iriez> IF…. [3:51pm] <+Iriez> public key is stored on cpu die [3:51pm] <+Iriez> ….. 🙂 [3:51pm] <+Iriez> new hardware would need to be rolled out [3:51pm] <+Iriez> and even then [3:51pm] oh nice [3:51pm] <+Iriez> how are they going to prevent files signed with the old key from working [3:51pm] <+Iriez> if they change their public/private pair? [3:52pm] <+Iriez> welcome to the beggining of a new age! [3:53pm] <+Iriez> xboxone full homebrew will likely be a reality in a short time [4:01pm] <+Iriez> who said anyone found the private key ? 🙂 [4:01pm] <+Blackwolf> i got that refrence kl0wn [4:01pm] so this will be the easiest hack ever than to apply. Literally just a dashboard update thats been hacked up [4:01pm] <+Blackwolf> lol [4:01pm] like the ps3 [4:01pm] <+Blackwolf> high five [4:02pm] <+Iriez> ….perhaps ; )
If anything, the statement “xboxone full homebrew will likely be a reality in a short time” sounds like a big under-estimate. Homebrew programming on any console requires to create an SDK, build tools, a community. People such as YifanLu or Fail0verflow have stated in the past that making homebrews a possibility on any console is way much more work than “just” finding exploits or vulnerabilities.
That being said, it’s always great to know that teams out there are trying to figure out more secrets about our beloved consoles 🙂
Do you own an xbox one? Are you expecting the Xbox one to get hacked?