XBox One is getting a (software-based) kernel exploit. But latest firmware update might patch it
More than decade after its release, the XBox One is apparently getting an exploit, based on a proof of concept by hacker Carrot_c4k3.
I’m certainly no expert on the XBox One, let alone its security aspects, but as I understand this would be the first public exploit ever to grant kernel/root access on retail, and not from Development mode (correct me if wrong). Hackers on the XBox One Research wiki are warning that the exploit will get (or might already have been) patched with future firmware updates of the console.
There are specific steps you need to follow in order to run the upcoming hack: in particular, you need to download and install the Game Script App, but then need to make sure you don’t update your console beyond the vulnerable firmware (which is apparently 10.0.25398.4478). It appears anyone who updated in the past 24h is already out of luck, but don’t quote me on this.
Hello everynyan!
You might want to update your Xbox One to the latest OS update now!— Torus (@TorusHyperV) June 8, 2024
Specifically (source):
Notice for users who would like code execution in SystemOS in the future
On 2024/06/08 a method for gaining user- and kernel-level code execution SystemOS was announced. It is likely to be patched soon (in next System Update).To prepare, do the following:
- Ensure your Xbox Live account Login-Type is configured as “No barriers” aka. auto-login with no password prompt
- Set your console as “Home Console” for this account
- Download the App Game Script
- Start the app (to ensure license is downloaded/cached)
- Take your console offline! To make extra sure it cannot reach the internet, set a manual primary DNS address of
127.0.0.1- Get a device/microcontroller that can simulate a Keyboard (rubber ducky or similar) – otherwise you have to type a lot manually 😀
Youtuber Michael Crump has a video showcasing the process (of getting his console ready for the exploit) here:
There’s been quite some activity on Xbox One over the past few weeks, with game dumps having apparently become a possibility recently, Hacker torusHyperV open-sourcing some of their repair boards, and hardware exploits being hinted as well:
user doom over at obscure gamers discord managed to get code execution on xbox one’s bootrom (0SP) before anything (keys included) is loaded pic.twitter.com/jkjk0AOfqE
— Jose Coixao (@notnotzecoxao) May 13, 2024
Oh sweet. I’ll wait a bit longer for this to mature a tad, but my XBone hasn’t been updated (or played) in years. Might actually start using it again!
Will this work on all Variants? Xbox One X/S/OG?
Dang! I am on 10.0.25398.4908 (xb_flt_2406zb.240606-1530) just now! hoping it still isn’t too late
You might be able to revert, if you’re on the beta program (insider program?)
thanks! i indeed was enrolled at the insider program. i un-enrolled and after my console was restarted and reset, a mandatory update promted that allowed me to revert to 10.0.25398.4478 and redo everything in the instruction.
You’re on insider, you still have time to revert and set the exploit up (follow the steps, no barriers, main home console, get the app and launch it once etc)
X-bone finally gets an exploit, doesn’t change the fact that x-bot is dead
My old XBone hasn’t been turned on since 2 or 3 years so this might be exciting! Though I kind of find the Xbox One to be kind of the most boring Xbox in existence and I’m not sure what I would do with a Jailbroken one TBH.
Is there any way to do offline updates like on the PS4? Can I even connect to the app store to download the game script app without updating my system I wonder?
Yes it seems you can update offline, see: https://support.xbox.com/en-US/help/hardware-network/console/offline-system-update
The offline updates didn’t work, the troubleshooter just didn’t want to update my Xbox. After restarting the Xbox the settings were also reset and it forced me to update my OS. Just when it was about to start updating I pulled the network plug and it then displayed a failed message and showed me the current OS version and the target OS version which was very convenient as it said 10.0.25398.4478 on the target version, so I could update without worrying.
The Game Script app with the PoC script also worked, so my Xbone is ready for hacking!
Would you still have the download link for OSU1.zip of release 10.0.25398.4478?
is it possible to access the store/download the app if the console does not have the latest update installed?
I believe the answer is no.
thanks. I will download the app then asap and thanks for the clarification/follow-up blog post
I was about the buy one, but it appears it’s already been patched.
It was nice for the 5 minutes it lasted.
Not patched yet except for people who are on the beta (they can opt out in order to revert to the “good” firmware)
Patched? I don’t see where it’s patched
For now this method here worked for me:
If you are on a 4908 firmware, you may want to enroll into the Xbox Insider Program using the Xbox Insider Hub, then leave the program and close the account using the settings of the Hub app. Now you should be able to update the console, which results in a 5gig download. It also factory resets the console, so you’ll have to sign back into your account afterwards.
Then you should be on the correct firmware and able to follow the rest of the tutorial. However, I obviously cannot say for how long this will work.
I believe the only people on higher firmware are those on the insider preview program at this time they can still leave the program and update to 4478.
There actually is a way to offline update here: https://support.xbox.com/en-US/help/hardware-network/console/offline-system-update
I’m not sure if these offline updates contain version 10.0.25398.4478 though, but there haven’t been any listed OS updates newer than 10.0.25398.4478 so we may have some luck: https://support.xbox.com/en-US/help/hardware-network/settings-updates/whats-new-xbox-one-system-updates
Also it is possible to get some older OSU1.zip files using the wayback machine! If someone know how to find out which update these xvd files contained, it might still be possible to get the proper OS update. I think OSU2.zip and OSU3.zip did not change in the recent months, but the latest OSU1.zip has the md5sum e26af35b7f45a481dbca32367f0381a3 while I found an older version using wayback with the hash 599c52c759be957c454e443003696d8c.
Are you able to grab the direct download link for OSU1.zip with md5sum e26af35b7f45a481dbca32367f0381a3 from your browser download history?
Do you still have the Microsoft download link for OSU1.zip with md5sum e26af35b7f45a481dbca32367f0381a3?
I would really love to download OSU1.zip with md5sum e26af35b7f45a481dbca32367f0381a3 that I believe to be updates version 10.0.25398.4478 and probably someone here still has the Microsoft download link in the download history. But every time I try to post a message here to ask about it, it seems my message gets redacted. I don’t understand why though. I’m simply asking for the official Microsoft download link for OSU1.zip from 10th of June.
Would you still have the download link for OSU1.zip of release 10.0.25398.4478?
i’ve only just updated an hour ago an can confirm IT ISN’T TO LATE! but you might want to hurry.
After hacking you’ll then release this heavy block of machinery doesn’t have any games lol no, I think this is awesome. If this is a fully workable jailbreak backups, e-shop games, DLC and updates then I’ll finally have a reason to buy an Xbox One X
So going out tomorrow to pick up a second hand xbox one x might not even be worth it as it might be too late to do the prep work for the exploit, as I understand?
You might still be good
Has parched
10.0.25398.4908
Looks like it works on series S/X yoo
To my knowledge (just checked on my own console) the latest update is still 10.0.25398.4478 as of May 12th.
I have a xbox one S that has been powered off for 2 years, can i still install this game without needing to update it?
If today’s firmware already patches, i wonder how useful this hack would be
So, is updating not an option now? Are we out of luck already?
You should still be good as of now
i was able to update no worries today so no you are not late
Sounds like this hacking method will stop working in a couple days (next update), and it requires that you be on the latest firmware to download the program to begin with. That means unlike PS4 people who haven’t updated their systems but didn’t know about this hack in time can’t do it, nor can anyone buy an Xbox One on an old firmware that is unhacked and hack it. That means the total users of the hack will be really really really small, so I doubt there would be enough people to create an active scene to begin with. Also, unlike PS4 you don’t even get achievements without online on Xbox One.
So yeah, I don’t see this one creating a scene. That hardware hack though? That is the one that sounds promising. a JTAG/RGH for the Xbox One would be fantastic.
Eitherway, I have done the instructions and turned my system offline, and will keep it that way for a bit until we see what happens with this exploit.
It work with Xbox One/S/X, Series S/X not just Xbox One I just did my Series X https://xboxoneresearch.github.io/news/2024/06/09/news-recap.html
Patch already live in US (as of 11.06.24), probs OSU1 updated too. Try EU vpn… may have luck snagging the golden firmware.
You should also Install Notepad T as you can copy paste txt files from USB drive and dont need a rubber ducky.
I’ve only ever used my xbox one as VCR, if some hack lets me install a PC browser with ublock or remove region lock from the blu-ray I’d gladly dust off my VCR-box.
Funs over.
Hopefully this will save someone else the hassle.
I quite literally dusted off my console and then couldn’t locate my controller. Borrowed one from a co-worker and checked here and a few other places to see if there were any new developments, didn’t see anything and it’s a paperweight anyway so I proceeded. The damn thing was so far behind I had to reset it maintaining games and apps, that worked after a dozen reboots, once it was stable… Firmware was 4908. I checked the insider program, nope, not in it.
While I was waiting for the firmware to install I did see a few comments that Game Script was pulled and I was thinking earlier today, why not just pull the app, they control the store after all. That’s exactly what they did, the app no longer appears. I started to look into sideloading it but I’m not sure where the uwp version of it would be at this point and the updated firmware was the nail in the coffin.
I removed network settings, powered off and pulled the power plug, I’ll let the dust bunnies get back to business on it.
Firmware 4908 is still good, and I have a link to a clone of the app, send me a message on discord, same username
Could you perhaps check your download history and see if you can grab the link of the OSU1.zip that you downloaded on June 10th and paste us that link?
Can I use a flipper zero badusb / badkeyboard to run the script?