Xbox One:Scene History

This page outlines major points in the Xbox One's history, including both official historical points and the Xbox One hacking scene's milestones.

If you like this article, see The History of the Xbox Scene and The History of the Xbox 360 Scene pages

2013
May 21st: Microsoft announces the Xbox One.

June 6th: Microsoft announces that the Xbox One must be connected to the Internet every 24 hours, game discs cannot be used on multiple consoles, and that the Kinect must always be connected.

November 16th: C4eva dumps the first Xbox One game.

November 25th: The Xbox One NAND is dumped.

November 29th: Juvenal releases a method for upgrading the Xbox One hard drive to 1TB.

December 8th: Tuxuser releases Xbox One NAND Filesystem Tool, a program which displays various information about a NAND dump.

December 24th: Swizzy posts a method to dump Xbox One games.

December 26th: Team Xecuter releases a guide on how to read and write the Xbox One NAND, and shows pictures of an adapter to do so.

2014
March 13th: An anonymous individual creates a driver to enable Xbox One controller support on PC.

May 27th: Angerwound releases application to browse external storage devices formatted by the Xbox One.

2017
March 28th: Unknownv2 releases a Proof of Concept demonstrating the ability to use CVE-2016-7200 and CVE-2016-7201 ("Chakra" by brianairb) on the Xbox One to leak memory addresses. Last working in dashboard `10.0.14393.2152`.

June 2nd: Xenomega releases Xbox One Symbolic Link Exploit, which had been patched on 5/5/2017 with update `10.0.15063.2022 (RS2_RELEASE_XBOX_1704.170501-1052)`. It describes how the Xbox One File Explorer does not check if a path is a symbolic link elsewhere, allowing an attacker to browse/read/write to mounted volumes which are normally restricted. This vulnerability allows an individual to obtain game saves from their consoles, modify them by hand, then inject them back into the filesystem.

2019
September 9th: Xbox One Research releases a method to load a custom Virtual Boot Image (VBI) upon boot, which is a sort of pre-loader for the guest OS.

December 22nd: TitleOSDev releases a WinJS exploit

2020
September 15th: OsirisX releases a video demonstrating a method to launch Edge browser in an offline mode on retail consoles.

September 30th: Two versions of the Xbox 360 emulator on Xbox One (XEO3 / emu.exe) were extracted from a plain text xvdp file.

Unknown

 * TitleOSDev finds that you can use the `File:\\` protocol in Edge to download any system file to the Downloads folder to be opened with the File Browser application.


 * <July 14th, 2020, TitleOSDev publishes a write up of ToastMyConsole, a set of vulnerabilities allowing Remote Code Execution (RCE) through Xbox Live messages.