Xbox One:Scene History
This page outlines major points in the Xbox One's history, including both official historical points and the Xbox One hacking scene's milestones.
If you like this article, see The History of the Xbox Scene and The History of the Xbox 360 Scene pages
2013
May 21st: Microsoft announces the Xbox One.
June 6th: Microsoft announces that the Xbox One must be connected to the Internet every 24 hours, game discs cannot be used on multiple consoles, and that the Kinect must always be connected. After severe backlash citing DRM overreach concerns and issues surrounding people lacking a reliable internet connection, this decision was reversed.
November 16th: C4eva dumps the first Xbox One game.
November 25th: The Xbox One NAND is dumped.
November 29th: Juvenal releases a method for upgrading the Xbox One hard drive to 1TB.
December 8th: Tuxuser releases Xbox One NAND Filesystem Tool, a program which displays various information about a NAND dump.
December 24th: Swizzy posts a method to dump Xbox One games.
December 26th: Team Xecuter releases a guide on how to read and write the Xbox One NAND, and shows pictures of an adapter to do so.
2014
March 13th: An anonymous individual creates a driver to enable Xbox One controller support on PC.
May 27th: Angerwound releases application to browse external storage devices formatted by the Xbox One.
2017
March 28th: Unknownv2 releases a Proof of Concept demonstrating the ability to use CVE-2016-7200 and CVE-2016-7201 ("Chakra" by brianairb) on the Xbox One to leak memory addresses. Last working in dashboard 10.0.14393.2152
.
June 2nd: Xenomega releases Xbox One Symbolic Link Exploit, which had been patched on 5/5/2017 with update 10.0.15063.2022 (RS2_RELEASE_XBOX_1704.170501-1052)
. It describes how the Xbox One File Explorer does not check if a path is a symbolic link elsewhere, allowing an attacker to browse/read/write to mounted volumes which are normally restricted. This vulnerability allows an individual to obtain game saves from their consoles, modify them by hand, then inject them back into the filesystem.
June 13th: Team Vantage releases Vantage, a tool that connects to your Xbox One cloud save system and allows modification of game saves (cloud save access method no longer working).
2018
June 11th: Xbox One Research releases a privilege escalation exploit for Dev Mode, granting access to an admin account in SystemOS through a VSProfiling account.
2019
September 19th: Xbox One Research releases a method to load a custom Virtual Boot Image (VBI) upon boot, which is a sort of pre-loader for the guest OS.
November 9th: Xbox One Research releases a Dev Mode privlage elevation exploit that leverages UnattendedUtilities
to gain access to an admin account. It was patched 10 days later with update 10.0.18363.8119 (19h1_release_xbox_dev_1911.18363.8119.191119-1135)
.
December 22nd: TitleOSDev releases a WinJS exploit called ToastMyConsole. At a later unknown date, he also published a writeup on how it can allow Remote Code Execution (RCE) through Xbox Live messages.
2020
April 5th: TitleOSDev finds that you can use the File:\\
protocol in Edge to download any system file to the Downloads folder to be opened with the File Browser application.
July 16th: Microsoft announces they are no longer manufacturing the Xbox One X and Xbox One S All-Digital Edition consoles.
September 15th: OsirisX releases a video demonstrating a method to launch Edge browser in an offline mode on retail consoles.
September 30th: Two versions of the Xbox 360 emulator on Xbox One (XEO3 / emu.exe) were extracted from a plain text xvdp file.
2023
September 9th: Kudayasu releases Artifice, a privilege escalation exploit for Dev Mode, granting access to an admin account in SystemOS by exploiting the OpenSSH service. It is still unpatched at this time.