Xbox One:Scene History: Difference between revisions

From ConsoleMods Wiki
Jump to navigation Jump to search
(Created page with "Category:Xbox One This page outlines major points in the Xbox One's history, including both official historical points and the Xbox One hacking scene's milestones. '''If...")
 
No edit summary
Line 27: Line 27:


'''May 27th''': Angerwound releases application to browse external storage devices formatted by the Xbox One.
'''May 27th''': Angerwound releases application to browse external storage devices formatted by the Xbox One.
==2017==
'''March 28th'': Unknownv2 [https://github.com/SeeMirra/ms-xb1-edge-exp
releases a Proof of Concept] demonstrating the ability to use CVE-2016-7200 and CVE-2016-7201 ([https://github.com/theori-io/chakra-2016-11 "Chakra"] by brianairb) on the Xbox One to leak memory addresses. Last working in dashboard `10.0.14393.2152`.
'''June 2nd'': Xenomega releases [https://github.com/Xenomega/xsymlink Xbox One Symbolic Link Exploit], which had been patched on 5/5/2017 with update `10.0.15063.2022 (RS2_RELEASE_XBOX_1704.170501-1052)`. It describes how the Xbox One File Explorer does not check if a path is a symbolic link elsewhere, allowing an attacker to browse/read/write to mounted volumes which are normally restricted. This vulnerability allows an individual to obtain game saves from their consoles, modify them by hand, then inject them back into the filesystem.
==2019==
'''September 9th''': Xbox One Research [https://xosft.dev/wiki/external-vbi-loading/ releases] a method to load a custom Virtual Boot Image (VBI) upon boot, which is a sort of pre-loader for the guest OS.
'''December 22nd'': TitleOSDev [https://github.com/TitleOS/ToastMyConsole releases] a WinJS exploit


==2020==
==2020==


September 30th: Two versions of the Xbox 360 emulator on Xbox One (XEO3 / emu.exe) were extracted from a plain text xvdp file.
'''September 15th''': OsirisX [https://www.youtube.com/watch?v=yOdLmBk03sM releases a video] demonstrating a method to launch Edge browser in an offline mode on retail consoles.
 
'''September 30th''': Two versions of the Xbox 360 emulator on Xbox One (XEO3 / emu.exe) were extracted from a plain text xvdp file.
 
 
==Unknown==
 
* [https://titleos.dev/xploring-xbox/ TitleOSDev finds that you can use the `File:\\` protocol in Edge to download any system file to the Downloads folder to be opened with the File Browser application.
 
* <July 14th, 2020, TitleOSDev publishes a write up of [ToastMyConsole https://titleos.dev/xploring-xbox/], a set of vulnerabilities allowing Remote Code Execution (RCE) through Xbox Live messages.

Revision as of 03:22, 16 November 2021

This page outlines major points in the Xbox One's history, including both official historical points and the Xbox One hacking scene's milestones.

If you like this article, see The History of the Xbox Scene and The History of the Xbox 360 Scene pages

2013

May 21st: Microsoft announces the Xbox One.

June 6th: Microsoft announces that the Xbox One must be connected to the Internet every 24 hours, game discs cannot be used on multiple consoles, and that the Kinect must always be connected.

November 16th: C4eva dumps the first Xbox One game.

November 25th: The Xbox One NAND is dumped.

November 29th: Juvenal releases a method for upgrading the Xbox One hard drive to 1TB.

December 8th: Tuxuser releases Xbox One NAND Filesystem Tool, a program which displays various information about a NAND dump.

December 24th: Swizzy posts a method to dump Xbox One games.

December 26th: Team Xecuter releases a guide on how to read and write the Xbox One NAND, and shows pictures of an adapter to do so.

2014

March 13th: An anonymous individual creates a driver to enable Xbox One controller support on PC.

May 27th: Angerwound releases application to browse external storage devices formatted by the Xbox One.

2017

'March 28th: Unknownv2 [https://github.com/SeeMirra/ms-xb1-edge-exp

releases a Proof of Concept] demonstrating the ability to use CVE-2016-7200 and CVE-2016-7201 ("Chakra" by brianairb) on the Xbox One to leak memory addresses. Last working in dashboard 10.0.14393.2152.

'June 2nd: Xenomega releases Xbox One Symbolic Link Exploit, which had been patched on 5/5/2017 with update 10.0.15063.2022 (RS2_RELEASE_XBOX_1704.170501-1052). It describes how the Xbox One File Explorer does not check if a path is a symbolic link elsewhere, allowing an attacker to browse/read/write to mounted volumes which are normally restricted. This vulnerability allows an individual to obtain game saves from their consoles, modify them by hand, then inject them back into the filesystem.

2019

September 9th: Xbox One Research releases a method to load a custom Virtual Boot Image (VBI) upon boot, which is a sort of pre-loader for the guest OS.

'December 22nd: TitleOSDev releases a WinJS exploit

2020

September 15th: OsirisX releases a video demonstrating a method to launch Edge browser in an offline mode on retail consoles.

September 30th: Two versions of the Xbox 360 emulator on Xbox One (XEO3 / emu.exe) were extracted from a plain text xvdp file.


Unknown

  • [https://titleos.dev/xploring-xbox/ TitleOSDev finds that you can use the File:\\ protocol in Edge to download any system file to the Downloads folder to be opened with the File Browser application.
  • <July 14th, 2020, TitleOSDev publishes a write up of [ToastMyConsole https://titleos.dev/xploring-xbox/], a set of vulnerabilities allowing Remote Code Execution (RCE) through Xbox Live messages.