Dr.Gonzo

All things are presumably hackable. In my eyes, its a question of time and effort.

Yeah it has been known for a long time.

You should not forget, its a team Performance. A lot of people are working in the backround around these project.

Yes exactly the same guy.

Emoose, gligli, tuxuser and xvmm, provide us new stuff for gambling on Xbox One (Dev Mode). With these project, we are able to execute code in the SystemOS VM. The intention behind the idea is, to find a way to get access to a deeper stage to the HostOS, that is the lowest area of Xbox One system OS, which gives you the full control of the complete Xbox One Hardware. _____________________________________________________________________________________________________________________________________________________ With the following information you can get a shell (cmd.exe) and win32 code execution on Xbox One in UWP Devkit mode. Normally you can only deploy "sandboxed" UWP containers with very limited access rights, hence this writeup. Preamble This is not an exploit or breakthrough of any sort. It's simply taking advantage of provided debugging features in developer mode! This is for any one who may be curious and want to reverse engineer the Xbox One. This is also mainly provided for anyone who wants to just have a go at reversing the system. There's a lot to utilize with the public features anyway. Prerequisites Must be in developer-mode (obviously) Have some form of SSH/telnet client. (PuTTy, etc) At least have Visual Studio 2015 or 2017 To get started without putting up with developing UWP applications we can instead utilize the open SSH connection provided by the console. This is only available in developer mode, just in case you get any ideas. If you're using Windows and will be using standard command prompt for telnet then make sure you enable it first! Control Panel -> Programs -> Turn Windows features on or off" Tick "Telnet client" Done Howto * First open up whatever client you have for SSH, in this instance PuTTy, and connect using your console IP and default port. There'll be a pop-up. Just hit yes. * Now it will ask for login details. Make sure you have Dev Home opened and hit Show Visual Studio Pin. Keep note of this pin but also remember it will change after a small period of time! Use the following credentials: 1.Username: DevToolsUser 2.Password: The Visual Studio pin provided in Dev Home * If all goes successfully then you can either stick with it or intialise telnet. Run the following command in order to do so: 1. devtoolslauncher LaunchForProfiling telnetd "cmd.exe 24" * Open command prompt on Windows and run: 1.telnet [consoleip] 24 2.# (Example: telnet 192.168.1.5 24) The telnet session will be running under the VSProfilingAccount privileges which is the same as what the VS debugger runs under when building UWP apps. Keep in mind that there is not too much of a difference at this stage. It just allows a tiny bit more flexability. Basic file system exploration You can do this by accessing the Xbox Device Portal on your computer and going to File Explorer tab. There will be an option near the top right that is called Browse. Using this will show you credentials that can be used to access the developer scratch. We can use the developer scratch to store our junctions to navigate throughout the mounted drives. Using telnet or SSH, go to "D:\DevelopmentFiles". 1.>D: 2.>cd DevelopmentFiles 3.>mkdir Links 4. 5.# And run the following: 6.>mklink /J "Links\System" C:\ 7. 8.# If the result is successful then double check: 9.>cd links\system 10.>dir If it gives you a directory listing then there you go! You can get easier access by opening File Explorer on Windows and typing the following into the file path bar: 1. \\<console ip> It will prompt for login details. If you open the device portal and go to File Explorer tab then on right side hit browse; you will be given details to use. Once in then you can access most but not all volumes. (Refer to "Mount points" to find out more) Next steps So what now? Well, I'm going to provide a small "template" which you can use in order to write a standard "Win32" application. The only difference is that it will run on the Xbox One. (Requires Windows 10 SDK compatible with Xbox One and probably Visual Studio 2017, at least 2015.) XRF: Attached below. Place anywhere on the console and run 1. xrf cinfo for a basic spit of console info. Additional information Basic introduction The Xbox One currently runs 3 separate operating systems with each prioritised with their own purpose. These are known as: Host OS System OS Game OS System and Game OS both reside in their own partition: Shared Resource Access - Runs apps and renders the UI experience. Exclusive Resource Access - Runs games and has more priority with resources. These operations are stored in an Xbox Virtual Disk (XVD) with a small bootloader, currently assumed based on previous data dumps, that contains the kernel, HAL and other important system files. These get stored in the User Data section of each. host.xvd | ExtHost.xvd System.xvd era.xvd System and Host are stored in both the flash and on the console hard drive. The Game OS XVD is stored with each packaged game that is released for the Xbox One. Although this requires another look; it appears that when a user launches a game, System then initiates a call that mounts the package to the ERA partition which then boots into the Game OS before finally mounting and starting the game. Mount points Within the SRA Partition, the following are mounted to each drive letter 1.\\.\C:\ -> System.xvd 2.\\.\D:\ -> USB (typically for retail) (Development scratch for dev-mode) 3.\\.\J:\ -> SystemTools.xvd (dev-mode only) 4.\\.\L:\ -> en-%s (languages) 5.\\.\M:\ -> SystemMisc.xvd 6.\\.\P:\ -> Page file 7.\\.\S:\ -> Settings.xvd | Settings-devkit.xvd 8.\\.\T:\ -> Temp.xvd (or whatever) 9.\\.\U:\ -> user.xvd / user-devkit.xvd 10.\\.\X:\ -> SystemAux.xvd 11.\\.\Y:\ -> SystemAuxF.xvd Source: gbatemp.net XRF-Templ.zip

I want go too much off topic here, but the internet is full of noob friendly guides, that explain the complete process in detail.

On jtaged & rghed devices of course.

Don`t hijack other threads. Please create your own thread with your question, in the right subforum !

You can grap it here. Next time please make be familiar about the forum structure. Closed.

Xebuild should remap your bad blocks by default.

It doesnt matter if you use Hdds with 5400 rpm, or 7200 rpm. The last one are a little bit better in access time and a little bit faster.

My first choice are Hdd from Western Digital. I use it for all my Xbox 360s, Xbox One, Media Players. I had all the time no failures , no trouble.

All the wile the Xbox 360 recognizes 2 TB size (JTAG/RGH) for internal hdd`s, and the Xbox 360 have access to the 2 TB. Since systemupdate 2.0.17349.0, external drives up to 2 TB are supported too.

This is not a support thread. For the future, all support questions about Aurora 0.7b1 please only here. Thx.

Guys this is a release not a support thread. All support questions about Aurora 0.7b1 please only here. Thx.