Jump to content
RealModScene

Recommended Posts

Xenomega released a Exploit that allows us, to get access (browse/read/write) to encrypted mounted virtual harddisk Xbox One partitions, in alliance with symlinks.

 

Quote

Xbox One Symbolic Link Exploit

Access restricted/encrypted volumes using the Xbox File Explorer.

  • Patched as of 5/5/2017: 10.0.15063.2022 (RS2_RELEASE_XBOX_1704.170501-1052). Thus in accordance with responsible disclosure.
  • The Xbox One File Explorer does not check if a path is a symbolic link elsewhere, allowing an attacker to browse/read/write to mounted volumes which are normally restricted.
  • This includes any encrypted virtual harddisk partitions (XVD files) which the console mounts for content such as gamesaves, etc.

Prerequisites:

  • Download Windows Server 2003 Resource Kit Tools, from which you'll need the "linkd" utility, as the program relies on it to create links, since mklink does not link to paths that do not exists, and the paths we intend to link to are likely non-existent on your computer.

Instructions:

  • Change the drive letter to your USB drive letter in Program.cs
  • Run it
  • Plug it into Xbox, use File Browser to browse through the symlinks, which will link to other parts of the system.

 

 

Source: Github.com

  • Like 3

Share this post


Link to post
Share on other sites

Hi, this news is incredible but l don't understand what means:

"Patched as of 5/5/2017: 10.0.15063.2022 (RS2_RELEASE_XBOX_1704.170501-1052). Thus in accordance with responsible disclosure".

Maybe it means that this exploit is patched with the update of the 5/5/2017?

In this case it would be useless and why make the exploit public once the microsoft has patched it?

Anyone can help me to understand?

Thanks in advance

Share this post


Link to post
Share on other sites
6 hours ago, Hexmaniac said:

Hi, this news is incredible but l don't understand what means:

"Patched as of 5/5/2017: 10.0.15063.2022 (RS2_RELEASE_XBOX_1704.170501-1052). Thus in accordance with responsible disclosure".

Maybe it means that this exploit is patched with the update of the 5/5/2017?

In this case it would be useless and why make the exploit public once the microsoft has patched it?


Anyone can help me to understand?

Thanks in advance

That's exactly what it means, and it's a way for hackers to stay "safe", disclosing information about exploits to the public before the company has been notified and given a chance to fix it means the hacker that found the exploit can be held responsible for damage caused by the exploit...

Share this post


Link to post
Share on other sites

For users/ warez Kiddies its unnecessary, lool. But the possibility for the scene to get access on encrypted virtual Hard Disc Container, should not be underestimated. It can provide an important insight into the Xbox One system/file architecture. There are a lot in the scene, who have never updated theirs Xbox One`s

  • Like 3

Share this post


Link to post
Share on other sites

Of course, to get access on a Xvc it's the dream of everyone and it's almost impossible to do that on a PC with an Xvc file.

Unfortunately even if you have an Xbox one with an old OS like the 10.0.15063.2019 (exploitable pre-patched OS) you can't run the UWP app offline. The OS mandatorily ask you to connect to internet, to get the access to your profile and it obliges you to update the Xbox (Microsoft security system).

So at now the program.cs posted by the David Pokora aka Xenomega, is doubly useless.

Maybe if he had posted his discovery before, somebody else could have contributed to the study of the file system or how these damn XVC works.

Just for the record and obviously OT, how many of you have ever tried to dump the Nand of an Xbox one?

 

Share this post


Link to post
Share on other sites

A lot of scene members get in touch & taking theier Hands on Xbox One. The main problem is, for XVD decryption you need a CIK. If you had download a game the cik is stored in your XVD Container in encrypted form. For decryption you need your own 256 Bit Origin Decryption Key, where is stored in your KeyVaults (sp_s.cfg). All encryptions & decryption of the Keyvault are monitored by a fixed unit in your Xbox One SoC, called Platform Security Processor. If you didn`t find a way to attack directly the PSP (hardware attack) or the Main OS, you have no chance to get the needed Keys.

I know enough users who have dumped their Xbox One Nand. It remains to be seen what happens in the future. ;)

Share this post


Link to post
Share on other sites

Since UWP was available the first thing I thought was just to edit it to access the restricted area of the Xbox. Unfortunately, having not enough time and sufficient knowledge in the field of computer science I could not blur my idea.

 

Of course with the ODK we can do everything we want but if people like Xenomega don't post their exploits in time the future of a CFW on XB1 is very far.

 

 

 

Share this post


Link to post
Share on other sites
7 hours ago, Hexmaniac said:

Since UWP was available the first thing I thought was just to edit it to access the restricted area of the Xbox. Unfortunately, having not enough time and sufficient knowledge in the field of computer science I could not blur my idea.

 

Of course with the ODK we can do everything we want but if people like Xenomega don't post their exploits in time the future of a CFW on XB1 is very far.

 

 

 

Just because it wasn't published for everyone to see doesn't mean he didn't share it with his friends in the scene, for example i already knew about this before this post was made, and i don't know dave, a friend of mine mentioned how i could get hold of my savegames... originally the filemanager wasn't even available without a hack itself...

Besides, with news coming out that there are exploits that don't require you to be a rocket scientist even if patched already means those that feel like they have nothing to come with might try stupid ideas they might have which in the end may prove to be exactly what we need...

Share this post


Link to post
Share on other sites
14 hours ago, Hexmaniac said:

Of course with the ODK we can do everything we want but if people like Xenomega don't post their exploits in time the future of a CFW on XB1 is very far.

 

There is a lot of work in the scene background of Xbox One hacking. A lot of known and unknown scene guys are working over several different projects at the same time. Like Swizzy said, the most stuff is kept in the background. Sometimes little stuff comes to daylight.

  • Like 1

Share this post


Link to post
Share on other sites

So I know this is an old exploit now, but I thought I'd see what exploits are vulnerable to my old xbox one that hasnt been updated in a while, and it turns out that mine is barely vulnerable to this one and I don't think it is to that other chakra exploit. Of the xbox one I do not have updated, the firmware is OS version 10.0.15063.2019 (rs2_release_xbox_1074.170407-2038). So I was wondering if theres any way I can use this one

Edit: I have attempted the exploit and the file manager does see the files, but none are recognized as something the xbox can execute. I think I just dont know how to use it though

Edit2: I got it all working great, this exploit is very interesting, and really cool

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×