The Xbox One, originally released in 2013, has until now evaded the fate of its contemporary PS4 and Wii U consoles - i.e. being "hacked" and running unsigned code. But that has finally changed. At the annual RE//verse 2026 conference this year in Orlando Florida, which focuses on reverse engineering, vulnerability research and malware analysis, security researcher Markus Gaasedelen "Doom" showcased a new exploit that has now made running unsigned code possible.

During his talk he discussed some of the prior challenges posed by Xbox One security including hardware-only content decryption keys, three VMs (HostOS, System OS, GameOS), forced updates and fuse revocation. He also discussed how his two pronged exploit known as "Bliss" managed to circumvent these security measures. Voltage glitching of the SOC power rails was utilized to skip two important security steps. The first skips the loop where the ARM Cortex memory protection is setup, the second targets the Memcpy operation which allows for jumping to user controlled data/memory.

The attack is unpatchable as it takes advantage of a hardware vulnerability, but it importantly only applies to the original, or first revision, of the Xbox One (at least for now). A further decryption of firmware, security measures, and understanding of the internals of the Xbox One could potentially reveal vulnerabilities in later revisions - and Doom says he is confident he can port this to the rest of the "Phat" consoles. Stay tuned for more updates.



You can watch the full video of Doom's presentation at RE/verse here:

 

[Vixi]

If only they took security this seriously with Microsoft Exchange and Copilot

 

[mixelpixx]

i was going to try to have something for the fall to show off. This hack (if its what I think it is) should also translate to the PS5, both are susceptible to the ZEN processor hack, and I assume they found a cap to tie onto for the voltage glitch. This can probably be done with a Teensy. This hack has kinda been sitting there waiting for people to put the pieces together.

I think it is based on this loosely:

| Retbleed Cross-VM | Speculative execution across HV boundary | Proven on standard Hyper-V |

| PSP Voltage Glitch | Corrupt boot signature check | Proven on desktop Zen 2 |

It should work on consoles with FW 25398.4478 through 25398.4909
Here are the sources I used for what I was building, my guess is the presenter went the same or a similar route.

Collateral Damage https://github.com/exploits-forsale/collateral-damage
Retbleed Source https://github.com/comsec-group/retbleed
AMD PSP Glitch https://github.com/PSPReverse/amd-sp-glitch

without seeing much this is a guess, but Im excited to finally see it happen.

 

[Exnor]

Wow. Kudos to the hacker.

Btw xbone still runs a few not that old games like Forza horizon 5.

 

[Viri]

Now people will be able to pirate Halo 5, and play it on the shittiest Xbox!


Also, I'm the proud owner of a day one VCR Xbone and Halo 5! I got them both dirt cheap in 2020. lol

 

[chrisrlink]

too bad i don't have a xb one vcr nor do i have hard mod skills but good none the less

 

[fvig2001]

Ooh, I literally only use my Xb1X for 1 game. I really hope this leads to all DLCs being dumped because they removed some of them due to expiration of music license.

 

[Nakamichi]

I know there arent many exclusives on xbox one, but im still very excited about this.
i have an Xbox One X with a dodgy drive i got for free at a fleamarket near closing-time (He LITERALLY couldnt give it away and did not want to leave with it, so after i bought some cheap ps4 games he insisted i take it).
and this would be a perfect use for it.

Some games launched on xbox one AFTER their ps4 releases so those ps4 games never received 4K patches for the PS4 Pro (or at a lower resolution, less optimized) but they DID get proper 4K releases for Xbox One X.
Like Persona 4 Golden (1080p on ps4 pro, 2160p on Xbox One X)
Final Fantasy X Remastered (Full 2160p on Xbox One X, iirc ~1600p on ps4 pro)
So having a little box filled only with those games that were better on Xbox One X would be lovely, besides... i legit like the design of the One X, simple, sleek, boxy.

 

[Marc_LFD]

Wow. Kudos to the hacker.

Btw xbone still runs a few not that old games like Forza horizon 5.

At 30fps. I guess they intentionally avoided making a Performance Mode 60fps for the One X so people would buy the newer console.

 

[Nakamichi]

At 30fps. I guess they intentionally avoided making a Performance Mode 60fps for the One X so people would buy the newer console.

I got a One X for Free and bought a cheap "Series S" on ebay a few months after christmas two years ago for 120€.

The Series S is significantly more powerful than even the One X, yet the One X can run OG Xbox/360/Xbox One Games at 4K... the Series S only at 1440p.
Now THAT is some proper artificially limited nonsense.
Iirc i read some interview some years ago where the reason behind this was intended so as not to "confuse the customer", considering XBox Series games only run at 1440p on the little box... why not just limit ALL OF IT to 1440p, if that makes any sense or not.
I find THAT a lot more confusing than just limiting newer games to 1440p honestly.
... but MicroSoft was always a bit ass-backwards about their consoles.

Its the reason i kept this One X.... it still outperforms the Series S in a lot of scenarios. Can you believe it?

I sure hope the Series S gets hacked, too someday, so we can remove the 1440p limit from all the classic games at least. That would be lovely.

 

[Darth Meteos]

And eventually switch 4 will be hacked, never doubt a good modding team. The smallest security flaw can open massive doors.

of course it will be one day
it's just that the people being like "and they said switch 2 won't be hacked" like bro
i got nothing against the people who are saying this knowing that unless some crazy change in status quo happens, this is a 2030s situation
but you gotta admit, many of them are not being realistic in their expectations, or even hopes

 

[K3Nv4]

of course it will be one day
it's just that the people being like "and they said switch 2 won't be hacked" like bro
i got nothing against the people who are saying this knowing that unless some crazy change in status quo happens, this is a 2030s situation
but you gotta admit, many of them are not being realistic in their expectations, or even hopes

It's also more of a fear that people don't want to be sued into oblivion

 

[Darth Meteos]

It's also more of a fear that people don't want to be sued into oblivion

this is like saying people don't want to raid fort knox because they might get shot
like yes, but there's some pretty fricking significant hurdles to cross before the riflemen become an issue worth considering

 

[K3Nv4]

this is like saying people don't want to raid fort knox because they might get shot
like yes, but there's some pretty fricking significant hurdles to cross before the riflemen become an issue worth considering

I don't think might is the word they will.

 

[Darth Meteos]

I don't think might is the word they will.

yeah just like scires did oh wait
and reisyukaku oh wait
and aurora oh wait

 

[K3Nv4]

yeah just like scires did oh wait
and reisyukaku oh wait
and aurora oh wait

Okay have fun raiding fort knox.

 

[Idaho]

Yeah. When you can already fire up Dolphin and run GameCube games on unmodified Xboxes there isn't too much reason for your average homebrew interested hacker to look into it. It's really just for piracy.

This is doable with an XSS or XSX but on the Xbox One UWP apps have a much weaker sandbox to play with, even n64 emulation struggles, if its limitations were removed it would probably do better with Dolphin and the likes, basically we need to be able to install and run gameOS apps as we please...

What I'd really like to see is a custom bootloader to run Windows and Linux, it'd be so neat to have a sort of dual or triple boot, Windows/Linux/XboxOS...

The Window this thing opens up is big because hackers will have some way to freely and easily reverse engineer the Xbox One OS and potentially find software flaws for hacks on the consoles that can get a modchip yet..

 

[raxadian]

Amazing the Xbox One online store still works.

 

[Marc_LFD]

Amazing the Xbox One online store still works.

Don't see why it wouldn't as Xbox One is still very active, especially with all the free to play games and games sold for full price and at a discount.

 

[mike3041990]

I wonder how well Linux would run on this compared to the ps4?

 

[evanft]

My best use case for this is to get old delisted DLC for Forza games.