Hacking New dev mode privilege escalation exploit published

Rintron · Jun 16, 2019

New guy here, hello. This whole thing is neat, I was playing with it the other day and after doing symlinks using a different tutorial in this section of the site, I found myself in (keep in mind this refers to drives on the xbox one) J:\ where there's two applications and also a folder "tools". In the tools folder there's a bunch of .dll's and .exe's. Among the more interesting ones are the ones called wdapp, wdrun, wdconfig etc. wdapp handles installing and running apps, registering/reregistering and some other functions. I decided to use the "install" command on the .xvc package from the game disc that's in my console. It worked? It started installing, showing both a percentage in the cmd as well as progress bar on the console. It even showed the usual "ready to play" before finishing install, however because the devmode we have access to blocks all games from running, and only allows uwp apps, you can't actually run this. It installed the game on my external drive, and I did check to see how its installed and unlike usual filename (which after install is a bunch of letters and numbers) it also had a "-devkit" added at the end. So the number/letter string was correct for the game in question, just that the "-devkit" part was added to its end.
Oh and while installing in devmode, it doesn't even show the name or icon for the game. As I said, this is known most likely to people who research xbone but even though it doesn't work for games, it can maybe properly work for apps? Alternate means of installing them n'all? I believe you could also supply (instead of the optical disk) the location of a non-xbox formatted pen/hdd drive. Wonder if this is even useful at all.
Oh and wdconfig.exe can be used to change some options on the system, including forcing the change of sandbox id(I was able to change it to retail, because usually it stops you.. well, not like it changes much as far as I can see).

Oh and I myself don't care for piracy. I'm just screwing around because I want to get into the filesystem of a certain game. Just to clarify.

Carltrek · Jun 16, 2019

XVMM said:
Correct. AMD's PSP.

May not very related to topic, but is Xbox One device region information stored in Xbox One OS or in security processor (kinda like Sony PS Vita) ? Since Chinese Xbox One have some strange features/behavior/perks(?) that ordinary Xboxes don't.

Deleted User · Jun 16, 2019

Rintron said:
New guy here, hello. This whole thing is neat, I was playing with it the other day and after doing symlinks using a different tutorial in this section of the site, I found myself in (keep in mind this refers to drives on the xbox one) J:\ where there's two applications and also a folder "tools". In the tools folder there's a bunch of .dll's and .exe's. Among the more interesting ones are the ones called wdapp, wdrun, wdconfig etc. wdapp handles installing and running apps, registering/reregistering and some other functions. I decided to use the "install" command on the .xvc package from the game disc that's in my console. It worked? It started installing, showing both a percentage in the cmd as well as progress bar on the console. It even showed the usual "ready to play" before finishing install, however because the devmode we have access to blocks all games from running, and only allows uwp apps, you can't actually run this. It installed the game on my external drive, and I did check to see how its installed and unlike usual filename (which after install is a bunch of letters and numbers) it also had a "-devkit" added at the end. So the number/letter string was correct for the game in question, just that the "-devkit" part was added to its end.
Oh and while installing in devmode, it doesn't even show the name or icon for the game. As I said, this is known most likely to people who research xbone but even though it doesn't work for games, it can maybe properly work for apps? Alternate means of installing them n'all? I believe you could also supply (instead of the optical disk) the location of a non-xbox formatted pen/hdd drive. Wonder if this is even useful at all.
Oh and wdconfig.exe can be used to change some options on the system, including forcing the change of sandbox id(I was able to change it to retail, because usually it stops you.. well, not like it changes much as far as I can see).

Oh and I myself don't care for piracy. I'm just screwing around because I want to get into the filesystem of a certain game. Just to clarify.

While it's a thing, the images are usually fetched from Xbox Live or if it's a disc then the images are actually available, raw, from there. It has been useful for making the opposite work in retail but it's not been working too well.

Also the wdconfig modifies the XConfig, it's a writable registry hive that is used to determine what to use, start, etc. Retail & dev mode have their separate settings though.

--------------------- MERGED ---------------------------

Carltrek said:
May not very related to topic, but is Xbox One device region information stored in Xbox One OS or in security processor (kinda like Sony PS Vita) ? Since Chinese Xbox One have some strange features/behavior/perks(?) that ordinary Xboxes don't.

Yes, the SP has a couple things, as far as I'm aware and as far as what the OS names/indicates them, that determines device region. The security processor handles anything related to security, licensing and all that. That's why it's a pain.

wakabayashy · Jun 16, 2019

@XVMM will you work on a cfw?

Rintron · Jun 16, 2019

XVMM said:
While it's a thing, the images are usually fetched from Xbox Live or if it's a disc then the images are actually available, raw, from there. It has been useful for making the opposite work in retail but it's not been working too well.

Also the wdconfig modifies the XConfig, it's a writable registry hive that is used to determine what to use, start, etc. Retail & dev mode have their separate settings though.

Ah, I see. As for the wdconfig stuff... I guess that's why I couldn't change 'consolemode' value to "Xbox One X Devkit with 44 CUs" or even just "Xbox One X Devkit". The only ones available to me were "Default (which is what I have it set to), Xbox One and Xbox One S". Still, this was an interesting experience. Might come in handy one day, or so I hope.

EDIT:
Worth noting for reference I got these two values for consolemode from 'Toggle_ConsoleMode.xboxunattend' script in J:\QuickActions

Deleted User · Jun 16, 2019

Rintron said:
Ah, I see. As for the wdconfig stuff... I guess that's why I couldn't change 'consolemode' value to "Xbox One X Devkit with 44 CUs" or even just "Xbox One X Devkit". The only ones available to me were "Default (which is what I have it set to), Xbox One and Xbox One S". Still, this was an interesting experience. Might come in handy one day, or so I hope.

EDIT:
Worth noting for reference I got these two values for consolemode from 'Toggle_ConsoleMode.xboxunattend' script in J:\QuickActions

Yep, lots of interesting things around. There's a lot I'd need to write about I suppose.

wakabayashy said:
@XVMM will you work on a cfw?

Sure but it's gonna be limited. Might work on a custom service and also a universal app to set as the default; handles any scripts/plugins/starts the service on boot essentially (obviously specific to System OS).

wakabayashy · Jun 16, 2019

thanks, can't wait, good luck !

maybe the start of the rebirth of xbox one

Deleted User · Jun 16, 2019

wakabayashy said:
thanks, can't wait, good luck !

maybe the start of the rebirth of xbox one

Meh, unless something hardware wise comes out of it then it's gonna suck. Unless there's something that pops up again.

wakabayashy · Jun 16, 2019

XVMM said:
Meh, unless something hardware wise comes out of it then it's gonna suck. Unless there's something that pops up again.

you're right but your work will be a good start for others dev (I hope)

lisreal2401 · Jun 16, 2019

wakabayashy said:
thanks, can't wait, good luck !

maybe the start of the rebirth of xbox one

You know I use my retail Xbox One more than any other console.

I don't get the multiple posts here that all of this is good for only piracy despite the same company giving away Game Pass on the regular. The only thing I really want out of XBO hacking is the ability to boot into a different OS, dev mode facilitates mostly everything else you'd do except maybe save hacking if those aren't locked like installed titles.

That and, isn't dev mode only bootable while online? I guess if you had your console set to boot into it you might get away with keeping it there?

Deleted User · Jun 16, 2019

lisreal2401 said:
You know I use my retail Xbox One more than any other console.

I don't get the multiple posts here that all of this is good for only piracy despite the same company giving away Game Pass on the regular. The only thing I really want out of XBO hacking is the ability to boot into a different OS, dev mode facilitates mostly everything else you'd do except maybe save hacking if those aren't locked like installed titles.

That and, isn't dev mode only bootable while online? I guess if you had your console set to boot into it you might get away with keeping it there?

Technically yes but it's possible to keep it offline. And the posts here don't indicate it's good for piracy, some seem to want that.

lisreal2401 · Jun 16, 2019

XVMM said:
Technically yes but it's possible to keep it offline. And the posts here don't indicate it's good for piracy, some seem to want that.

How would you get past the check? Don't answer if I'm pushing too much but I take it you found a bug in stock mode that will ignore connectivity checking on app start.

wakabayashy · Jun 16, 2019

lisreal2401 said:
You know I use my retail Xbox One more than any other console.

I don't get the multiple posts here that all of this is good for only piracy despite the same company giving away Game Pass on the regular. The only thing I really want out of XBO hacking is the ability to boot into a different OS, dev mode facilitates mostly everything else you'd do except maybe save hacking if those aren't locked like installed titles.

That and, isn't dev mode only bootable while online? I guess if you had your console set to boot into it you might get away with keeping it there?

I've dev mode activated but I can't say no to a cfw

Deleted User · Jun 16, 2019

lisreal2401 said:
How would you get past the check? Don't answer if I'm pushing too much but I take it you found a bug in stock mode that will ignore connectivity checking on app start.

The console relies on another certificate, stored in flash, to determine if your console can convert to a kit, etc. It's possible to grab a cert, depending on console token, and store it and reboot.

NathanBrown · Jun 17, 2019

XVMM said:
Correct. AMD's PSP.

I just want this thing to fully run CFW.

Dominator211 · Jun 17, 2019

leon315 said:
i think the most interested thing is ''when can we play X1 games for free''??

agreed.

--------------------- MERGED ---------------------------

XVMM said:
The tool will support any version past mid-late 2017. It's also not really possible to run the standard windows setup, it's not that simple. It's a very different beast but you can run a standard win32 console app and also, through hooking and all, attach and render standard programs.

I don't intend to ever enable privacy. And it's not happening soon.

what does this do exaclty?

carizard · Jun 17, 2019

XVMM said:
The console relies on another certificate, stored in flash, to determine if your console can convert to a kit, etc. It's possible to grab a cert, depending on console token, and store it and reboot.

I'm gonna guess the console has to be an original launch console Durango

lisreal2401 · Jun 17, 2019

carizard said:
I'm gonna guess the console has to be an original launch console Durango

Launch firmware doesn't even have the dev feature - it's not included as a default application anyway...

For all I know the dev mode partition was at least there, but for retail I'm almost sure it's not even accessible if you didn't launch into it normally at least once as I believe it doesn't keep the files for dev mode if you don't use it.

coffinbirth · Jun 17, 2019

Speaking of Durango, did anyone ever manage to pull the 360 emulator out of that dev kit dump? I recall superDAE saying that it wasn't locked down. I'm sure it will be useful eventually.
Honestly, what interests me most in having a hacked XBO would be in having the ability to inject OG XBOX and 360 games into their respective emulators, and tweak the settings.
Also curious what the structure of those games looks like. I'm assuming close to G.O.D. format on 360?

lisreal2401 · Jun 17, 2019

coffinbirth said:
Speaking of Durango, did anyone ever manage to pull the 360 emulator out of that dev kit dump? I recall superDAE saying that it wasn't locked down. I'm sure it will be useful eventually.
Honestly, what interests me most in having a hacked XBO would be in having the ability to inject OG XBOX and 360 games into their respective emulators, and tweak the settings.
Also curious what the structure of those games looks like. I'm assuming close to G.O.D. format on 360?

The emulators aren't apart of the dashboard, each game contains a configured emulator specific to it. The only portion of code that is there from factory might be the 360 kernel/dashboard, but I'm inclined to say this also is specific to each game and is contained in every emulated game. Not to mention, that dump would predate any of the software portion of the emulation so it's not really helpful in terms of modifying anything BC - though, I also think injection is the biggest retail end hack I want for the 4K scaling and the apparent compatibility the OG emulator has, which may not be specific for each game.

Hacking New dev mode privilege escalation exploit published

Member

Active Member

Deleted User

Guest

Well-Known Member

Member

Deleted User

Guest

Well-Known Member

Deleted User

Guest

Well-Known Member

Well-Known Member

Deleted User

Guest

Well-Known Member

Well-Known Member

Deleted User

Guest

Well-Known Member

JFK's Jelly Donut

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum