Hacking Has an XB1 game ever been dumped before?

[MrQQ]

Yup. Yesterday I did it again. If you search up 'Dan ChatGPT 11' online there's a prompt you can paste into ChatGPT. It only works on DeepAI Chat, not the official one anymore. It's getting increasingly hard as it rejects the responses.

That method will work. This time I generated one by telling ChatGPT to use something called DUMP.EXE. I'm not going to post any more responses anymore, you try yourself if you want.
2:

I cannot believe I am actually watching this thread lol. NOTHING is going to come from this. you are using chat gpt ffs. Myself and others have tried and it simply isnt possible. What I am reading in terms of hacking is literally the dumbest thing I have read this year

 

[NotStupidAhaAha]

I cannot believe I am actually watching this thread lol. NOTHING is going to come from this. you are using chat gpt ffs. Myself and others have tried and it simply isnt possible. What I am reading in terms of hacking is literally the dumbest thing I have read this year

If you properly train it on the Xbox, it could find vulnerabilities easily. Since it hasn't been given one, the 'DAN' prompt says 'make something up' which it does. If you remove that out of the prompt, then it doesn't. It'll just say 'I don't know.'

 

[Ryccardo]

It reminds me of when the original Xbox was released and groups were dumping and releasing game disc isos. Without a way to actually play them it was kind of pointless.

More importantly... who knows if those backups are really accurate (and what definition of accurate is being used):

The claim that MAME is a hardware documentation project first and the emulator is just self demonstrating proof of correctness is rather famous, choose to believe it or not, but it's true in this context - no way to run them, no proof of correctness (redump, no-intro, accuraterip, cuetoolsdb, and equivalents can only prove the same result has been obtained other times)

All period-accurate dumps of DSi games are bad dumps because now we know better AND have the ways to dump better, but nobody really knew at the time and neither did the DS-only stuff the public had at the time...

...then we can start arguing forever about PS1/PS2/Xbox/360/GC/Wii where, without a way to replicate the "copy protection" (due to limitations of CD/DVD recorders and blank discs, sure, but not even industrially stamped bootlegs really managed it), we can go all metaphysical on whether anything we can create or Find online is a good dump...

 

[_47iscool]

Worth the watch to see what you're dealing with. I am surprised MS didn't reprimand him for this. Though I'm glad he did explain all of this.

 

[Phearoz]

I feel like very few people will care if it is ever cracked; with simultaneous releases on PC and all. No exclusives - what's the point? It is very literally just a PC in a cute box atp.

 

[Chris2055]

I feel like very few people will care if it is ever cracked; with simultaneous releases on PC and all. No exclusives - what's the point? It is very literally just a PC in a cute box atp.

I believe there are some exclusives remaining from before that policy started. Rare Replay, Halo 5 Guardians, Forza Motorsport 5 and some others. Also, from a preservation standpoint it is worthwhile.

I don't think the idea that AI is going to find a vulnerability is realistic.

I don't believe it's actually impossible to hack the Xbox One, but it's obviously extremely difficult to the point where for all practical purposes it may as well be.

 

[NotStupidAhaAha]

Well, to me, it seems he only cares about 2 things: No cheating and no piracy. If we did find a way to decrypt XVCs, I doubt they would care as long as you can't play the dumped games on the Xbox.

 

[_47iscool]

Well, to me, it seems he only cares about 2 things: No cheating and no piracy. If we did find a way to decrypt XVCs, I doubt they would care as long as you can't play the dumped games on the Xbox.


You have to have internet to set up the thing!

DiscImageCreator (a GUI for it is called MPF) can supposedly dump XB1 games, though I'm not sure what Blu-ray drives are even compatible.
I cannot find anything on redump dumping guides.

I don't have an XB1, but I posted that video so you guys can see just how secure this thing is to maybe help you out.

 

[CompSciOrBust]

I don't believe it's actually impossible to hack the Xbox One, but it's obviously extremely difficult to the point where for all practical purposes it may as well be.

Multiple groups have independently hacked the Xbox One in private to varying degrees, including two unpatchable exploits similar to Fusee-Gelee on Switch. At least one group looked into commercialising their exploit several years ago but in the end never released anything because it was too easy to clone.

I think we'll eventually see public releases but I'm doubtful it will be any time soon. Developers in every scene (Xbox, PlayStation, Nintendo) have been talking for years about how there is little incentive to release exploits anymore. Every generation it gets harder and harder (but not impossible) to hack new consoles so people have to put in more and more work to do so. At the same time consoles are becoming more and more PC like in terms of architecture and there are less and less exclusives so hacking consoles isn't as interesting as it was 15 years ago where you would hack some obscure black box and be rewarded with a bunch of free games that you can't pirate on any other platform. So people spend hundreds or thousands of hours hacking these systems which are very boring internally and then they release the exploit and weeks or months of work quickly gets patched out in a firmware update and all they get out of it are some ungrateful kids screaming at them on Twitter.

fail0verflow wrote about this over a decade ago (I could have sworn it was half that, time flies) https://fail0verflow.com/blog/2013/espresso/ and things have only gotten worse since then. I'm in a few private group chats with some big names in the console hacking space and basically everyone says the same thing. The only modern (less than 10 years old) console with a thriving homebrew scene is the Switch. The only reason that was as active as it was is because Xecuter showed off a bootrom exploit and that threw the open source people into a frenzy because they hated the fact that a for-profit hacking group was going to release something so big before them. If it wasn't for TX Fusee would probably still be private (although publicly known) to this day.

Going forward people like Max Louarn are probably going to be the people driving the scene. For-profit people are the only ones with any incentive to release anything while it's relevant. Any open source releases will likely just be a reaction to commercial exploits (other than PlayStation exploits for years out of date firmwares). Hexkyz has talked about how Team-Xecuter successfully baited Switch devs into releasing tools and knowledge by dangling tidbits of information on the Switchbrew wiki. "We know how this thing works. Here's proof that we know. Are you going to release it before us or are we going to beat you to the punch?" then the open source people release something because they can't stand the idea of people like Max getting any credibility and in doing so they end up releasing more information than what the for-profit people actually knew which helps them develop their product. You'd have to look at it via archive.org since the Xecuter site was seized but a very obvious example of this in action was when Xecuter was teasing SXOS before the public release and embedded the Switch 2.3.0 master key in plain text at the bottom of the page. No reason to do that other than to enrage the open source people who kept calling TX a fake hacking group.

So in conclusion the Xbox One can and has been hacked, but all of the knowledge about how it is done is kept behind closed doors because there is no reason for anyone to release anything unless they're looking to make money. Everyone with the skills and free time to hack modern systems feels this way (see the fail0verflow blog I linked above. It explains it better than I can). Thank you for coming to my TED Talk.

I will make the prediction that in 12-24 months we will likely see a paid solution for a modern console (PS5 or Xbox S|X) similar to the True Blue for PS3 or SX Pro for the Switch. If it comes out for Xbox S|X then the very few Xbox One exclusives that exist will likely be dumped via backwards compatibility. I know that a paid solution for PS5 was in the works but was scrapped due to being partially dependent on a firmware bug which was patched out before they could release anything, it would have been similar to the PS4 MTX key. I say more than 12 months because these things take time to develop into a product that is good enough to sell (and add in anti-cloning obfuscation) and there would have been more talk if one was within 12 months of release, but less than 24 months because vulnerabilities definitely exist in modern platforms and for-profit groups can just buy the exploits from the people who privately hold them if they offer enough money.

 

[TheSynthax]

Multiple groups have independently hacked the Xbox One in private to varying degrees, including two unpatchable exploits similar to Fusee-Gelee on Switch. At least one group looked into commercialising their exploit several years ago but in the end never released anything because it was too easy to clone.

I think we'll eventually see public releases but I'm doubtful it will be any time soon. Developers in every scene (Xbox, PlayStation, Nintendo) have been talking for years about how there is little incentive to release exploits anymore. Every generation it gets harder and harder (but not impossible) to hack new consoles so people have to put in more and more work to do so. At the same time consoles are becoming more and more PC like in terms of architecture and there are less and less exclusives so hacking consoles isn't as interesting as it was 15 years ago where you would hack some obscure black box and be rewarded with a bunch of free games that you can't pirate on any other platform. So people spend hundreds or thousands of hours hacking these systems which are very boring internally and then they release the exploit and weeks or months of work quickly gets patched out in a firmware update and all they get out of it are some ungrateful kids screaming at them on Twitter.

fail0verflow wrote about this over a decade ago (I could have sworn it was half that, time flies) https://fail0verflow.com/blog/2013/espresso/ and things have only gotten worse since then. I'm in a few private group chats with some big names in the console hacking space and basically everyone says the same thing. The only modern (less than 10 years old) console with a thriving homebrew scene is the Switch. The only reason that was as active as it was is because Xecuter showed off a bootrom exploit and that threw the open source people into a frenzy because they hated the fact that a for-profit hacking group was going to release something so big before them. If it wasn't for TX Fusee would probably still be private (although publicly known) to this day.

Going forward people like Max Louarn are probably going to be the people driving the scene. For-profit people are the only ones with any incentive to release anything while it's relevant. Any open source releases will likely just be a reaction to commercial exploits (other than PlayStation exploits for years out of date firmwares). Hexkyz has talked about how Team-Xecuter successfully baited Switch devs into releasing tools and knowledge by dangling tidbits of information on the Switchbrew wiki. "We know how this thing works. Here's proof that we know. Are you going to release it before us or are we going to beat you to the punch?" then the open source people release something because they can't stand the idea of people like Max getting any credibility and in doing so they end up releasing more information than what the for-profit people actually knew which helps them develop their product. You'd have to look at it via archive.org since the Xecuter site was seized but a very obvious example of this in action was when Xecuter was teasing SXOS before the public release and embedded the Switch 2.3.0 master key in plain text at the bottom of the page. No reason to do that other than to enrage the open source people who kept calling TX a fake hacking group.

So in conclusion the Xbox One can and has been hacked, but all of the knowledge about how it is done is kept behind closed doors because there is no reason for anyone to release anything unless they're looking to make money. Everyone with the skills and free time to hack modern systems feels this way (see the fail0verflow blog I linked above. It explains it better than I can). Thank you for coming to my TED Talk.

I will make the prediction that in 12-24 months we will likely see a paid solution for a modern console (PS5 or Xbox S|X) similar to the True Blue for PS3 or SX Pro for the Switch. If it comes out for Xbox S|X then the very few Xbox One exclusives that exist will likely be dumped via backwards compatibility. I know that a paid solution for PS5 was in the works but was scrapped due to being partially dependent on a firmware bug which was patched out before they could release anything, it would have been similar to the PS4 MTX key. I say more than 12 months because these things take time to develop into a product that is good enough to sell (and add in anti-cloning obfuscation) and there would have been more talk if one was within 12 months of release, but less than 24 months because vulnerabilities definitely exist in modern platforms and for-profit groups can just buy the exploits from the people who privately hold them if they offer enough money.

I have a feeling that vulnerability in AMD-SP may play a role.

 

[Chris2055]

Multiple groups have independently hacked the Xbox One in private to varying degrees, including two unpatchable exploits similar to Fusee-Gelee on Switch. At least one group looked into commercialising their exploit several years ago but in the end never released anything because it was too easy to clone.

I think we'll eventually see public releases but I'm doubtful it will be any time soon. Developers in every scene (Xbox, PlayStation, Nintendo) have been talking for years about how there is little incentive to release exploits anymore. Every generation it gets harder and harder (but not impossible) to hack new consoles so people have to put in more and more work to do so. At the same time consoles are becoming more and more PC like in terms of architecture and there are less and less exclusives so hacking consoles isn't as interesting as it was 15 years ago where you would hack some obscure black box and be rewarded with a bunch of free games that you can't pirate on any other platform. So people spend hundreds or thousands of hours hacking these systems which are very boring internally and then they release the exploit and weeks or months of work quickly gets patched out in a firmware update and all they get out of it are some ungrateful kids screaming at them on Twitter.

fail0verflow wrote about this over a decade ago (I could have sworn it was half that, time flies) https://fail0verflow.com/blog/2013/espresso/ and things have only gotten worse since then. I'm in a few private group chats with some big names in the console hacking space and basically everyone says the same thing. The only modern (less than 10 years old) console with a thriving homebrew scene is the Switch. The only reason that was as active as it was is because Xecuter showed off a bootrom exploit and that threw the open source people into a frenzy because they hated the fact that a for-profit hacking group was going to release something so big before them. If it wasn't for TX Fusee would probably still be private (although publicly known) to this day.

Going forward people like Max Louarn are probably going to be the people driving the scene. For-profit people are the only ones with any incentive to release anything while it's relevant. Any open source releases will likely just be a reaction to commercial exploits (other than PlayStation exploits for years out of date firmwares). Hexkyz has talked about how Team-Xecuter successfully baited Switch devs into releasing tools and knowledge by dangling tidbits of information on the Switchbrew wiki. "We know how this thing works. Here's proof that we know. Are you going to release it before us or are we going to beat you to the punch?" then the open source people release something because they can't stand the idea of people like Max getting any credibility and in doing so they end up releasing more information than what the for-profit people actually knew which helps them develop their product. You'd have to look at it via archive.org since the Xecuter site was seized but a very obvious example of this in action was when Xecuter was teasing SXOS before the public release and embedded the Switch 2.3.0 master key in plain text at the bottom of the page. No reason to do that other than to enrage the open source people who kept calling TX a fake hacking group.

So in conclusion the Xbox One can and has been hacked, but all of the knowledge about how it is done is kept behind closed doors because there is no reason for anyone to release anything unless they're looking to make money. Everyone with the skills and free time to hack modern systems feels this way (see the fail0verflow blog I linked above. It explains it better than I can). Thank you for coming to my TED Talk.

I will make the prediction that in 12-24 months we will likely see a paid solution for a modern console (PS5 or Xbox S|X) similar to the True Blue for PS3 or SX Pro for the Switch. If it comes out for Xbox S|X then the very few Xbox One exclusives that exist will likely be dumped via backwards compatibility. I know that a paid solution for PS5 was in the works but was scrapped due to being partially dependent on a firmware bug which was patched out before they could release anything, it would have been similar to the PS4 MTX key. I say more than 12 months because these things take time to develop into a product that is good enough to sell (and add in anti-cloning obfuscation) and there would have been more talk if one was within 12 months of release, but less than 24 months because vulnerabilities definitely exist in modern platforms and for-profit groups can just buy the exploits from the people who privately hold them if they offer enough money.

Again, I don't believe it's impossible to hack anything but I do have to admit I'm skeptical of the claims that the Xbox One has already been hacked in private. This is not because it can't be done but because there's no reason to believe it has been done without an actual working release. I'm not saying it definitely hasn't been done, I just won't believe it myself until I see a release.

 

[CompSciOrBust]

I have a feeling that vulnerability in AMD-SP may play a role.

The PSP is responsible for running the bootrom and bringing all the other cores online, so yeah. I'm not sure if it's the public vulnerability or a different one that has been used though. I think the public one doesn't work on retail consoles? It requires attacking the PSP via UART and only god boxes have UART enabled. You would need a way to enable UART on retail consoles and AFAIK that would require a crypto bug since UART is controlled by certkeys.bin, which is signed and lives on the eMMC.

Again, I don't believe it's impossible to hack anything but I do have to admit I'm skeptical of the claims that the Xbox One has already been hacked in private. This is not because it can't be done but because there's no reason to believe it has been done without an actual working release. I'm not saying it definitely hasn't been done, I just won't believe it myself until I see a release.

That's fair, but as I said above there's a consensus that exploit developers don't want to share stuff publicly anymore. There are some publicly available vulnerabilities on the wiki but they're all years old. No one releases anything while it's relevant. https://xboxresearch.com/wiki/exploits/

 

[Marc_LFD]

Xbox One should get hacked just to avoid logging in unnecessarily (it should be optional).

 

[_47iscool]

I wonder if anyone will ever find another exploit for 360. Its a real shame how old it is but can only be modded via hardware.

 

[NotStupidAhaAha]

DiscImageCreator (a GUI for it is called MPF) can supposedly dump XB1 games, though I'm not sure what Blu-ray drives are even compatible.
I cannot find anything on redump dumping guides.

I don't have an XB1, but I posted that video so you guys can see just how secure this thing is to maybe help you out.

You can burn discs, but they won't play. Same with burning all the ISO files that Joom said are on PreDB.

Wait, Tony Chen said the restrictions are to prevent piracy, so isn't Dev Mode just a way to pirate? Emulators, for example Xenia runs 360 games, and that's an MS product AND you can install unsigned packages, so any UWP app, including cracks and possibly Win32 apps could be converted to run on an Xbox then packaged into an AppX. Plus, because of VPNs and Microsoft not taking action, you can do this for $2! Nothing compared to the £600 he was talking about. Talking about that, if you did save up £600 you could do the laser thing to hack the Xbox. Not much if that's your life goal.

Post automatically merged: Sep 10, 2023

An exploit just dropped, https://kudayasu.github.io/an-autopsy-of-artifice/. But I doubt it'll work, everything dumped will probably be encrypted. According to the source, you can make an administrator.

Post automatically merged: Sep 10, 2023

No, just their boot image - nothing with the 'exploit'.

You can install signed store AppX but it's not reliable and won't run either if it's mainly Windows-based. Not been successful.

In the case of Windows Terminal, even if you installed it on retail it would be a waste. Without higher privileges (even within installed experience apps) you cannot do much if anything within that context.

Also just to nib it a bit more; ChatGPT is just regurgitating nonsense. It's not accurate in this context in any means.

I Guess you can now, with the admin exploit. But that's on DM, not RM or Retail Mode and Dev Dode.

 

[_47iscool]

I think I heard a while back that Dev Mode was limited to just 2GB of RAM. Correct me if I'm wrong.

 

[vbi]

You can burn discs, but they won't play. Same with burning all the ISO files that Joom said are on PreDB.

Wait, Tony Chen said the restrictions are to prevent piracy, so isn't Dev Mode just a way to pirate? Emulators, for example Xenia runs 360 games, and that's an MS product AND you can install unsigned packages, so any UWP app, including cracks and possibly Win32 apps could be converted to run on an Xbox then packaged into an AppX. Plus, because of VPNs and Microsoft not taking action, you can do this for $2! Nothing compared to the £600 he was talking about. Talking about that, if you did save up £600 you could do the laser thing to hack the Xbox. Not much if that's your life goal.

Post automatically merged: Sep 10, 2023

An exploit just dropped. But I doubt it'll work, everything dumped will probably be encrypted. According to the source, you can make an administrator.

Post automatically merged: Sep 10, 2023

I Guess you can now, with the admin exploit. But that's on DM, not RM or Retail Mode and Dev Dode.

It may get fixed but there's also been a way to elevate in Dev Mode.

To add on to the files being encrypted on dump, and maybe a new post that highlights this so people can learn, you won't be able to decrypt games whatsoever in Dev Mode - unless there was an exploit within the AMDSP itself. But, the system surface area of XVD's are decryptable and viewable and elevated privileges help with that.

System OS entirely is dumpable, alongside the VBI stored in the system.xvd user data section. Other XVD's, and this will vary depending on their type, won't be mountable or decryptable in that partition (SRA) such as: host.xvd, era.xvd, etc.

This also goes for per-console encrypted data from retail mode since both use their own keys based on whether or not it's using "alternative XVDs" - this just means if its in Dev Mode. This pretty useful for anyone wanting to spend time on actually learning how things are working.

Post automatically merged: Sep 11, 2023

I think I heard a while back that Dev Mode was limited to just 2GB of RAM. Correct me if I'm wrong.

This may have changed but you can extend that with the gamemode stuff or if I remember right, you can look at what "rmext" does or look at the XVmCtrl driver, which you can request extended resources.

 

[NotStupidAhaAha]

I

It may get fixed but there's also been a way to elevate in Dev Mode.

To add on to the files being encrypted on dump, and maybe a new post that highlights this so people can learn, you won't be able to decrypt games whatsoever in Dev Mode - unless there was an exploit within the AMDSP itself. But, the system surface area of XVD's are decryptable and viewable and elevated privileges help with that.

System OS entirely is dumpable, alongside the VBI stored in the system.xvd user data section. Other XVD's, and this will vary depending on their type, won't be mountable or decryptable in that partition (SRA) such as: host.xvd, era.xvd, etc.

This also goes for per-console encrypted data from retail mode since both use their own keys based on whether or not it's using "alternative XVDs" - this just means if its in Dev Mode. This pretty useful for anyone wanting to spend time on actually learning how things are working.

Post automatically merged: Sep 11, 2023

This may have changed but you can extend that with the gamemode stuff or if I remember right, you can look at what "rmext" does or look at the XVmCtrl driver, which you can request extended resources.

Dev Mode is its own XVD, right? So you can only dump that, not Retail. And so then you can't use the admin account unless you're Dev.

 

[vbi]

I

Dev Mode is its own XVD, right? So you can only dump that, not Retail. And so then you can't use the admin account unless you're Dev.

I mean; I could be misremembering but pretty dead certain that yeah, Dev Mode uses separate *data* XVD's (: But... if you had Host execution in Dev Mode, then there's some neat tricks with retail-based XVD's. Kinda.

 

[NotStupidAhaAha]

I mean; I could be misremembering but pretty dead certain that yeah, Dev Mode uses separate *data* XVD's (: But... if you had Host execution in Dev Mode, then there's some neat tricks with retail-based XVD's. Kinda.

So if you can get HostOS privalleges then you can get access to retail? And can an admin account then that's useless for dumping? I thought you could do BIG stuff like forcing the console to play retail games