It's been a while since Microsoft released the Xbox One, and despite its age, there haven't been any reliable softmod methods to hack the console. Until now. A post started making the rounds, saying that a method for executing kernel level code on the Xbox One had been found. A list of instructions for preparing Xbox One systems to be hacked was also provided, with the process being as follows:

1. Ensure your Xbox Live account Login-Type is configured as “No barriers” aka. auto-login with no password prompt
2. Set your console as “Home Console” for this account
3. Download the App Game Script
4. Start the app (to ensure license is downloaded/cached)
5. Take your console offline! To make extra sure it cannot reach the internet, set a manual primary DNS address of 127.0.0.1
6. Get a device/microcontroller that can simulate a Keyboard (rubber ducky or similar) - otherwise you have to type a lot manually

This method appears to use a UWP app called Game Script on the Xbox One to execute the code, and was discovered by a user named carrot_c4k3. It seems as though the hack will require a lot of manual typing, unless you have a device that can simulate a keyboard, according to the preparation instructions. Reportedly, the latest firmware update for the Xbox One has already patched the exploit out, with the last exploitable firmware being 10.0.25398.4478.

Source
Video guide on how to prepare your system
Proof of concept code

 

[retrospect]

What sort of things are people expecting from the hack? Emulators? Windows 10?

 

[SushiKing]

Ew Xbox. I'd rather play games on my PC than that.

Gimmy more news on the ps5.

 

[Flame]

Christmas came early

 

[Asylumexp]

can anyone verify if the offline update file on Microsoft’s website is the exploitable version? Grabbing an Xbox one but won’t be able to get it for another day and a bit, but hoping the update file up rn is still fine

Also if a new update gets released, will i still be able to download the app?

 

[MasterJ360]

Just updated mine and still golden despite spending an hour trying to recover my account with outdated info jeez. Thank god I had recovery emails.

 

[kb7cxWMSrPwL]

Not mentioned is Series S/X compatibility, the current firmware there uses the same version number so you tell me if it's running the exact same OS, bugs and all.

 

[Axido]

I didn't even realise my account was in Xbox Insider anyway, no great loss to leave it. 10.0.25398.4908 might be ok anyway for all I know.

Same for me. This smells like another sneaky MS move. It's well within their typical business practices to unknowlingly assume you into their beta program without telling you. I didn't even have the Xbox Insider Hub application installed and still had the 4908 firmware.

 

[nubman33]

cant wait to play backups

You do t have “backups”. You have a collection of pirated games

 

[TheZander]

You do t have “backups”. You have a collection of pirated games

Meh

 

[phonz]

It's stated pretty explicitly by the dev that this wont allow running backups. Sounds like it's basically just Developer Mode from what they said.
But who knows, maybe it could be a stepping stone to full root access in the future.

 

[MasterJ360]

Hopefully there will be a better way to implement that script b/c right now only thing that matters is just getting the right FW and the script app. After that we might as well delete any network connection going full offline mode.

 

[Marc_LFD]

Would be cool if the Xbox One X got hacked or the Slim. Not a fan of the VHS model.

 

[Tom Bombadildo]

A couple things not mentioned in this news post (yet):

1) This will not allow backups. Might as well get this one out of the way first, The kernel read/write that we're getting is in SystemOS, which contrary to what it sounds like is the same mode that Dev mode runs in. This is basically the equivalent of enabling dev mode but without enabling dev mode, if that makes sense. You can think of it as this: if you can't do it in dev mode, you won't be able to do with this exploit. So no pirating Xboner games.

2) The exploit chain does work on the Series systems as well, so in theory whenever this releases it will also support the Series S/X...but again, only really enables dev mode, so still no piracy.


Source: https://x.com/carrot_c4k3 < Dev's twitter.

 

[jesus96]

I never expected to see this day,shame XBO didn't have many worth games tbh

 

[ploggy]

Just setup my XboneX.. We'll see where this goes

 

[RedColoredStars]

Same for me. This smells like another sneaky MS move. It's well within their typical business practices to unknowlingly assume you into their beta program without telling you. I didn't even have the Xbox Insider Hub application installed and still had the 4908 firmware.

They don't unknowingly assume anyone into the insider program. You literally need to join it. And once you join it, you then need to then go into the Insider app and join the Xbox Update Preview. Once you do that, you don't need the Insider app installed to keep getting insider FW updates. You or someone else set it up at one point in time on the console. Not MS.

 

[chrisrlink]

if MS ever disables dev mode i hope hackers DON'T give bug bounties to MS and just release shit in spite and i wish auto updates were illegal in the US too (hopefully never like the Wii U scenario ever where they (nintendo) forced you to update or never play again

 

[Welshgamer101]

It been a long time coming... Lets hope it finally opens up the Xbox...

 

[Darth Meteos]

Would be cool if the Xbox One X got hacked or the Slim. Not a fan of the VHS model.

all three are hackable by this method

 

[Axido]

They don't unknowingly assume anyone into the insider program. You literally need to join it. And once you join it, you then need to then go into the Insider app and join the Xbox Update Preview. Once you do that, you don't need the Insider app installed to keep getting insider FW updates. You or someone else set it up at one point in time on the console. Not MS.

I cannot rule out that it already had the preview updates enabled at the store where I bought it assuming it was brand new (fyi it was a reputable electronics store chain), but I can assure you that neither did the packaging look suspicious when I bought it nor did I ever sign up to be a beta tester for what amounts to a home menu. And I can think of nobody other than me who had the 6-digit passcode I initially set up... But most notably I couldn't think of anyone feeling the need to somehow get access to said console in order to download the hub application, enroll into preview updates and wipe all traces afterwards. Having seen how MS treats users on Windows I found it way more plausible if they felt like they didn't have enough beta testers for their updates and decided to "help a little".

That being said I'm 99 per cent sure the console shouldn't have had that update installed in the first place. If you think it's more plausible that someone bought it, enabled preview updates and then returned it, I understand that, but from my perspective the chances of that having happened are next to none. And I'm definitely not buying a new Xbox just for a conspiracy theory.