New dev mode privilege escalation exploit published

Quality

 

Exciting stuff!

 

What will this lead us towards? Possibly backups?

 

Hmmm so the XBOX One seems to be having something Windows-PE like running?... (i don't have a XBox One and don't have any clue about it).

Atleast on Windows you can use sc stop, sc start and so on to control services... you can also use "sc query type= service type=" to get all services... Would be interesting to know how Xbox One differs from a current Windows 10 Installation ;-)

Windows-PCs or the installation media also have an unattend.xml file which is used to predefine Setup-Options and Disk Format Stuff, Region and so on.
You can actually create your own unattend.xml file - put it into the root of an usb-stick (the one with which you install windows) and start the windows setup without moving a finger after letting it load it up.

Now i'm wondering, if with those unattend.xml files you can do other stuff if the XBox One has an reinstall feature, because you might be able to call a local cmd from within the setup and get access to the filesystem...

Now i'm kinda curios and wanna buy an Xbox One myself

Is this exploit working on all versions?

 

i think the most interested thing is ''when can we play X1 games for free''??

 

The tool will support any version past mid-late 2017. It's also not really possible to run the standard windows setup, it's not that simple. It's a very different beast but you can run a standard win32 console app and also, through hooking and all, attach and render standard programs.

I don't intend to ever enable privacy. And it's not happening soon.

 

What? privacy? honostly we don't care what u do under the shower

 

Woops, completely overlooked it. Meant piracy.

 

Seems the Telnet session is not created successfully... both SSH and Telnet cannot connect to the console. Do you need to put *.xboxunattend in an empty USB drive, or any USB drive that Xbox One recognize is okay ?
Edit: Okay, I made a mistake while putting the file and now SSH is on. But SSH session is asking for a password. What's the default password for this SSH session ? Leaving it empty and press enter doesn't work.

 

My most interested thing is, "when can I emulate every other game I already own?"

 

The password to DevToolsUser is available in the Windows Device Portal. You can access that through https://xboxone:11443 (replace xboxone with your IP). However, if you've formatted your USB as NTFS and put the script on the root of it then run superfun it'll be fine.

 

Additional note: the password for "DevToolsUser" might be the pin from the Visual Studio pin. I can't recall but in Dev Home hit Show Visual Studio Pin and use that for password.

 

Doesn't mean to sound funny here, but after fiddling in the Xbox remote access webpage for a while, I still can't find the DevToolsUser password. I checked Microsoft's help webpage, and they didn't noticed this either. Visual Studio pairing key in Xbox Dev Home is not working.

 

what benefits are there to this?

 

I'll double check for you. The pairing key should be working.

— Posts automatically merged - Please don't double post! —

Running as an elevated user allows the read and write functionality of flash, the ability to interact with pipes/drivers, read/write process memory and more. It's useful for many things if you're interested in digging around. It's been useful for a couple findings.

 

I will grab XBOX One for the first time if they are running backup games for all FW.

 

I just logged in to DevToolsUser using the pairing key. Have you entered it correctly? There's a chance that it may have reset before you entered but I just did it again.

 

we have to hope that a CFW will be working on ~~