Hacking Xbox One internal SDK has leaked - the MS equivalent to a "Gigaleak"

[carizard]

A collector by the name of Damien, who is responsible for the obscure gamers forum, has recently suffered a mental break engaging in reckless acts such as leaking user data, temporarily nuking the og forum and leaking vast amounts of other data. In his most recent leak Damien shared files from the original Xbox and the Xbox One, included in these files was a compressed archive known as xsec.rar which was an internal SDK containing keys and source code for parts of the Xbox One OS. Also included in the Xbox one leaks was another archive called "hdd.rar" which is an encrypted development kit hard drive at this time it is unknown whether the dev keys (also known as red keys) will decrypt this hdd image

Spoiler: Image of leak files

link to 4chan thread - https://boards.4channel.org/v/thread/537895790

The links included have been taken down by Microsoft and the thread is archived and as such no new links can be posted to the SDK, so no files may be downloaded through the attached link

 

[shango46]

Well, this could be interesting.

 

[HollowGrams]

A collector by the name of Damien, who is responsible for the obscure gamers forum, has recently suffered a mental break engaging in reckless acts such as leaking user data, temporarily nuking the og forum and leaking vast amounts of other data. In his most recent leak Damien shared files from the original Xbox and the Xbox One, included in these files was a compressed archive known as xsec.rar which was an internal SDK containing keys and source code for parts of the Xbox One OS. Also included in the Xbox one leaks was another archive called "hdd.rar" which is an encrypted development kit hard drive at this time it is unknown whether the dev keys (also known as red keys) will decrypt this hdd image

Spoiler: Image of leak files

link to 4chan thread - https://boards.4channel.org/v/thread/537895790

The links included have been taken down by Microsoft and the thread is archived and as such no new links can be posted to the SDK, so no files may be downloaded through the attached link

Grabbed these a few days ago. Lets go!

 

[coffinbirth]

o.0
Hmmmmmm....I'll be keeping close tabs on this!

 

[djpannda]

YESSS.... I mean ..nooo.. I hope this does not lead to the xbox Running unsigned code...

 

[N1NJA]

Least get the story right, one of the former staff took money as a loan and wouldn't repay at the time. They were demoted as they kept messing the staff and me about.

I told the community the stuff he had done after he constantly ignored basic skills of reading, banned him. He went and cried to the rejected members who were banned for hacking/blackmail/scamming/racists or having kiddy porn. He told them I leaked a file I hadn't (yet).

Some of those users doxxed/attacked me. I dedcided to leak the cancelled goldeneye xbox live build which he had sent passworded, not even telling me the pass.

Said users carried on their attacks, I decided to quit for good which is destroying many projects.Bye bye 100+ XDK's, 20TB+ of video game history.The people that have these are no longer dealing with this community having seen how I was treated.

In the process of deleting everything I refound this archive. It was sent to me in private about a year ago after someone sold it with stolen xbox one dev boards on eBay. Said person that had the stolen source code lives in the United Kingdom and pretends to be a microsoft security researcher. an excuse they use to hack ms to steal data.

Anything I find that hasn't been leaked is being posted.

These files have been floating about for over a year. I have no clue what use they'll be but now you know the truth. I lashed back out at users who were attacking first. No mental break downs as they claim just stuff to give ammo to legal cases that have been in the process for a long time. And oh boy they've given gold. The lawyers love it.

The site is no longer mine, and if you need proof it's me I'll edit this afterwards with a link from my twitter. twitter / W3bDemon/status/1343912353851727873

EDIT: And for the record, it's already been verified no OG user information was touched. The people posting this failed to realize they sent me money in 2016, If you google said persons email the first result on google is their password that they've failed to change. The forum was never touched and the new owner has even verified this.

If you visit the domain I linked on twitter it has screenshots countering every claim they made with bonus humor added in.

 

[FR0ZN]

YESSS.... I mean ..nooo.. I hope this does not lead to the xbox Running unsigned code...

Which it already does out of the box

 

[Deleted User]

Least get the story right.

Funny because the amount of damage control and story changing you've been doing the past week has shown nothing "right". Literally made an account here to call you out on this.

 

[Deleted member 518296]

Amazing ! I will be interested just to see Xbox One API. Does this works with Dev Center developer account ? (No ID@Xbox) even if it's not downloadable anymore

 

[qweasdgo]

has a ton of testing tools, source code, keys for things, and lots of various other stuff, including what ooks like some 360-related files

 

[Deleted member 518296]

It's very heavy ! :o

 

[qweasdgo]

also, thuink the title of the thread is wrong in saying that this is an SDK, why would an SDK have things like tools for building ODD firmware? (tried to build it it, but it's missing a .lib)

 

[xeniachile]

also, thuink the title of the thread is wrong in saying that this is an SDK, why would an SDK have things like tools for building ODD firmware? (tried to build it it, but it's missing a .lib)

I see that you know the subject, do you know if with this, can I make a ps3 control work on xbox one? If it is not possible, what can I do with the rar that weighs approx 22gb on an xbox one S?

 

[Deleted member 668561]

unless retail keys, were leaked, im not holding my breath

--------------------- MERGED ---------------------------

so much context is gone

 

[HollowGrams]

unless retail keys, were leaked, im not holding my breath

--------------------- MERGED ---------------------------

so much context is gone

Yeah same. TX indictment did have a part where they were talking amongst themselves on wether or not releasing the XB1 hack they had/have. One member was saying no cause switch sales were so hot.

 

[Deleted member 668561]

Yeah same. TX indictment did have a part where they were talking amongst themselves on wether or not releasing the XB1 hack they had/have. One member was saying no cause switch sales were so hot.

interesting, question is is it a hardmod, or is it a software vuln, and does it give full hardware access, or just enough to load game dumps (ode) is it a bootrom, kernel/bootloader flaw, and is it patchable via updates?

 

[HollowGrams]

interesting, question is is it a hardmod, or is it a software vuln, and does it give full hardware access, or just enough to load game dumps (ode) is it a bootrom, kernel/bootloader flaw, and is it patchable via updates?

No details were given unfortunately.

 

[Deleted member 668561]

No details were given unfortunately.

yeah i was speculating, knowing tx and tx was gateway team and stargate and possibly sky 3ds it would either be some sort of ode, or fpga, as it was said they were making roi with the switch, when they go broke and need a quick flip then they release outta nowhere, unless someone else gets it first

 

[qbdp]

No details were given unfortunately.

I remember that. It was back in like, 2017. I think it was based on the Chakra exploit in Windows 10 but was patched before anything was ever done with it. All it did was give shellcode execution in the web browser, meaning the code could only run with the same access the web browser had. So, not much. Devmode is better.

 

[Deleted member 668561]

either some sort of asic or fpga, or a golden fuckup by m$, or retail keys leaked, will allow full hardware control, so everyone can run game dumps, and get banned for hosting online prestige lobbies , R2R mod menus and modded zombies, deranking and stat resetting ppl, and charge a nominal fee

tbh some of that sounds like fun but still.....