About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

RE//verse 2026: Hacking the Xbox One- 1926

Markus 'doom' GaasedelenPosted 2 Days Ago
  • The XBox One security was known to be very, very good. So good that the architect of Microsoft did a talk on why the device was effectively unhackable without extremely specialized equipment. This talk dives into how the author of this talk figured out a way to compromise the device.
  • The author of the talk had never glitched anything in their life. They then decided to tackle one of the hardest targets out there, which is crazy to do. From the console coming out in 2013 to the compromise succeeding in 2025, it twelve years. Sometimes, it takes a person without any perspective of how hard something is to tackle the problem. With twelve years of technical improvements, it was bound to eventually go down.
  • The talk is NOT a linear path. The XBox One had zero debugging capabilities. So, they started with performing power analysis on random locations to understand the console/how things worked. They DID have the code for bootrom via previous research. So, analyzing this and the power analysis at the same time was helpful to gather what was going on.
  • Again, they didn't know how to glitch things. So, they read up on the state of the art and tried glitching random areas. At first, this led to nothing. After trying some different areas glitching, they were able to find a way to just crash the console. This proved to them they were glitching the proper area of the console and that this was successful.
  • From all of the power analysis they did on different locations, they figured out what each pulse meant for the code in the bootrom. They glitched with various settings and were eventually able to enable the POST codes to see what errors where occurring.
  • Through some more fuzzing, they found a way to get code execution of unsigned code but it was restricted via a startup sandbox. So, by finding a second glitch to skip this startup process, they were able to get full code execution within the context of the console. They made this more consistent, which leads to a full jailbreak.
  • A few things stood out to me about this talk. First, the more observability the better. They enabled POST codes, performed a lot of power analysis, and built a full environment for the bootrom to understand it better. Second, these things take a ton of trial and error to figure out. Third, there are always cracks but you just got to understand how things work well enough to exploit them.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed