Microsoft Xbox One Hacked

It’s an impressive feat, over a decade after the box was released:

Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of the CPU voltage rail. This was quite a feat, as Gaasedelen couldn’t ‘see’ into the Xbox One, so had to develop new hardware introspection tools.

Eventually, the Bliss exploit was formulated, where two precise voltage glitches were made to land in succession. One skipped the loop where the ARM Cortex memory protection was setup. Then the Memcpy operation was targeted during the header read, allowing him to jump to the attacker-controlled data.

As a hardware attack against the boot ROM in silicon, Gaasedelen says the attack in unpatchable. Thus it is a complete compromise of the console allowing for loading unsigned code at every level, including the Hypervisor and OS. Moreover, Bliss allows access to the security processor so games, firmware, and so on can be decrypted.

Tags: hacking, Microsoft

Posted on March 23, 2026 at 7:01 AM • 7 Comments

Comments

Clive Robinson • March 23, 2026 12:28 PM

@ ALL

From the quoted article text above,

“As a hardware attack against the boot ROM in silicon, Gaasedelen says the attack in unpatchable. Thus it is a complete compromise of the console allowing for loading unsigned code at every level, including the Hypervisor and OS.”

Does this really surprise any one?

How about,

“Moreover, Bliss allows access to the security processor so games, firmware, and so on can be decrypted.”

No neither surprise me…

How about Microsoft effectively lying to the US regulators for Nat Sec usage of their Cloud kit?

Called “Microsoft GCC High” it was described by one regulator as,

blockquote>‘Or, as one member of the team put it: “The package is a pile of shit.”’

blockquote>

Not exactly a ringing endorsement Microsoft Seniors at the very top pretended it was…

I guess it all depends on who you bribe and how.

This sort of nonsense is far from knew so remember it when you are told so use “Micro$hit” cloud products…

Clive Robinson • March 23, 2026 12:31 PM

Oh I forgot to include the link to the other article,

https://gizmodo.com/federal-cyber-experts-thought-microsofts-cloud-was-garbage-they-approved-it-anyway-2000735237

t33l0 • March 23, 2026 2:33 PM

@Clive, thanks for that related Gizmodo article. Even though I really shouldn’t be shocked anymore, I still am time and again. While the Xbox hack, to me, doesn’t seem to have much of an impact in real life, that ProPublica research casts a much darker shadow on Microsoft’s security culture. The comment by Wakeman (unintentionally) sums it up quiet aptly.

RandomSomeone • March 24, 2026 12:56 PM

We’re going to need talented low level hacking of this kind mroe then ever within the coming years. Brazil has mandated creepy age verification to be built in to devices, they are even planning to target Canonical (Ubuntu’s devs) on their shortlist.

https://reclaimthenet.org/brazil-digital-eca-age-verification-law

While everyone is distracted by California’s minor first step (on a very dangerously slippery long slope) other countries and states (NYC has someting eveil in the works) are ploughing ahead far further with the war against our right ( fundemantal human right (for lefties)/essential constitutional liberty (for right wingers) ) to root access and general purpose computation.

There’s going to be a real need for more workarounds to ensure any bootloader level locking of devices can be overcome so ID verification based locks on your own property can be beaten with an install of a freedom-respecting distro. This is a need for the sake of the real security of orindary people to own their own devices and have proper full root access and the ability to change operating systems, as opposed to the pretend “security” which states so often push for malicious purposes.

Given that the XBox is an M$ product, and M$ keeps making indications that they’ll be shipping hardware in the near future where “secure”boot cannot be deactivated, the market for means to defeat bootloader level locking is only going to be a more pomrising place. Beat the locks at the lowest level, make our property ours again.

Bruce, really appreciate your blog here, have you considered making some posts about the importance of not having the state interfere with our local devices at the lowest level on dubious grounds of “age verification”. An I’m-over-18 honesty tickbox was always enough for every generation up to and including today’s, the current multi-governmental push to embed malware in to our devices to enforce ID demands to even use a computer seems like it is just using this excuse as a friendly face to justify total government/corporate control over our lives.

No affiliation with Msft • March 24, 2026 12:57 PM

Ms just builds what the customer wants.

Why assume the system was not supposed to have access features?

A gov thst spies on its people will inevitably also spy on itself.

ResearcherZero • March 25, 2026 5:27 AM

@Clive Robinson, RandomSomeone

The intelligence services and the Pentagon rejected Microsoft’s approaches to host sensitive or classified data, pointing out their products were not designed with security in mind. Warnings were passed on to government that none of Microsoft’s products were fit for handling classified information and should also be avoided for sensitive communications or day-today departmental and government operations and data storage.

Microsoft’s bid for cloud hosting was flatly rejected and they were told to go away. But of course politicians are idiots, lacking even a glimmer of foresight or wit. Some do not meet that level of basic foolishness and qualify as utterly devoid of the simplest faculties. All except the ability to communicate. They can produce noise without the brain activity that might normally be required before making a constructive or well considered decision.

Like deciding to build an enormous and gaudy arch in a bad location, or hanging up giant banners of yourself, to prove the point that you really are a fool of epic proportions.

The so called “Libertarians” and “Freedom Loving Patriots” are right behind surveillance and freedom-limiting technology. Algorithmic governance and automated decision-making, age/ID/biometric verification for access to services and transit control, locked-down hardware with mandatory location tracking and profiling/fingerprinting identifiers, RFID tagging the kiddies, mandatory national ID cards and prosecution for refusal to submit to facial scans or turning over you passwords to the police, access to all your personal, sensitive data and medical records. Like in Communist China, Russia, or any other authoritarian state.

Control over the body provides control over the mind. The unfortunate nature of uncontested and uncontrollable power however, is the “uncontrollable” factor. The factor that those who believe they are in control, fail to account for. The delusional influence of great power.
Control itself is an illusion, always in a state ready to spiral and snowball out of control. Attempts to stop it, metastasizing and mutating into a parody of the original form. Like the pent up forces within the atom when it is split in a nuclear detonation.

Regulations were put in place to stop the uncontrollable forces of radiation spilling out into the community and spreading uncontrollably across the landscape. As with controls for other hazardous biological and synthetic substances. Remove regulation, remove control. The safety rail is there for our own safety, as well as that of others, who might want to inject bleach.

Clive Robinson • March 25, 2026 8:00 AM

@ RandomSomeone, ResearcherZero,

“We’re going to need talented low level hacking of this kind [more] then ever within the coming years.”

Yup it’s something I’ve been working on off and on for around two decades. It’s a hard nut to crack because it’s easy to show that the advantage belongs to an attacker not a defender and worse the cost is highly asymetric and to the advantage of attackers not defenders.

But first though there is another issue… “DMCA 1201” which “prohibits the circumvention of technological measures that protect copyrighted works” and has been abused by US Corps every which way possible, including it into other nations legislation under threat of “trade war tariffs”.

Which as Cory Doctorow has publically pointed out have come into practice anyway.

Time to shift things… I would propose that all such forced / blackmail legislation has a “instant sunset clause” that should the US breach the counter agreement clauses the 1201 equivalent is immediately cancelled and any protection measure immediately becomes illegal cor a minimum of 10years and that all dispute resolution has to be fully paid for by any US Company and carried out not in the US but in the nation cancelling the equivalent legislation. Also that there be extradition and prison terms for all US company C-Suits backed with international sanctions if the US does not comply or takes aggressive behaviour.

For those that think this sounds unreasonable go check current US Legislation which does all of this and more.

As my father pointed out long long ago, “A bully is a coward at heart who has not the sense to see what will happen when some one hits them back”.

To take other sage advice based on,

“Speak softly and carry a big stick”

Smaller nations should

“Speak softly and as a crowd all carry large sticks.”

Oh and for the sake of every one stop buying US Arms, you are in effect, as they told us when I was “wearing the green”,

“Leaving ammunition for the enemy, to kill you with”.

Microsoft Xbox One Hacked

Comments

Leave a comment Cancel reply