A groundbreaking hack for Microsoft’s ‘unhackable’ Xbox One was revealed on the current RE//verse 2026 convention. This console has remained a fortress since its launch in 2013, however now Markus ‘Doom’ Gaasedelen has showcased the ‘Bliss’ double glitch. Just because the Xbox 360 famously fell to the Reset Glitch Hack (RGH), the Xbox One has now fallen to Voltage Glitch Hacking (VGH).
Go deeper with TH Premium: CPU
“In 2013 some kind of iron curtain came down on security, of the Xbox ecosystem, and the Xbox One never got hacked,” famous Gaasedelen in his introduction. The similar is true of the Xbox One’s successors, and Microsoft was rightly proud. Seven years after its launch, Microsoft engineers would nonetheless assert that the Xbox One was “the most secure product Microsoft has ever produced.”
What made the Xbox One so safe, so particular? Gaasedelen referenced prior work and displays to convey this data. I’ve shared a abstract slide about this, too, however let’s quick ahead to the demo of the brand new Bliss hack, which takes place from about 46 minutes into the presentation.
Article continues beneath
Since reset glitching wasn’t attainable, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of the CPU voltage rail. This was quite a feat, as Gaasedelen couldn’t ‘see’ into the Xbox One, so had to develop new hardware introspection tools.
Eventually, the Bliss exploit was formulated, where two precise voltage glitches were made to land in succession. One skipped the loop where the ARM Cortex memory protection was setup. Then the Memcpy operation was targeted during the header read, allowing him to jump to the attacker-controlled data.
As a hardware attack against the boot ROM in silicon, Gaasedelen says the attack in unpatchable. Thus it is a complete compromise of the console allowing for loading unsigned code at every level, including the Hypervisor and OS. Moreover, Bliss allows access to the security processor so games, firmware, and so on can be decrypted.
What happens next with this technique remains to be seen. Digital archivists should enjoy new levels of access to Xbox One firmware, OS, games. There could be subsequent emulation breakthroughs thanks to this effort. We also now have a route to making a Bliss-a-like mod chip to automate the precise electrical glitching required.
Whether PC users, our core readership, will be interested in actually emulating Xbox One, looks unlikely. The 2013 system’s game library is largely overlapped in better quality on the PC platform.
Follow Tom’s Hardware on Google News, or add us as a preferred source, to get our newest information, evaluation, & opinions in your feeds.