Posted by crtasm 4 hours ago
And this explains why it's stayed unhacked so long. There was very little incentive to hack the system when the games are all playable on a PC. Pirates, cheaters, archivists, and hackers could just go there. Microsoft's best security measure was making something nobody cared enough about to hack in the first place
There's a terrific incentive: Being able to play games without Steam or DRM in a portable format (possibly one file per game). Emulation is beautiful[1] and this time it may come at native speeds considering the Xbox One uses x86 architecture.
There's a great presentation by Tony Chen on the Xbox One's security features:
> https://www.platformsecuritysummit.com/2019/speaker/chen/
Examples of the kinda software you can put on the Xbox One in developer mode:
Hence why PS3 Other OS no longer did hardware acceleration.
https://phys.org/news/2010-12-air-playstation-3s-supercomput...
The proof in the pudding of this will be when the Nintendo Switch 2 reaches 2035 with no cracks. That's my prophecy; that this time around the cat actually will catch the mouse. Between NVIDIA's heavily revised glitch-resistant RISC-V security architecture and Nintendo's impeccable microkernel, there's nowhere left to hide. DRM may turn out to have been a very slow long battle to "victory," not a "this will always be defeated."
So even if Switch 2 doesn't make it all the way to 2035 with zero cracks, there's a strong likelihood that any exploits found will be short-lived.
I get what this essentially means, but for those of us with a certain amount of love of language (or pedantry), it's fascinating to try and parse this literally because I don't quite think it works as intended.
Clearly the intended meaning is something like eclipsed in quality. And it may be overlapped in the sense that the same games are separately available on PC. But overlap isn't a relation of quality; quality is generally better or worse when it's comparative. So it's like a smushed together way simultaneously saying the selection of games on Xbone overlaps with what's available on PC and is also better quality on PC.
Minecraft: Xbox One Edition (the Legacy version) was of keen interest to our community as it would be playing LCE natively on a PC if you used a compatibility layer which never happened before.
So a few of my LCE cult friends contributed to WinDurango which was pretty much dead before they joined, and got Minecraft: Xbox One Edition to work.
Of course, you'd ask "why don't you just play Minecraft on PC normally?" Legacy Console Edition has so many minute differences and details that it's impossible to discuss all of them--things as big as the Minigames and as small as the mipmaps.
And then LCE source code from 2014 got leaked and that had a native PC port. Oh well.
Not the same as emulating its titles, but a lot of interest in the Xbone/series line (outside of actual console users) is the dev accounts. So I imagine a lot more effort went there first.
Then I'll finally hook up the XBOne I have again and put it to some use on the downstairs TV. I already have a 'retired' PS4 filling similar role on the upstairs TV (although it must stay offline to remain 'liberated').
Irl noop and forced execution control flow to effectively return true.
B e a utiful
It's a double-glitch. The second glitch takes control of PC during a memcpy. The first glitch effectively disables the MMU by skipping initialization (allowing the second glitch to gain shellcode exec). (I am also skipping a lot of details here, the whole talk is worth a watch)
This talk https://www.youtube.com/watch?v=BBXKhrHi2eY indicates that others have had success doing this on Intel microcode as well - only in the past few months. Going to be some really exciting exploits coming out here!
The xbox does have defences against this, the talk explicitly mentions rail monitoring defences intended to detect that kind of attack. It had a lot of them, and he had to build around them. The exploit succeeds because he found two glitch points that bypassed the timing randomisation and containment model.
Its more that its really hard to do security when the attacker has unlimited physical access.
It is know as voltage glitching. If you're interested our research group applies to Intel CPUs. https://download.vusec.net/papers/microspark_uasc26.pdf
But this exploit shows that it's still almost impossible to protect yourself from motivated attackers with local access. All of that security stuff needs to get initialized by code that the SoC vendor puts in ROM, and if there's an exploit in that, you're hooped.
And if you predict the next dozen bizarre things someone might try, you both miss the thirteenth thing that's going to work and you make a console so over-engineered Sony can kick your ass just by mentioning the purchase price of their next console. ("$299", the number that echoed across E3.)
It's a moot point, they are not trying to prevent it. They only need to buy enough time to sell games in the lifespan of the hardware, which they did.
> all the security they can economically justify...
It seems like they did a perfect job, it lasted long enough to protect Microsoft game profits.
Extremely impressive feat nonetheless!
You can do things like efuses that basically brick devices if something gets accessed, but that becomes a matter of whether the attacker falls for the trap.
It took more than a decade to exploit this vulnerability and even then there are fairly trivial countermeasures that could have been used to prevent it (and that are implemented in other platforms.)
Nothing is unhackable, but it requires a very peculiar definition of "game over".
(And as others have pointed out: only early versions of this Xbos One where vulnerable to this attack.)
If your argument is that you can't hope to close every door, then AI will make it easier to close all the doors in the future.
Has anyone heard of notable earlier examples?
I wonder if, assuming they continue making Xbox, they find a way to mitigate this in the next generation.
It sounds like that's the plan:
https://news.xbox.com/en-us/2026/03/11/project-helix-buildin...
Windows stopped feeling like it meant PC a long time ago, and there's a major risk of the whole Xbox identity disappearing into the PC computing. Probably a conversation for another day but when everything is an Xbox, nothing is an Xbox, and when an Xbox is a PC it might as well be fading away Marty McFly style from our plane of existence.
I suppose what would really impress me is a Roku-style omnivore approach that gives a first class console-style experience and interface to Epic, Steam, Itch.io, GOG and of course Xbox.
It's not automatic or perfect but it does work.
A common failure is the controllers. It’s hard to get a combo of OS stack, Bluetooth chip, and controller that Just Works like they do on consoles. Something always needs fiddling-with.
Video or audio out are also often a problem. Glitched audio or audio mode-switching, trouble switching video modes, screwed-up HDR, all kinds of stuff. Maybe fine on your monitor with headphones. Not fine on a TV or projector with 5.1+ audio receiver.
The UIs also bug out or crash more often, and usually aren’t that great at being a TV UI in the first place (even Steam IMO is worse than most consoles, as far as the Big Picture UI)
It also gives devs a stable target with a known market, which is nice for both the devs and the owners of the devices.
Microsoft can also hopefully target a smoother user experience than a typical windows PC provides. They want this to be a valid console competitor, but just slapping xbox brand on a windows PC isn't enough to do that.
Having a first party hardware device to target for PC games can also help devs with having a clear performance target for PCs, similar to how the Steam Deck is currently a minimum spec performance target for a lot of games.
This kind of already exists with the "Deck Verified" label on Steam games.
That said, this sounds similar to Valve's upcoming Steam Machine and I'd much prefer that to be the standard console/PC hybrid to keep the Linux gaming momentum going, and perhaps one day I can ditch Windows for good.
But the really nice thing about the concept of treating a PC and console as the same platform is that you don't have to worry about why people might prefer to go the route of buying the console. You can go with a regular gaming PC if that's what you prefer and your library will have all the same options.
1. Console-like living room ready experience. It's surprisingly hard to get a PC made with off-the-shelf parts to integrate cleanly with a home theater system (think features like HDMI CEC, One Touch Play, etc). A custom SoC can solve this, something we are seeing Valve also do with the Steam Machine.
2. As the target hardware for basically all Xbox games, end-users who don't want to fret over system specs can easily just buy this and know they are getting the intended experience.
Whether that's enough to move units remains to be seen.
I understand it's still more than most console makers do, having dev mode at all, but it's maddening to me that Microsoft made dev mode so annoying and limited. I'd honestly just rather a hack be available so we have the option of using the entire memory or repurposing banned consoles.
This was all after the DMCA was in effect. I don’t think that will stop this sort of activity.
If kilobytes of storage and very limited computing power works for your use case, you can get very secure (smartcards and secure elements remain essentially undefeated at the hardware level; all attacks I know happened via weak ciphers).
For an entire current-gen gaming console, you'll have a much harder time.