| Hi, quick note on "For modern Xbox platforms, public 2024 work exposed SystemOS kernel exploitation on both Xbox One and Xbox Series" I'm a former Xbox hacker, then former Microsoft employee, and (long after) leaving Microsoft helped with the Collateral Damage post-exploitation payload. The design of the Xbox One security predates me, but Microsoft has always known that SystemOS would be a weak link that would almost guaranteed to be compromised and shoved most of their attack surface that can be trivially attacked in there. The system shell, 3rd-party apps, guide, etc. all run in SystemOS. The key things they focused on though were: 1. Extremely strong defense-in-depth 2. Making full or partial exploitation not economical 3rd party apps and the web browser were seen as being obviously untrusted _and_ needed JIT because they'd mostly be based on .NET or the JS VM. But practically speaking there should be nothing interesting in that VM: its compromise shouldn't enable piracy/cheating and ideally shouldn't leak game plaintext. What some others found though was that for some reason plaintext was actually visible to SystemOS, but didn't enable piracy on console. You can take those games though and run them on PC using XWine1: https://github.com/xwine1 Technically speaking there's no reason why Collateral Damage couldn't have happened waayyyyy earlier in the Xbox One's lifecycle except for motivation. Even still you could probably take some Hyper-V N-day and compromise HostOS through. Over there years there have been other "exploits" too: some folks have managed to tamper with gamesaves via cloud connected storage and other shenanigans, XSS in the system shell (some of these apps are JS), etc., but most of this was relatively benign and easily patchable. And there has been a very, very small group of people with similar but less capable exploits to Collat. Collat allowed compromise of plaintext. Bliss breaks everything :) |