
Xbox One Exploit Proof of Concept Released, Based on Chakra Exploit - fmavituna
http://wololo.net/2017/03/31/xbox-one-hack-xbox-one-exploit-proof-concept-released-based-chakra-exploit-unconfirmed/
======
colemickens
I don't know much at all about the Xbox One architecture (and what I do is
from public information obviously), but it seems safe to assume that this
exploit would only land in the "Application" portion of the system. As I
understand there are two (three?) hypervisor-level isolated portions of the
system... particularly for cases like this in order to prevent a compromised
application from being able to enable piracy of the "GameOS" portion.

~~~
gambiting
There are actually 3 different OSes running on the Xbox One. Applications are
in their own OS, so any "kernel" exploit would only grant them access to that
very limited OS that can't run games. Unless, of course, they somehow manage
to escape that container and force VM to run their own modified version of
GameOS.

~~~
my123
A modified version of Hyper-V called NanoVisor is used. Apps run in SystemOS,
which is already accessible officially even through other ways... GameOS and
HostOS use a stripped-down version of the NT kernel, compiled differently and
without binary compat.

~~~
TazeTSchnitzel
Yes, can't anyone make a Windows Store app for Xbox One?

~~~
my123
Anyone can, that's right ;) Every Windows Store(UWP) app that isn't a game* is
automatically pushed to Xbox devices also, except if the developer opts out.

* for games, it's separately handled for validation

------
watsonc73
"I do not have an xbox one and cannot verify that the exploit indeed works.
With that being said, there’s enough hints pointing to this being real so if
you have an XBox running on the affected firmware, feel free to give it a try
and comment."

I've no doubt this exploit is legit but it would be nice for reporters to
actually verify these issues themselves before posting online.

The above basically reads to me I'M TOO LAZY TO CHECK MYSELF

~~~
lawl
He said he doesn't have an xbox one in TFA. What do you want him to do? Go buy
one so he can make a blog post?

~~~
aaossa
He could have ask a friend to apply the exploit, is a matter of responsibility
because you need proofs to support your statements. What would happen if the
exploit is not real and he called it out incorrectly?

~~~
icebraining
The author stated that a proof of concept was released. This is a verifiably
true fact. Nowhere was it claimed it worked, and in fact that's quite clear by
the "unconfirmed" in the title and the "[w]e have not confirmed if this
exploit works" in the first paragraph.

