Summary of "After 12 Years, The Xbox One has finally been hacked"

Overview

After roughly 12 years of being effectively unexploitable, the original 2013 Xbox One (VCR motherboard) was hardware-exploited by Marcus Castellan using an attack dubbed the “Bliss” hack. A detailed technical write-up and demonstration were presented on the Reverse 2026 YouTube channel.

What happened

The exploit is a hardware voltage glitch that briefly forces the console’s SoC into an undefined state during boot, causing the boot ROM to skip security checks.
The result is full supervisor execution and decryption at the boot-ROM level — before irreversible cryptographic transformations and revocation checks occur.
Because the attack targets ROM/hardware behavior, it cannot be patched by Microsoft via firmware updates.

The exploit is irreversible on hardware: Microsoft cannot fix it with a software update because it abuses physical ROM/hardware behavior.

Technical approach and effect

Attack type: voltage glitch (brief short/glitch on the north-bridge power rail) to induce undefined CPU state and boot-ROM checks to be skipped.
Effects achieved:
- Dumping efuses and cryptographic keys
- Extracting internal strings and decrypting bootloaders
- Loading, patching, and executing unsigned code (compromising hypervisor, system/game OS and underlying code)
Reliability: early research reported glitch success rates ranging from ~1 minute to 30 minutes per successful boot; with tuning, boot times could drop to seconds. Community refinement and mod-kits are likely to improve reliability.

Why it took so long

Post-Xbox 360 RGH hardening: Microsoft removed easy hardware attack surfaces (e.g., reset pins) and mitigated clock-slowing/other simple glitch vectors.
Dev mode/UWP sandbox: official ways to run user-developed apps reduced motivation for casual homebrew exploitation.
Boot ROM assumption: the boot ROM was perceived as bug-free and practically unexploitable without a physical attack, so it received little prior success from software-only attacks.

Practical implications and benefits

Preservation and archiving: ability to dump and decrypt Xbox One titles, store data, and files tied to original hardware for long-term preservation.
Repair and restoration: recover bricked consoles, reprogram corrupted NAND, replace/decouple optical drives, perform MMC replacements — extend the useful life of aging hardware.
Homebrew and custom firmware: unlock unsigned code execution beyond official dev mode, enabling deeper homebrew ecosystems and custom firmware.
Limitations: currently the exploit applies only to the 2013 Xbox One VCR model. Later Xbox One S and Xbox Series hardware are not affected (as of the report).

What’s required to perform the mod (as described)

Target hardware: 2013 Xbox One (VCR motherboard).
Components and tooling:
- Microcontroller such as a Raspberry Pi Pico (subtitles also mentioned “18C”)
- Basic MOSFET circuit on the north-bridge rail to create the voltage glitch
- Board-level work: a 3–4 wire mod plus removal of some capacitors under the board to allow the voltage drop/glitch to impact the processor cleanly
Skill and risk: this is a physical hardware modification that requires soldering/board-level work and carries risk of damaging the console. The presenter advised waiting for community tooling/kits unless experienced with hardware mods.

Notes and context

Because the attack is physical/hardware-based, it cannot be patched remotely by Microsoft.
The presenter emphasized preservation and archival value given the Xbox One’s previous unhackable status and the eventual sunset of online stores.
Community tooling, tutorials, and mod-kits are likely to appear following the publish; those will make the mod more accessible and reliable.

Key speakers and sources

Marcus Castellan — author and demonstrator of the Bliss exploit.
Reverse 2026 — technical security write-up/video referenced by the presenter.
Tony Chen (Microsoft) — cited for the 2019 Xbox One security presentation describing prior hardening steps.
Cybersc Guru — article/coverage referenced in subtitles.
Video presenter/host (referred to by viewers as “VJ” in subtitles).