crtasmMicrosoft's 'unhackable' Xbox One has been hacked by 'Bliss'
Created a voltage drop that exactly occurred to be timed to the key comparison, then a spike at the continuation.
Irl noop and forced execution control flow to effectively return true.
B e a utiful
It's fascinating - how does one defend against an attacker or red-team who controls the CPU voltage rails with enough precision to bypass any instruction one writes? It's an entirely new class of vulnerability, as far as I can tell.
This talk https://www.youtube.com/watch?v=BBXKhrHi2eY indicates that others have had success doing this on Intel microcode as well - only in the past few months. Going to be some really exciting exploits coming out here!
m0leCon 2025 - Federico Cerutti - Voltage Glitching Intel Microcode
> how does one defend against an attacker or red-team who controls the CPU voltage rails
The xbox does have defences against this, the talk explicitly mentions rail monitoring defences intended to detect that kind of attack. It had a lot of them, and he had to build around them. The exploit succeeds because he found two glitch points that bypassed the timing randomisation and containment model.
They're also, as it turns out, vulnerable to a drillbit