TL;DR
- Security Breakthrough: Researcher Markus Gaasedelen cracked the Xbox One’s 12-year security record using a voltage glitching exploit called Bliss.
- How It Works: The exploit targets an unpatchable vulnerability in the console’s boot ROM silicon, requiring physical hardware modifications and yielding a one-in-a-million success rate.
- Limited Scope: Only the original 2013 Xbox One is affected, as later models include hardened Boot ROMs with voltage glitch monitors.
- Preservation Focus: Gaasedelen frames the work as a game preservation effort, with applications including unbricking dead consoles and replacing failed storage chips.
Security researcher Markus Gaasedelen has broken the Xbox One’s 12-year security record with Bliss, a voltage glitching exploit that targets an unpatchable vulnerability in the console’s boot ROM silicon. Released on November 22, 2013, the Xbox One was designed with layered security measures including secure boot technology and an OS architecture that isolates different layers to prevent unauthorized access.
As late as 2020, Microsoft engineers still called it “the most secure product Microsoft has ever created,” but after three years of work, Gaasedelen demonstrated the exploit at the RE//verse 2026 conference. His presentation ended what had been the longest unhacked streak of any modern gaming console.
How the Bliss Exploit Works
Rather than attacking software, Bliss targets the Boot ROM inside the Platform Security Processor (PSP) of the Xbox One’s custom AMD system-on-chip. By soldering wires to the motherboard, Gaasedelen delivered two precisely timed voltage collapses to the North Bridge core rail during startup.
During the boot sequence, the first glitch disables Memory Protection Unit (MPU) enforcement, stripping away the processor’s ability to restrict memory access. A second, carefully timed glitch then hijacks the program counter, handing execution over to unsigned shellcode at supervisor level. Because the attack compromises the trust chain before the operating system loads, it bypasses all software-level security measures.
Achieving a successful glitch is extraordinarily difficult. According to Gaasedelen’s presentation, the success rate is roughly one in a million attempts, potentially requiring days of continuous automated runs. That vanishingly low probability positions Bliss as a research breakthrough rather than a practical piracy tool. For Microsoft, however, the damage is architectural: no firmware update can close a vulnerability baked into silicon.
What It Unlocks
Once successful, Bliss yields full eFuse values and encryption keys, complete decryption of boot stages SP1, SP2, and 2BL, along with full firmware access. At a practical level, the exploit enables loading unsigned code at every level of the system, allowing owners to install third-party software and alternative operating systems.
Full access to firmware, boot stages, and security components also gives reverse engineers a path to document the system more completely than was previously possible. Despite these capabilities, the exploit requires physical access to the console, soldering a microcontroller to the motherboard, removing capacitors to achieve the correct voltage, and deep technical knowledge, making remote exploitation impossible.
Scope and Limitations
While the technical achievement is notable, Bliss only affects the original 2013 Xbox One. Later models, including the Xbox One S, Xbox One X, and Xbox Series consoles, carry hardened Boot ROMs with active voltage glitch monitors that block this type of attack. Because the vulnerability exists in boot ROM silicon rather than updateable firmware, Microsoft cannot patch it through system updates. For original Xbox One hardware, the flaw is permanent.
By comparison, the Xbox 360 fell to the Reset Glitch Hack relatively quickly, and Sony’s PlayStation 4 was jailbroken by 2016. One security researcher described the Xbox One’s launch as the moment “a kind of iron curtain fell on the security of the Xbox ecosystem.” The 12-year gap between that launch and Bliss underscores how far Microsoft advanced console security. Yet the exploit’s reliance on the same voltage glitching technique that felled the Xbox 360 suggests hardware-level fault injection remains a persistent blind spot.
Beyond security implications, the hack also raises questions about Microsoft’s existing openness to third-party use. Microsoft’s own Developer Mode, available since 2016, already allowed users to install apps and emulators, which likely reduced hacker motivation to pursue a full jailbreak.
Bliss goes further by enabling full game decryption, a capability Developer Mode did not offer. Gaasedelen, who says he “hasn’t played games in years,” frames the work as a preservation effort rather than a path to piracy. Potential applications include unbricking dead consoles and replacing failed eMMC storage chips, extending the functional lifespan of aging hardware that Microsoft no longer manufactures.
