What is Xbox One voltage glitch hacking and why does it matter now?
Xbox One voltage glitch hacking refers to a hardware fault-injection technique that deliberately destabilizes a processor’s power supply to corrupt instructions and bypass security checks. Thirteen years after the original Xbox One launched in 2013, researcher Markus Gaasedelen — known online as Doom — presented a working exploit called Bliss at the RE//verse 2026 conference, achieving the world’s first hardware attack on the Xbox One BootROM and enabling unsigned code to run at every level of the system.
How the Bliss exploit actually works
The core technique behind Bliss is crowbar voltage glitching, a method Gaasedelen described plainly in his RE//verse talk: “crowbar glitching specifically, it’s just a cheap and effective fault injection technique where you try to collapse the voltage rail at a very precise moment. And that can destabilize the core. It can cause weird things to happen, such as instructions to get corrupted”. In practice, this means shorting the North Bridge core rail — the power line running beneath the console’s APU — to ground for between 100 and 200 nanoseconds. That window is brutally narrow, and hitting it reliably required a custom hardware setup.
To prepare the target console, Gaasedelen removed SMD capacitors from the North Bridge core rail and added a shunt resistor, with a green wire used to ground the rail at the critical moment. Timing that moment precisely is where the eFuse side-channel comes in. The Xbox One reads three eFuse lines during pre-boot to check lockdown states and chip entitlements. These reads produce analog dips of just 50 millivolts, which Gaasedelen amplified to 3.3-volt digital pulses to create a reliable timing anchor. The first glitch fires 268 microseconds after the eFuse read, with a variance of plus or minus 175 nanoseconds.
What makes Bliss particularly sophisticated is that it requires not one but two glitches within a single boot cycle. The first glitch breaks the Memory Protection Unit configuration loop — the Xbox One sets up 12 MPU regions during boot — and skips the instruction that actually enables the MPU. The second glitch simultaneously targets another critical sequence in the boot chain. Because Gaasedelen was operating completely blind initially, the process required hundreds of automated reboots before the first signs of success: postcodes beginning to wiggle on the console’s GPIO pins. “I’m actually influencing it for the first time. I’ve managed to demonstrate some hardware influence over it,” he said at the conference.
Xbox One voltage glitch limitations: which consoles are actually at risk
Bliss only works on the original 2013 “Fat” Xbox One. It does not work on the Xbox One S, Xbox One X, or any Xbox Series X/S hardware. The reason is straightforward: Microsoft added glitch monitors to its silicon by the end of 2014, and these monitors detect the voltage drops that crowbar glitching relies on. Anyone hoping this exploit opens up the broader Xbox ecosystem will be disappointed — the attack surface is deliberately narrow, limited to a console that is now more than a decade old and long out of production.
This limitation is worth taking seriously before the hype runs away from the facts. A separate exploit called Collateral Damage, which surfaced in related research, does support broader models and firmware through a reverse shell over the network — but that is a software-based approach with no connection to Bliss’s hardware glitching method. The two should not be conflated.
How Bliss compares to other hardware exploits
Voltage glitching is not a new concept in console security research. A comparable technique was used to dump the boot ROM of the PlayStation Vita’s F00D security processor, where researchers targeted critical paths like the ALU using a crowbar circuit with precise timing parameters triggered after eMMC activity. What distinguishes Bliss is the double-glitch requirement within a single boot cycle and the eFuse side-channel approach for timing — a more intricate setup than most prior console glitching work. The PlayStation Vita attack also required significant reverse engineering effort, but the Xbox One’s BootROM had resisted any hardware attack at all until now, making Gaasedelen’s result genuinely notable in the hardware security community.
Microsoft’s original confidence in the Xbox One’s security was not unfounded. The console’s layered boot security, MPU protections, and eFuse lockdown mechanisms represented serious engineering. The fact that it took until 2026 — and required a highly precise double-glitch technique operating at nanosecond tolerances — demonstrates that the security held up for a remarkably long time. That said, “unhackable” has always been a claim that time tends to disprove.
Is the Bliss Xbox One hack dangerous for everyday users?
For the vast majority of Xbox One owners, Bliss poses no practical threat. The exploit requires physical access to the hardware, custom electrical modifications including removing SMD components and adding a shunt resistor, and hundreds of automated reboots to succeed. This is not a remote attack, not a software vulnerability, and not something that can be triggered over a network. The affected hardware is also a discontinued 2013 console that Microsoft no longer actively supports with new software updates.
Will this hack be patched or spread to newer consoles?
Microsoft’s glitch monitors, introduced in hardware by the end of 2014, already block this specific technique on all post-2013 Xbox hardware. There is no software patch that can fix a hardware-level voltage glitch vulnerability on the original Fat Xbox One — the protection Microsoft built into later silicon is the answer, and it was already deployed years ago. Newer consoles are not at risk from Bliss as currently demonstrated.
The real significance here is academic and archival. Researchers and hobbyists interested in the original Xbox One’s internals now have a documented path to running unsigned code, which opens the door to preservation work, homebrew development, and deeper understanding of how the console’s security architecture was constructed. That is a meaningful outcome — just not the apocalyptic one that breathless headlines might suggest.
Bliss is a landmark in hardware security research, a reminder that given enough time and ingenuity, every silicon fortress eventually falls. But context matters: this is a 13-year-old discontinued console, cracked by a painstaking physical process that demands specialist hardware knowledge and custom electrical work. The achievement belongs to Gaasedelen and the broader security research community — not to anyone looking for an easy exploit on a modern system.
This article was written with AI assistance and editorially reviewed.
Source: Tom's Hardware
