Any third-party SSDs might work as Xbox X|S storage expansion

[DuckDodgers]

Third party PCIe 4.0 storage drives could offer a cheaper solution to Seagate's pricey expansion card for Microsoft's consoles.

 

Quote

Writing in a step-by-step post on the Chinese video-sharing site Bilibili, a user has discovered that it's potentially possible to use any high-speed SSD in the Xbox Series X and S by using an adapter to convert the drive's storage interface—instead of mandating that users who want to expand installable space for newer "Velocity Architecture" games purchase proprietary Series X/S memory cards. (Past-gen software on Series X/S can be installed to older, slower storage options connected via USB ports).

 

The modder learned via a teardown video that the Xbox Series S uses two PCIe 4.0 ports to house its NVMe SSD and external expansion, and, crucially, that the console's external expansion card uses the CFExpress protocol, which also uses an NVMe interface. (Asian video-sharing sites like Bilibili generally work like YouTube, except users can often post blog-style entries as well as videos, hence the tutorial.)

 

Another hardware hack that's just one firmware update away from "correction".

 

Sources

https://arstechnica.com/gaming/2021/09/your-standard-ssd-might-work-as-an-xbox-storage-expansion

[Alireza]

that is a MASSSSSIVE security flaw and Microsoft should close this hack in a firmware update immediately

[TheSLSAMG]

31 minutes ago, Alireza said:

that is a MASSSSSIVE security flaw and Microsoft should close this hack in a firmware update immediately

Yes, just like the MASSSSSIVE security flaw of Sony supporting non-factory storage devices since the PS3 and it not resulting in a kernel-level exploit allowing for jailbreaking, hacking, etc.

[bcredeur97]

2 hours ago, Alireza said:

that is a MASSSSSIVE security flaw and Microsoft should close this hack in a firmware update immediately

... it's a game console. and this would be a "hack" that doesn't affect computers outside of the local console. it's not an enterprise data center.

So what exactly do you mean? How can there be anything wrong with this?

[williamcll]

2 hours ago, TheSLSAMG said:

Yes, just like the MASSSSSIVE security flaw of Sony supporting non-factory storage devices since the PS3 and it not resulting in a kernel-level exploit allowing for jailbreaking, hacking, etc.

This is a good thing though. I would love to dual boot my Xbox into a desktop.

If I had a xbox of course.

[Alireza]

2 hours ago, TheSLSAMG said:

Yes, just like the MASSSSSIVE security flaw of Sony supporting non-factory storage devices since the PS3 and it not resulting in a kernel-level exploit allowing for jailbreaking, hacking, etc.

 

55 minutes ago, bcredeur97 said:

... it's a game console. and this would be a "hack" that doesn't affect computers outside of the local console. it's not an enterprise data center.

So what exactly do you mean? How can there be anything wrong with this?

 

29 minutes ago, williamcll said:

This is a good thing though. I would love to dual boot my Xbox into a desktop.

If I had a xbox of course.

the way that xbox Velocity Architecture works is it gives the CPU direct kernel level access to the SSD (its much more complicated than that btw)

and the expansion port is following the same rule as the internal SSD

if this hack can give the attacker a direct kernel access it is possible to find a way to run unsigned code simply by bypassing the hypervisor

[tridy]

How about when you attach any storage to the console, it takes over it, formats, encrypts and makes it its own, and not load any other stuff that can appear on this disk besides the stuff it "knows". That is if it is possible to do it on the software level without the need for any additional hardware.