The King Kong Exploit: How One Movie Game Cracked the Xbox 360

In December 2006 a hacker slipped a tweaked copy of Peter Jackson’s King Kong into an Xbox 360 at the 23C3 conference, ejected the disc on cue, and booted Gentoo Linux. That live demo proved Microsoft’s “unbreakable” hypervisor could fall.

Why the King Kong Exploit Still Matters

You care because this single flaw gave the community full hardware access and laid the groundwork for every later mod from JTAG to today’s BadUpdate USB trick. Without it, you would not have seen unsigned code on retail hardware.

Setting the Stage: Xbox 360 Security in 2005–2006

Microsoft’s Lockdown Strategy

Microsoft fused per-console keys, signed every binary, and encrypted flash. One former engineer put it bluntly: “I designed the Xbox 360 hardware security, wrote all the boot loaders, and the hypervisor code.”

Early Probing and the Free60 Project

The Free60 team spent 2005 reverse-engineering firmware and storage, warming the scene for something bigger. See our Xbox 360 scene history guide for a full timeline.

Birth of the Exploit (Dec 2006 – Jan 2007)

Chaos Communication Congress Reveal

At 23C3 the hacker used a shader overflow inside King Kong plus a 4532 dashboard to jump from the GPU to the hypervisor, then to XeLL.

Rapid Patch and Aftermath

Microsoft closed the hole in dashboard 4552 on 9 Jan 2007. Consoles updated past that build lost access, so collectors still hunt for early Xenon units.

Technical Deep Dive: How the Shader Overflow Works

Required Builds and Media

• Kernel 4532 or 4548
• Original, not Classics, King Kong disc
• Patched ISO with shader.bin that forces a tray eject, letting you swap to a Linux LiveCD

What Actually Breaks

The custom shader reads 128 KB from disc into RAM past the intended buffer. That overwrite lets code run with full hypervisor rights and bypasses signature checks.

For a step-by-step guide see the ConsoleMods KK exploit tutorial and the original IVC write-up.

Legacy and Evolution 2007–2025

From JTAG and RGH to Software-Only Hacks

The exploit proved hypervisor holes existed, inspiring JTAG (2009) and Reset Glitch Hack (2011). Fast-forward to March 2025 and the BadUpdate exploit lets you hack a 360 with nothing but a USB stick and a Rock Band Blitz demo. Follow our BadUpdate guide for details.

Marketplace Shutdown Fuels New Interest

Microsoft shut the Xbox 360 marketplace on 29 July 2024, spiking search traffic for “Xbox 360 hack” and pushing more owners toward homebrew. The community responded with the open Homebrew Store (2024) and fresh tools like FreeMyXe (2025).

Impact on Homebrew and Research

Xbox 360 remains Microsoft’s best-selling Xbox with 85.73 million units sold. Monthly active Xbox users jumped from 200 million in 2024 to 500 million in 2025, showing the platform’s long tail.

Security researcher Felix Domke (tmbinc) reflects: “If the hypervisor bug had not leaked, retail consoles might still be locked down.” For legal considerations read our console-mod legality explainer. Want Linux on your own unit? Check our Linux install walkthrough.

FAQ

How do I know if my console can run the exploit?

Look for dashboard build 4532 or 4548 in System Info.

Does the King Kong exploit still work today?

Only on consoles that never updated past 4548. Modern dashboards are patched.

Can I go online afterward?

No. Xbox Live detects modified kernels and bans instantly.

Is BadUpdate safer?

It is software-only and temporary but still voids terms of service.

Where can I find a clean King Kong disc?

Used-game shops list the launch edition for about $5 in 2025.

Why use King Kong instead of newer exploits?

Collectors value it as a historical proof of concept and for full Linux access without glitch chips.