Now play Homebrew games on your PlayStation 2 using this DVD exploit code
The PlayStation 2 (officially branded as PS2) is a home video game console developed and marketed by Sony Computer Entertainment. It was first released in Japan on March 4, 2000, in North America on October 26, 2000, and in Europe and Australia on November 24, 2000, and is the successor to the original PlayStation, as well as the second installment in the PlayStation console line-up. A sixth-generation console, it competed with Sega’s Dreamcast, Nintendo’s GameCube, and Microsoft’s original Xbox.
In the previous hacks, PS2 relied on internal modifications, external hardware (like pre-hacked memory cards and hard drives), or errors found only on very specific models of the system. The newly discovered FreeDVDBoot differs from this previous work by exploiting an error in the console’s DVD video player to create a fully software-based method for running arbitrary code on the system.
As a disclaimer, it’s worth saying that it is not recommended to hack, unlock, or jailbreak a PS2. Although it can clearly allow for more control over the system, it also compromises the safety and integrity of the console and can cause a lot of problems for users that aren’t well versed in its inner workings.
Security software engineer CTurt has developed a homebrew app method that exploits the DVD player function to run unofficial code. The approach involves corrupting key functions in the files DVD movies always contain, and then loading a second, more advanced stage than isn’t constrained like the first.
CTurt laid out the FreeDVDBoot discovery and method in detail in a blog post this weekend. By decrypting and analyzing the code used for the PS2’s DVD player, CTurt found a function that expects a 16-bit string from a properly formatted DVD but will actually easily accept over 1.5 megabytes from a malicious source.
My initial attempt to solve this problem was to exploit the BASIC interpreter that came bundeld with early PAL region PS2s. Although I was successful at producing the first software based entry-point exploit that can be triggered using only hardware that came with the console, the attack was largely criticized due to the requirement of having to enter the payload manually through the controller or keyboard, and limitation of being PAL only. I decided to write-off that exploit as being impractical, and so the hunt continued for a better attack scenario for the PlayStation 2.
siad the engineer
The exploit is currently limited to very specific versions of the PS2’s DVD player firmware (as of press time, firmware 3.10 and 3.11, when set to “English”) found in later editions of the console and won’t work in earlier systems. But CTurt said that he’s “confident that all other versions also contain these same trivial IFO parsing buffer overflows” and can be exploited with broadly similar methods.
If we think about what a DVD Video consists of there are quite a few main components, each with the potential for vulnerabilities:
- UDF filesystem
- DVD Video metadata/subtitles
- Audio and video decoding
- Interaction machine
Further details of the Hack are explained by the developer in its block so you can follow it from here. this new PS2 hack once again proves that even the best copy-protection schemes will eventually fall if the community puts in enough attention and effort. At best, console makers are just buying time before someone finds a way to trick the system into acting as an arbitrary computer.
For more news on tech and cybersecurity stay tuned at Android Rookies by subscribing to our newsletter from here