New Hack Runs Homebrew Code From DVD-R On Unmodified PlayStation 2 (arstechnica.com) 18
An anonymous reader quotes a report from Ars Technica: Nearly 20 years after its initial release, a hacker has found a way to run homebrew software on an unmodified PlayStation 2 using nothing but a carefully burned DVD-ROM. Previous efforts to hack the PS2 relied on internal modifications, external hardware (like pre-hacked memory cards and hard drives), or errors found only on very specific models of the system. The newly discovered FreeDVDBoot differs from this previous work by exploiting an error in the console's DVD video player to create a fully software-based method for running arbitrary code on the system.
Security researcher CTurt laid out the FreeDVDBoot discovery and method in detail in a blog post this weekend. By decrypting and analyzing the code used for the PS2's DVD player, CTurt found a function that expects a 16-bit string from a properly formatted DVD but will actually easily accept over 1.5 megabytes from a malicious source. Sending carefully formatted data to that function causes a buffer overflow that in turn triggers another badly written function to tell the system to jump to an area of memory with arbitrary, attacker-written code. That code can then tell the system to load an ELF file written to a burned DVD-R in the system. Building on previous PS2 homebrew efforts like uLaunchELF, it's relatively simple to use that DVD-R to load homebrew software or even full copies of otherwise copy-protected PS2 games. The exploit is currently limited to very specific versions of the PS2's DVD player firmware (as of press time, firmwares 3.10 and 3.11, when set to "English") found in later editions of the console and won't work in earlier systems. But CTurt writes that he's "confident that all other versions also contain these same trivial IFO parsing buffer overflows" and can be exploited with broadly similar methods. The possibility of similar hacks through the Blu-ray player on the PS3 and PS4 (or the CD player on the PS1) are also being examined by the community.
Security researcher CTurt laid out the FreeDVDBoot discovery and method in detail in a blog post this weekend. By decrypting and analyzing the code used for the PS2's DVD player, CTurt found a function that expects a 16-bit string from a properly formatted DVD but will actually easily accept over 1.5 megabytes from a malicious source. Sending carefully formatted data to that function causes a buffer overflow that in turn triggers another badly written function to tell the system to jump to an area of memory with arbitrary, attacker-written code. That code can then tell the system to load an ELF file written to a burned DVD-R in the system. Building on previous PS2 homebrew efforts like uLaunchELF, it's relatively simple to use that DVD-R to load homebrew software or even full copies of otherwise copy-protected PS2 games. The exploit is currently limited to very specific versions of the PS2's DVD player firmware (as of press time, firmwares 3.10 and 3.11, when set to "English") found in later editions of the console and won't work in earlier systems. But CTurt writes that he's "confident that all other versions also contain these same trivial IFO parsing buffer overflows" and can be exploited with broadly similar methods. The possibility of similar hacks through the Blu-ray player on the PS3 and PS4 (or the CD player on the PS1) are also being examined by the community.
Re: (Score:2)
That's only applicable to copyright, and so would only be relevant if this hack allowed one to otherwise copy another copyrighted work.
Do you know of any copyrighted work that could even theoretically be copied without authorization through this hack?
Re: (Score:2)
You might be right, but if you meant that as a reference to DMCA's prohibition, then at least on the face of it, you appear to be wrong. Still, you might be right anyway! To be sure, fill in the blanks: it circumvents a technological measure which limits access to _____, which is a work copyrighted by _____.
Now this is a true hack! (Score:5, Insightful)
Without getting into the legality, morality, or ethicality of this, I love to see true hacks like this!
This isn't some arbitrary buffer overflow that someone found after running a fuzzer for 10 weeks and was on line 43 of page 159 of the "report." This is a true, break out of the box and do what you want hack with nothing other than a DVD. This completely rewrites how the OS works and delivers full functions of the PS2 right out of the box.
This is cool.
--
I have not failed. I’ve just found 10,000 ways that won’t work. - Thomas Edison
Re:Now this is a true hack! (Score:4, Insightful)
You know what would be even cooler? If the manufacturer were to create a built in way to access the full capabilities of the hardware without having to hack it. You could call that feature something like "AlternativeOS".
Just don't do something dumb like cripple the AlternativeOS by hiding all but the most basic of graphics capabilities behind a hypervisor. Doing that might tempt hackers into opening up the capabilities by compromising the game OS.
Re: (Score:1)
Wow, the idiots that modded this Troll must be sucking that Sony dick really, REALLY hard.
Re: (Score:2)
I did the "Free McBoot" hack many years ago when it was new, thanks to (IIRC) a Code Breaker 8.0 disc that let you put arbitrary files onto a memory card with the Magic Gate protection set. There were very few ways to do this other than a few specific versions of memory card managers (the then-current CB9 didn't allow this; I found a used CB8 at a Game Stop) or from an already working Free McBoot memory card. It worked because the ROM had code to allow booting from a specific protected binary file on a memo
so Linux on ps2 is back without helper disc? (Score:2)
there was a special disk by Sony needed to boot Linux, has someone used this hack to get that loaded?
Curses! I just gave mine to the Goodwill! (Score:1)
Curses! I just gave mine to the Goodwill!
Re: (Score:2)
The good news is, now you can emulate 5 of them on your computer instead. Unlock that potential...
Be cool to see the platform open up (Score:3)
Re: (Score:2)
Yeah, and you can see how history pretty much had Sega dropping out of the hardware console market after the Dreamcast, while the PS2 became the top selling console of all time.
When software is what you're trying to sell, it's hard to have homebrew. Though Microsoft did allow it for a time with XNA and even allowed a storefront to exist to allow homebrewers to actually sell their games.
Actually Sega was long dead (Score:2)
What killed the DC w
Isn't this just ESR? (Score:2)
ESR has been around forever!
https://www.psx-place.com/thre... [psx-place.com]
At least 2008!