Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
PlayStation (Games) Programming Sony

New Hack Runs Homebrew Code From DVD-R On Unmodified PlayStation 2 (arstechnica.com) 18

An anonymous reader quotes a report from Ars Technica: Nearly 20 years after its initial release, a hacker has found a way to run homebrew software on an unmodified PlayStation 2 using nothing but a carefully burned DVD-ROM. Previous efforts to hack the PS2 relied on internal modifications, external hardware (like pre-hacked memory cards and hard drives), or errors found only on very specific models of the system. The newly discovered FreeDVDBoot differs from this previous work by exploiting an error in the console's DVD video player to create a fully software-based method for running arbitrary code on the system.

Security researcher CTurt laid out the FreeDVDBoot discovery and method in detail in a blog post this weekend. By decrypting and analyzing the code used for the PS2's DVD player, CTurt found a function that expects a 16-bit string from a properly formatted DVD but will actually easily accept over 1.5 megabytes from a malicious source. Sending carefully formatted data to that function causes a buffer overflow that in turn triggers another badly written function to tell the system to jump to an area of memory with arbitrary, attacker-written code. That code can then tell the system to load an ELF file written to a burned DVD-R in the system. Building on previous PS2 homebrew efforts like uLaunchELF, it's relatively simple to use that DVD-R to load homebrew software or even full copies of otherwise copy-protected PS2 games. The exploit is currently limited to very specific versions of the PS2's DVD player firmware (as of press time, firmwares 3.10 and 3.11, when set to "English") found in later editions of the console and won't work in earlier systems. But CTurt writes that he's "confident that all other versions also contain these same trivial IFO parsing buffer overflows" and can be exploited with broadly similar methods. The possibility of similar hacks through the Blu-ray player on the PS3 and PS4 (or the CD player on the PS1) are also being examined by the community.

This discussion has been archived. No new comments can be posted.

New Hack Runs Homebrew Code From DVD-R On Unmodified PlayStation 2

Comments Filter:
  • by Arzaboa ( 2804779 ) on Monday June 29, 2020 @04:25PM (#60244272)

    Without getting into the legality, morality, or ethicality of this, I love to see true hacks like this!

    This isn't some arbitrary buffer overflow that someone found after running a fuzzer for 10 weeks and was on line 43 of page 159 of the "report." This is a true, break out of the box and do what you want hack with nothing other than a DVD. This completely rewrites how the OS works and delivers full functions of the PS2 right out of the box.

    This is cool.

    --
    I have not failed. I’ve just found 10,000 ways that won’t work. - Thomas Edison

    • by slinches ( 1540051 ) on Monday June 29, 2020 @04:56PM (#60244406)

      You know what would be even cooler? If the manufacturer were to create a built in way to access the full capabilities of the hardware without having to hack it. You could call that feature something like "AlternativeOS".

      Just don't do something dumb like cripple the AlternativeOS by hiding all but the most basic of graphics capabilities behind a hypervisor. Doing that might tempt hackers into opening up the capabilities by compromising the game OS.

      • by Khyber ( 864651 )

        Wow, the idiots that modded this Troll must be sucking that Sony dick really, REALLY hard.

    • by Megane ( 129182 )

      I did the "Free McBoot" hack many years ago when it was new, thanks to (IIRC) a Code Breaker 8.0 disc that let you put arbitrary files onto a memory card with the Magic Gate protection set. There were very few ways to do this other than a few specific versions of memory card managers (the then-current CB9 didn't allow this; I found a used CB8 at a Game Stop) or from an already working Free McBoot memory card. It worked because the ROM had code to allow booting from a specific protected binary file on a memo

  • there was a special disk by Sony needed to boot Linux, has someone used this hack to get that loaded?

  • Curses! I just gave mine to the Goodwill!

  • by rsilvergun ( 571051 ) on Monday June 29, 2020 @08:37PM (#60245200)
    like the Dreamcast did. There's been several really amazing Dreamcast releases over the years thanks to how easy it is to run burned discs on the platform. You can buy an official port of Breakers (the Neo-Geo's response to Street Fighter Alpha 2) along with entirely new games like Gunlord and Sturmwind (which is just a crazy game that has to be seen to be believed).
    • by tlhIngan ( 30335 )

      Yeah, and you can see how history pretty much had Sega dropping out of the hardware console market after the Dreamcast, while the PS2 became the top selling console of all time.

      When software is what you're trying to sell, it's hard to have homebrew. Though Microsoft did allow it for a time with XNA and even allowed a storefront to exist to allow homebrewers to actually sell their games.

      • by the time piracy became an issue. There are rumors it affected the release of Half Life, but that's about it. And later Dreamcasts fixed the issue by removing the feature used for the hack. Finally burning Dreamcast ISOs wasn't as easy as you think, especially back then. It took me several hours to get it working when I tried it and that was probably mid 2000s long after the DC was toast. And except for really small games like Ikaruga they were often glitchy and had sound problems.

        What killed the DC w
  • ESR has been around forever!

    https://www.psx-place.com/thre... [psx-place.com]

    At least 2008!

Never test for an error condition you don't know how to handle. -- Steinbach

Working...