New hack runs homebrew code from DVD-R on unmodified PlayStation 2

67 at?v=lyFNHGmbBsU

A demo from CTurt reveals an SNES emulator working on a PS2 from a burned DVD-R.

Virtually 20 yrs following its preliminary launch, a hacker has discovered a way to operate homebrew computer software on an unmodified PlayStation 2 employing nothing at all but a meticulously burned DVD-ROM.

Past endeavours to hack the PS2 relied on inner modifications, exterior components (like pre-hacked memory playing cards and difficult drives), or mistakes discovered only on extremely certain versions of the program. The freshly found FreeDVDBoot differs from this past operate by exploiting an mistake in the console’s DVD movie participant to generate a totally computer software-primarily based technique for working arbitrary code on the program.

Safety researcher CTurt laid out the FreeDVDBoot discovery and technique in depth in a website publish this weekend. By decrypting and examining the code utilised for the PS2’s DVD participant, CTurt discovered a operate that expects a 16-little bit string from a appropriately formatted DVD but will essentially effortlessly acknowledge above one.five megabytes from a destructive resource.

Sending meticulously formatted information to that operate brings about a buffer overflow that in change triggers an additional poorly prepared operate to inform the program to bounce to an spot of memory with arbitrary, attacker-prepared code. That code can then inform the program to load an ELF file prepared to a burned DVD-R in the program. Developing on past PS2 homebrew endeavours like uLaunchELF, it can be somewhat basic to use that DVD-R to load homebrew computer software or even total copies of or else duplicate-secured PS2 online games.

The exploit is at this time confined to extremely certain variations of the PS2’s DVD participant firmware (as of push time, firmwares three.10 and three.11, when established to “English”) discovered in later on editions of the console and is not going to operate in before techniques. But CTurt writes that he is “confident that all other versions also contain these same trivial IFO parsing buffer overflows” and can be exploited with broadly equivalent procedures. The probability of equivalent hacks by way of the Blu-ray participant on the PS3 and PS4 (or the CD participant on the PS1) are also becoming examined by the neighborhood.

Superior late than early?

In the calendar year 2020, a new computer software-only hacking technique for the PS2 would seem not likely to have significantly result on Sony’s base line. But we can not assist but marvel at how fortunate Sony was that an exploit like this was not discovered and disseminated in the course of the PS2’s heyday in the early ’00s. at?v=DWIvfFGuw7I

A DVD-R duplicate of Shadow of the Colossus working on an unmodified PlayStation 2, courtesy of Cturt’s hack.

Keep in mind, the PS2 existed in a working day and age just before normal program firmware updates have been dispersed by means of down load or packaged on video game discs. As a result, a PS2 exploit that authorized for basic, popular piracy with nothing at all but a DVD burner could have experienced a massive impression on the industry for PS2 computer software, significantly as equivalent exploits did for the Dreamcast and its legacy.

Additional than that, while, this new PS2 hack the moment yet again proves that even the greatest duplicate-security strategies will finally slide if the neighborhood places in plenty of interest and work. At greatest, console makers are just purchasing time just before a person finds a way to trick the program into performing like an arbitrary computer system. For Sony, it would seem, their endeavours purchased them above 20 yrs of successful security from basic, DVD-R-primarily based hacks.

Listing picture by CTurt / YouTube