We are nearly at the half of this year over but 2020 was an weird year so far, don’t you agree? First we lost one of our greatest athletes in Basketball history who was a great father and human as well – shortly after that we are still battling with the worldwide Corona virus outbreak – “and now you tell me that there are still people releasing brand new Exploits for the PS2 released in 2020 ?!?!?!” Yeah, you read it correctly. Today well-known Developer @CTurtE showcases his newest achievements in “PS2 Hacking”. While his previous method saw some critics due to its limitation using the official Sony PS2 YaBasic Interpreter, which was only bundled in very first PS2 Demo Discs released for the PAL region only, Developer @CTurtE was so kind to find an even better entry point in launching Homebrew on an unmodified PS2. And guess what, he found a way to achieve exactly that by fully exploiting the DVD Video Player Functionality from a PS2 Console. And it comes even better. Not only you can enjoy all of the old but still good Homebrews and Emulators released back in the old days, this exploit also supports running your legally obtained Backups as well! And all that WITHOUT any need of an modified Memory Card, without any use any old and dirty Swap Magic Trick or to open your PS2 and install an Modchip like many did in the old days? Doesn’t sound that cool or what do you think right now when reading this? I kinda mean it when I said that 2020 is a weird year so far. 😛
- Further developments
- Loading backups with ESR
- Optimisation and Conclusion
I’ve previously discussed how the PlayStation 2 doesn’t have any good entry-point software exploits for launching homebrew. You need to either purchase a memory card with an exploit pre-installed, open up the console to block the disc tray sensors, or install a modchip. For the best selling console of all time, it deserves better hacks.
My initial attempt to solve this problem was to exploit the BASIC interpreter that came bundeld with early PAL region PS2s. Although I was successful at producing the first software based entry-point exploit that can be triggered using only hardware that came with the console, the attack was largely criticized due to the requirement of having to enter the payload manually through the controller or keyboard, and limitation of being PAL only. I decided to write-off that exploit as being impractical, and so the hunt continued for a better attack scenario for the PlayStation 2.
The PlayStation 2 has other sources of untrusted input that we could attack; games which support online multiplayer or USB storage could almost definitely be exploited. But unlike say the Nintendo 64, where we don’t really have any other choice but to resort to exploiting games over interfaces like modems, the PlayStation 2 has one key difference: its primary input is optical media (CD / DVD discs), a format which anyone can easily burn with readily available consumer hardware. This leaves an interesting question which I’ve wanted to solve since I was a child:
Is it possible to just burn our own homebrew games and launch them on an unmodified console the same way we would launch official discs (without going through any user interaction like disc swapping or triggering a network exploit in a game)?Ultimately, I was successfully able to achieve my goal by exploiting the console’s DVD player functionality. This blog post will describe the technical details and process of reversing and exploiting the DVD player. All of my code is available on GitHub.
Demonstration video of new PlayStation 2 exploit through the DVD player, which allows burning homebrew games and running them on an unmodified console the same way you would with official discs. This demo shows the result of the PS2SDK patch which adds support for reading DVD video discs (uLaunchELF can now load homebrews from disc, and emulators can now load ROMs from disc).