AfterDawn: News

WATCH: DVD player used to hack PS2

Two decades after the PlayStation 2 console was released, a working exploit targeting the DVD player functionality is demonstrated.

In its life on the market, the PS2 has been hacked in many ways. The most obvious and complete method of hacking a PS2 is through the use of a modchip, most of which have to be soldered to the mainboard of the unit. Outside of modifying the board, there were disc swapping tricks that required a console to be opened to interfere with disc sensors. There were also some softmod methods that either involved using a modified memory card, or tricks that required the HDD expansion bay (not present on slim consoles).



The holy grail for booting unsigned / unauthorized code on a PS2 would be a method that required no modification at the hardware level, just insert the disc and watch it boot.

Twenty years after the console was introduced, software engineer CTurt has developed such a method. In a blog post, CTurt goes into detail on how he has managed to develop FreeDVDBoot - an entry-point software exploit for the console. The exploit targets the PS2's DVD-Video functionality (all PS2's can play DVDs).

CTurt found a way to exploit the PlayStation 2 DVD Player to run homebrew discs by just inserting them into an entirely unmodified PS2 console. Here is a video of the exploit in action.

The DVD player exploit is used to load ESR to boot a backup copy of a PS2 game that is stored on the same disc. Another video shows the same exploit being used to boot a small homebrew Tetris game on the PlayStation 2.

Furthermore, the blog post concludes that such a method may work on other PlayStation consoles.

"There's really no reason this general attack scenario is specific to the PlayStation 2 as all generations support some combination of burned media: from the PlayStation 1's CD support, to the PlayStation 3 and 4's Blu-ray support, with the PlayStation 4 having only removed CD support," CTech writes.

"Hacking the PS4 through Blu-ray BD-J functionality has long been discussed as an idea for an entry point. This may be something I would be interested in looking into for a long-term future project: imagine being able to burn your own PlayStation games for all generations"



Read More: cturt.github.io

Written by: James Delahunty @ 29 Jun 2020 4:00

• Previous article

• Feeling masochistic? You can now study Finnish with Duolingo

• Next article

• Another next gen Xbox to be revealed in August

• 3 comments

• MikeMoy

  You state "The holy grail for booting unsigned / unauthorized code on a PS2 would be a method that required no modification at the hardware level"
  
  This has already been achieved many many years ago via Free MC Boot which is a soft mod which requires no hardware modification.
  
  An indeed Free MC Boot would be considered to be the holy grail as it does not rely on old failing PS2 disc lasers as the above method does. Free MC Boot can run code from memory devices such as a HDD or SSD.

  10.7.2020 07:38 #1

• Dela

  Originally posted by MikeMoy: You state "The holy grail for booting unsigned / unauthorized code on a PS2 would be a method that required no modification at the hardware level"
  
  This has already been achieved many many years ago via Free MC Boot which is a soft mod which requires no hardware modification.
  
  An indeed Free MC Boot would be considered to be the holy grail as it does not rely on old failing PS2 disc lasers as the above method does. Free MC Boot can run code from memory devices such as a HDD or SSD. Thanks for the reply MikeMoy.
  
  As stated in the same paragraph I said the holy grail would be a method that required no modification at the hardware level, "just insert the disc and watch it boot."
  
  I am aware of FreeMCBoot but afaik you require a memory card or HDD for that to work? With the new method exploiting the parsing of DVD-Video files you could create a disc that can load homebrew code or a backup without the memory card mod or the need for a HDD or anything.
  
  I probably could have been clearer. Also, perhaps FreeMCBoot has changed over the years. It has been many years since I have touched my PS2, it is gathering dust somewhere (modded with IIRC DMS4 Pro).

  15.7.2020 11:19 #2

• MikeMoy

  Been about 8 years since I used FreeMCBoot myself. Yes you require a PS2 memory card for FreeMCBoot to work, note people playing PS2 games have PS2 memory cards. FreeMCBoot requires no hardware modification it is all done at software level i.e. if you remove the memory card from the PS2 the FreeMCBoot functionality will be completely removed from the PS2 and it will just run as a regular PS2. The PS2 memory card can still be used to store PS2 games saves as the FreeMCBoot data on the memory card only takes up a small amount of space.
  
  The HDD is optional, you can run copied games from CD-R or DVD-R or you could put those same games on a HDD an run them from that and take advantage of faster loading times and avoid the hassle that comes with using 20 year old failing PS2 disc lasers.
  
  In my opinion if you gave people the option in the present time of being able to play copied Playstation 4 games from burned discs or copied Playstation 4 games from HDD they would choose HDD for the convenience and performance benefits it provides.
  
  Cool to see that there are still people working on modding the PS2 with this new hack.

  16.7.2020 02:21 #3