Security Expert Discovered Flaw in PS2 That Gives a Way to Play Any Game

  • A hacker has figured out a way to load “homebrew” disks on the PS2, running any game titles he wants.
  • The exploit comes through arbitrary code execution based on a buffer overflow vulnerability.
  • This enables him to load games as video DVDs, which is something that could work on other PlayStation generations.

A security engineer who uses the nickname “Cturt” has hacked a PlayStation 2 console and managed to make it run any game title that he burns on a DVD. We’re not talking about pirated games here, but titles that were never meant to run on a PS2, like the classic Mario platformer, for example. The man is calling the hack “FreeDVDBoot” and claims that no hardware intervention or any other type of mods are required to make it work. All that is needed is the exploitation of an existing flaw that triggers a read overflow vulnerability.

The researcher gives all the technical details on his write-up, saying that he had to experiment with emulators a lot in order to figure out the crucial aspects that hide behind Sony’s proprietary container format (VOB) used on the PS2 DVD disk reading system. The hacker looked specifically for buffer overflow vulnerabilities in the “getDiscData” call system and found four of them. The existence of these flaws means that if a disc specifies lengths larger than allowed, one can trigger a buffer overflow exploit. Based on this and some luck on the existence of valid memory jumps that occur in regions that can be modified, a series of corruption states can be achieved.

getdiskbyte
Source: cturt.github.io

Once the call chain is complete, the exploit can pass to the key step, which is the arbitrary code execution. The payload is an ELF executable file that can be loaded without any constraints. So, by using an ESR patcher, games can be turned into disks that appear as DVD videos, and the PS2 will load them as video discs. There were many technicalities and complications to consider in making this exploit work effectively, and the researcher makes it clear that more optimizations can be done still.

elf
Source: cturt.github.io

The hacker hasn’t provided any code samples, as he wouldn’t want to be associated with the maintenance of such an exploit. As he points out, the same or a similar exploit would surely work for the PS1, which supports CDs, and also the PS3 and PS4 with their Blu-ray Disc support. In fact, he is exploring this entry point for the PS4 next, which could earn him at least $50,000, by the way. The previous generations of the PS consoles cannot be updated or fixed anymore, so creating an exploit that can load any game on the PS1, PS2, and PS3 will breathe new life to these old machines.

REVIEW OVERVIEW

Recent Articles

What is Zero Trust Network Access (ZTNA) and Why Does it Matter?

Security is not something that's simply tacked on to an existing system. It's a fundamental aspect of that system's design. This is especially true...

How to Watch ‘CMA Best of Fest’ Live Online

We may not be able to attend concerts right now, but we can still enjoy some of our favorite music, especially when it comes...

5 Best VPN for Hong Kong in 2020 (Protect Yourself From The New National Security Law)

Without any doubt, Internet users in Hong Kong are in a very delicate situation right now. As you surely know, this previously independent territory...

How to Watch Quaker State 400 Online – Live Stream NASCAR Cup Series at Kentucky

We've got another NASCAR race on our hands, and the Quaker State 400 is just around the corner. We plan on watching the Quaker...

Seattle Police Booby-Trapped a File to Catch Ransomware Actor

An interesting method used by U.S. law enforcement authorities has been revealed. The FBI and the police use booby-trapped files that are...