- A hacker has figured out a way to load “homebrew” disks on the PS2, running any game titles he wants.
- The exploit comes through arbitrary code execution based on a buffer overflow vulnerability.
- This enables him to load games as video DVDs, which is something that could work on other PlayStation generations.
A security engineer who uses the nickname “Cturt” has hacked a PlayStation 2 console and managed to make it run any game title that he burns on a DVD. We’re not talking about pirated games here, but titles that were never meant to run on a PS2, like the classic Mario platformer, for example. The man is calling the hack “FreeDVDBoot” and claims that no hardware intervention or any other type of mods are required to make it work. All that is needed is the exploitation of an existing flaw that triggers a read overflow vulnerability.
The researcher gives all the technical details on his write-up, saying that he had to experiment with emulators a lot in order to figure out the crucial aspects that hide behind Sony’s proprietary container format (VOB) used on the PS2 DVD disk reading system. The hacker looked specifically for buffer overflow vulnerabilities in the “getDiscData” call system and found four of them. The existence of these flaws means that if a disc specifies lengths larger than allowed, one can trigger a buffer overflow exploit. Based on this and some luck on the existence of valid memory jumps that occur in regions that can be modified, a series of corruption states can be achieved.
Once the call chain is complete, the exploit can pass to the key step, which is the arbitrary code execution. The payload is an ELF executable file that can be loaded without any constraints. So, by using an ESR patcher, games can be turned into disks that appear as DVD videos, and the PS2 will load them as video discs. There were many technicalities and complications to consider in making this exploit work effectively, and the researcher makes it clear that more optimizations can be done still.
The hacker hasn’t provided any code samples, as he wouldn’t want to be associated with the maintenance of such an exploit. As he points out, the same or a similar exploit would surely work for the PS1, which supports CDs, and also the PS3 and PS4 with their Blu-ray Disc support. In fact, he is exploring this entry point for the PS4 next, which could earn him at least $50,000, by the way. The previous generations of the PS consoles cannot be updated or fixed anymore, so creating an exploit that can load any game on the PS1, PS2, and PS3 will breathe new life to these old machines.