Posts: 3,126 +863
In context: The PlayStation 2 just celebrated its 20th birthday on March 4. Although the console is quite dated, it still has many fun and enjoyable games. Its age also makes it a great candidate for playing and creating homebrew titles, since voiding your warranty is no longer an issue if you mod the hardware.
Modding the PlayStation 2's hardware to play homebrew games and backup discs may be a thing of the past thanks to an exploit found by a security researcher. CTurt created software called FreeDVDBoot that uses the PS2's DVD player as an entry point to bypass disc checks at the software level. No hardware modification is required.
The PlayStation 2 will not load burned game discs, but it will read burned DVDs. CTurt saw this as a potential attack vector and began exploring how the PS2's optical drive plays DVDs. He eventually found that the hardware starts DVD loading by reading the disc's IFO file and writing data to a RAM cache.
Without going into the technical details, which you can read in his blog, CTurt created a corrupted IFO file that generates a "large read overflow." Essentially, it loads an ELF (Executable and Linkable Format) file—the type used in homebrew games—into the system's cache, which is then pushed into the main memory by the overflow.
This method completely bypasses the PS2's physical disc copy protection because the system thinks it is preparing a DVD for video playback. It is unique because CTurt claims it is the only exploit that does not use non-native hardware like network adapters, an HDD expansion, or a modchip. It also does not involve physically blocking the disc tray sensors. All that is needed is a disc.
The exploit can be used for a few things. As mentioned, homebrew games and burned backups are possible. CTurt showed a video running a backup of Shadow of the Colossus (above). Another shows the PS2 running a Super Nintendo emulator (below). It is also possible to put multiple games on one disc (providing they are small enough) and run them from a startup menu.
He also says that since all optical drives, including CD and Blu-ray, operate on the same principle, the exploit could potentially work on anything from a first-generation PlayStation through to the PS4.
"There's really no reason this general attack scenario is specific to the PlayStation 2 as all generations support some combination of burned media: from the PlayStation 1's CD support to the PlayStation 3 and 4's Blu-ray support, with the PlayStation 4 having only removed CD support. Hacking the PS4 through Blu-ray BD-J functionality has long been discussed as an idea for an entry point," wrote CTurt. "This may be something I would be interested in looking into for a long-term future project."
While FreeDVDBoot does not have support for all DVD drives used in the PS2 line, he is working on expanding support. Instructions and the required files are posted on GitHub for those interested in trying it out.
Image credit: Deni Williams