For many generations, home consoles have featured copy protection. Aiming to stop users from playing pirated games as well as running homebrew code, hackers often race to find vulnerabilities shortly after each new launch. Of course, finding workarounds can sometimes be more of a marathon than a sprint. [CTurt]’s new hack may come many years after the PlayStation 2 has since faded from store shelves, but remains impressive nonetheless.
The goal was to find a way to run unsigned code on the PlayStation 2 without using any complex external hardware. Hacked memory cards, network interfaces, and other trickery were ruled out. Instead, sights were set on using the only other way in to the console – through the DVD drive.
The only burnable media the PS2 DVD drive will normally read comes in the form of DVD video discs. Thus, [CTurt]’s search began in the code of the on-board DVD player software. After finding potential overflow targets in the code, it was possible to exploit these to run unsigned code.
It’s not yet a fully-polished piece of code, and [CTurt] notes that additional work may be required to get the exploit working on all firmware versions of the console. Regardless, it’s as simple a hack as you could possibly ask for – burn the disc, and away you go! It reminds us fondly of the Sega Saturn hack exploiting the MJPEG interface. Video after the break.
Hi Lewin, please double check the text of the last link. Right now it says MJPEG but the link says its an MPEG interface. Thanks!
Your right the card slot exploited on the Saturn by the satiator device was for the official Video CD add on that used MPEG-1.
To be clear, CTurt is the one that should be credited above, not me, i just reported it to the tip line. Sorry for the misunderstanding.
Also here is CTurt’s GitHub https://github.com/CTurt/FreeDVDBoot
The only problem I see with this is that you have to have a working optical drive. I spent way too much time tweaking that stupid white gear in my fat PS2.
The only problem you see is that you have to have a working optical drive? If your PS2’s optical drive doesn’t work, that means your PS2 is just a paperweight, unless you’ve modded it somehow to play games another way. You could say that about anything, lol.
“Wanna play this PS2 game?”
“The only problem I see with this is that you have to have a working optical drive.”
Wrong. He can install a hard drive if it’s a far boy.
https://gbatemp.net/threads/new-playstation-2-exploit-freedvdboot-allows-burnt-dvd-games-to-run-without-modchip.568654/
https://cturt.github.io/freedvdboot.html
More info: https://cturt.github.io/freedvdboot.html
Already used it to bootstrap the FreeMCBoot installer and it’s all good here.
Is it the cup of coffee I forgot to drink or does this sentence make little sense (or too much of it) : “Aiming to stop users from playing pirated games as well as running homebrew code, hackers often race to find vulnerabilities shortly after each new launch.”
Looks like the full stop has drifted to the wrong place:
“home consoles have featured copy protection. Aiming to stop users from playing pirated games as well as running homebrew code, hackers often race to find vulnerabilities shortly after each new launch.”
should be:
“home consoles have featured copy protection aiming to stop users from playing pirated games as well as running homebrew code. Hackers often race to find vulnerabilities shortly after each new launch.”
A memory card with FreeMC Boot is the best method. Is non invasive, don’t need to open up the console, and lets you run both copys from optical drive or from hd installing OPL, which is nice, as a lot of ps2 have the optical drive wrecked.
And if you know someone with FreeMC boot, they can copy it for you in your memory card for free,
And with this new hack, you don’t even need that first copy of FreeMC boot. Just pop in the DVD and install it to your memory card.
The problem is that it’s a chicken and egg situation. Back in the day I got lucky and found a CodeBreaker 8.0 disc at a Game Stop. The then-current version was 9.0, and it didn’t have the ability to write arbitrary files to a card. And that was years ago. I hope there’s still a FMB card in my old console when I do find it, but I did okay with keeping my PS2 game discs together, so I can probably find my CB8 disc and start over.
But FMB doesn’t work on later Slim PS2s because the exploit came out while those were still being made, so Sony patched that in the 9xxxx models.
Places like GBAtemp have active volunteers who will install it on a MC you send in with postage paid.
eBay is littered with used MCs which are pennies if at all more expensive than MCs with FMCB.
Checking a MC and waranteeing it are not much cheaper than also flashing FMCB to it.
Wrong…..I’ve only performed a freeMCboot hack once and was on the slim model using the 007 game exploit to create the card…..worked fine on my slim model