FreeDVDBoot Opens Up The PlayStation 2 Like Never Before

For many generations, home consoles have featured copy protection. Aiming to stop users from playing pirated games as well as running homebrew code, hackers often race to find vulnerabilities shortly after each new launch. Of course, finding workarounds can sometimes be more of a marathon than a sprint. [CTurt]’s new hack may come many years after the PlayStation 2 has since faded from store shelves, but remains impressive nonetheless.

The goal was to find a way to run unsigned code on the PlayStation 2 without using any complex external hardware. Hacked memory cards, network interfaces, and other trickery were ruled out. Instead, sights were set on using the only other way in to the console – through the DVD drive.

The only burnable media the PS2 DVD drive will normally read comes in the form of DVD video discs. Thus, [CTurt]’s search began in the code of the on-board DVD player software. After finding potential overflow targets in the code, it was possible to exploit these to run unsigned code.

It’s not yet a fully-polished piece of code, and [CTurt] notes that additional work may be required to get the exploit working on all firmware versions of the console. Regardless, it’s as simple a hack as you could possibly ask for – burn the disc, and away you go! It reminds us fondly of the Sega Saturn hack exploiting the MJPEG interface. Video after the break.

17 thoughts on “FreeDVDBoot Opens Up The PlayStation 2 Like Never Before

    1. The only problem you see is that you have to have a working optical drive? If your PS2’s optical drive doesn’t work, that means your PS2 is just a paperweight, unless you’ve modded it somehow to play games another way. You could say that about anything, lol.

      “Wanna play this PS2 game?”
      “The only problem I see with this is that you have to have a working optical drive.”

  1. Is it the cup of coffee I forgot to drink or does this sentence make little sense (or too much of it) : “Aiming to stop users from playing pirated games as well as running homebrew code, hackers often race to find vulnerabilities shortly after each new launch.”

    1. Looks like the full stop has drifted to the wrong place:
      “home consoles have featured copy protection. Aiming to stop users from playing pirated games as well as running homebrew code, hackers often race to find vulnerabilities shortly after each new launch.”

      should be:
      “home consoles have featured copy protection aiming to stop users from playing pirated games as well as running homebrew code. Hackers often race to find vulnerabilities shortly after each new launch.”

  2. A memory card with FreeMC Boot is the best method. Is non invasive, don’t need to open up the console, and lets you run both copys from optical drive or from hd installing OPL, which is nice, as a lot of ps2 have the optical drive wrecked.
    And if you know someone with FreeMC boot, they can copy it for you in your memory card for free,

    1. The problem is that it’s a chicken and egg situation. Back in the day I got lucky and found a CodeBreaker 8.0 disc at a Game Stop. The then-current version was 9.0, and it didn’t have the ability to write arbitrary files to a card. And that was years ago. I hope there’s still a FMB card in my old console when I do find it, but I did okay with keeping my PS2 game discs together, so I can probably find my CB8 disc and start over.
      But FMB doesn’t work on later Slim PS2s because the exploit came out while those were still being made, so Sony patched that in the 9xxxx models.

      1. Places like GBAtemp have active volunteers who will install it on a MC you send in with postage paid.

        eBay is littered with used MCs which are pennies if at all more expensive than MCs with FMCB.

        Checking a MC and waranteeing it are not much cheaper than also flashing FMCB to it.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.