The original PlayStation might be pushing 30 years old now, but that doesn’t mean hackers have given up on chipping away at it. A new exploit released by [Marcos Del Sol Vives] allows users to run copied games on all but the earliest hardware revisions of this classic console, and all you need to trigger it is a copy of Tony Hawk’s Pro Skater 2.
Aptly named tonyhax, this exploit uses a classic buffer overflow found in the “Create Skater” mode in Tony Hawk 2, 3, and 4. When the game sees a custom character saved on the memory card it will automatically load the name field to show it on the screen, but it turns out the developers didn’t think to check the length of the name before loading it. Thanks to this oversight, a long and carefully crafted name can be used to load an executable payload into the console’s memory.
That payload could be anything, such as a homebrew game, but in this case [Marcos] went all in and developed a simple tool that unlocks the console’s optical drive so it will play games burned to CD-Rs. Once the tonyhax exploit has been loaded, you simply swap the authentic Tony Hawk disc for whatever burned title you want to play. So far every game tested has worked, even those that span across multiple discs.
[Marcos] is providing not only the save files ready to load on your PlayStation memory card (either through a PC tool, or with the help of a hacked PS2), as well as the complete source code for tonyhax. This opens the door to the exploit being used to load other tools, emulators, and indie games, but as the PlayStation homebrew scene is relatively limited when compared to newer consoles, the demand might be limited.
Compared to the traditional physical modifications used to play copied games on the PlayStation, this new software approach is far more accessible. Expect to see memory cards with this exploit preinstalled hit your favorite import site in the very near future.
[Thanks to NeoTechni for the tip.]
it’s not “pushing 30 years” quit yet.
December 1994 in Japan, 26 years and counting! I’d call that pushin’. Are we really talking about the game system here, or is someone getting a little sensitive about their age? (I hope you and moderators take that as a joke. My teen years were post Atari. I could only borrow my little sister’s NES for console play before heading out to college and trying to find games on my VAX account. I’m jealous of all of you youngsters who could play games without worrying about snot and worse on joysticks at the old arcade, where the unfriendly highschool dropout staked out his spot to sell weed) Me, bitter? naw
I’m not old I’m not old I’m not old I’m not old I’m not old I’m not old I’m not old I’m not old I’m not old…
Hate to make you feel old, but PS was released in 94. That’s 26 years.
Please stop. I’m 46 and refuse to believe I’m ‘pushing 50’
You are not, but people love to do that. It must be some innate perverse tendency to take away as many years of life as they can. Ignore them.
You are never older than your number, most likely less.
“You are never older than your number, most likely less.”
I beg to differ. Some people are dead long before their bodies actually die.
Don’t worry. 46 is the new 26, according to 46 year olds, anyway. I’m 44 going on 25, so you’re in good company ;-)
Me also
That’s literally the definition of mid 20s, people need to stop rounding up.
OK but 26 is 87% of 30, which is the point.
Is that all you can think about, for crying out loud get a life.
Closer to 30 then it is 20.
Well here, this should help some of you feel old if, this story didn’t. On August 6, 1991, the World Wide Web went live to the world. Which means if you were born on August 5, 1991 or before, congratulations!!, you are older than the internet!! Welcome to what “old” feels like with me!! Please enjoy!! 😂🤣😂🤣
1973: Global networking becomes a reality as the University College of London (England) and Royal Radar Establishment (Norway) connect to ARPANET. The term Internet is born.
The World Wide Web is only part of the internet, not the whole thing. Email, FTP, and other aspects of the internet are not part of the world wide web (www) as they use different internet ports.
The older PSX or the newer PS1? Despite using the term PS1 inaccurately, the author is actually referring to the PSX, which was the original U.S. release of the Playstation console.
No the psx was an Asian only release. It was a ps2 and a half so to speak. Ps2 system that ran on an XMB similar to the ps3 and had dvr functions.
I do wonder why the PSOne didn’t see the homebrew scene that the PS2 has. For anyone who thinks that this is a chicken and egg problem i.e. how do I get the hacked save file on to the PSOne memcard without a hacked PSOne?
Simple, you get a hacked PS2 memcard with FreeMcBoot on it. Then you boot ULaunchELF, then you copy the hacked save files over.
What’s that? How do you get a hacked PS2 memcard without an already hacked PS2? Easy, first you need a PS3 and a PS Jailbreak USB (https://hackaday.com/2010/08/19/modchip-hacks-ps3-via-usb-port/).
It’s turtles all the way down!
Jokes aside, many PS2 homebrew websites or even just directly purchase on eBay will sell FreeMcBoot PS2 memory cards for not much more than the price of a plain used PS2 memory card. Most will let you send in a stamped addressed envelope and will post back the freemcboot ps2 memory card. I suspect it wont take long for the same services to appear for PSOne cards.
I mean for one thing, the PS2 homebrew scene took off when freemcboot became a thing, before that the closest we had was the independence exploit which required a PS1 game to try and fetch a logo from the memory card and launch a PS2 ELF instead. Then of course, you had to deal with programming the monster that was the PS2.
The thing is, independence exploit and this hack all require the end-user to have something other than a PS1, which is just never going to be as good as a proper mod that’s just always there with no swap tricks. This is mildly better than the classic PS1 swap trick since it probably stresses the motor less, but it’s still not quite as good as either a modchip or freemcboot which is just always there ready for you to launch your custom code.
PS1’s CD-R detection is unfortunately quite good, and unlike PS2 it doesn’t try to launch “updates” from the memory card (AFAIK), so the only other non-CD entry point I know of is the PIO port, and getting connectors for that is expensive as hell.
I hope someone comes out with a PIO port launcher similar to PSIO, but not for launching pirated games of SDcards. I don’t need all the extra expense that comes with piracy if I only want to run small binaries directly loaded from PIO without having to emulate a whole CD drive.
Granted that still leaves PSone and SCPH-9000 owners out in the cold since they don’t have the port, but it’s better than nothing. It’s a hell of a lot cheaper to just modchip it though considering all you need is an ATTINY and the PsNee code.
Parallel port launcher? That would be Unirom..
The code here that allows the CD to be booted isn’t new at all.. it’s known as the nocash unlock and was discovered by Martin Korth.
That same boot technique has been used for quite a few years now by the likes of ROM replacements such as UniROM.
Ah no, I’m referring to the Playstation’s parallel port, not a PCs, which would allow you to boot something from memory attached to the port itself.
Yeah unirom does boot from the port, but you still have to track down a device. Even then you also need to connect it to a PC somehow (PSX serial or somesuch). The other devices being made AFAIK are PSIO, which is turbo expensive because it also emulates a whole CD-ROM drive (unnecessary for homebrew).
It’s still useful if you have the required parts, but if I’m trying to distribute my game I can’t use that solution unfortunately. So far the best option seems to be PS on PSP compatibility or emulators :P
Yup desiging a PS1 (original model anyways) modchip was rewardingly simple. Just needed to bitbang the proper region code injecting it into the correct signal on the board. The original model was very forgiving about the signal. You could just do it continuously (even when the drive wasn’t even looknig at the wobble signal).
I believe many DIY modchips used the 10F series of PIC.
Later models were more picky and required more invovled mods
Or you just need one of these like I still have , in a box, somewhere…..and a win95 PC:)
https://en.wikipedia.org/wiki/DexDrive
I have one of these as well and they work well with DexDriveDexter (If you have issues simply re-connect the device).
I would just use an old PS memory card reader/archiver that I bought years ago. It uses serial but I have enough serialusb adapters to fix that.
I mean you don’t even need a hacked anything for ps2 jailbreaking. Just an IDE hard drive and the HDD adapter, FreeHDDboot can be loaded up just with a usb adapter on PC
You could use a similar hack with the PS2 launching HD loader and installing those utilities on HD loader and running them directly from the PS2 I’ve done this with my father-in-law’s PS2 many years ago I believe it was Stuart Little 2 PS1 that activated the hack
I hacked my ps2 using the memory card adapter for ps4 connected to my pc
Picomemcard is what I used. Just copy the right FreePSXBoot file for your bios and you are good. Used memory card and a pi pico zero cost me like $7. Plus few hours of soldering (and desoldering because I had to remove pin headers), cutting holes in the case, chopping the connectors off the memory card PCB. I guess it would be easier to buy something, but you know, HACK THE PLANET!
Cool that people are still working on the DRM used by these systems. Even though most of us have got phones more than powerful enough to emulate the PSOne, it’s always fun to do it on the real hardware so there’s still interest in this kind of thing.
Kind of a hassle for everyday use though, wonder if there’s some kind of escalation to be had here so you can boot into this tool without needing to go the Tony Hawk route each time. I know they did something similar on the PS2, but the PSOne’s onboard software is so simple maybe there’s nothing you can really exploit.
great, now I don’t know if this is for most PlayStations or PSone or most all. and Pro Skater 2 is mentioned as required, but then it says 2, 3, and 4 work. the varied naming of the target hardware and software is a conflict, making it more difficult to impulsively buy anything at the moment. I set aside eight memory cards, took stock, and will clarify by leaving this page.
Little Bobby Tables strikes again! Remember to sanitize your inputs folks.
Violation of Commandment number 5…
https://www.lysator.liu.se/c/ten-commandments.html
What about the hot swap or the match stick way ,all U need to do is run a real PS1 disk get the PS1 logo up then swap it by taking it out then loading any game U like real or fake ,home Brew or normal .
Doesn’t work as well as this.
The whole stick in the CD hole only really worked effectively on early consoles.
I got this to work on some early PSX’s, but never on my later revision version.
I had the Ps1 and 2 before going Xbox route then back to PlayStation but back in 2000s I had this done thanks to my cousin flashing my PlayStation I was able to play burned games way back when.. I am 28Yo now.
So funny the “Lorem fistrum…” string before the payload address. xD xD
It’s a reference to a Spanish comedian who died years ago, ‘Chiquito de la Calzada’.
The PS1 modchip was so simple compared to the PS2. The originals were 4 wires and just constantly blasted the right data, but later on they moved to a 7 wire “stealth” chip after games with modchip detection were introduced. The extra wires were inputs to shut the chip off after boot, making the chip truly undetectable by the game. My original PS1 has this chip and it still works great! Now compare that the my slimline PS2, which has a 22 wire chip.. if only we had FreeMcBoot back in the day. I’m guessing the newer PSOne is just as complicated.
There is another way to get FreeMcBoot if you have a fat PS2 and a network adapter. You can copy a set of files to the HDD and boot it from there. I had an old IDE drive laying around and it worked great. Once the drive booted up I installed FreeMcBoot from there. Not the easiest way by any means, but now that I have the card I’m all set.
So stupid. Storage drives, whether SD, SSD, or HDD are not bloody “memory cards” unless they are RAM or ROM (ROM is permanent on a chip, not a card).
Can this exploit boot Japanese backups?
Late reply but I just tested and yes it does. Was able to boot Vib Ribbon (Japan) on a US slim PSOne. Not sure about PAL games vs NTSC.