Ps2 Independence Day?
 

PlayStation 2 Independence Day
http://www.0xd6.org/ps2-independence.html
Friday, August 15th, 2003

Marcus R. Brown <[email protected]>
--

Introduction
--

I have released a binary and source package that exploits a flaw in the PS2's
handling of a special configuration file. This configuration file, named
TITLE.DB, is accessed from the PS2 PS1 driver (located at rom0:PS1DRV).

To make a long story short, the exploit allows anyone with a memory card and
a valid, legal PS1 disc to hijack the boot process and run any piece of code.
Absolutely no modification to the system is necessary to use the exploit (my
only working PS2 is not moddded, and I have developed and tested the exploit
on this machine). All one really needs is a way to send the files to the
memory card to enable the exploit.

<one pargraph gist>
PS1DRV parses a file called mc0:/BXDATA-SYSTEM/TITLE.DB (the X represents the
PS2's region code) to load graphic parameters for the PS1 game that was loaded
from the disc drive. There is a catastrophic buffer overflow in the parsing
routine that allows one to overflow the stack and execute arbitrary code by
rewriting the $RA register. If we load up our own TITLE.DB, with an entry for
every PS1 disc that we want to trigger the exploit, then we can take over the
PS2 boot process as soon as the disc is recognized and PS1DRV is executed.
</one paragraph gist>

The file exploit.c will have to serve as documentation on the exploit for
now, since I've been rushing to get this out and in people's hands.

If you use PS2 Independence for Evil - I AM NOT RESPONSIBLE.

All of the distributed source code is licensed under the Academic Free License
version 2.0. My copyrights _must_ remain intact if you choose to redistribute
the source package.

I'm looking forward to comments/criticisms about how the code can be improved,
and also creative uses for the exploit.


Using titleman
--

titleman allows you to create, add, and delete title entries from the TITLE.DB
file.

titleman supports to following options:

-c Create a new TITLE.DB file.
-a Add a title or a list of titles to TITLE.DB.
-d Delete a title or a list of titles from TITLE.DB.
-l List the contents of TITLE.DB.

-v Increase verbosity level.
-o Specify an output file (broken, don't use).

Examples:

$ ./titleman -c # Create a new TITLE.DB
$ ./titleman -a SCUS_000.67 # Add Castlevania:SOTN to TITLE.DB
$ ./titleman -a @title.lst # Add a list of titles found in title.lst to
# TITLE.DB (the '@' is required)
$ ./titleman -d PSXMAIN.EXE # Delete 'PSXMAIN.EXE' from TITLE.DB


Format of @list files
--

One title name per line. Comments are specified with ';' at the beginning of
the line.

Example:

; Castlevania: Symphony of the Night (one of my favorites :P)
SLUS_000.67

; Chrono Cross
SLUS_010.41


Further thoughts
--

Oh, if you or your company are looking for a low-level PS2 or GC hacker, I am
available for immediate contract work or other offers. My e-mail is the best
way to contact me.

If this is true for those with modded Ps2 can we run this exploit so that when our chips are turned off, we can run backups without the Dnas detecting a modchip present? Also it would be very difficult for sony to patch an exploit unlilke the Xbox where it can be updated through Live so would there be anyway for Sony to detect this exploit while trying to connect to their servers?

ive read all this and d/led the files and i am lost. [QUOTE][quote]$ ./titleman -c # Create a new TITLE.DB and there are more. I just dont understand where to do all of this stuf? is there another file to d/l that tells u how to do this step-by-step??

Thanks

Even if it does work, it appears that its ONLY for PS1 games....

I'll stick with a REAL way to boot my backups.... :)

http://home.comcast.net/~makave2345/extremeevil.gif

Its not just to boot backups for me. Its a "job" for me to try to complete.

You didn't read the article did you?

To make a long story short, the exploit allows anyone with a memory card and a valid, legal PS1 disc to hijack the boot process and run any piece of code

sumone gonna tell me how to do this??:confused: Or where i can find a step by step how-to??:confused:
Thanks

This forum doesn't really have enough "homebrew development" expertise to answer this for you. I would suggest you check out other scene sites such as http://ps2.consolevision.com/ or http://www.ps2newz.net/ :)

This is a great breakthrough in the PS2 development scene. It will be interesting to see what else follows :)

(I wont be using it personally, thanks to my good old Messiah !)

PS2 Exploit Found
 

http://www.0xd6.org/ps2-independence.html

Apparently this tells how if you have a memorycard link and a legal PS1 disk to load unsigned code, theres some things I dont understand though

1. Will this only load PS1 games on a PS2 or will it also work with PS2 Games?

2. Is there any way to get that hacked save onto my memorycard if I have a Xport/Sharkport?

3. I dont completely understand the procedure to get something to load using this, how do I use it?

Thanks in advance

this topic was discuss in another thread.clik here to see it.

Yes but Id personally like to use my backups that are DNAS protected rather than using my originals. I may do some more research on this myself when I get the time.



Tyler!

That didnt answer a single question of mine though

So is there any guide or anything anywhere that explains this a little better? I dont understand what I am supposed to do.

Thats all fine and great BUT:

If it needs the ps1 driver ran in order to work, then try using this to boot something other than a ps1 source code related program.

In my opinion, running the ps1 driver, rules out running anything on dvd based material...