CTurt releases a new exploit… for the PS2!
Hacker CTurt, known for the very first publicly disclosed PS4 kernel exploit back in 2016, dropped a new exploit on the scene yesterday. The PS2 scene, that is.
Not so many people might still be interested in hacking the almost-20-year old console, but this kind of release is always interesting, at least from the technical aspect. It’s also compatible with Slim consoles, which is not the case* of the popular FreeMcboot exploit.
The released exploit leverages Yabasic, a BASIC interpreter that ship with the PS2 on Demo discs, some of which were directly released with new consoles in the PAL region. If you own a PS2 that you bought new in Europe, it is likely you have one of those Demo discs, and that you can run Yabasic. And therefore, run the exploit.
How the Yabasic exploit works
The Yabasic exploit relies on some vulnerabilities in the Yabasic interpreter. CTurt has written a tool that lets one convert a payload into a matching Yabasic piece of code that you load through Yabasic. Pretty straightforward. The Yabasic vulnerabilities involved are “old school” buffer/integer overflows that Cturt describes in a detailed writeup. It’s reasonably easy to understand since the PS2 did not have all of the modern security mechanisms that exist on modern consoles.
Pros and Cons of the Yabasic exploit
The hacker outlines the benefits of his exploit as follows: it runs on all consoles, including the latest Slim models. It can therefore either be used as an entry point for the FreeMcBoot loader, or as the starting point for other developments to hack Slim consoles. (FreeMcBoot is not working* on recent slim consoles, and needs an entry point to be initially installed on a memory card)
On the cons of this hack is the fact that Yabasic was only ever released on PAL consoles, meaning if you’re on NTSC you’re probably out of luck for now.
Where to find the Demos Discs with Yabasic
The Demo discs with Yabasic can easily be found on Ebay (affiliate link – as an eBay partner I may be compensated if you make a purchase) for about $10. Again, these are for PAL consoles
Download Yabasic exploit and tools
Keep in mind that the current release is just a series of tools for the PS2 hacking community. Hackers and developers will want to turn them into full-fledged user friendly exploits (either to load FreeMcBoot or something else). With this in mind, you can download CTurt’s Yabasic exploit here:
https://github.com/CTurt/PS2-Yabasic-Exploit
Source: CTurt
Interested in more PS2 stuff? Check our article on how the PS2 was hacked.
* update: Multiple people have reported that FreeMcBoot is compatible with some Slim consoles, and that only some of the most recent hardware revisions are not compatible with the tool. Apologies for the imprecision in the article here.
Rad to see a new exploit, but this could be clearer. Free McBoot works fine on all but the last couple models of Slim. I have it running on a 79000 and a 75001
Yeah, I’m not sure what’s meant that it doesn’t work on slim consoles. The FreeMCBoot loader and installer works on any console you can plug a memory card into, AFAIK. I actually didn’t know that it had any issues with any later slim models. I personally it tested on multiple slims and one fat. The initial installation on my first memory card was done using a swap disk on a PS2 Slim, and that memory card could and still can install FreeMCBoot on any other memory card plugged into the same PS2. Was it supposed to be implied that FreeMCBoot had it’s own entrypoint to install? I mean, I assume that if you copied the necessary files onto a memory card using some memory card to USB adapter, it would work just fine. But I don’t think any unofficial PS2 software at all works without some sort of entrypoint, whether that be a swap disk, modchip, modified memory card, or disc burned on official equipment or whatever equipment pirates and swap disk manufacturers use to make their discs.
Regardless, this development is great news. Anyone in possession of this new exploit and a working PS2 with memory card should use this method to install FreeMCBoot right away. You never know when your disc reader will go kaput, and you’ll need to read your games off an internal or external hard drive. (source: my PS2 slim with worn out laser, has to play games off of USB device or ethernet nowadays. Good thing I installed FreeMCBoot before it happened)
To be exact: free mcboot runs on all ps2 consolem, almost all slims too, even latest scph-9000x ones. The only ones that are not capable of runinng are slim scph-9000x models with date code 8C or higher — bios was fixed in those. http://psx-scene.com/forums/f153/free-mc-boot-spch-9xxxx-consoles-100868/
A demo discs costs 10$ but a modchip just costs a dollar.
But still this is great news for many as it will save the trouble of soldering.
A reply to those also who are against releasing of any exploit on ps4 because they are worried that sony will patch it.
This makes PS2 one of the best jailbreak scene ever.
It was hacked a mere 2/3 months after and still seeing a very good apps and exploits 20 years after.
Modchips might be cheap, but unless you’re very skilled at soldering tiny wires, it’s not something you can do while having a lunchbreak. It’s lots of wires and takes some skill to do it right. In that respect, running a SW exploit is much easier.
i can guarantee you that it all comes down to a very good soldering iron.
Cheap ones will now work great on small solder points, but a medium-high end soldering iron does wonders.
While I couldn’t solder jack *** at home with my own cheap soldering iron, at work I use a better one that makes wonders even for me.
Useless
An autobiography by X2
Yeah, kinda useless. I’m sure it was a fun project for the guy, but the application for this is very limited. You need both a PAL machine and a demo disc, and even then it’s only useful for those with Slim consoles. That’s too many qualifiers for this to be a useful hack to the general public.
One final feature I’d love to see in a PS2 exploit, is direct booting of PS1 isos, or heck, even backups.
I use my PS2 for PS1 games through component, and having to fiddle with “popstarter”, is just not practical at all. This is to say nothing of the compatibility.
I really hope they find a way to direct boot PS1 stuff in the FMCB suite. Then, the PS2 would be complete.
I have come by some different demo disk, which one is/are the better to use with it?
Ok but you made amistake, the ps2 slims *can* be exploited using freemcboot, the problem is the later models (i think are the last model released). I have a slim 75xxx and i bought a freemcboot memory card last year and even managed to get another card with freemcboot for my console only just in case.
hey something new to pick at,gonna take out the ole ps2 paperweight.Hope i can find that demo disk