PS2 Independence Exploit

Add links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 82.24.121.94 (talk) at 10:09, 22 March 2009 (→‎External links: PS2-Scene is now PSX-Scene.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The PS2 Independence Exploit allows the execution of homebrew programs on an unmodified PlayStation 2.

Exploit details

When a PlayStation (PS1) game is loaded in the PlayStation 2, the console looks for a file called TITLE.DB which, if present, is located in the Memory Card's directory BxDATA-SYSTEM (where x is a letter corresponding to the console's region –e.g.: E for the EU, A for the USA or I for Japan, this directory corresponds to the System Settings save). This file is a database of special options to be applied to specific PS1 games for their correct operation.

The exploit relies on creating a deliberately incorrect entry inside this file, which triggers a buffer overflow and, combined with a small stub loader located in the file, allows the execution of unencrypted code from the Memory Card upon the insertion of a specific PS1 game. Normally, only programs encrypted by Sony, such as the DVD player, will run from the Memory Card.

The discovery of this vulnerability in the PS2's software opens up the possibility of running programs created by the PS2 homebrew developer community without the need for a modchip or disc swapping techniques (e.g. CogSwap or Swap Magic).

Installation

Triggering the exploit requires a way of installing the modified files to the Memory Card, which is not possible by normal means. Installation is accomplished either from a console (modified or with the exploit already installed), a Memory Card reader/writer, a disc swapping technique or through the use of some commercial programs allowing USB flash drive to Memory Card transferences, such as Code Breaker (versions 8 and higher) or Action Replay MAX, by transferring a modified System Settings save file. Alternatively a more involved method can be used, through the combination of a hard disk loader program (HD Loader/HD Advance), an ISO image installer program for PS2 (such as WinHiip), and an image of some program allowing installation (such as Ubergeek's Exploit Installer http://sksapps.com/index.php?page=exploitinstaller.html)

Benefits

With the exploit installed, the user is able to run programs from Memory Cards, optical discs, network or USB flash drives. Programs are found in the ELF executable format.

Popular programs include media players, Memory Card/hard disk management tools, emulators, and loaders (able to launch other programs, or "backup" games).

The exploit on newer consoles

The original Independence Exploit method does not work on newer "slim" PS2 models. However, there are other ways of installing similar programs to the memory card using Swap Magic discs or commercial cheat discs, such as Action Replay MAX.

Free McBoot is a newer PS2 exploit that is more user friendly (once set up) and works on all models of the PS2, including slimlines, prior to model SCPH-9000x with BIOS 2.30 (manufactured late 2008) and newer. FMCB does not require a trigger disk, thus making it possible to use on systems with dead disk drives. The drawback is that FMCB MUST be installed/compiled on each memory card individually, copying the exploit does NOT work, this means that an already exploited or modded system is required in order to create new installations. The FMCB installation is keyed to the memory card, not the system.

See also

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=PS2_Independence_Exploit&oldid=278915146"