PS2 DVD Exploits

Original ESR Exploit

  • Can burn copies of a PS2 disk to play
  • Released in Oct 11, 2015
  • Needed a modchip or another payload to launch the Exploit

How the ESR Exploit Works

  • PS2 allowed burned DVD Rom disks
  • Adding the DVD folders to the disk tricked the PS2 into thinking it is a DVDVideo Disk
  • Using a hacked PS2 allowed code to be run from the DVD disk defeating the security processor by changing some registers and running some patches

FreeDVDBoot Exploit

  • Released in June 27, 2020
  • Dumped the DVD Rom drive to find bugs
  • The Parser that read the IFO Files found in DVDs allowed an attacker controlled length variable
  • With no bounds checking and the same variable used in a memcpy allowed a partial overwrite of memory addresses

In Depth Information

  • Read the original post https://cturt.github.io/freedvdboot.html
  • Or my blogpost whenever I finish it.

How to Patch the ISO

  • DVD Rip a regular PS2 disk
  • Create a new UDF File system on the ISO
  • Add DVD Specific Files and Folders to the file system
  • Change the file sizes inside the IFO files
  • Carefully place the new files in the ISO where none of the other files already are.
    • Sony keeps the first 260 block on the disk free. (about 250KB)
  • Add the Original ESP Loader to continue the exploit chain. To make the necessary patches to run the game disk

Burn the Disk

sudo env -u SUDO_COMMAND growisofs -speed=1 -Z /dev/sr0=All\ PS2\ Slims\ -\ English\ language.iso
sudo env -u SUDO_COMMAND growisofs -speed=1 -M /dev/sr0=/dev/zero

Demo Time

More Information

  • ESP Exploit: https://www.ps2-home.com/forum/viewtopic.php?f=10&t=6957
  • Free DVD Boot: https://cturt.github.io/freedvdboot.html

PS2 DVD

By generalzero

Made with Slides.com

PS2 DVD

  • 16

More from generalzero