I’ve previously discussed how the PlayStation 2 doesn’t have any good entry-point software exploits for launching homebrew. You need to either purchase a memory card with an exploit pre-installed, open up the console to block the disc tray sensors, or install a modchip. For the best selling console of all time, it deserves better hacks.
My initial attempt to solve this problem was to exploit the BASIC interpreter that came bundeld with early PAL region PS2s. Although I was successful at producing the first software based entry-point exploit that can be triggered using only hardware that came with the console, the attack was largely criticized due to the requirement of having to enter the payload manually through the controller or keyboard, and limitation of being PAL only. I decided to write-off that exploit as being impractical, and so the hunt continued for a better attack scenario for the PlayStation 2.
The PlayStation 2 has other sources of untrusted input that we could attack; games which support online multiplayer or USB storage could almost definitely be exploited. But unlike say the Nintendo 64, where we don’t really have any other choice but to resort to exploiting games over interfaces like modems, the PlayStation 2 has one key difference: its primary input is optical media (CD / DVD discs), a format which anyone can easily burn with readily available consumer hardware. This leaves an interesting question which I’ve wanted to solve since I was a child:
Ultimately, I was successfully able to achieve my goal by exploiting the console’s DVD player functionality. This blog post will describe the technical details and process of reversing and exploiting the DVD player. All of my code is available on GitHub.
Demonstration video of new PlayStation 2 exploit through the DVD player, which allows burning homebrew games and running them on an unmodified console the same way you would with official discs. This demo shows the result of the PS2SDK patch which adds support for reading DVD video discs (uLaunchELF can now load homebrews from disc, and emulators can now load ROMs from disc).