Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 29: | Line 29: | ||
= Software = | = Software = | ||
== | == Operating System == | ||
=== PS2 Independence === | |||
Released on 15-08-2003 by Marcus R. Brown <[email protected]>. | Released on 15-08-2003 by Marcus R. Brown <[email protected]>. | ||
Line 41: | Line 39: | ||
See [[PS2 Independence]]. | See [[PS2 Independence]]. | ||
=== FreeMCBoot === | |||
Released on 23-05-2008 by jimmikaelkael (with help from Neme). Maintained since 14-09-2011 by SP193. | Released on 23-05-2008 by jimmikaelkael (with help from Neme). Maintained since 14-09-2011 by SP193. | ||
Line 55: | Line 51: | ||
See [[FreeMCBoot/FreeHDBoot]]. | See [[FreeMCBoot/FreeHDBoot]]. | ||
=== FreeHDBoot === | |||
The newest versions of Free McBoot, version 1.90 and newer, also have the ability to install and boot from both Sony and non-Sony HDDs when using a "fat" PS2 and network adapter.[3] This support is called FreeHDBoot or FHDB. With a few minor issues, it is now possible to game entirely from the HDD, without needing to use the optical disc drive nor a physical memory card. | The newest versions of Free McBoot, version 1.90 and newer, also have the ability to install and boot from both Sony and non-Sony HDDs when using a "fat" PS2 and network adapter.[3] This support is called FreeHDBoot or FHDB. With a few minor issues, it is now possible to game entirely from the HDD, without needing to use the optical disc drive nor a physical memory card. | ||
=== Fortuna === | |||
Released on 12-02-2019 by krat0s. | Released on 12-02-2019 by krat0s. | ||
Line 67: | Line 63: | ||
That means EVERY PS2 from 1.90 ROMVER 50k model up to the TV can be exploited by scrolling to an MC-Icon and "back out" of the menu. | That means EVERY PS2 from 1.90 ROMVER 50k model up to the TV can be exploited by scrolling to an MC-Icon and "back out" of the menu. | ||
=== Opentuna === | |||
an open source version of fortuna. supports almost all PS2 models, from the SCPH-18000 to the very last. This exploit hasn't been ported to the 10k and 15k models, it proved to be quite challenging to do so, probably related to the fact that these models does not have compressed OSDSYS programs. Different files are needed depending on the console version. | an open source version of fortuna. supports almost all PS2 models, from the SCPH-18000 to the very last. This exploit hasn't been ported to the 10k and 15k models, it proved to be quite challenging to do so, probably related to the fact that these models does not have compressed OSDSYS programs. Different files are needed depending on the console version. | ||
=== Requirements === | |||
*A PS2 Memory Card | *A PS2 Memory Card | ||
*A way to transfer files to the Memory Card (one time setup) | *A way to transfer files to the Memory Card (one time setup) | ||
*Making sure the hacked icon is displayed first (OSDSYS icon order is based on date) | *Making sure the hacked icon is displayed first (OSDSYS icon order is based on date) | ||
=== The exploit === | |||
Fortuna/Opentuna exploit a vulnerability on the RLE decompression routine used for memory card icon textures, allowing to copy raw executables to protected area on ram, and achieving execution when going back to main menu. Alex Párrado, creator of Opentuna, left a [https://www.psx-place.com/#tab_1710732308 technicall write-up on how it works] | Fortuna/Opentuna exploit a vulnerability on the RLE decompression routine used for memory card icon textures, allowing to copy raw executables to protected area on ram, and achieving execution when going back to main menu. Alex Párrado, creator of Opentuna, left a [https://www.psx-place.com/#tab_1710732308 technicall write-up on how it works] | ||
Line 88: | Line 84: | ||
=== Oddities === | |||
Fortuna/Opentuna exploit fails if the console is rendering some japanese characters, either from a save file or by setting the console to Japanese language. | Fortuna/Opentuna exploit fails if the console is rendering some japanese characters, either from a save file or by setting the console to Japanese language. | ||
Line 95: | Line 91: | ||
When the OSDSYS parses the hacked icon, any save folder using built-in icons (eg: "your system configuration") will stop getting rendered, showing no icon 3d model, like the exploit icon | When the OSDSYS parses the hacked icon, any save folder using built-in icons (eg: "your system configuration") will stop getting rendered, showing no icon 3d model, like the exploit icon | ||
=== FreeDVDBoot === | |||
An exploit released in 2020 by CTurt, which exploits the DVD Video Player and allows the execution of code (wLaunchElf in the pre-built ISOs). Currently supports all slim consoles, including the ones that don't support FMCB. | An exploit released in 2020 by CTurt, which exploits the DVD Video Player and allows the execution of code (wLaunchElf in the pre-built ISOs). Currently supports all slim consoles, including the ones that don't support FMCB. | ||
=== ESR Vulnerability === | |||
Vulnerability to bypass PS2 disc reader anticopy protection system. | Vulnerability to bypass PS2 disc reader anticopy protection system. | ||
Line 109: | Line 103: | ||
It does not yield code-execution, but once you have the ability to load code, you can access content on burned (Video-)DVDs, which have DVD-Video-content. This vulnerability is used in different apps like ESR or SMS and in varying 'formats' like ESR-Discs or simple Video-DVDs with extra-content. | It does not yield code-execution, but once you have the ability to load code, you can access content on burned (Video-)DVDs, which have DVD-Video-content. This vulnerability is used in different apps like ESR or SMS and in varying 'formats' like ESR-Discs or simple Video-DVDs with extra-content. | ||
=== | === Linux === | ||
Todo | Todo | ||
Line 139: | Line 131: | ||
== PS1 Savedata exploits == | == PS1 Savedata exploits == | ||
Maybe not exploitable on PS2. | |||
See [https://psdevwiki.com/ps1/index.php?title=Vulnerabilities PS1 Dev Wiki Vulnerabilities]. | See [https://psdevwiki.com/ps1/index.php?title=Vulnerabilities PS1 Dev Wiki Vulnerabilities]. |