Newest PlayStation Exploit Skips the Disc
Newest PlayStation Exploit Skips the Disc

Last month we brought you word of tonyhax, a clever exploit for the original Sony PlayStation that leveraged a buffer overflow in several of the games from the Tony Hawk Pro Skater series to load arbitrary code from a specially prepared memory card. But now [Bradlin] has taken that idea a step further and developed a software exploit for Sony’s iconic console that doesn’t need to be triggered from a game.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The exploit is considerably more complex this time around, but [Bradlin] does an excellent job of breaking it down for those who want the gritty details. The short version is that missing boundary checks in the PlayStation’s built-in memory card handling routines mean a carefully formatted “block” on the memory card can get the console to execute a small 128 byte payload. That’s not a lot of room to work with, but it ends up being just enough to load up additional code stored elsewhere on the memory card and really kick things off.

Unlike tonyhax, which was designed specifically to allow the user to swap their retail Tony Hawk disc with a game burned to a CD-R, [Bradlin]’s FreePSXBoot is presented as more of a generic loader. As of right now, it doesn’t allow you to actually play burned games, although its inevitable that somebody will connect those last few dots soon.

If you want to check out the progress so far, all you need is wire a PlayStation memory card up to an Arduino, write the provided image to it, and stick it in the slot. [Bradlin] says the exploit doesn’t work 100% of the time (something else that will surely be addressed in future releases), but it shouldn’t take too many attempts before you’re greeted with the flashing screen that proves Sony’s 27 year old console has now truly been bested.

By admin