Since the launching of PlayStation 2, information security awareness specialists have sampled the multiple vulnerabilities in console code that allow the use of homebrew games, another way of saying piracy. Now, more than 20 years after the console was released, a researcher revealed a method to hack the system through the built-in DVD component.
For obvious reasons, users interested in exploiting this vulnerability cannot simply burn a disc containing an ELF file and expect the PlayStation 2 (PS2) system, so a flaw related to the analysis of controlled data from the console must be exploited.
According to information security awareness experts, the PS2 supports the playback of burned DVDs, expanding the attack surface for homebrew gaming use; with respect to DVD video, there are multiple main components exposed to the exploitation of security flaws, for example:
- UDF file system
- DVD metadata and subtitles
- Audio and video decoding
- Interaction machine
The full DVD specification consists mainly of open formats such as MPEG grouped in a proprietary container format (VOB). For property aspects there are some unofficial references freely accessible. The IFO file format is probably the simplest format used, and is responsible for storing the metadata that links the video files.
In his research, the hacker mentions that it is the interaction machine that allows the deployment of interactive menus and games on DVD format discs. This component has 32 instruction groups and can be used to manipulate the state of the internal memory, preparing an exploit. This condition could also be used to create a universal DVD, with a menu to select a firmware version and activate the appropriate exploit.
During testing, the information security awareness expert used an emulator with debug support, which first presented an obstacle because the most popular PS2 emulators do not support DVD playback.
Using a specially designed code, the hacker was able to abuse the DVD player components of the PS2 system successfully, allowing you to run pirated games in the same way that an official game would work. Full research is available at the following link.
This hack was only tested on PS2 v3.10E, this is the latest version of the console released officially, so there should be no problems exploiting the DVD component in earlier versions of the console. The expert adds that there are likely to be more common errors, such as buffer overflows, enough to achieve similar results, although this is a fully functional alternative to using homebrew games on this console that has already become a classic.
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.