Jump to content

PS2 Yabasic Exploit

¿Quieres enterarte al momento de las nuevas descargas? Síguenos en Twitter, Mastodon o Threads!

PS2 exploit for demo discs containing Yabasic that allows arbitrary code execution.


Install the PS2DEV toolchain (really you just need a MIPS compiler), place your assembly payload in payloads/name.s and run make to build it into a Yabasic exploit.

On PS2, run the %lg patch corresponding to your disc first. EG: for PBPX-95205 that will be in out/patches-95205.yab.

Then you can run your payload (located at out/name.yab).

If your payload writes a value, you'll need to run the feEgG patch, and then you can run the debugger program to print it (both in out/patches-version.yab).

Using strings

If you want to reference a string in your payload, create a corresponding string file (EG: boot-fifa.s and boot-fifa.string).

The string will be about 0x240 bytes before the payload, depending on its length, so can be referenced by $a1 - 0x240. maker.c shows how the string length changes the amount of heap space required - it's kind of weird.

by CTurt.

No te pierdas nada, síguenos en Twitter, Mastodon o Threads!
Preguntas, aportes y peticiones en el foro.

  • Crear nuevo...