Jump to content

PS2 Yabasic Exploit


¿Quieres enterarte al momento de las nuevas descargas? Síguenos en Twitter!

PS2 exploit for demo discs containing Yabasic that allows arbitrary code execution.

Usage

Install the PS2DEV toolchain (really you just need a MIPS compiler), place your assembly payload in payloads/name.s and run make to build it into a Yabasic exploit.

On PS2, run the %lg patch corresponding to your disc first. EG: for PBPX-95205 that will be in out/patches-95205.yab.

Then you can run your payload (located at out/name.yab).

If your payload writes a value, you'll need to run the feEgG patch, and then you can run the debugger program to print it (both in out/patches-version.yab).

Using strings

If you want to reference a string in your payload, create a corresponding string file (EG: boot-fifa.s and boot-fifa.string).

The string will be about 0x240 bytes before the payload, depending on its length, so can be referenced by $a1 - 0x240. maker.c shows how the string length changes the amount of heap space required - it's kind of weird.

by CTurt.


¿Tienes alguna duda, petición o aporte? Utiliza el foro!


×
×
  • Crear nuevo...