Jump to content

PS2 Yabasic Exploit

Conéctate para seguir esto  

¿Quieres enterarte al momento de las nuevas descargas? Síguenos en Twitter!

1 Screenshot

PS2 exploit for demo discs containing Yabasic that allows arbitrary code execution.

Usage

Install the PS2DEV toolchain (really you just need a MIPS compiler), place your assembly payload in payloads/name.s and run make to build it into a Yabasic exploit.

On PS2, run the %lg patch corresponding to your disc first. EG: for PBPX-95205 that will be in out/patches-95205.yab.

Then you can run your payload (located at out/name.yab).

If your payload writes a value, you'll need to run the feEgG patch, and then you can run the debugger program to print it (both in out/patches-version.yab).

Using strings

If you want to reference a string in your payload, create a corresponding string file (EG: boot-fifa.s and boot-fifa.string).

The string will be about 0x240 bytes before the payload, depending on its length, so can be referenced by $a1 - 0x240. maker.c shows how the string length changes the amount of heap space required - it's kind of weird.

by CTurt.


¿Tienes alguna duda, petición o aporte? Utiliza el foro!



×
×
  • Crear nuevo...