No, there's no typo in the title. It's 2020 and Sony's second home console, the PlayStation 2, got a new exploit; and an interesting one at that! Aptly named FreeDVDBoot, this exploit allows users to run burnt homebrew games on an unmodified PS2. Just slide in a DVD into the console as you would with any other game and boot it without any additional tools.

@CTurt , the software engineer behind FreeDVDBoot and fellow GBAtemp member, explained in length his method that exploits the console's DVD player functionality in a blog post. He also made all of FreeDVDBoot's code available on GitHub, along with a step-by-step guide.

​

In case you're wondering about actual PS2 games rather than homebrew titles, yes, FreeDVDBoot also enables you to run backup copy of those. CTurt shared a video using his exploit to run a backup of Shadow of the Colossus:

​

It doesn't end there either. CTurt further goes on to speculate that this method could potentially work on every single PlayStation home consoles and that he will investigate this possibility in the future:

There's really no reason this general attack scenario is specific to the PlayStation 2 as all generations support some combination of burned media: from the PlayStation 1's CD support, to the PlayStation 3 and 4's Blu-ray support, with the PlayStation 4 having only removed CD support. Hacking the PS4 through Blu-ray BD-J functionality has long been discussed as an idea for an entry point. This may be something I would be interested in looking into for a long-term future project: imagine being able to burn your own PlayStation games for all generations; 1 down, 3 to go...

SOURCE
FreeDVDBoot code and guide on GitHub

 

[Urbanshadow]

Your question is unclear, but no matter how you bend it it's a No:
- You can't run this exploit from a CD because the mechacon only recognizes DVDs as movie discs
- You can't run this exploit on a PS1 because of the above, the fact the PS1 doesn't have a DVD-Video player (or read DVDs at all)
- You can't use this exploit to load copies of game discs because, just like any (known to date) non-chip method, it doesn't bypass the mechacon and its protections
A "3 wire" non-stealth PS1 chip with a power switch is the most reliable and cleanest option for nonoriginal PS1 discs on a PS2 (or, of course, a fat PS1) - connect its data line to what most PS2 chips call "SX"

Ah, but it works the other way around. See, as freedvdboot doesn´t exploit the PS1 compatibility layer as freeMCboot does to boot, theoretically one could finally write an ELF loader for PS2 to natively load PS1 games without the hassle of tricking the whole hardware to think it´s playing a PS2 game.

Now this could be interesting.

 

[Kwyjor]

My only issue now is that OPL only supports SMB 1, and I’m not opening myself up with that security risk.

Doesn't mucommander support SMB1 without having to do anything at the OS level?

 

[chrisrlink]

might just buy a ps2 just for this their cheap enough

 

[driverdis]

FMCB/FHDB only provide a persistent homebrew entrypoint (via an unofficial system update), they do not run game backups from HDD/USB/Ethernet/FireWire (OPL does), and yes all of those are receiving updates (though you need to be realistic about the performance of USB 1)


You're thinking of the superslim (SCPH-9xxxx) - some of them (not all - most of R-chassis ones but still some exceptions) have rom version 2.30 which removed support for updates from memory card


Hell no!
Not even the CECH-A and B are 100% accurate to a real PS2... and they run hotter and consume over 3x the power anyway


You can use a file manager (*LaunchELF) to run the FMCB installer from USB, yep
and again, this has nothing to do (directly) with disc or digital game backups


Your question is unclear, but no matter how you bend it it's a No:
- You can't run this exploit from a CD because the mechacon only recognizes DVDs as movie discs
- You can't run this exploit on a PS1 because of the above, the fact the PS1 doesn't have a DVD-Video player (or read DVDs at all)
- You can't use this exploit to load copies of game discs because, just like any (known to date) non-chip method, it doesn't bypass the mechacon and its protections
A "3 wire" non-stealth PS1 chip with a power switch is the most reliable and cleanest option for nonoriginal PS1 discs on a PS2 (or, of course, a fat PS1) - connect its data line to what most PS2 chips call "SX"

Any additional info you can provide like what non stealth modchip I could use? I did not know you could use a PS1 modchip in a PS2 for PS1 games and that would be far easier for me to install then installing a whole modbo chip just for PS1 games.

 

[Jonnysert]

Unexpected Item
Amazing that this is such a similar entrypoint to the Dreamcast mil-CD one - imagine if this didn't take 19 years to find. Is it possible to unlock the DVD drive with this? I wonder, if some fiddling of the commercial game ISOs, you could get them to boot.

 

[Pokemon_Tea_Sea_Jee]

Unexpected Item
Amazing that this is such a similar entrypoint to the Dreamcast mil-CD one - imagine if this didn't take 19 years to find. Is it possible to unlock the DVD drive with this? I wonder, if some fiddling of the commercial game ISOs, you could get them to boot.

Opening post already shows that commercial games work with this.

 

[Deleted User]

Unexpected Item
Amazing that this is such a similar entrypoint to the Dreamcast mil-CD one - imagine if this didn't take 19 years to find. Is it possible to unlock the DVD drive with this? I wonder, if some fiddling of the commercial game ISOs, you could get them to boot.

You can, dude who found the exploit did it with shadow of the colossus as a concept.

Worked 100% perfectly fine.

Just waiting for someone to make a patched tool for Iso's now that and more exploits for further drive firmwares.

 

[CactusMan]

You can, dude who found the exploit did it with shadow of the colossus as a concept.

Worked 100% perfectly fine.

Just waiting for someone to make a patched tool for Iso's now that and more exploits for further drive firmwares.

I tried it, it is iegit. I´m playing Sega Ages Phantasy Star and I liken it. The human who made and shared this is legend.

 

[BeastMode6]

Doesn't mucommander support SMB1 without having to do anything at the OS level?

Only for client. I don't see any way to start a server with this.

 

[smf]

See, as freedvdboot doesn´t exploit the PS1 compatibility layer as freeMCboot does to boot, theoretically one could finally write an ELF loader for PS2 to natively load PS1 games without the hassle of tricking the whole hardware to think it´s playing a PS2 game.

Now this could be interesting.

I think you are mixing it up with the independence exploit that exploited the PS1 compatibility layer, freemcboot exploits the PS2 update mechanism.

Using PS2 homebrew to load PS1 games from USB or Ethernet has some technical hurdles to overcome that FreeDVDBoot does nothing to address.

 

[CactusMan]

I think you are mixing it up with the independence exploit that exploited the PS1 compatibility layer, freemcboot exploits the PS2 update mechanism.

Using PS2 homebrew to load PS1 games from USB or Ethernet has some technical hurdles to overcome that FreeDVDBoot does nothing to address.

Ain´t gonna work PS2s in PS1 mode is like a Nintendo DS playing GBA games. They are seperated.
And get a psx if you want to play those games.

 

[Urbanshadow]

I think you are mixing it up with the independence exploit that exploited the PS1 compatibility layer, freemcboot exploits the PS2 update mechanism.

Using PS2 homebrew to load PS1 games from USB or Ethernet has some technical hurdles to overcome that FreeDVDBoot does nothing to address.

Oh is that so? Thank you for correcting me then.

 

[raxadian]

Has anyone tested this on the PS2s that were "games only"?

 

[Rail Fighter]

Nice because I don't have a modchip. Now I just need the PS2.

 

[BeastMode6]

My only issue now is that OPL only supports SMB 1, and I’m not opening myself up with that security risk.

Got a solution to this. I set up an Ubuntu VM that runs the SMB1 share. Whenever I want to play a game, I'll run the VM. Not ideal but certainly beats having SMB1 running all the time on my Windows machine.

 

[tech3475]

Got a solution to this. I set up an Ubuntu VM that runs the SMB1 share. Whenever I want to play a game, I'll run the VM. Not ideal but certainly beats having SMB1 running all the time on my Windows machine.

Another option might be to buy a cheap NAS of some kind, use an old/cheap computer, etc. And plug it directly into the PS2.

Not ideal but then at least you din’t have to mess around with VMs, etc.

 

[smf]

Has anyone tested this on the PS2s that were "games only"?

Which PS2 were game only? Except the TEST units that didn't have DVD player functionality, because Sony would have had to pay a licensing fee based on a percentage of the selling price, this exploit won't work on TEST consoles as they can't run the DVD player.

Ain´t gonna work PS2s in PS1 mode is like a Nintendo DS playing GBA games. They are seperated.

Well sorta. The PS1 GPU is emulated with the EE+GS on the PS2 and the CPU is the IOP. Some stuff changes when going into PS1 mode, but as far as I know PS1DRV hasn't been reverse engineered to document what all the registers do. It's possible that a solution like nintendont is possible, where gamecube games run on the wii despite there being differences.

Obviously it hasn't been done yet, but whether it's theoretically possible and what the compatibility rate could be if it could is an unknown. Being able to play PS1 backups on ethernet using a PS2 would be da bomb though.

 

[chrisrlink]

wonder if it'll run on the PSX (not talking bout the ps1 here but the Japan only HDR PS2) https://en.wikipedia.org/wiki/PSX_(digital_video_recorder)

 

[FAST6191]

Got a solution to this. I set up an Ubuntu VM that runs the SMB1 share. Whenever I want to play a game, I'll run the VM. Not ideal but certainly beats having SMB1 running all the time on my Windows machine.

So I read up on everything.
https://techcommunity.microsoft.com/t5/storage-at-microsoft/stop-using-smb1/ba-p/425858

Someone sets up my new corporate network today with it. Their family will never find the body and someone that useless is unlikely to be missed anyway. Some legacy reason (and that ought to be a business critical super expensive/nigh impossible to replace fancy printer/scanner, CNC machine or the like) better be justified as anything, and most likely will be airgapped and then some if at all possible.

For the average person around here that mostly just has read only, maybe write in one directory, shares for their home and devices on it to watch films on another computer or something. Seeing less of an issue.

 

[Kwyjor]

For the average person around here that mostly just has read only, maybe write in one directory, shares for their home and devices on it to watch films on another computer or something. Seeing less of an issue.

I've read some people raise alarms about the hidden "administrative shares" that are enabled by default and make the entire hard drive available.