The gaming community may be itching to read all the latest news about Sony's upcoming console, but that doesn't mean homebrew enthusiasts have left the previous generations behind just yet. In fact, one developer in particular (@CTurt, a name already familiar to those in the PS4 scene) has decided to go back a whopping 19 years to revisit the PlayStation 2 not for a quick nostalgia dive, but to crack it even further than it's ever been!

As a lot of you readers may know by now, Sony's best-selling console is by no means a stranger to hacks: a plethora of modchips, software exploits and other types of clever tricks to bypass the platform's security have popped up over the years, all of them with their own methods and pros/cons. However, most of them require either purchasing some pieces of hardware or having a pre-modded console at hand to later pass an exploit over to your own, which is by no means ideal for a multitude of reasons. But this is about to change starting today, as @CTurt has managed to find an exploit which only needs a PS2 Yabasic demo disk to work.

The exploit consists of two stages: the first overflows one of the interpreter's built-in functions and gains arbitrary code execution, while the second is a payload that launches an ELF from a medium available to the system (the repo includes one that loads the FIFA demo bundled with a specific revision of the disc, however, someone could technically choose whichever executable they want - even on a different/burned CD). Support for USB/HDD drives and loading ELFs over the network is also reportedly possible, but no compatible payload has been written for those yet. Everything said so far only requires a stock PlayStation 2 and an aforementioned Yabasic demo disk (something many European owners may already have as Sony originally included one with the consoles to avoid EU import taxes) so this should not only open up the doors to hacking & homebrew for many more people, but the exploit also works with late Slim models that don't support FreeMCBoot at all!

There are, however, a few things you should keep in mind. First and foremost, while everything is already in a working state and the code has been made public, it's not really that user-friendly yet: you need to compile the exploit yourself and, as previously stated, some otherwise useful payloads are still missing and will be added sometime in the future (other devs are welcome to make their own contributions!). Secondly, while most demo disks containing Yabasic are supported (serials PBPX-95204, PBPX-95205 and PBPX-95506), one of them is still not compatible as it uses a different executable version and the developer wasn't able to get their hands on it (serial PBPX-95520 - if you have it, please consider contacting the dev!). Lastly, those discs have only been produced for PAL consoles, so NTSC PS2 cannot take advantage of the exploit due to region locking.

Here is the usage guide included in the README:

Install the PS2DEV toolchain (really you just need a MIPS compiler), place your assembly payload in payloads/name.s and run make to build it into a Yabasic exploit.

On PS2, run the %lg patch corresponding to your disc first. EG: for PBPX-95205 that will be in out/patches-95205.yab.

Then you can run your payload (located at out/name.yab).

If your payload writes a value, you'll need to run the feEgG patch, and then you can run the debugger program to print it (both in out/patches-version.yab).

Feeling experimental? You can find PS2-Yabasic-Exploit's GitHub repo by clicking the source link below! You can also find out more about how the exploit works by reading the technical writeup here.

Source

 

[Mythical]

Cool!

 

[Sakitoshi]

However, every single one of them requires either purchasing some pieces of hardware

and having a demo disc that only exist in pal format isn't more specific than the current methods??

 

[gamesquest1]

lol i remember messing about with the yabasic demo disk as a kid, honestly i cant imagine a world where someone would practically use this, but still funny to see it done

 

[Kwyjor]

Lastly, those discs have only been produced for PAL consoles, so NTSC PS2 cannot take advantage of the exploit due to region locking.

Yeah, that's a bit of a tease.

I hadn't heard of this Yabasic thing before. Did anyone take that seriously? It's a little surprising an exploit wasn't found sooner. (Recall that SmileBASIC used to have an exploit on the 3DS.)

According to Computer and Video Games magazine, the European PlayStation 2 package will contain a copy of YA-Basic, an open source implementation of the classic beginners' programming language.

Sony will argue that since the PlayStation 2 can be programmed by users, it should be considered a home computer, not a games machine. The Japanese giant wants to persuade European Commission customs officers that the PlayStation 2 is a computer because the company will have to pay a two per cent import duty otherwise.

 

[The Real Jdbye]

My dad has one of those demo discs laying around somewhere, I remember playing around with it as a kid, pretty neat, but not very usable without a keyboard.
This is pretty cool though. How do you actually load external code in Yabasic? Will it load off a USB drive? The GitHub doesn't really give you much idea about how to actually load the thing.

 

[gamesquest1]

My dad has one of those demo discs laying around somewhere, I remember playing around with it as a kid, pretty neat, but not very usable without a keyboard.
This is pretty cool though. How do you actually load external code in Yabasic? Will it load off a USB drive? The GitHub doesn't really give you much idea about how to actually load the thing.

from what i gather it can only load from the disk its on, but i guess you might be able to use it as a glorified swap-magic disk, and swap out the disk while in yabasic then use the exploit to load a different elf file

i guess it might be useful for a 1-off MCfreeboot install method without needing a action replay max or other method for running home-brew

 

[The Real Jdbye]

from what i gather it can only load from the disk its on, but i guess you might be able to use it as a glorified swap-magic disk, and swap out the disk while in yabasic then use the exploit to load a different elf file

i guess it might be useful for a 1-off MCfreeboot install method without needing a action replay max or other method for running home-brew

I mean, how do you load the yabasic exploit itself?

 

[gamesquest1]

I mean, how do you load the yabasic exploit itself?

i think this is all thats required to boot the FIFA demo from within Yabasic, unless i'm missing something, i think most of the page is a writeup on how he found the exploit and how the end code is created, and thats the input required for his example code to be ran

# Run %lg -> %lu patch before this!

dim x(1,1073741824)
x(0,67108864)=2595480760796642592.0
x(0,67108865)=52143783942.0

x(0,2510080)=550339408.0
s$="cdrom0:\FIFADEMO\GAMEZ.ELF"

 

[MrCokeacola]

Seems about as useful as the PSO exploit for the Gamecube. Cool but too much effort.

 

[the_randomizer]

Being region locked to PAL is a deal breaker to me.

 

[SS4]

Would be great if it wasn't for the PAL limitation . . .

 

[uyjulian]

Swap trick with multiple games and utility disks is easier to do since there are more of the aforementioned disks.

However, an exploit with the DVD Player would be impressive.

 

[retrofan_k]

For £2.99 posted, I picked up a demo disc for the sake of it. Any new expliot is welcomed imo, regardless of how old a system is.

 

[VinsCool]

Really damn cool! However, I found myself picking up a Free MCBoot Memory card for $10, really easy and much less troublesome

 

[TunaKetchup]

For £2.99 posted, I picked up a demo disc for the sake of it. Any new expliot is welcomed imo, regardless of how old a system is.

Where did you get it?

I couldn't find it on ebay

 

[retrofan_k]

Where did you get it?

I couldn't find it on ebay

Search for PBPX-95506 on ebay. There was quite a few.

 

[The Real Jdbye]

Seems about as useful as the PSO exploit for the Gamecube. Cool but too much effort.

Well, you only have to do it once, run the FMCB (or FHDB) installer and off you go.

i think this is all thats required to boot the FIFA demo from within Yabasic, unless i'm missing something, i think most of the page is a writeup on how he found the exploit and how the end code is created, and thats the input required for his example code to be ran

I guess you have to type it out manually, but it's not that long. I expected it to be more complex. No idea what he means by that patch though. I guess if you wanted to load homebrew with this, you would have to disc swap to a burned disc containing your .elf file. Unless someone can figure out a way to load directly from USB with the exploit, if that's even possible.

 

[MiiJack]

Finally I can delete that corrupted save on my memory card , all I need to do is search that disc.

 

[cearp]

lol i remember messing about with the yabasic demo disk as a kid, honestly i cant imagine a world where someone would practically use this, but still funny to see it done

for the last ps2 model, the only way to play backups is with a modchip - there aren't any softmods - so this is good for those people.
plus, the slim ps2s accept 110-240v (i believe), and so having a european ps2 in the usa (for example) is not a big issue as it would be for a fat ps2.

Seems about as useful as the PSO exploit for the Gamecube. Cool but too much effort.

that exploit was very useful!
i remember having sonic adventure 2 connected to my computer, searching for cheats - all thanks to PSOload
i forget what the iso loading compatibility was like... not sure I really made use of that.

Finally I can delete that corrupted save on my memory card , all I need to do is search that disc.

there is a certain demo game on a demo disk (Viewtiful Joe 2 on the Holiday 2004 Demo Disc) which is bugged, and simply loading that game will corrupt your whole memory card. some people use it on purpose when they need to get rid of a bad save, or if they want to format their memory card. (because you can't choose to format your memory card youreslf - but if it gets corrupted from something like this demo, the ps2 prompts you to wipe it)