Skip to content
PS2 exploit for demo discs containing Yabasic that allows arbitrary code execution.
Assembly C Makefile
Branch: master
Clone or download
Latest commit 2e9fad3 Oct 22, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
payloads Upload untested HDD patch Oct 22, 2019
.gitignore Initial source Oct 12, 2019
Makefile Allow each payload to know addresses Oct 13, 2019
README.md Initial source Oct 12, 2019
maker.c clarify Oct 22, 2019
notes.TXT Initial source Oct 12, 2019

README.md

PS2-Yabasic-Exploit

PS2 exploit for demo discs containing Yabasic that allows arbitrary code execution.

How does it work?

A blog post about how this works can be found here.

Usage

Install the PS2DEV toolchain (really you just need a MIPS compiler), place your assembly payload in payloads/name.s and run make to build it into a Yabasic exploit.

On PS2, run the %lg patch corresponding to your disc first. EG: for PBPX-95205 that will be in out/patches-95205.yab.

Then you can run your payload (located at out/name.yab).

If your payload writes a value, you'll need to run the feEgG patch, and then you can run the debugger program to print it (both in out/patches-version.yab).

Using strings

If you want to reference a string in your payload, create a corresponding string file (EG: boot-fifa.s and boot-fifa.string).

The string will be about 0x240 bytes before the payload, depending on its length, so can be referenced by $a1 - 0x240. maker.c shows how the string length changes the amount of heap space required - it's kind of weird.

You can’t perform that action at this time.