PS2 exploit for demo discs containing Yabasic that allows arbitrary code execution.
A blog post about how this works can be found here.
Install the PS2DEV toolchain (really you just need a MIPS compiler), place your assembly payload in payloads/name.s and run make to build it into a Yabasic exploit.
On PS2, run the %lg patch corresponding to your disc first. EG: for PBPX-95205 that will be in out/patches-95205.yab.
Then you can run your payload (located at out/name.yab).
If your payload writes a value, you'll need to run the feEgG patch, and then you can run the debugger program to print it (both in out/patches-version.yab).
If you want to reference a string in your payload, create a corresponding string file (EG: boot-fifa.s and boot-fifa.string).
The string will be about 0x240 bytes before the payload, depending on its length, so can be referenced by $a1 - 0x240. maker.c shows how the string length changes the amount of heap space required - it's kind of weird.