The exploit relies on creating a deliberately incorrect entry inside this file, which triggers a buffer overflow and, combined with a small stub loader located in the file, allows the execution of unencrypted code from the Memory Card upon the insertion of a specific PS1 game. Normally, only programs encrypted by Sony, such as the DVD player, will run from the Memory Card.
The discovery of this vulnerability in the PS2's software opens up the possibility of running programs created by the PS2 homebrew developer community without the need for a modchip or disc swapping techniques (e.g. CogSwap or Swap Magic).
These swap techniques use a hardware exploit of the PlayStation 2. They use a tool to open the disc drive tray without the PS2 knowing on "fat" units or using a different tool to push the "flap closed" sensor on slimline units. The latter is also used on swap discs for the original PlayStation.
Installation
Triggering the exploit requires a way of installing the modified files to the Memory Card, which is not possible by normal means. Installation is accomplished either from a console (modified or with the exploit already installed), a Memory Card reader/writer, a disc swapping technique or through the use of some commercial programs allowing USB flash drive to Memory Card transferences, such as Code Breaker (versions 8 and higher) or Action Replay MAX, by transferring a modified System Settings save file. Alternatively a more involved method can be used, through the combination of a hard disk loader program (HD Loader/HD Advance), an ISO image installer program for PS2 (such as WinHiip), and an image of some program allowing installation (such as Ubergeek's Exploit Installer http://sksapps.com/index.php?page=exploitinstaller.html)Benefits
With the exploit installed, the user is able to run programs from Memory Cards, optical discs, network or USB flash drives. Programs are found in the ELF executable format.Popular programs include media players, Memory Card/hard disk management tools, emulators, and loaders (able to launch other programs, or "backup" games).
The exploit on newer consoles
The original Independence Exploit method does not work on newer "slim" PS2 models. However, there are other ways of installing similar programs to the memory card using Swap Magic discs or commercial cheat discs, such as Action Replay MAX.Free McBoot is a newer PS2 exploit that is more user friendly (once set up) and works on most models of the PS2, including slimlines. Only the newest model SCPH-9000x with BIOS 2.30 (manufactured late 2008) and newer does not work. FMCB does not require a trigger disk, thus making it possible to use on systems with dead disk drives. The drawback is that FMCB MUST be installed/compiled on each memory card individually, copying the exploit does NOT work, this means that an already exploited or modded system is required in order to create new installations. The FMCB installation is keyed to the memory card, not the system. You can however use a single Memory Card with FMCB on other version consoles within the same region.
Example: Installing FMCB using a NTSC-U/C console will work in other PS2 consoles with the same region designation, if the Multi-Install option was used during the installation. This same MC will NOT work in a PAL or NTSC-J region console.
Free McBoot at 9000x Models
Just for the newest 9000x Model:
FMCB work: Date-Code 8a & 8b (8c ONLY with v2.20 BIOS. The PS2 BIOS can't be flashed!)
FMCB doesn't work on: Date-Code 8c & 8d (BIOS Version v2.30)
You can buy the multi regional version of free mcboot pre installed on a memory card here http://www.pstwo.co.uk if you cant do it yourself.
ReplyDelete