59

GitHub - CTurt/PS2-Yabasic-Exploit: PS2 exploit for demo discs containing Yabasi...

 4 years ago
source link: https://github.com/CTurt/PS2-Yabasic-Exploit
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

README.md

PS2-Yabasic-Exploit

PS2 exploit for demo discs containing Yabasic that allows arbitrary code execution.

How does it work?

A blog post about how this works can be found here.

Usage

Install the PS2DEV toolchain (really you just need a MIPS compiler), place your assembly payload in payloads/name.s and run make to build it into a Yabasic exploit.

On PS2, run the %lg patch corresponding to your disc first. EG: for PBPX-95205 that will be in out/patches-95205.yab.

Then you can run your payload (located at out/name.yab).

If your payload writes a value, you'll need to run the feEgG patch, and then you can run the debugger program to print it (both in out/patches-version.yab).

Using strings

If you want to reference a string in your payload, create a corresponding string file (EG: boot-fifa.s and boot-fifa.string).

The string will be about 0x240 bytes before the payload, depending on its length, so can be referenced by $a1 - 0x240. maker.c shows how the string length changes the amount of heap space required - it's kind of weird.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK