From ConsoleMods Wiki
Jump to navigation Jump to search

Fortuna (original project) and Opentuna (open source version created by reverse engineering fortuna) are exploits for the PS2 browser. They exploit a buffer overflow vulnerability on the browser RLE decompression routine, which is used to decompress the icons textures. Opentuna is a specially crafted PS2 executable injected into the texture area of a modified PS2 icon file (without 3d model).

The only requirements for this exploit to work, is that the hacked icon must be the first one to display on browser, and that the hacked icon is tuned to propagate the buffer overflow accordingly to the PS2 browser version. The first requirement is met by making sure the folder containing the hacked icon has its date set to something newer than console current date, for this purpose, the maximum date (2099-12-31, 23:59:59) is the best approach, as it makes sure the exploit could only fail on the last second of 2099.

Opentuna has 3 variations that cover a wide variety of the PS2 models

  • The "slims" variant: works on all slims, PS2TV, and SCPH-50xxx with 1.90 Boot ROM
  • The mid FAT variant: only works on SCPH-50xxx with 1.70 boot ROM.
  • The FAT variant: works on all boot ROMs since 1.10 up to 1.60. This means it covers all models from SCPH-18000 up to SCPH-39xxx

Important Notes

  • PSX is not compatible due to the XMB being quite different to common OSDSYS.
  • HDD-OSD (browser 2.0) will make the console incapable of recognizing the memory cards until console is unplugged from current if it processes an opentuna/fortuna icon
  • ProtoKernel PS2s are not compatible with Opentuna. Both Alex parrado (Opentuna creator) and El_isra tried their best to make it happen, but never got any significant progress. This is probably related to the fact that ProtoKernel models are the only PS2 models in which the OSDSYS program is not compressed. This was quite a shame, as Opentuna was the last chance to get exploits for the hardest to hack PS2 models (DTL-H10000 & DTL-H10000S)