A very easy stack overflow in the Okage Shadow King PS2 game. The profile name was copied into a stack buffer without bounds checking, allowing a stack overflow of the profile name to corrupt the return pointer on the stack. As this is PS2, no stack cookies, ASLR or DEP is present, so exploitation was fairly straightforward. By using PCSX2 and building scripts to deal with the checksums, they could debug the exploit and get MIPS shellcode running. What’s notable about this post isn’t so much the vuln/exploit as the impact on PS4/PS5 console exploitation. PS2 emulation is one of the few applications running that have JIT permissions, which is very relevant on PS5 where eXecute-Only Memory (XOM) is enforced.