I can't find a thread, which lists all known (and possibly unknown) Exploits and vulnerabilities, which can be used for arbitrary code-execution (a.k.a loading apps) or some other things, so I will go ahead and list them all (hopefully) here. Swap-methods: Swap-Magic or a Cheat-Disc Game-swap-trick; replacing a secondary ELF on the disc-image (Double-)Time-swap; exchange the main-ELF and swap multiple times during disc-boot Single-swap at boot-stage for some discs like the DVD-Player-Update-Discs (AFAIK for CDs only) etc. Exploits: FMCB FHDB (can be written via a PC as well) Directly booting Homebrew from HDD (can be written via a PC as well) DVD-Player Update-Exploit (essentially the same vulnerability like FMCB, just another path for the KELF + additional files for the ID/VER and it will only start on insertion of a Video-DVD). PS1-Exploit/'Independence Exploit'; files can be moved to MC via Cheat-tools, but only works on FAT PS2s Xmas-Exploit for Action Replay; causes AR to 'cheat itself' to boot an ELF from USB YaBasic Exploit; typing the Exploit&Payload once, saving it as programm and execution via original Demo-Disc which includes YaBasic Starting ELFs via original Linux-RTE/Disc PS2-MC2USB-Adapter to either install the PS1-Exploit (non-original adapter) or FMCB (Sony's adapter) Starting an app via a game-Loader like HD-Loader or USB-Advance Starting an app via MC, USB or specially crafted CDs (a kind of UMCDR) via commercial but non-licensed discs, like SM-Coder, AR Max, etc. Special MemoryCards like Memor32 or MaxMemory 64 PLUS DVD-Player 1.00-Issue etc. What's more?: 1. DECKARD-Models seem to have an incomplete USB-Update-System. 2. There seems to be either an issue in FMCB/FHDB's Payload, or the OSDSYS has a fault which can cause code-injection via text-strings which use opcodes or some instructions. I can get it to freeze, with some funky OSDSYS-Item-Names... I haven't tested however, if this also happens with some weird mc-save-name-strings (not the folder-name on MC, but the actual shown name in the OSDSYS), without FMCB... Why? The idea was a 'kick-start'-icon which has the weird name and starts an ELF from MC. The only issue is, that - if it works - it would be immediately triggered, once the name is parsed. 3. There is another vulnerability, which in itself does not yield code-execution, but once you have the ability to load code, you can access content on burned (Video-)DVDs, which have DVD-Video-content. This vulnerability is used in different apps like ESR or SMS and in varying 'formats' like ESR-Discs or simple Video-DVDs with extra-content. I know that some of them are not actually 'Exploits' in a literal technical sense, but only in 'User-Jargon' and are actually 'entry-points'. The list is by no means complete yet and I will add more 'entry-points' later + make it visually more appealing + link to some threads. If I have forgotten anything, please mention it/them.