mast1c0re PS4/PS5 Hack: CTurt Reveals Unpatched User Zone Exploit Within PS2 Emulator


PlayStation hacker extraordinaire CTurt has revealed a unpatched exploit for PS4 and PS5, using the built-in PS2 emulator as the entry point. In the current state of his disclosure, the hacker explains that the vulnerability would allow handlers run pirated PS2 games on PS4/PS5 (and one can assume, PS2 homebrews). but he too promises more to come, specifically running native PS4 homebrew (PS4 user country).

Dubbed mast1c0re, the exploit was revealed a year ago by CTurt to Sony, but the developer was only allowed to reveal it publicly now. However, the exploit, according to the hacker, is not patched, which means recently released PS4 Firmware 10.00 and PS5 Firmware 6.00 are apparently vulnerable.

CTurt submitted details of the exploit to PlayStation a year ago, but has now only been allowed to reveal it publicly.

CTurt shared a full description of the exploit, as well as a video showing the exploit being used to load another PS2 game from the emulator process. (review and video links below)

mast1c0re – What is the PS4/PS5 user zone cheat about?

Hacking a console typically requires two levels of vulnerabilities: an entry point that you can access within the restricted boundaries you have as a console user, and a privilege escalation (jailbreak) vulnerability. In practice, things can get much more complicated than on modern systems with many other security measures to defeat (ASLR, DEP,…), but the basic idea is always: entry point, then privilege escalation.

In this case, the mast1c0re exploit, as described in the first CTurt document, is the entry point: taking advantage of the fact that PS4 and PS5 can run PS2 games within a built-in emulator, and using existing PS2 exploits , it is possible to use the PS2 emulator on PS4 and PS5 as an entry point, via gamesave exploits.

This is a significantly different approach to using Webkit exploits, something that has historically been the main entry point into PS4 exploits. But for people who have been in the hacking scene for a while, this is a throwback to the good old days: PSP Leveraged Save Game Blows Up A Lot as entry points to the vulnerabilities and, closer to what is being achieved here, the PS Vita also used these same PSP vulnerabilities to offer limited hack support, specifically enabling PSP Homebrew in the early days.

mast1c0re – The next PS4 userland homebrew?

In the current state of his explanations, Cturt describes that the hack allows arbitrary execution within the PS2 emulator. In other words, it is possible to run PS2 games and PS2 homebrew on a PS4 (or PS5) through this hack. This is very similar to what VHBL allowed back in the PSVita days (PSP Homebrew inside the PS Vita’s PSP emulator).

But he promises there will be more to come in a “part 2” of his article, namely a PS4 homebrew environment (in the user zone). That aspect would require additional exploits to escape the PS2 environment and peel back a layer, to get up to the native PS4 level. It remains to be seen how the hacker accomplished this.

mast1c0re – What is the status right now and what should I do?

CTurt states that the vulnerability is essentially “unpatchable”. Specifically, as long as exploitable PS2 games are available for download, exploiting this specific vulnerability should be feasible. He claims that he disclosed the vulnerability to Sony over a year ago, and they have decided not to patch it.

Assuming this exploit leads to user-friendly releases (it certainly will), it looks like a game of cat and mouse between PlayStation and hackers could start. like in the VHBL days: A new exploitable PS2 game is found/announced, people rush to buy and download it before Sony removes it (temporarily?) from PSN. Rinse and repeat.

The game that Cturt has used for his work in progress is OKAGE: King of Shadows, an exploitable PS2 game. Now before rushing to buy the game, the devil is in the details and there are a few things to understand:

  1. This game has been announced to lead to an exploit and is still available on PSN at the time of writing. How long it will stay on the PSN before Sony pulls it is anyone’s guess. It could be today, it could be next week, it could be never. Once removed, this possibility is gone, but it is likely that other exploitable games will be revealed in the future.
  2. Nothing technically released yet. There is a non-zero chance that this will not lead to anything useful for the end user.
  3. Currently what is being advertised is PS2 homebrew and possibly PS4 homebrew.
    1. Nothing about a full jailbreak of PS4, which would require a privilege escalation exploit (kernel exploit). This means, in particular, that there is no PS4 hacking.
    2. Although CTurt says that the PS2 exploit is basically unfixable, the next level (the PS4 user zone) could be. In fact, there are rumors that a PS4 firmware 10.1 is coming soon, and that could be related to what CTurt will reveal next (mast1c0re part 2)
  4. Although CTurt mentions that the PS5 is vulnerable, it seems that much of his work is focused on the PS4. PS5 compatibility might just be theoretical at this point, particularly for end users.
  5. Creating the correct PS2 save game for your PS4 console requires a way to encrypt the save game for your specific PSN ID. This means someone with an already hacked PS4, or more advanced means, should do it for you! Although it seems very likely that the community can provide services for this, this is not as straightforward as the typical hack. Specifically from CTurt: “With one of these exploits, a PS4 save file containing the PS2 memory card can be encrypted and signed for any PSN-ID by anyone with a hacked PS4 on any firmware (or just a PC if they have the SAMU keys). uncapped), and then imported to the destination PS4/PS5 using the USB save import function in Settings.”

Based on the above, understand that the game costs $10. For some, this could be a lot of money for something with no guarantee. Don’t rush out and buy a PS2 game expecting something it’s not.

mast1c0re – More details

For more details about the vulnerability, see CTurt’s articleas well as the video below.

Stay tuned here at as there will be rapid developments in this for sure!

Font: CTurt


Source link