English

Company Was Founded In 1998, Excellent Corporate Reputation, Excellent Product Quality

View All Products

We Are Helping The World Connect Better, Last Longer, Live Easier And Fly Higher

View All Products

Focus On Development And Protection

View All Products

mast1c0re PS4/PS5 Hack: CTurt reveals unpatched userland exploit within the PS2 emulator - Wololo.net

2022-09-16 20:53:16 By : Ms. Julie Qian

PlayStation hacker extraordinaire CTurt has disclosed an unpatched exploit for the PS4 and PS5, using the integrated PS2 emulator as an entry point. In the current state of his disclosure, the hacker explains the vulnerability would allow tinkerers to run pirated PS2 games on the PS4/PS5 (and one can assume, PS2 homebrews). But he also promises more to come, specifically PS4 native homebrew execution (PS4 userland).

Nicknamed mast1c0re, the exploit was disclosed one year ago by CTurt to Sony, but the developer was only allowed to disclosed it publicly now. Nonetheless, The exploit, according to the hacker, is unpatched, meaning recently released PS4 Firmware 10.00 and PS5 Firmware 6.00 are apparently vulnerable.

CTurt sent details of the exploit to PlayStation a year ago, but was only allowed to disclose it publicly now

CTurt shared a full writeup of the exploit, as well as a video showcasing the exploit used to load another PS2 game from within the emulator process. (writeup and video links below)

Hacking a console typically requires two levels of exploits: an entry point that you can access within the restricted limits you have as a user of the console, and a privilege escalation exploit (jailbreak). In practice things can get much more complicated than that on modern systems with many other security measures to defeat (ASLR, DEP,…), but the basic idea is always: entry point, then privilege escalation.

In this case, the mast1c0re exploit, as it is described in CTurt’s first document, is the entry point: leveraging the fact that the PS4 and PS5 can run PS2 games within an integrated emulator, and using existing PS2 exploits, it is possible to use the PS2 emulator on the PS4 and PS5 as an entry point, through gamesave exploits.

This is a significantly different approach from using Webkit vulnerabilities, something that’s historically been the main entry point on PS4 exploits. But for people who have been on the hacking scene for some time, this is a throwback to good old times: The PSP leveraged savegame exploits a lot as entry points to exploits, and, closer to what’s being achieved here, the PS Vita also used these same PSP exploits to offer limited hack support, specifically enabling PSP Homebrew in the early days.

In the current state of his explanations, Cturt describes that the hack allows for arbitrary execution within the PS2 emulator. In other words, it is possible to run PS2 games and PS2 homebrew on a PS4 (or PS5) through this hack. This is very similar to what VHBL allowed back in the PSVita days (PSP Homebrew within the PSP emulator of the PS Vita).

But he promises there is more to come in a “part 2” of his write up, namely a (userland) PS4 homebrew environment. That aspect would require additional exploits to escape the PS2 environment and peel one layer, to go up to PS4 native level. How the hacker achieved this remains to be seen.

CTurt claims that the vulnerability is in essence “unpatchable”. Specifically, as long as exploitable PS2 games are available to download, leveraging this specific vulnerability should be doable. He states he disclosed the vulnerability to Sony more than a year ago, and they have decided not to patch it.

Assuming this exploit leads to user friendly releases (no doubt it will), this looks like a game of cat and mouse could start between PlayStation and hackers, just like in the VHBL days: a new exploitable PS2 game is found/announced, people rush to buy and download it before Sony remove it (temporarily?) from the PSN. Rinse and repeat.

The game that Cturt has used for his ongoing work is OKAGE: Shadow King, an exploitable PS2 game. Now before you rush to buy the game, the devil’s in the details and there are a few things to understand:

Based on the above, understand that the game is $10. To some, this might be a lot of money for something with no guarantee. Don’t jump the gun and buy a PS2 game expecting something it’s not.

For more details on the Vulnerability, check CTurt’s writeup, as well as the video below.

Stay tuned here on wololo.net as there will be fast developments on this one for sure!

Tags: CTurtMast1c0rePS4 exploit

We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

So this requires us to update the console to the latest firmware version? Haven’t touched my ps5 since the beginning of 2021

I wouldn’t upgrade just right now if I were you. A lower firmware PS5 is much more valuable than getting the PS2 exploitable game, in the current state of things.

Well, great, but how to put PS2 save (vmc) on PS4 or PS5 in the first place? PS4 can export it and import it but PFS static keys for USB wasn’t published so we cannot sign “save” to be imported via USB.

Very good point. That’s the “devil’s in the details” part of the article, I do feel there are lots of questions here around signing saves.

I already bought the game a while ago. I have 2 PS4 Pros that are low enough just waiting to be hacked as well as a PS5 that already has my account on it. Can’t wait for more.

Uncool how all these hackers keep snitching to *** Sony. I do have to wonder where we’d be if they didn’t do that ***.

They’re getting paid a LOT to do it, and Sony has allowed many of the vulnerabilities to be published. So, I’d say it’s a win on both sides. Hackers get paid to do what they already love doing, and the scene gets the releases after Sony has patched them.

Before hand, hackers would wait to release an exploit AFTER it was already patched, so we wouldn’t see the exploit publicly for a long time anyway.

I wouldn’t call it snitching…. Most of them are getting paid. That was a smart move by $ony.

Not sure I like this.. I get the feeling Sony will be removing the PS2 emulator as a result. Like what they did with otherOS on PS3

Your email address will not be published. Required fields are marked *

Notify me of follow-up comments by email.

Notify me of new posts by email.

List of PS2 Emulated Games that got a physical release on PS4 discs

mast1c0re PS4/PS5 Hack: CTurt reveals unpatched userland exploit within the PS2 emulator

3DS Firmware 11.16.0-49U: Nintendo’s older portable console gets an update

YoYo Loader on PS Vita: now more than 700 playable games

Release: VitaDB Downloader 1.4 by Rinnegatamante

mast1c0re PS4/PS5 Hack: CTurt reveals unpatched userland exploit within the PS2 emulator

Release: VitaDB Downloader 1.4 by Rinnegatamante

YoYo Loader on PS Vita: now more than 700 playable games

3DS Firmware 11.16.0-49U: Nintendo’s older portable console gets an update

List of PS2 Emulated Games that got a physical release on PS4 discs

How to get your hands on a PS4 with 7.55 FW

How to purchase US PSN Cards when you don't live in the US

Wololo.net © 2022. All Rights Reserved.

Powered by WordPress. Theme by Alx.

Featured Products

News & Blog