CTurt, a hacker who has been working on game console cracking for a long time, has revealed a “basically unpatchable” vulnerability in the Sony PS4 and PS5 security. This vulnerability allows hackers to install arbitrary homemade applications on the console. CTurt said he disclosed the vulnerability, dubbed Mast1c0re, to Sony a year ago through a bug bounty program. However, he claims that Sony has shown no sign of a public fix. This vulnerability exploits a bug in the just-in-time compilation (JIT) used by emulators running some PS2 games on Sony PS4 (and PS5). The compilation gives the emulator special permissions to execute the code in the application layer itself. The code is constantly writing PS4-ready code (based on the original PS2 code) before the code.
Gizchina News of the week
Sony PS4 Mast1c0re issue has links to much older games
In order to take control of the emulator, hackers could theoretically exploit known vulnerabilities in PS2 games from decades ago. Most of those vulnerabilities require the use of a known exploitable game to access specially formatted save files on the memory card. Although since Sony PS4 and the PS5 don’t natively recognize standard PS2 discs, this approach is a bit limited. This means that any available game must be available as a downloadable PS2-on-PS4 game through PSN. Or it must be one of the few PS2 games released as a physical, PS4-compatible disc through a publisher such as Limited Run Games.
Hackers would still need to exploit a separate (possibly patchable) kernel vulnerability to gain “full control” over the PS4, CTurt said. But the mast1c0re exploit itself should be enough to run complex programs. This includes JIT-optimized emulators, and possibly even some pirated commercial Sony PS4 games.
CTurt emphasizes that it is almost impossible for Sony to plug the loophole that enables mast1c0re. This is because a version of the available PS2 emulator is packaged with every available PS2-on-PS4 game, rather than being stored separately as a core part of the console’s operating system. Nintendo’s eShop has had a similar vulnerability before, but Nintendo has removed all 3DS games. However, for Sony, there are still PS2 games available for download on PSN.