Mast 1c0re PS4/PS5 Hack: CTurt Reveals Unexpected User Land Exploitation Within PS2 Emulator

playstation hacker paranormal seatturt made a disclosure not patched Run the exploit for PS4 and PS5, using the integrated PS2 emulator as an entry point. In the current state of its disclosure, the hackers state that the vulnerability would allow tinkerers Play Pirated PS2 Games on PS4/PS5 (and one might assume, PS2 Homebrew), but that too More promises to come, especially the PS4 native homebrew exec (PS4 Userland).

Nicknamed mast1c0re, the exploit was disclosed a year ago by CTurt to Sony, but the developer was only now allowed to reveal it publicly. Still, the exploit, according to the hacker, is unpublished, which means recently released PS4 Firmware 10.00 and PS5 Firmware 6.00 Are Clearly Vulnerable,

CTurt sent details of the exploit to PlayStation a year ago, but was only allowed to reveal it publicly now.

CTurt shared a full write-up of the exploit, as well as a video that demonstrates the exploit used to load another PS2 game from within the emulator process. (Writing and video link below)

What’s the Mast1c0re – PS4/PS5 Userland Hack About

Hacking a console typically requires two levels of exploit: an entry point that you as a user of the console can access within restricted limits, and a privilege escalation exploit (jailbreak). In practice things can be much more complicated than in modern systems with many other security measures (ASLR, DEP, …), but the basic idea is always: entry point, then privilege escalation.

In this case, the mast1c0re exploit, as described in CTurt’s earlier document, is the entry point: taking advantage of the fact that the PS4 and PS5 can run PS2 games within an integrated emulator, and by using existing PS2 exploits. , it is possible to use the PS2 emulator on PS4 and PS5 as the entry point, via GameSave Adventures.

This is quite a different approach from using WebKit vulnerabilities, something that has historically been the main entry point on PS4 exploits. But for those who have been in the hacking scene for a while, it’s a return to the good old times: PSP leveraged savegame leverages a lot As an entry point to exploits, and, closer to what is being achieved here, the PS Vita also used the same PSP exploits to offer limited hack support, notably Enabling PSP Homebrew in the Early Days,

Mast1c0re – PS4 Userland Homebrew Next?

In the current state of his explanation, Cturt describes how the hack allows arbitrary execution within the PS2 emulator. In other words, through this hack it is possible to run PS2 games and PS2 homebrew on PS4 (or PS5). it’s very similar to VHBL Allowed back in the PSVita days (PSP Homebrew within the PS Vita’s PSP emulator).

But he promises there’s more to come in “Part 2” of his writing, namely the (Userland) PS4 homebrew environment. That aspect would require additional exploits to escape the PS2 environment and peel off a layer to go up to the PS4 original level. How the hacker achieved this remains to be seen.

Mast1c0re – What’s the situation now, and what do I do?

CTurt claims that the vulnerability is basically “untraceable”. Notably, as long as exploitable PS2 games are available for download, this specific vulnerability should be exploitable. He said he disclosed the vulnerability to Sony more than a year ago, and they have decided not to patch it.

Considering that this exploit leads to a user-friendly release (no doubt), it looks like a game of cat and mouse between PlayStation and hackers may begin, Just like in VHBL days: A new exploitable PS2 game is found/announced, people rush to buy and download it before Sony removes it (temporarily) from PSN. Wash and repeat.

The game that Kurt uses for his running work is OKAGE: Shadow King, an exploitable PS2 game. now Before You Run To Buy The Game, The Devil Is In The Details And there are a few things to understand:

  1. The game has been announced leading up to an exploit, and is still available on PSN at the time of writing. No one has any idea how long it’ll be on PSN before Sony pulls it out. It could happen today, it could happen next week, it could never happen. Once it’s pulled, that chance is gone, but it’s likely that other exploitable games will emerge in the future.
  2. Technically nothing has been released yet. There is a non-zero probability that this may not lead to anything useful to the end user
  3. PS2 Homebrew and possibly PS4 Homebrew are currently being announced.
    1. Nothing about PS4 full jailbreak, which would require a privilege escalation exploit (kernel exploit). This specifically means no PS4 piracy
    2. Although CTurt says the PS2 exploit is basically untraceable, the next level (PS4 user land) may be. There are actually rumors that a PS4 firmware 10.1 is coming soon, and that may be related to what CTurt will reveal next (mast1c0re part 2)
  4. Although CTurt mentions the PS5 being vulnerable, it seems that a lot of his work is focused on the PS4. PS5 compatibility can only be theoretical at this point, especially for end users.
  5. Creating the correct PS2 savegame for your PS4 console requires a way to encrypt the savegame for your unique PSN ID. This means that someone with an already hacked PS4, or someone with more advanced tools, needs to do it for you! While it is very likely that the community will be able to provide services for this, it is not as straightforward as your typical hack. Specifically from CTurt: “With one of these exploits, a PS4 save file containing a generated PS2 memory card can be encrypted and signed for any PSN-ID on any firmware with a hacked PS4 (or just a PC if their have decapped SAMU keys), and then imported into target PS4/PS5 using the USB Save Import feature in Settings.

Based on the above, understand that the game is $10. For some, it can be a lot of money for something without any guarantees. Don’t jump the gun and buy a PS2 game that’s not something like that.

Mast 1c0re – More Info

For more information about the vulnerability, check Writing of CTurtAlso the video below.

stay here woolo.net Because there will definitely be rapid development on this one!

Source: seatturt

Be the first to comment

Leave a Reply

Your email address will not be published.


*