Hackers expose Sony PS4 / PS5 vulnerability

CTurt, a hacker who has been working on game console cracking for a long time, has revealed a “basically unpatchable” vulnerability in PS4 and PS5 security, which allows hackers to install arbitrary homemade applications on the console.

CTurt said he disclosed the vulnerability, dubbed Mast1c0re, to Sony a year ago through a bug bounty program, but Sony has shown no sign of a public fix. The exploit exploits a bug in the just-in-time compilation (JIT) used by emulators running some PS2 games on PS4 (and PS5), which gives the emulator special permissions to execute the code in the application layer itself. The code is constantly writing PS4-ready code (based on the original PS2 code) before the code.

In order to take control of the emulator, hackers could theoretically exploit known vulnerabilities in PS2 games from decades ago, most of which require the use of a known exploitable game to access specially formatted save files on the memory card, although due to PS4 And since the PS5 doesn't natively recognize standard PS2 discs, this approach is a bit limited. This means that any available game must be available as a downloadable PS2-on-PS4 game through PSN, or one of the few PS2 games released as a physical, PS4-compatible disc through a publisher such as Limited Run Games.

Hackers would still need to exploit a separate (possibly patchable) kernel vulnerability to gain "full control" over the PS4, CTurt said. But the mast1c0re exploit itself should be enough to run complex programs, including JIT-optimized emulators, and possibly even some pirated commercial PS4 games.

CTurt emphasizes that it is almost impossible for Sony to plug the loophole that enables mast1c0re. This is because a version of the available PS2 emulator is packaged with every available PS2-on-PS4 game, rather than being stored separately as a core part of the console's operating system. "The PS2 emulation fundamentally violates [Sony's] own security model because it leaves privileged code with no existing mechanism to patch potential future vulnerabilities," CTurt said.

Nintendo’s eShop has had a similar vulnerability before, but Nintendo has removed all 3DS games, but there are still PS2 games available for download on PSN.

Post a Comment