Cturt has been exploiting PlayStation consoles for years now, and with the release of the PlayStation 5, the scene hacker rose to the challenge of trying to hack it, too. This led to Cturt discovering what he claims to be an "essentially unpatchable" userland exploit, and even submitted it to Sony's bug bounty program a year ago, with no fix in sight. In an in-depth article that details the process and how it works, Cturt explains that the hack, dubbed Mast1c0re, utilizes the PlayStation 2 emulator that both the PS4 and PS5 use, through JIT privileged code.

Having JIT privilege means that fully compromising the emulator, including the compiler co-process, would grant the ability to run fully arbitrary native code (not just ROP) on the PS4/PS5 without the need for a kernel exploit. This would be especially convenient on the PS5 because the newly introduced hypervisor enforces that code pages (both userland and kernel) are not readable, and I don't have the patience to try to write a blind kernel exploit again as I did when I ported BadIRET to the PS4 without a kernel dump.

The reasoning behind the exploit being almost impossible to patch, is due to the fact that if you own any backwards compatible PlayStation 2 title, it'd be difficult for Sony to revoke your access to it, players can easily downgrade the game even if it were to be patched, and PS2 games require using JIT to run, even on the PS5 where most JIT potential attacks have been patched up.

Furthermore, PlayStation has decided to double-down on this security model by not even removing the identified known-exploitable PS2 games from the store. Because of these reasons, I'm comfortable referring to this scenario as "unpatchable", even if it may not technically be fully accurate.

It's a fairly simple process, too; in order to hijack the PS2 game, Cturt needed to find a game that has a save game exploit which was simple enough, choosing Okage Shadow King. Getting the save file that would cause a buffer overflow required an already hacked PS4 console, though, as creating a PS2-on-PS4 memory card with the exploit needed to be encrypted, and signed for use with the right PSN account, and then imported to the target system through USB.

​

The next step was to look into reverse engineering the PS2 emulator, finding the right bug that would be vulnerable. A very technical breakdown explains how Cturt managed this, which in the end, resulted in the ability to run custom PS2 games that aren't normally available on the PS4. That's not all mast1c0re can do, either; Cturt says their next article will explain how to run arbitrary homebrew code, which could lead to even running pirated commercial PS4 games. Once that's written up, you can expect to see it on the blog writeup for the exploit here.

We could technically write "PS4-enhanced" PS2 homebrew applications that could use any native PS4 functionality, and so could behave essentially the same as normal PS4 homebrew (accessing the PS4 controller's touchpad, etc), but I really wanted to achieve fully arbitrary code execution for a more practical homebrew environment. This makes the next step attacking the compiler process

Source

 

[metroid maniac]

I'd like to know how much piracy the PS4 has.
Considering how much of a behemoth of downloads the games are, is anyone hoarding pirate copies on their hard drives to play?

Is there even any point in doing so, considering the amount of time you have to devote to most games, today?

Sony should also give a dev mode to users. Heck, let users work for them and develop decent emulators for the system.

I own a hacked PS4 and rarely use it. There's not much reason to pirate when most of the games are available elsewhere, usually better (PC,PS5). It's awkward to use and inconvenient to download stuff.

 

[Marc_LFD]

Very impressive. Now it's just a matter of whether Sony starts releasing enough PS5 exclusives to make it worth the hassle or not, because all the best PS4 exclusives are super cheap by now.

Like a new Killzone, Twisted Metal, Infamous, Sly Cooper, Jak and Daxter, MediEvil, Haze, DriveClub, WipEout, Genji, MotorStorm, Resistance, Lair, or Heavenly Sword? Any of those, you think?

I own a hacked PS4 and rarely use it. There's not much reason to pirate when most of the games are available elsewhere, usually better (PC,PS5). It's awkward to use and inconvenient to download stuff.

Let's ignore it's piracy for a moment:

So downloading a PKG file, transfer to the USB/HDD, and then installing it is inconvenient?

This reminds me of people saying opening their wallet is inconvenient so they use their palms to pay. Palm? Yes. Amazon.



Or those who use their phone to open their door. Jeez, using a key is so hard!!

 

[metroid maniac]

Let's ignore it's piracy for a moment:

So downloading a PKG file, transfer to the USB/HDD, and then installing it is inconvenient?

This reminds me of people saying opening their wallet is inconvenient so they use their palms to pay. Palm? Yes. Amazon.



Or those who use their phone to open their door. Jeez, using a key is so hard!!

Getting your hands on the PKGs you want is the worst part. The games are large and direct downloads are slow, and that's if you can find the links you want. Games are frequently missing PKGs for updates, DLCs, or the region you want. Oh, and there's also firmware requirements so you can't play new games pirated or not unless there's a mystery backport, and you can't play any of your pirated games without reactivating HEN every reboot.
Yes, it's incredibly inconvenient.

 

[zebrone]

Sony: "No more PS2 games for you!"

We will survive

 

[titan_tim]

Getting your hands on the PKGs you want is the worst part. The games are large and direct downloads are slow, and that's if you can find the links you want. Games are frequently missing PKGs for updates, DLCs, or the region you want. Oh, and there's also firmware requirements so you can't play new games pirated or not unless there's a mystery backport, and you can't play any of your pirated games without reactivating HEN every reboot.
Yes, it's incredibly inconvenient.

Getting the PKG's isn't too difficult. Lots of easy to find torrent sites out there. The region isn't a problem either, since it's region free.
Backports are only an issue if you're on the hard to find 5.05 firmware, but I think most people are on the newest firmware hack.

Reactivating the HEN is DEFINITELY the most annoying part. And holy crap it was annoying when it was less stable! But the newest version lets you go into sleep mode now, so as long as you don't mind leaving your PS4 in sleep mode, it's not too bad.

 

[metroid maniac]

Getting the PKG's isn't too difficult. Lots of easy to find torrent sites out there.

Even on torrent sites you will find missing updates and DLCs. It especially sucks that FPKGs only accept FPKG updates, you can't just download the official ones on the console like on PS3 or 3DS.

The region isn't a problem either, since it's region free.

It is for some games. I could only find the European version of Ace Combat 5, an emulated PS2 game with some PS4 enhancements, and I don't want a crappy 50Hz version.

Backports are only an issue if you're on the hard to find 5.05 firmware, but I think most people are on the newest firmware hack.

My point about backports is that it's the only way to play >9.00 games. You have to hope the game you want has a backport, if you want to play it.

 

[osaka35]

my ps4 pro now (potentially) serves a purpose. sweet.

 

[Holybond]

Getting your hands on the PKGs you want is the worst part. The games are large and direct downloads are slow, and that's if you can find the links you want. Games are frequently missing PKGs for updates, DLCs, or the region you want. Oh, and there's also firmware requirements so you can't play new games pirated or not unless there's a mystery backport, and you can't play any of your pirated games without reactivating HEN every reboot.
Yes, it's incredibly inconvenient.

This reminds me of the whole convenience argument time and time again. People are less likely to torrent because they don't want to navigate finding the software and doing all the necessary steps. Sure, to the average user these things are stop gaps. To people that want to get the utmost out of their console or want to avoid paying? The time invested will pay itself back. $60-$70 per game acquired with coupons for maybe a week, at worst a month of research? Think about it. Having an entire console with a catalog of multiple different consoles is worth it to the communities that care.

Most of these knowledge based stopping points are reduced when you have a plethora of written and video based guides that go into decent detail for each step. If you need more help? Hop into any of the discord servers with people willing to help.

 

[Marc_LFD]

Getting your hands on the PKGs you want is the worst part. The games are large and direct downloads are slow, and that's if you can find the links you want. Games are frequently missing PKGs for updates, DLCs, or the region you want. Oh, and there's also firmware requirements so you can't play new games pirated or not unless there's a mystery backport, and you can't play any of your pirated games without reactivating HEN every reboot.
Yes, it's incredibly inconvenient.

If you know where to get it it's fast and seamless. Seems like you just don't know where to download it from.

Reactivating the HEN is DEFINITELY the most annoying part.

What? It was easy then, and even easier now.

What are y'all on about.

 

[Nevermore]

Damn, gotta find out which PS2 game to get before they yoink it. This reminds me of the 3DS days.

 

[smf]

People are less likely to torrent because they don't want to navigate finding the software and doing all the necessary steps.

Torrenting could also potentially end up with a lawsuit, if someone actually bothers to track you down.

 

[sley]

Really cool.
What always has been a dealbreaker for me was that hacking PS consoles meant losing access to online gaming.
Is there any reason why that was never a thing? Wouldn't it be possible on a PS5?

 

[Nostalgia]

finding a 4.03 ps5 is nearly impossible at this point

 

[SG854]

Yeeesss

I been tired of buying games I can now get them for free

 

[Holybond]

Torrenting could also potentially end up with a lawsuit, if someone actually bothers to track you down.

True, but there are ways around this. You can mitigate a lot of these risks just by being an informed user. The issue comes when people want everything to the point where they start neglecting and outright ignoring the steps for efficiency. There's a risk of lawsuit with direct downloads as well. Nothing is 100%. The likelihood of you being attacked if you take the proper steps is low.

 

[gnmmarechal]

Nice to see, although sadly I don't really see much interesting going on with the PS5 in general so meh.

 

[krasaty]

Torrenting could also potentially end up with a lawsuit, if someone actually bothers to track you down.

Tbh, the chance of that happening is so incredibly low that it shouldn't even be considered. I've been torrenting since I was a child and the worst I've gotten is one letter from my isp about a Disney movie I didn't even pirate.

 

[codezer0]

So this just proves that Sony could have included backwards compatibility on the ps4 and chose not to.

As this feature is basically selling the console more than anything it ever had to offer (to me). Now if I just had a less awful controller to deal with. Stock ps4 controller just feels wrong to my grip.

 

[Dominator211]

Welp... Time to buy a PS5.

So this is practically immune to firmware and hardware revisions as well correct?

 

[SilverWah]

This is neat, I still have my ps4 pro up to date but some homebrew apps would be nice to have.