Cturt has been exploiting PlayStation consoles for years now, and with the release of the PlayStation 5, the scene hacker rose to the challenge of trying to hack it, too. This led to Cturt discovering what he claims to be an "essentially unpatchable" userland exploit, and even submitted it to Sony's bug bounty program a year ago, with no fix in sight. In an in-depth article that details the process and how it works, Cturt explains that the hack, dubbed Mast1c0re, utilizes the PlayStation 2 emulator that both the PS4 and PS5 use, through JIT privileged code.

Having JIT privilege means that fully compromising the emulator, including the compiler co-process, would grant the ability to run fully arbitrary native code (not just ROP) on the PS4/PS5 without the need for a kernel exploit. This would be especially convenient on the PS5 because the newly introduced hypervisor enforces that code pages (both userland and kernel) are not readable, and I don't have the patience to try to write a blind kernel exploit again as I did when I ported BadIRET to the PS4 without a kernel dump.

The reasoning behind the exploit being almost impossible to patch, is due to the fact that if you own any backwards compatible PlayStation 2 title, it'd be difficult for Sony to revoke your access to it, players can easily downgrade the game even if it were to be patched, and PS2 games require using JIT to run, even on the PS5 where most JIT potential attacks have been patched up.

Furthermore, PlayStation has decided to double-down on this security model by not even removing the identified known-exploitable PS2 games from the store. Because of these reasons, I'm comfortable referring to this scenario as "unpatchable", even if it may not technically be fully accurate.

It's a fairly simple process, too; in order to hijack the PS2 game, Cturt needed to find a game that has a save game exploit which was simple enough, choosing Okage Shadow King. Getting the save file that would cause a buffer overflow required an already hacked PS4 console, though, as creating a PS2-on-PS4 memory card with the exploit needed to be encrypted, and signed for use with the right PSN account, and then imported to the target system through USB.

​

The next step was to look into reverse engineering the PS2 emulator, finding the right bug that would be vulnerable. A very technical breakdown explains how Cturt managed this, which in the end, resulted in the ability to run custom PS2 games that aren't normally available on the PS4. That's not all mast1c0re can do, either; Cturt says their next article will explain how to run arbitrary homebrew code, which could lead to even running pirated commercial PS4 games. Once that's written up, you can expect to see it on the blog writeup for the exploit here.

We could technically write "PS4-enhanced" PS2 homebrew applications that could use any native PS4 functionality, and so could behave essentially the same as normal PS4 homebrew (accessing the PS4 controller's touchpad, etc), but I really wanted to achieve fully arbitrary code execution for a more practical homebrew environment. This makes the next step attacking the compiler process

Source

 

[MasterJ360]

its more fucked up that half of the people doesnt understand this isnt a full on exploit or that it magicaly runs ps2 flawlessly(still the same old ps2classic emulator) and its just another entry point i would say its even less impactfull as the bd exploit

This. I'm grateful that we found something to play with, but this isn't something worth going out of our way to hunt down a PS5 lol. If you want a PS5 hell even a PS4 then you want a full exploit that doesnt require disc burning or manipulating emulators for an entry point.

 

[gaga941021]

Finally, time to buy a PS5.

Read the article.

 

[ciaomao]

some times exploits took over a decade to be found and by then they technically were beaten as whatever it was got discontinued.

but that may only be true from the manufacturer's point of view. it's a matter of perspective. the challenge of the exploit remains as long as no one has done it before you, no matter how long it takes or when you do it. the commercial aspect ideally doesn't matter from the hacker's point of view. so in the end everyone can feel like a winner

 

[LibreNyaa]

This sounds really interesting, but sadly I don't have access to any modded PS4s for the save file, and I don't really want to pay the $50 for the online save editor assuming that it would work.

I think I'll just sit patiently with my 9.60 fw and let my PS4 collect dust for a while and chance that something more accessible comes out in the future, hopefully. It mostly just collects dust now anyway, so I can wait.

 

[linuxares]

"The easiest way to stop piracy is not by putting anti-piracy technology to work. It's by giving those people a service that's better than what they're receiving from the pirates." - Gabe Newell

GOG is a perfect example!

Witcher 3, probably extremely pirated but it sold like how many copies? Hundred thousands? Millions?

 

[godreborn]

GOG is a perfect example!

Witcher 3, probably extremely pirated but it sold like how many copies? Hundred thousands? Millions?

personally, I think a lot of pirates are going to pirate regardless. I mean free is free, right?

 

[raxadian]

personally, I think a lot of pirates are going to pirate regardless. I mean free is free, right?

If you can buy the game without DRM piracy tends to get reduced.

I bought Tales of Monkey Island in Gog and I already had a pirated version of the game.

Also some games never get re-released, so piracy and or emulation is the only way to play them again.

And even if a game gets ported and or re-released sometimes the port is bad, like Wonderful 101 still being better on the Wii U or Tearaway being better on the Vita. And let's not start with porting disasters or re-releases that are terrible like the new Sonic Colors.

And if a game was made to take advantage of a particulary console hardware, like a lot of Nintendo DS games, then the game getting ported and or and re-released is unlikely. Or if the game is ported they will have to change things, like game that used the 3DS mic being ported to a console without a mic.

 

[godreborn]

If you can buy the game without DRM piracy tends to get reduced.

I bought Tales of Monkey Island in Gog and I already had a pirated version of the game.

Also some games never get re-released, so for example Disgaea D2 was ONLY released in PS3 and never ported anywhere else and only the Euro and Japanese version still have the DLC for sale so even if you want to buy legally the USA DLC, you can't.

And even if a game gets ported sometimes the port is bad, like Wonderful 101 still being better on the Wii U or Tearaway being better on the Vita. And let's not start with porting disasters or re-releses that are terrible like the new Sonic Colors.

And if a game was made to take advantage of a particulary console hardware, like a lot of Nintendo DS games, then the game getting ported and ot and re-released is unlikely. Or if the game is ported they will have to change things, like game that used the 3DS mic being ported to a console without a mic.

just sayin', most pirates will pirate regardless. it has nothing to do with being angry about drm or the fact that one online service is bad. people who say that are just making excuses. they'd pirate either way simply because they can. I didn't say all pirates, but I can guarantee most would no matter what.

 

[raxadian]

Well sometimes a game does get pirated more because the anti piracy is stuff like "be always online for a game with zero online content that's single player".

Always online DRM is only of the reasons I don't like Epic Store.

 

[godreborn]

and, mind you, I've always taken all the risk, and done all the work for others. and, I share all information. I don't hide it or it conveniently act like it doesn't exist simply to appear superior to other people. all I've done is read a lot and tested a lot. I don't think I'm better than anyone because of some inflated ego because a of people in the scene are naive to the point of stupid.

 

[smf]

So this just proves that Sony could have included backwards compatibility on the ps4 and chose not to.

Well sure. If they wanted to spend a whole load of money on improving the emulator for absolutely no gain.

I can't for the life of me think why they would not choose to do that.

 

[codezer0]

Well sure. If they wanted to spend a whole load of money on improving the emulator for absolutely no gain.

I can't for the life of me think why they would not choose to do that.

First off, Sony deserves zero sympathy.

Second, if they at least had enabled functional bc with the system, I may have actually had a reason to buy it at all. I pretty much stopped with the ps3 in part because there was no way to bring my collection forward.

 

[smf]

First off, Sony deserves zero sympathy.

Second, if they at least had enabled functional bc with the system, I may have actually had a reason to buy it at all. I pretty much stopped with the ps3 in part because there was no way to bring my collection forward.

There was no sympathy in my post, I explained why they didn't implement disc based backward compatibility. You don't deserve any sympathy either.

The loss of a console sale is not going to upset Sony, as they often don't make any money on the sale of the console itself.

You made it sound like the decision not to include disc based backward compatibility was arbitrary and that is not true, it's down to cost.

Sony dropped PS2 disc based backward compatibility in 2007. The reasons for doing so haven't changed.

 

[susbaconhairman]

nice i guess but i dont have a ps so no pirated games for me

 

[nikeymikey]

I'd like to know how much piracy the PS4 has.
Considering how much of a behemoth of downloads the games are, is anyone hoarding pirate copies on their hard drives to play?

Is there even any point in doing so, considering the amount of time you have to devote to most games, today?

Sony should also give a dev mode to users. Heck, let users work for them and develop decent emulators for the system.

PS4 has a lot of piracy. There are many games that are quite small in size, along with the AAA 100Gb behemoths... Not all take forever to download and are really not hard to store on a USB hdd.

Getting your hands on the PKGs you want is the worst part. The games are large and direct downloads are slow, and that's if you can find the links you want. Games are frequently missing PKGs for updates, DLCs, or the region you want. Oh, and there's also firmware requirements so you can't play new games pirated or not unless there's a mystery backport, and you can't play any of your pirated games without reactivating HEN every reboot.
Yes, it's incredibly inconvenient.

Getting the PKG's is super simple, just a google search needed and you will find sites with 100's of links. Most are kept updated if the link ever dies as well. A lot of them will also have the links to the latest pirated update and DLC as well. It would require purchasing a premium file sharing account to get the best out of the download speeds but for $3-$4 a month you could quite easily build up a very nice, large ps4 fpkg collection.

Even on torrent sites you will find missing updates and DLCs. It especially sucks that FPKGs only accept FPKG updates, you can't just download the official ones on the console like on PS3 or 3DS.

It is for some games. I could only find the European version of Ace Combat 5, an emulated PS2 game with some PS4 enhancements, and I don't want a crappy 50Hz version.

My point about backports is that it's the only way to play >9.00 games. You have to hope the game you want has a backport, if you want to play it.

Torrent sites are not the best way to get PS4 pkgs, in the case pf PS4 piracy, the usual Scene groups are lacking when it comes to releases (Duplex quitting the scene didn't help), most releases for PS4 are p2p and are not found on torrent sites. I have membership to some very large private trackers and I see more PS4 releases come form elsewhere that never hit any of those trackers.

Region is a moot point as said previously except for edge case scenarios. Your 50hz dismissal is a case in point. If you want to play the game for free then take what you can get, beggars cant and should not be choosers dude. IF you really want to play it that badly in 60hz then just buy it ffs.

Once a hack surfaces on a fw above 9.00 then those games will no longer require backports.

Overall it sounds like you want everything just handed to you... All the latest game/update/dlc pkgs automatically downloaded and transferred to your ps4 with zero effort from yourself. Either put up with the limits of piracy or do us all a favour and update your PS$ to the latest FW and forget piracy completely.

 

[Kordru]

Congrunlatis, cturt!

 

[CMDreamer]

There's no such thing as an unhackable system, they were designed by humans, so they're not perfect, nor absolutely secure.

Hacking it, is something diferent though, and not everyone can nor will even try to do it, just a handful of them, my respects to everyone that can and do search for ways to hack systems, specially gaming consoles.

 

[lolcatzuru]

very eager to see where this goes!