Cybersecurity NewsNews

Console Hacker Reveals PS4/PS5 Exploit That Is Essentially Unpatchable

Longtime console hackerCTur has blasted what he calls an essentially unpatchable hole within the security of the PS4 and PS5, detailing a proof-of-concept method that should allow the installation of arbitrary homebrew applications on the consoles.

CTurt says he disclosed his exploit, dubbed Mast1c0re, to Sony via a bug bounty program a year ago without any sign of a public fix.

Furthermore, that compilation gives the emulator special permissions to continually write PS4-ready code (based on the first PS2 code) just before the applying layer itself executes that

gaining control of each side of that process, a hacker can write privileged code that the system treats as legitimate and secure.

Since we’re using the JIT system that involves their intended purpose, it isn’t an exploit, just a neat trick,  CTurt said of a since-patched JIT exploit on the PS4’s application programs.

Gaining Console Control

a specially formatted save file on the memory card, resulting in a buffer overflow that offers access to otherwise protected memory (similar exploits are used in PSP and Nintendo 3DS hacks over the years).

This method could be a bit limited, though, by the fact that the PS4 and PS5 can’t natively recognize standard PS2 discs. which means any exploitable game needs to be available either as a downloadable PS2-on-PS4 game via PSN.

Getting an exploit-ready PS2 save file onto the PS4 isn’t an easy process, either. CTurt had to use an already-hacked PS4 to digitally sign a modified Okage Shadow King save the file, enabling it to work along with his PSN ID. Then CTurt used the system’s USB save import feature to get that file onto the target system.

Can’t patch what you can’t catch

While there have been PS4 homebrew exploits in the past, Sony has been diligent in pushing firmware updates that make them a minimum of somewhat obsolete.
Notably, CTurt stressed that it’d be nearly impossible for Sony to plug the opening that allows mast1c0re.
That’s because a version of the exploitable PS2 emulator in question is packaged with each available PS2-on-PS4 game instead of stored separately as a core Corelof the console software system.

Moreover, for digital releases, whether or not the exploit is later patched out, there are methods to downgrade to a stored, exploitable version using proxy HTTP traffic from an area server.

Related Articles

Back to top button