PS4/PS5 Mast1c0re exploit: McCaulay Hudson shares Implementation details + PS2 Game Save Editing tool
The Mast1c0re hack, an unpatched PS4/PS5 exploit that leverages the PS2 emulation layer on the consoles, has been recently confirmed to work on recent PS4 and PS5 Firmwares. A few weeks ago, security researcher McCaulay Hudson demonstrated he was able to turn CTurt’s writeup into an actual proof of concept. Today, McCaulay shares his findings and the process, in great detail, with the first blog post of a series of 4.
What is Mast1c0re for PS5 and PS4?
Mast1c0re is an unpatched exploit for PS4 and PS5, which leverages a vulnerability in the PS2 emulation layer of Sony’s newer consoles. The vulnerability was disclosed, and described with great detail, by PlayStation hacker CTurt in September last year.
Back then, CTurt stated Sony had no plan to fix the vulnerability, which seems to be confirmed by recent videos, showing that the vulnerability is still here, in the latest PS5 6.50 firmware (and, it is safe to assume, in PS4 10.01 as well) as of January 2023.
PS5 (latest firmware) PoC for mast1c0re vulnerabilities.
Arbitrary PS2 code execution and native PS5 ROP chain execution.
Technical details on @CTurtE's blog post: https://t.co/J2tPU2zMaU pic.twitter.com/qNQ7Dcevbb
— McCaulay (@_mccaulay) January 24, 2023
Recently released Beta firmwares PS5 7.00 and PS4 10.50 still need to be confirmed, but there’s good reason to believe they are vulnerable as well.
Implement Mast1c0re on your own…soon ™
McCaulay’s blog post series is not complete yet, but I’m hoping that by post 4 we should have enough details for anyone with the relevant skills to create their own exploit file for the game Okage Shadow King.
Today’s post goes into great details on how the security researcher leverages a PS2 emulator for development and testing, on the PS2 Game save file format, and provides links to the tools he developed to help with leveraging a buffer overflow in the game. (man this sure brings memories)
In particular he released a tool to extract/edit PS2 Game save files about 2 weeks ago, which can be found here: https://github.com/McCaulay/pypsu
You can read McCaulay’s blog post series here for details.
Folks, what’s up with those multipart blog posts, when did that become a thing? Hopefully we won’t have to wait as long as CTurt’s part2 (which isn’t out yet?)
Hacking the PS4 / PS5 through the PS2 Emulator, this hack method is very difficult to patch because old game always works on new filmware update. Great news for ps4 , ps5 hack !!!
Great news! Finally, a doable way!
I hope eventually some good person will release an easier way to use this vulnerability for PS4 hack.
I thought it ran the emulator in virtualbox? I’m going to be doing a whole read it seems.
Reminds me of the ps3 and psp. .
I still remember loading up a gif image on the psp and being amazed.
You might be right on the virtual machine thing, but it appears CTurt has found a way to escape it, at least on PS4. That’s the part 2 of his writeup we’re eagerly waiting for.
Does this mean if your 4.x ps5 has never downloaded or purchased a ps2 game it won’t be exploitable via this means?
Right… you’d need the PS2 game, which means purchasing it and downloading it, which means you need the latest firmware, UNLESS the hack gets expanded to physical PS2 games for the PS4/PS5, which is a possibility, see: https://wololo.net/2022/09/16/list-of-ps2-emulated-games-that-got-a-physical-release-on-ps4-discs/
I hope that ps5 will be never broken
@KokamiDavid Emulators are now not in fw but they are standaolne (executable per pkg) and they can be easily patched, the same with fw which canpreventing further escalation if developer not wanted invest money to fix their game. The question here is… how in the heck export vmc and import it back on PS5!? On PS4 you can do that to usb but there is damn pfs container in the middle so it is not much you can do with it right now until encryption key and a way be published.
My method is via modded ps4 and pcsx2. I’ve tried and works like a charm. If you don’t have a moddes ps4, maybe use pypu?
Now we need to know if we should update and buy that game before Sony removes it entirely from the sony store. If this exploit can lead to anything bigger.
Basically webkit + bd-jb-style elf payloads + maybe some hbl-style homebrew.
Pro Mines Slways Wins Better Then Best Robots Believe Me ✌️
This is amazing to see but in the end we all know SONY is going to remove the exploit PS2 games or all PS2 games and block the ability to play on PSN with later firmware update and play those exploitable games in the later firmware’s along side take the hit of loss in money in returns of funds to whom purchased the exploited game or games.
Right…although there might be a small window of time where people will be able to buy the exploitable game(s), run the hacks, and then choose to not upgrade their console (and keep it off of Playstation network) to keep the hack. Depending on how much one can do with the hack, some might choose to do that.
By not fixing the issue right now Sony are making the bet that the end result will most likely not be interesting enough for most people to care (compared to the amount of effort required to patch the issue I guess), or that it will be easier to simply remove games from the PSN temporarily, like they did during the Vita VHBL era
I noticed people hack sony not xbox maybe because of backwards capabilities maybe they should just let backwards capabilities happen, they say they don’t but clearly people are playing old ps2 games that shouldn’t be played when they should, xbox does it so why not P.S.smh get it together playstation people love the old games because the new ones or the company’s ain’t listening to the consumers which are people buying the games check mate to the hackers once again this stuff never fails
This blog has a proper conversation about game consoles and computers. Which will be important for users. We appreciate this important information. Please share information about the Ps4 repair in Dubai. Because I’m currently in Dubai.