Mast1c0re Hack: McCaulay releases Okrager (Exploit generator for Okage). Here’s how to run the exploit on your PS4/PS5
With McCaulay Hudson publishing more tools for his implementation of CTurt’s Mast1c0re hack, we’re seeing more details emerge on how to implement your own save file to run this exploit on PS4 or PS5. The developer has published Okrager yesterday, a tool that lets you generate a save file for the game Okage Shadow King, that will run an exploit, based on his writeup from a few days ago. Below we share all the steps to run the “Hello World” Proof of concept file on your PS4 or PS5.
What is Mast1c0re for PS5 and PS4?
Mast1c0re is an unpatched exploit for PS4 and PS5, which leverages a vulnerability in the PS2 emulation layer of Sony’s newer consoles. The vulnerability was disclosed, and described with great detail, by PlayStation hacker CTurt in September last year, but no full “user friendly” implementation was released then.
Back then, CTurt stated Sony had no plan to fix the vulnerability, which seems to be confirmed by recent videos, showing that the vulnerability is still here, in the latest PS5 6.50 firmware (and, it is safe to assume, in PS4 10.01 as well) as of January 2023.
Recently released Beta firmwares PS5 7.00 and PS4 10.50 still need to be confirmed, but there’s good reason to believe they are vulnerable as well.
Running Mast1c0re on your PS4 or PS5: the important disclaimer
The important thing to note right now is that in order to generate the exploit savefile, you need a Jailbroken PS4 (or maybe not, read the “I don’t have a Jailbroken PS4” section below!). It will be required to encrypt/decrypt the save file, via Apollo Save Tool.
Furthermore, that PS4 needs to be activated with the same PSN user as the console you will ultimately want to exploit. For example if you want to run the exploit on your PS5, your Jailbroken PS4 needs to have the same PSN account as your PS5.Thankfully, Apollo Save Tool comes to the rescue and will let you do an offline activation of the target account, on your Jailbroken PS4.
I don’t have a Jailbroken PS4, what do I do?
If you don’t have a Jailbroken PS4, it is possible that Save Wizard will let you encrypt/decrypt the saves similarly to what Apollo does on a Jailbroken PS4. Please note that Save wizard is a paid service, and, having never used it myself, I cannot confirm whether it will work for you or not. At this point of the exploit, I would advise against paying for that service if your only goal is to run the Mast1c0re exploit. (update: some people are reporting that Save Wizard does NOT work for Okage. Others say it works, with video explanations here. YMMV)
You can also probably ask a friend with a Jailbroken PS4 to generate the file for you in Apollo. (in that case be sure to ask a trusted person, as this will generate a file that could potentially damage your console.)
How to run the Mast1c0re exploit on PS4 or PS5
Requirements:
- The “Target” (non Jailbroken) PS4 or PS5 on which you want to run the exploit
- A Jailbroken PS4 (or Save wizard. See disclaimer section above)
- Install Apollo Save Tool on the Jailbroken PS4
- With Apollo Save Tool, Offline Activate the Jailbroken PS4 to the same PSN User ID as your Target PS4/PS5. You will need Chiaki to get your PSN ID (Modded Warfare explains it in detail in a video here). See https://github.com/bucanero/apollo-ps4#custom-account-id-settings
- an FTP client (e.g. FileZilla)
- The Game Okage Shadow King (you will need a legal copy bought on the PSN, in order for it to run on your Target PS4/PS5)
- The “Hello World” exploit file from McCaulay Hudson (PS4 Version / PS5 Version <– Pick the right one depending on your Target device)
How to create the exploit
PS4 Save Files (including for PS2 games) are encrypted for the PSN account running them. This means that you need to encrypt your own version of the exploit in order to run it. To do so, proceed as follows:
- Run Okage Shadow King on your Jailbroken PS4
- Create a character, and go to your bedroom in the game, where you can save the game (see Michael Crump’s video below for details), this will create your initial save data.
- From Apollo Save Tool, decrypt the save data. This will create decrypted versions of your save file, on the Jailbroken PS4’s Hard Drive.
- From your PC running your FTP client, connect to your Jailbroken PS4 via FTP, and locate the decrypted files. There should be a VMC0.card file in there. You’ll want to replace that file with the exploited one you downloaded from McCaulay’s github above (just FTP copy the exploited file from your PC to overwrite the one on your Jailbroken PS4)
- Back to Apollo Save tool on your Jailbroken PS4, click on Import Decrypted Save files. This will repack and encrypt your save data.
Michael Crump has a great video demonstrating all the steps (note: the screenshots above are all from his video), although in his case he is running the exploit on the same Jailbroken PS4, for demonstration purposes:
How to run the exploit on your Target PS4/PS5
- Copy the encrypted Save file from your Jailbroken PS4 onto a USB Stick.
- Copy the Save Data from your USB stick to your Target PS4 or PS5:
- Access Settings.
- Select the option Application Saved Data Management, then Saved Data in System Storage.
- Select the option Copy to USB Storage Device.
- Choose the save that needs to be transferred.
- Run Okage shadow King on your Target PS4/PS5. Selecting “Restore Game” should run the exploit and display “Hello World”.
- You’re done!
Mast1c0re Exploit on PS4/PS5: Taking it further
If you managed to follow the steps above, you’re basically all set up to dig further into the Mast1c0re exploit. If you’re a developer, the Okrager repository by McCaulay gives you all the necessary tools to run more than just a hello world: You can create your own ELF payloads, and compile them into an exploited VMC0.card file for Okage.
Based on this I’m hopeful that people with the right skill sets could create, at the very least for now, a Homebrew environment for PS2 games within the PS4 or PS5. Yes, that’s far from native PS4/PS5 homebrew (PS4 Homebrew is still on the table as far as I understand) but it would be nice.
I hope one day there will be an easier, for dummies, guide to jailbreak PS4 10.01.
you advice to buy the okage game?
maybe from a pc browser?
Sorry guys, I haven’t a PS4 with a jailbreak, or the software Save Wizard. Someone that has a PS4 with a jailbreak, can help me for the save file? Or someone that has Save Wizard. In the text there is the part that also for the save file, it’s good a PS4 of a x person, not necessary own. Thank you very much. My email is pepparello05@gmail.com
I’m not understanding. We can already run unsigned code by default, why does it matter that we can run unsigned code in a game no one cares about? It’s not even an entry point, as it still requires running a primary exploit first to begin with.
You’re indeed misunderstanding. The requirement for a Jailbroken PS4 can easily be bypassed: either by getting a friend to encrypt the savedata for you, or by using save wizard. There is no other known entry point for Firmwares 9.03 and above, as far as I know, so this is the first public exploit for these firmwares. Same for PS5 recent firmwares.
To rephrase, without this hack, it is not possible to run unsigned code on recent PS4 or PS5 firmwares to my knowledge. I’m not sure where you got that from?
Hopefully more people will play Okage Shadow King, fun little game
And learn how to create a file using ps3?having a ps3 hen is it possible to create a file?
darn i have a 9.03 ps4 and i even have the same account on my ps5 they both have okage. but 9.03 isn’t jailbroken huh…least not publicly
Can i use the Apollo App on my ps3 to do the Same ?
Apollo is available also für ps3 and you Can decrypt and encrpyt savestates for ps2 Games like in the Tutorial.
Bit Can i Transfer ps2 Memory Card files from ps3 to 4/5 ?
just sharing my findings for any other poor souls in my situation so just to recap. got a ps4 on 9.03 got a ps4 on 9.00 got a ps5 on 4.03 got a ps5 on latest. The 9.00 jailbroken does not have okage. The 9.03 does. The 4.03 ps5 does not have okage. The ps5 on latest has okage. SAVE WIZARD CAN NOT DO THIS. UGH $50 bucks just down the drain. Some games it cannot decrypt. Don’t waste your loot. I used cyb1k release (brother thank you so much!) and i installed it to the 9.0 ps4. Then i took my ps5 save for okage from the ps5 on latest and i loaded it. Then i ran debug. Then i ran ftp. Then i ran save mounter. I swapped the memory card file. I took that save. Copied to usb. Brought to ps5. SO YOU DON’T NEED A LEGIT COPY ON THE JAILBROKEN PS4. KNOWLEDGE IS POWER. CORRECT THE ARTICLE! THANKS BUY! THANKS TO THE SCENE!
Hey Sean, sorry if the article was unclear, but if you read again you will see that it doesn’t say the legit Okage copy is required for the *target* console. I agree that point is a bit fuzzy since I do not exactly say “you need two copies of the game” . How you obtain your other copy is something I let to the creativity and imagination of the reader.
Thanks for sharing your experience though, hopefully it will help others.
i was talking about method used. so i went from legit to fpkg and did the save file edit with save mounter. you also missed the other point
YOU CANNOT USE SAVE WIZARD BOSS!
Totally missed my points…ugh but not surprising. Just fix it. You don’t need to post this comment as we both know you don’t like me. FIX THE ARTICLE! GIVE PROPER KNOWLEDGE!
I…have nothing against you. Where did you get that idea?
Anyway, I’ll add a note that people reported Save Wizard doesn’t work. As I mentioned, I cannot vouch for them as I’ve never used them.
Edit: And sorry you had to go through so much pain to get it to work 🙁
Hey guys, i’ve found a way to use the Save Wizard, so, it works: https://www.youtube.com/watch?v=-knVHxzJkIQ
auto-okage-masticore installer update autoplayer bot discord channel c++ npm module
npm run autoplay
Save Wizard only works with CUSA02282 (EU version), CUSA02199 will show error when downloading the save back to your computer.