Known for hacking Sony consoles, hacker CTurt has discovered, as he claims, an almost “virtually unrecoverable” vulnerability in the PlayStation 4 and PlayStation 5 consoles. A security hole named mast1c0re allows hackers to install homebrew applications and various software mods on the console.
The vulnerability exploits a bug in the software that runs PS2 games on PS4 and PS5. When the compiler grants special permissions to execute code at a low level, the user can take control of the execution and gain access to the underlying hardware.
To do this, you need to use known vulnerabilities in emulated projects, that is, in PS2 games. The method relies on errors in the JIT compilation used by the emulator, letting a hacker write his code and inject it into the system. The console will accept it and recognize it as safe.
CTurt explained that as a result, it is possible to program the system to run other games from legacy consoles through the official emulator. He also described that the process of infiltrating the system is quite complex.
To exploit the problem, you need to use an already hacked copy of the game — the enthusiast managed to succeed with the help of Okage Shadow King. He showed how, when starting the Okage game, Shadow King accessed the built-in functions and pointed the emulator to the ISO file with another project on the local network.
He also explained that in the future, through the vulnerability of the emulator, it will be possible to download pirated copies of the game for the latest generation consoles. CTurt emphasized that it would be nearly impossible for Sony to close this gap, as the emulator is built into every copy of the game rather than existing as a standalone program.
CTurt informed Sony about the found Mast1c0re vulnerability a year ago through a reward program. However, the company’s developers have not yet fixed the problem and are unlikely ever to fix it.
According to the developer, the problem lies not in the console’s firmware but in that part of the program code contained in PS2 games. In this case, it is almost impossible to fix the hole — for this, you will have to exclude support for old games on consoles and remove all projects from the PlayStation Store.