A proof of concept shows mast1core being used to load an external PS2 ISO into the system's emulator.
Longtime console hacker CTurt has blasted what he calls an "essentially unpatchable" hole in the security of the PS4 and PS5, detailing a proof-of-concept method that should allow for the installation of arbitrary homebrew applications on the consoles.
CTurt says he disclosed his exploit, dubbed Mast1c0re, to Sony via a bug bounty program a year ago without any sign of a public fix. The method exploits errors in the just-in-time (JIT) compilation used by the emulator that runs certain PS2 games on the PS4 (and PS5). That compilation gives the emulator special permissions to continually write PS4-ready code (based on the original PS2 code) just before the application layer itself executes that code.
By gaining control of both sides of that process, a hacker can write privileged code that the system treats as legitimate and secure. "Since we're using the JIT system calls for their intended purpose, it's not really an exploit, just a neat trick," CTurt said of a since-patched JIT exploit on the PS4's web browser.
Read 12 remaining paragraphs | Comments