Mast1c0re Exploit Confirmed Working on PS5 Latest Firmware 6.50 (PS2 Random Run + Built-in PS5 ROP Chain – Video)

Mast1c0re Exploit Confirmed Working on PS5 Latest Firmware 6.50 (PS2 Random Run + Built-in PS5 ROP Chain – Video)

Security consultant McCaulay Hudson has posted a video showing CTurt’s Mast1c0re exploit running on the latest PS5 firmware, 6.50. In the video (below), we see the Mast1c0re exploit run through the exploitable PS2 game “Okage Shadow King”, which is then used to remotely load another PS2 game, Midnight Club 3.

What is Mast1c0re for PS5 and PS4?

Mast1c0re is an unpatched exploit for PS4 and PS5 that exploits a vulnerability in the PS2 emulation layer of Sony’s newer consoles. The vulnerability was revealed, and described in great detail, by PlayStation hacker CTurt last September.

At the time, CTurt stated that Sony had no plans to fix the vulnerability, which seems to be confirmed by today’s video, which shows that the vulnerability is still here, in the latest PS5 6.50 firmware (and it’s safe to assume, in PS4 10.01 as well) from January 2023.

From McCaulay Hudson’s showcase video of the Mast1c0re exploit running on PS5 6.50

PS2 Native Execution, PS5/PS4 ROP chain for additional exploits

At the very least, the exploit allows running PS2 code, which means loading PS2 “backups” (as demonstrated in McCaulay’s video today, as well as the demo published by Cturt in September), but also PS2 Homebrew.

Furthermore, as described by Cturt, and confirmed by Hudson today, this is a user mode entry point for further hacking the actual PS5/PS4 stack, currently as a ROP chain. Such an entry point is always required for a console jailbreak.

See also  Why Breaking Risk of Rain 2 is so much fun

We’ve mostly seen Webkit exploits used as such entry points in recent history, but there are exceptions (like Blu-Ray vulnerabilities being used as an entry point on PS4/PS5 with BD-JB). In this case, this is exploited by loading a “malicious” save date into a PS2 game.

As such, it could potentially be used as a starting point for a larger PS4/PS5 hack on newer firmware, and CTurt has hinted that he would indeed demonstrate something like this in part 2 of his write-up, which has yet to be published.

What’s new with today’s video?

Today’s video is exciting to me for two reasons.

First, it shows that exploit has not actually been patched, as it runs on the latest PS5 firmware. Of course, we understand that very well Sony has other ways to prevent the hack from spreading, specifically removing affected PS2 games from PSN. (This would prevent users from purchasing it, and therefore from running the exploit with it). This is a strategy we’re very familiar with, as at one point running game saver exploits was the bread and butter of PSP/PS Vita hacking.

Second, it shows a independent confirmation of CTurt’s write-up. I don’t think anyone (other than CTurt himself) had confirmed, until now, that his recipe was sufficient to reproduce his results. That question can now be put to rest.

See also  Cheaters hacked an AI bot - and beat the "Rocket League" elite

That being said, many questions still remain. Notably, CTurt has stated that he would provide details on a native (PS4) Homebrew environment based on this hack, and we’re eagerly awaiting that. As for the PS5, the current understanding is that achieving native PS5 drive is another level of difficulty (beyond what we already have).

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *