A game console hacker shows how to pirate PS2 on Sony PS4 and 5. According to him, the vulnerability is unpatchable.
The security system on the PlayStation 4, and now the PS 5, is riddled with holes. The starting point for a hacker is the official PS2 emulator that plays retro games on PS4/5. In a demo video, he shows how he starts a PS2 game from a modified ISO file by exploiting the vulnerability. But this requires a lot of effort.
The console hacker CTurt has already leveraged the security system of the PS2 and has now looked at the implementation of the PS2 emulator on the current game consoles – and has struck gold.
For retro games to run on PS4/5, the emulator relies on just-in-time (JIT) compilation. This means that the software translates the PS2 code into a format that the PS4 can understand during runtime. Usually this happens directly in memory and the code is executed immediately. Attackers can use various methods to trigger memory errors and execute their own code. This is also the reason why Sony has already removed the JIT approach, which is susceptible to attacks, in many places, for example in the web browser of the consoles.
Recommended Editorial Content
With your consent, an external YouTube video (Google Ireland Limited) will be loaded here.
Always load YouTube video
In his report, the hacker explains in detail how his exploit, dubbed mast1c0re, works. Vulnerabilities in PS2 titles or manipulated memory files of PS2 games serve as the starting point for an attack. According to his own statements, he was able to break out of the PS2 emulator via the complex chain of several memory errors and start another PS2 game with the far-reaching rights of the emulator.
What can Sony do about it?
The hacker states that Sony cut itself in the flesh with the way it was implemented and the bug is virtually impossible to fix. Since every retro game comes with the PS2 emulator on disc – publisher Limited Run Games has released some PS2 titles on PS4 disc – or in digital form, Sony can’t easily close the gap. If the emulator were anchored in the system, a firmware update could help. But since every title comes with the emulator, you could simply disconnect the console from the Internet to prevent patches and start a title with a vulnerable emulator from a disc.
However, the CTurt hack does not give full control over the PS4/5. According to him, however, this could be a precursor to kernel exploits and the compromise of the PS5’s hypervisor protection mechanism. In a contribution he has announced, he wants to demonstrate in a timely manner how he starts his own code and thus homebrew applications on the current consoles.
The hacker claims to have informed Sony about the security issue back in September 2021. Nothing has obviously happened from Sony’s side since then. According to his own statements, he has only just come to publication.