Consultant and researcher McCaulay Hudson has kept his word by publishing the source code of the mast1c0re exploit , the framework allows us to bypass the PlayStation emulator and run native code on the PlayStation 4 and PlayStation 5 console .

 

This project is intended for developers, not end users. Also included are some basic sample projects for developers to learn some usage features.

 

Pull requests for SDK improvements are encouraged. Breakout is not 100% reliable. Reopen the game if it crashes.

From the readme of the repository

The “mast1c0re” project provides the necessary framework for developing payloads that can be run on PlayStation 4 or PlayStation 5 consoles via a PlayStation 2 save file via the PlayStation emulator escape.

For more information on the inner workings of the vulnerabilities used within this project, see the associated blog post “ mast1c0re: Part 3 – Escaping the emulator ” and the original blog post “ mast1c0re: Hacking the PS4 / PS5 through the PS2 Emulator – Part 1 – Escape ” by  CTurt .

Installation

 

To start developing using this mast1c0re repository, you need the following dependencies:

• ps2sdk
• okrager

Clone the mast1c0re repository and add the path to the env variable $MAST1C0RE:

git clone git@github.com/McCaulay/mast1c0re.git /opt/mast1c0re/
echo 'export MAST1C0RE=/opt/mast1c0re/' >> ~/.bashrc
source ~/.bashrc

Project compilation

All of the sample projects listed have been shipped with a script build.shthat compiles the project for the target systems and firmware versions.

Note that firmware version “0.00” means that the game save file should be compatible with all firmware versions.

Build a target sample project by changing the directory to that project, then run the script build.sh:

cd samples/ps-load-game-net
./build.sh

Next steps

• Submit and upload the configuration file config-emu-ps4.txt( https://www.psdevwiki.com/ps4/Talk:PS2_Classics_Emulator_Compatibility_List ).
• The emulator loads the lua.
• Execution of arbitrary native code (CTurtE’s mast1c0re Part 2).
• Kernel exploits.
• EBOOT v1.0 support.
• Additional firmware version support.
• Load PS2 games from USB.
• Load PS2 games from HDD.
• Make system calls independent of firmware.
• Additional PS2 game save exploits for other games (change the “okrager” binary for another game)

Project ideas

• ps-psh – Primitive shell command server that allows telnet terminal communication to the PS4/PS5.
  • pwd – Print the current working directory.
  • cd – Change directory.
  • ls – List files in the current working directory.
  • cp – Copy a file.
  • mv – Move a file or directory/rename.
  • rm – Delete a file.
  • download – Download a file from the remote console to the local system.
  • upload – Upload a file from the local system to the remote console.
  • play – Mount and play a PS2 ISO file.
  • notification – Show a PS notification.
  • root – Kernel exploit (firmware dependent).
• ps-ftp – FTP server.
• ps-debug-settings – Enable debug settings using a kernel exploit (firmware dependent).
• ps-hen – Homebrew enabler using a kernel exploit (firmware dependent).
• ps-cnc – Remote command and control server that supports TCP commands similar to ps-psh.
• Desktop GUI app to manage PS2 games – Using “ps-cnc”, it can load, manage, mount and play PS2 games stored on HDD.

References

• https://cturt.github.io/mast1c0re.html
• https://psi-rockin.github.io/ps2tek/
• https://ps2dev.github.io/ps2sdk/index.html
• https://www.psdevwiki.com/ps4/PS2_Emulation
• https://www.psdevwiki.com/ps4/PS2_Classics_Emulator_Compatibility_List
• https://www.psdevwiki.com/ps4/Talk:PS2_Classics_Emulator_Compatibility_List
• https://www.psdevwiki.com/ps4/Syscalls
• http://fxr.watson.org/fxr/source/sys/syscall.h?v=FREEBSD-9-1
• https://cs.brown.edu/courses/cs033/docs/guides/x64_cheatsheet.pdf
• https://github.com/CTurt/PS4-SDK
• https://github.com/OpenOrbis/OpenOrbis-PS4-Toolchain

Source: twitter.com