UltraC0re

UltraC0re is a security research project that documents an exploit chain for the game Jak X: Combat Racing when played through the PlayStation 5's built-in PS2 emulator. It is based on earlier public research called Luac0re and mast1c0re and is intended for security researchers studying how the PS5 handles classic PS2 titles.

The exploit works in several stages. First, a crafted save file takes advantage of a bug in how Jak X reads a player profile name field. By carefully constructing the save data, an attacker can redirect the game's processor to run code of their choosing inside the PS2 emulation environment. This part is specific to Jak X. The second phase attacks the PS2 emulator itself rather than the game, using a flaw in how the emulator handles emulated network adapter hardware to escape the PS2 sandbox and gain control of a native process running on the PS5. From there the exploit gains read and write access to memory, the ability to run arbitrary code, and eventually the ability to open a network connection and load additional Lua scripts remotely. A third stage targets a separate privileged process called the JIT compiler, which handles converting PS2 instructions to code the PS5 can run natively, using a different vulnerability in the communication channel between the two processes.

The repository includes Lua scripts that implement the exploit logic, Python scripts for crafting the malicious save file and checking whether other PS2 games running on the same emulator are vulnerable to the same approach, prebuilt payloads, and documentation of the memory layouts and offsets involved. The README notes that the second and third stages target the emulator rather than Jak X specifically, meaning they may apply to other PS2 classic titles with only minor adjustments.

This is a technical security research repository aimed at people with background knowledge in exploit development and console security.