whatisgithub

What is ultrac0re?

matem6/ultrac0re — explained in plain English

Analysis updated 2026-05-18

18LuaAudience · researcherComplexity · 5/5Setup · hard

In one sentence

A security research repository documenting a multi-stage exploit chain for Jak X: Combat Racing on the PS5's built-in PS2 emulator.

Mindmap

mindmap
  root((UltraC0re))
    What it does
      Documents exploit chain
      Targets PS2 emulator
      Builds on prior research
    Tech stack
      Lua
      Python
      PS2 emulator
    Use cases
      Console security research
      Emulator vulnerability study
      Exploit chain documentation
    Audience
      Security researchers
    Stages
      Save file exploit
      Emulator escape
      JIT compiler attack

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Study how a save file bug in a game can lead to code execution inside an emulator

USE CASE 2

Research how PS2 emulator flaws on the PS5 can be chained into a native process compromise

USE CASE 3

Check whether other PS2 classic titles share the same emulator level vulnerability

USE CASE 4

Reference documented memory layouts and offsets for console security research

What is it built with?

LuaPython

How does it compare?

matem6/ultrac0rekremovtort/tabterm.nvimshenawy29/xdg-nvfilechooser.nvim
Stars181719
LanguageLuaLuaLua
Setup difficultyhardeasyhard
Complexity5/52/53/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires a PS5 running the specific vulnerable firmware and Jak X, plus background in exploit development.

License terms are not stated in the explanation, so treat usage rights as unclear until you check the repository directly.

So what is it?

UltraC0re is a security research project that documents an exploit chain for the game Jak X: Combat Racing when played through the PlayStation 5's built-in PS2 emulator. It is based on earlier public research called Luac0re and mast1c0re and is intended for security researchers studying how the PS5 handles classic PS2 titles. The exploit works in several stages. First, a crafted save file takes advantage of a bug in how Jak X reads a player profile name field. By carefully constructing the save data, an attacker can redirect the game's processor to run code of their choosing inside the PS2 emulation environment. This part is specific to Jak X. The second phase attacks the PS2 emulator itself rather than the game, using a flaw in how the emulator handles emulated network adapter hardware to escape the PS2 sandbox and gain control of a native process running on the PS5. From there the exploit gains read and write access to memory, the ability to run arbitrary code, and eventually the ability to open a network connection and load additional Lua scripts remotely. A third stage targets a separate privileged process called the JIT compiler, which handles converting PS2 instructions to code the PS5 can run natively, using a different vulnerability in the communication channel between the two processes. The repository includes Lua scripts that implement the exploit logic, Python scripts for crafting the malicious save file and checking whether other PS2 games running on the same emulator are vulnerable to the same approach, prebuilt payloads, and documentation of the memory layouts and offsets involved. The README notes that the second and third stages target the emulator rather than Jak X specifically, meaning they may apply to other PS2 classic titles with only minor adjustments. This is a technical security research repository aimed at people with background knowledge in exploit development and console security.

Copy-paste prompts

Prompt 1
Explain the three stages of this PS5 PS2 emulator exploit chain in plain terms
Prompt 2
Summarize how the save file vulnerability in Jak X leads to code execution
Prompt 3
Help me understand how the JIT compiler stage differs from the emulator escape stage
Prompt 4
Explain what background knowledge I'd need to follow this console security research

Frequently asked questions

What is ultrac0re?

A security research repository documenting a multi-stage exploit chain for Jak X: Combat Racing on the PS5's built-in PS2 emulator.

What language is ultrac0re written in?

Mainly Lua. The stack also includes Lua, Python.

What license does ultrac0re use?

License terms are not stated in the explanation, so treat usage rights as unclear until you check the repository directly.

How hard is ultrac0re to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is ultrac0re for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.