Dark Souls is considered one of the most grueling gaming experiences of recent generations. FromSoftware’s gothic fantasy world has accrued a cult following that has led them to create a masterpiece like Elden Ring.
However, even the challenging games can face challenges themselves. A major Dark Souls exploit that had prompted Bandai Namco to pull all PC game servers offline in January has been publicly disclosed, as was previously promised.
The discovery of a severe remote code execution (RCE) vulnerability, which has been found to allow abusers to control other players’ PCs, led to the PvP servers of the Dark Souls PC version being switched off back in January.
To this day, the servers remain offline, and one of the people behind the discovery of the vulnerability has publicly disclosed the details of the exploit. This comes after Bandai Namco issued a statement claiming it would fix the issue.
They were first planning to share the exploit before Elden Ring’s release but said they decided to hold back on their plan so they could play Elden Ring first “instead of reverse engineering it day one.”
The public disclosure has been shared on Github, and it contains proof of concept code and documentation for the RCE exploit that caused the shutdown of the PC servers. The description states the vulnerability is confirmed to be present in Dark Souls 1, Dark Souls Remastered, Dark Souls 2, and Dark Souls 3.
While it has not been confirmed for Demon’s Souls, it is said to be “very likely,” and it has been confirmed in Sekiro as well, but there is allegedly no way to trigger it. The good news is that the person who found the exploit has confirmed that it appears to be “completely fixed” in Elden Ring.
LukeYui – the developer of a fan-made Dark souls anti-cheat software Blue Sentinel – sent FromSoftware a huge document detailing many other Dark Souls exploits, including security vulnerabilities like out-of-bounds reads/writes, and in-game exploits like banning other players, editing their game data, etc.
To my surprise, they fixed every single one of them in Elden Ring, which is amazing.
LukeYui
However, they did point out that Easy Anti Cheat implementation in Elden Ring
is heavily flawed and can be trivially bypassed in multiple ways.
LukeYui
Even if the simple bypasses are patched, it would require a full rework to make proper use of all EAC features, which is absolutely necessary for it to be effective.
LukeYui
The person who discovered the RCE said they had informed Bandai Namco over a month earlier. Neither the publisher nor FromSoftware took any action on the warning until the discoverer demonstrated the exploit in public on Twitch.
A statement published shortly after from Bandai Namco stated that online services for the Dark Souls PC games would remain offline until the release of Elden Ring on February 25th as the team worked to fix the exploit.
We want to thank the entire Dark Souls community and the players who have reached out to us directly to voice their concerns and offer solutions. Thanks to you, we have identified the cause and are working on fixing the issue. We have extended the investigation to Elden Ring – our upcoming title launching on February 25th – and have ensured the necessary security measures are in place for this title on all target platforms.
Bandai Namco
The statement went on to say,
Due to the time required to set up proper testing environments, online service for the Dark Souls series on PC will not resume until after the release of Elden Ring. We will continue to do everything we can to bring back these services as soon as possible.
Bandai Namco
While the investigation appears to have fixed the issue for Elden Ring, the Dark souls PC game servers are still down, which means players would have lost online access for nearly two months.
About Elden Ring
Elden Ring is the next major title to be released by FromSoftware, the developers of Demon’s Souls, Bloodborne and the Dark Souls franchise. Elden Ring is set to release on the February 25th, 2022.
The game is set in a world known as The Lands Between. Players will take control of a Tarnished to explore these lands and uncover the secrets it holds. The game is an open-world style title with emphasis on combat and traversal. There is also a multiplayer component, along players to summon others for co-operative play, or to be invaded for PvP encounters.
No Comments on Dark Souls RCE Exploit Appears to be “Completely Fixed” in Elden Ring