A major vulnerability in Dark Souls that caused Bandai Namco to shut down all of the game’s PC servers in January has been made public, as previously promised.
PvP servers for the PC versions of Dark Souls were shut down in January following the discovery of a serious Remote Code Execution Vulnerability (RCE) that allegedly allowed attackers to take control of other players’ PCs. Nearly two months later, they are still not working, and one of the people behind the discovery of the vulnerability has now publicly revealed the details of the exploit, after Bandai Namco issued a statement saying it would fix the problem.
Initially, the user planned to share the exploit before the release of Elden Ring, but said that he decided to postpone his plans in order to play Elden Ring first.
The disclosed information, which shared on Github, contains proof-of-concept code and documentation for the RCE exploit that caused From Software to shut down PC servers. According to the description, the vulnerability is confirmed to be present in Dark Souls 1, Dark Souls Remastered, Dark Souls 2 and Dark Souls 3.
While the vulnerability has not been confirmed for Demon’s Souls, it is considered “very likely” and is also confirmed to be in Sekiro, but supposedly there is no way to exploit it. However, the person who discovered the exploit confirmed to VGC that it appears to be “completely patched” in Elden Ring.
According to them, LukeYui – the developer of Blue Sentinel’s fan-made anti-cheat program for Dark Souls – “sent From Software a huge document describing many other exploits for Dark Souls, including both security vulnerabilities such as reading / writing out of bounds, and game exploits such as banning other players, editing their game data, etc.”
“To my surprise, they’ve fixed everything in Elden Ring, which is amazing.
However, they noted that Elden Ring’s implementation of Easy Anti Cheat “is seriously flawed and can be bypassed in a variety of ways.”
Even if the simple bypasses are fixed, a complete rework would be required to properly use all of EAC’s features, which is absolutely essential to its effectiveness.
As reported last month, the person who discovered RCE claimed that he had alerted Bandai Namco to it over a month ago, and that neither publisher nor developer From Software responded to the warning until the discoverer demonstrated it on a public Twitch stream. . In a statement released shortly after, Bandai Namco confirmed that online services for Dark Souls PC games will remain offline until Elden Ring’s February 25 release as the company works to patch the exploit.
Bandai Namco appears to have been able to fix these vulnerabilities for Elden Ring, but the Dark Souls PC game servers are still down, meaning players have been offline for almost two months.