PvP servers for Dark Souls series taken down following concerns over RCE exploit

ds333.png

All PvP servers for the Dark Souls games have been deactivated after Bandai Namco was made aware of a major exploit that can be performed. This was revealed by Twitch user The_Grim_Sleeper, as they were invaded by another player who then used a remote code execution exploit to open Narrator on the streamer's PC, using speech-to-text to read aloud a troll message. It looks like the "hacker" themselves was not a troll, though; according to The Verge, the person who pulled off the exploit was a concerned player who had discovered the RCE, and had attempted to contact the developers so they could fix it. However, they were reportedly ignored, so the person took to targetting a streamer so that news of the exploit would find its way to news outlets and social media after being showcased happening live.

Following the reports of the exploit and concerns from fans, the Twitter account for Dark Souls announced that the servers for Dark Souls: Prepare to Die, Remastered, 2, and 3 would all be taken down for a short time in order to investigate. This currently only affects the PC versions of the games, and servers for the console ports of the games are still online.

 

codezer0

Gaming keeps me sane
Member
Joined
Jul 14, 2009
Messages
3,233
Trophies
0
Location
The Magic School Bus
XP
3,309
Country
United States
Reportedly, Gamespy's shutdown was the reason behind closing Nintendo Wi-Fi Connection.
With the embarrassing amount of money Nintendo makes off Pokémon merchandizing alone, Nintendo could afford to not only gave bought up GameSpy and keep the servers going, but hire *all of Disney* to animate the critters for their entire Dex and a more efficient storage algorithm to store it on a given game card.

There's no reason for gen 8 to command as much money and not enable you to store a complete set. Especially with not one, but two, active subscriptions required to even migrate critters into the new games.
 

Xzi

Elden Lord
Member
Joined
Dec 26, 2013
Messages
14,264
Trophies
2
Location
The Lands Between
Website
gbatemp.net
XP
9,565
Country
United States
I just hope they actually fix it rather than just killing off the servers for good.
They will, for a couple reasons. Elden Ring reuses much of the same netcode as DS3, so they aren't about to launch it with missing online features. And it took the devs of the Blue Sentinel mod all of a day to patch this exploit, so it shouldn't take FromSoft much longer than that once the game's gone gold.

Edit: well speak of the devil...

 

leon315

POWERLIFTER
Member
Joined
Nov 27, 2013
Messages
3,981
Trophies
1
Age
122
XP
3,653
Country
Italy
If anyone needed more proof that playing games on a work/personal PC with important stuff on it is a bad idea. Games are rarely written to be secure.

...although, if you're on Linux, you could throw all of your games into Docker/Podman containers and not worry about RCE exploits touching your system, and not lose any performance like you would with a VM.
Does this method support any games?
 

RichardTheKing

When XC3 out?
Member
Joined
Mar 18, 2020
Messages
833
Trophies
1
Age
24
XP
1,897
Country
Australia
Just having access to the narrator could be quite bad - imagine if someone had the game read out passages from Mein Kampf, for example, or start spewing out homophobic nonsense.
Or even passages from that long-revered book of supposed truth, the Bible - for example, "Now kill all the boys. And kill every woman who has slept with a man, but save for yourselves every girl who has never slept with a man." (Numbers 31)

Yeah, the narrator could easily be abused, even if that was the only thing that could be manipulated.
 

Julie_Pilgrim

Unfunny
Member
Joined
Sep 2, 2020
Messages
2,572
Trophies
3
Location
(REDACTED)
Website
zoey-on-github.github.io
XP
2,386
Country
United States
And it obviously isn't, since that was narrated through PowerShell. With RCE, A hacker could steal all your personal info before bricking your PC.
to be fairrrr, my hard drive is encrypted, but youd still have web browser acess i suppose, so if you did this to my pc, you could impersonate me, delete most of my accounts, ruin my grades, and end most of my friendships
but you couldn't install drivers or look at my memes folder
 
  • Like
Reactions: Xzi

Guacaholey

Well-Known Member
Member
Joined
Nov 7, 2021
Messages
155
Trophies
0
Age
25
XP
322
Country
United States
Nah, a simple chroot doesn't get you anywhere near the amount of security/isolation you'd get with something like Docker or Podman, which use kernel sandboxing features. Throw in some SELinux on top of it all, and you have some hardcore security.

As for Windows, an unprivileged process can still fuck your shit up. I haven't tried Windows 11, but I know that Win10 (and earlier) at least doesn't implement any kind of sandboxing. So a rogue process might not be able to delete your System32 folder, but it could definitely ransomware your files, steal your bitcoins, email your pron folder to grandma, etc.

On Windows the only reasonable thing to do is to not play games on a PC that has important stuff.
That would be a reasonable practice if Windows were so bloated. When the OS with updates takes like 40 GB of space having different partitions for different tasks isn't easily doable unless you're using high capacity mechanical hard drives, and a lot of people aren't doing that anymore because muh SSD speeds.
Nintendo flat out banned all DS and Wii online access entirely because they refused to fix the endemic of impossible trades that flooded the Pokémon gts. And of course it just followed the new system, at the bonus of being required to pay for nso *and* Pokémon home to suffer through it.

Back on topic...

From software has a history of treating the PC platform like a fourth world nation. I don't think they'd even know how to fix it, much less are willing to do so.
No, that's not why they shut them down. Otherwise 3DS servers would be down already because the 3DS Pokémon titles have been flooded with impossible trades, impossible Pokémon (i.e. male/female mons that should be genderless), and glitched/hacked trainer icons since at least 2016. These trades actually crash which causes a ban for the would-be recipient. The DS and Wii game servers shut down because they hosted by GameSpy which shut down in 2014.
 
Last edited by Guacaholey,

codezer0

Gaming keeps me sane
Member
Joined
Jul 14, 2009
Messages
3,233
Trophies
0
Location
The Magic School Bus
XP
3,309
Country
United States
No, that's not why they shut them down. Otherwise 3DS servers would be down already because the 3DS Pokémon titles have been flooded with impossible trades, impossible Pokémon (i.e. male/female mons that should be genderless), and glitched/hacked trainer icons since at least 2016. These trades actually crash which causes a ban for the would-be recipient. The DS and Wii game servers shut down because they hosted by GameSpy which shut down in 2014.
As I said, Nintendo couldn't be arsed to fix the problem. And now want its users to pay for the privilege, of dealing with its broken system on top of it.
 

Guacaholey

Well-Known Member
Member
Joined
Nov 7, 2021
Messages
155
Trophies
0
Age
25
XP
322
Country
United States
Bandai Namco employees carefully crafting the worst pc port you've ever played in your life
Is that really any surprise though? Seems like their engine has frequent stupid dips on good hardware. I read it's an engine bug on Reddit but it wouldn't surprise me since it affects both DS Remastered and DS III.
 
General chit-chat
Help Users
    Dark_Phoras @ Dark_Phoras: Bates Motel probably spoils the biggest twist I watched in cinema. "Psycho" is a mastercraft