Recently, hackers made headlines in Dark Souls 3. They simply took over the PC of their victim while visiting them in their game world as an invader in multiplayer.
What is this hack about? This is the so-called “Remote Code Execution” exploit, abbreviated RCE. This exploit is due to errors in the netcode of Dark Souls 1–3. All of these games use the same engine and it seems that this has not been fixed since the first part.
- The RCE exploit allows players from their PC to execute codes on your computer and manipulate it, even theoretically destroy it.
- This was made possible by the invasion feature of the PvP mode and the coop mode.
- The RCE has been known among hackers for some time but was held back.
This exploit became widely known in mid-January, when a Twitch streamer fell victim to this hack. However, he was lucky, as the hacker only wanted to draw attention to the exploit and caused no major damage.
You can watch the clip here:
In response, developer FromSoftware took all multiplayer servers of Dark Souls 1-3 offline. It has been almost a week now, but the developer has not presented any statement or solution since then.
Meanwhile, we also know that there is supposed to be a second, similar exploit. While it is known how the aforementioned RCE is used, the second method has not yet been revealed. According to VGC, however, it is already being discussed in hacker circles.
VGC.com spoke with some community members, including one of the hackers responsible for the attack in the clip. It was revealed that the exploit has been in the game for years and was reportedly reported to FromSoftware at least once in 2020.
Hacker says: Developer was aware
Here is the information from the community: A player who is said to have discovered the latest RCE reportedly reported this exploit to FromSoftware and publisher Bandai Namco at the end of 2021. The hacker sent emails to Bandai Namco’s support on December 11 and 16, with all the information about the RCE that he had gathered.
They confirmed receipt of the emails, but more than a month later, no changes had been made. This then led to the revelation of the RCE and the clip shown above.
Another player also states that the second, yet undisclosed method is believed to have been discovered and forwarded to FromSoftware as early as 2020. Again, there were no reactions.
Only the case shown caused more attention to be drawn to the problem and forced the developers to act.
Furthermore, the person states that the problems go far beyond the exploit. The FromSoftware games all have the same issues: faulty netcode that makes multiplayer extremely vulnerable to cheaters and hackers.
Meanwhile, there is a list of over 100 bugs that the community has found in the multiplayer of Dark Souls 3. The list includes issues like game crashes, corrupted save files, and also more serious problems like the RCE.
Many issues that have not been addressed in the past
What has been going on? Over the years, there have been recurring problems in the various Dark Souls games. Anyone actively playing multiplayer on PC is likely to have countless stories of strange encounters with hackers or cheaters.
But these are usually still the harmless events. Overall, there have been increasingly severe problems that could mean broken save files and the loss of hundreds of game hours in the worst case.
One of the most severe bugs in recent months was discovered in Dark Souls 3. Hackers could simply send players into New Game Plus and then attack them or reset their New Game Plus, make items disappear, or manipulate monsters to chase the host.
Players had to fend for themselves and find ways to circumvent this. On reddit, you can still find a huge guide on this.
According to the hackers behind the release of the RCE, the state of the online multiplayer in the FromSoftware games is quite terrible, “nothing has even come close to the ‘broken’ Souls network. […] It really seems like online play is ‘stuck’ over a single-player game and no thoughts have been given to security.”
So fans have helped themselves and created the “Blue Sentinel” mod for Dark Souls 3 which is a fan-made cheat and hacker protection that aims to help with some of the most annoying problems.
This security modification was developed by user LukeYui, who also has some concerning predictions for the upcoming Elden Ring.
Creator of the Blue Sentinel mod worries about Elden Ring
Why is he worried? According to LukeYui, Elden Ring is not better equipped in terms of security than the previous Dark Souls games. He says:
I had the opportunity to see the code of the closed network test and can already tell you that there are a lot of crashes and vulnerabilities in the netcode of Elden Ring, exactly the same as in Dark Souls 3! So I suspect it will only take five minutes for cheaters from Dark Souls 3 to port their scripts to Elden Ring and turn the release date into a hell trip.
While fans may eventually rely on the Blue Sentinels mod here as well, there is a catch. Unfortunately, this mod is considered a violation of the terms and conditions by Bandai Namco, as it uses external tools. “This puts players in a position where they are faced with two options,” LukeYui said. “Either they risk being banned by a cheater or they risk being banned by using an external tool for protection against cheaters.”
Could a new tool help? In Elden Ring, FromSoftware is now relying on Easy Anti Cheat. But can that help? According to Luke Yui, much less. While the tool can stop “smaller” hackers, it will be difficult with more experienced ones:
What it is supposed to prevent is that inexperienced cheaters kill other players immediately on the first day after release and generally cause chaos, […]. What it will not prevent are people who have experience with cheat tool development who can keep it private, sell it, or share it. […] Even with the best anti-cheat software in the world, if the base product [here, Elden Ring] is still exploitable by cheaters, it will be exploited.
According to LukeYui, there is only one way to eliminate the problems. FromSoftware must revise its faulty netcode.
When and if this will happen is questionable. If you want more details and background from the community on the topic, we recommend the English article on VGC.com.
By the way, we have requested a statement from publisher Bandai Namco and will update the article as soon as there is news.
When will Elden Ring be released? The release is on February 25. The action RPG will then be available for PC, PS5, PS4, Xbox Series X|S, and Xbox One.
Until then, the developers still have time to address the issues.
What do you think about the topic? Have you ever been affected by cheaters and hackers on PC? Feel free to share your experiences with us.
Recently, the focus in Elden Ring was more on the story, as characters from the “Game of Thrones” author became great heroes until Elden Ring deliberately “destroyed” them and distorted their figures.
