A month after Elden Ring, details for the recent Dark Souls RCE exploit has been shared by discoverer

The servers for DS are still down (Image via Sportskeeda)
The servers for DS are still down (Image via Sportskeeda)

Bandai Namco had to shut down the online services for the Dark Souls series for their PC players. They announced in early February that the servers would remain suspended and would not resume "until after the release of Elden Ring."

It has been nearly two months since they went down, and one of the discoverers has finally shared details of the exploit online.

The hack was discovered in January 2022 and affected the system security of those who play Dark Souls 3 online. The RCE exploit can give the hacker complete control of the victim's PC.

FromSoft had to shut down the PvP servers soon after for the DS series without stating when they would be restored.

For Melina Elden Ring, click here.

The proof of concept code of the Dark Souls RCE exploit has been shared on GitHub by one of the discoverers, and it does not affect Elden Ring

The report on the exploit has been shared for public viewing on GitHub. It contains both the proof of concept code and documentation for the exploits that affected the DS online components. Along with Dark Souls 3, the document also provides a list of games that are affected by the same issue:

  • DS 1 PTDE
  • DS Remastered
  • DS 2 (including Scholar)
  • DS 3
  • Sekiro, but there is no way to trigger the vulnerable code here
  • Likely also present in Demon's Souls

According to the post, the exploit is not a peer-to-peer networking issue but related to the matchmaking server. Given that Dark Souls 3 still has a significant player base, the developers had to quickly address the problem with the launch of Elden Ring looming ahead.

The document mentions that the person made FromSoftware aware of the issue with the initial report but did not receive a response. They then decided to showcase their knowledge of the matter publicly "in the hopes of raising attention to have it addressed by the developers."

See the Elden Ring PS4 here.

The report stated that the network test of Elden Ring was affected by this, but the release version was free of any such vulnerabilities. It mentioned that:

"A huge list of network crashes, out-of-bounds reads/writes and exploits allowing players to modify the game data of peers which were present in Dark Souls III have been patched in Elden Ring."

It further contended:

"Elden Ring is undisputably the safest FROM SOFTWARE title when it comes to the extent of the damage hackers can inflict."

The report's publishing allows players a peek at the workings of the issue that resulted in Dark Souls servers getting shut down. It is also a big sigh of relief for countless players that the same exploit does not exist in any way, shape, or form in Elden Ring, given its popularity and hype. One can only hope that the DS servers will be restored at the earliest.

Quick Links

Edited by Yasho Amonkar
Be the first one to comment