Dark Souls Exploit PvP Explained

Dark Souls Exploit That Took Down PvP Servers Explained

By Nicholas Tan

The Dark Souls exploit responsible for taking down the PvP servers for multiple From Software titles on PC has been explained by those who originally found the issue. The remote code execution (RCE) vulnerability allowed certain hackers to execute malicious code on other players, including the remote control of another player’s PC.

How did the Dark Souls exploit work?

Dark Souls Exploit PvP Servers Down PC

The PvP servers for Dark Souls 1, Dark Souls Remastered, Dark Souls 2, and Dark Souls 3 were brought offline in January this year. And while the user who discovered the exploit says that it has been “completely fixed,” according to a statement to VGC, they have remained offline since.

The user behind the discovery of the Dark Souls exploit has now publicly disclosed full details of the vulnerability via Github. It contains proof of concept code and documentation of the exploit, which could be present in Demon’s Souls and Sekiro as well.

As an example of what the exploit could allow, the user says that in Dark Souls III, “a malicious attacker abusing this would have been able to reliably execute a payload of up to 1.3MiB of shellcode on every online player’s machine within seconds.”

The user explains that the vulnerability is actually not due to what most people think it comes from:

“Contrary to popular belief, this is NOT a peer-to-peer networking exploit. It is related to the matchmaking server and thus much more severe, since you do not need to partake in any multiplayer activity to be vulnerable due to another matchmaking server vulnerability.”

As Bandai Namco had ignored his warning of the exploit for 40 days and he was concerned at the time about the release of Elden Ring, the user was compelled to publish a demonstration of the exploit on Twitch. This forced Bandai Namco to take swift action, releasing a statement of the issue and taking the PvP servers offline. While they remain offline for the time being, the entire situation seemed to have cleared any similar exploit for Elden Ring before its release.

In other news, the PvP beta for Overwatch 2 will begin April 26, and Square Enix has “no plans” to abandon Babylon’s Fall.

Nicholas Tan
Nicholas Tan

Nick Tan is a SEO Lead Writer for GameRevolution. Once upon a time, his parents took away his Super Nintendo as a punishment. He has sworn revenge ever since.

Share article

Upcoming Releases

Homeworld 3

Tactical, beautiful, and wholly unique, the GOTY-winning sci-fi RTS returns with Homeworld 3. Assume control and battle through fleet combat in dazzling, fully 3D space while the award-winning story unfolds on a galactic scale.

Senua’s Saga: Hellblade II

The sequel to the award winning Hellblade: Senua’s Sacrifice, Senua returns in a brutal journey of survival through the myth and torment of Viking Iceland. Intent on saving those who have fallen victim to the horrors of tyranny, Senua faces a battle of overcoming the darkness within and without.

Everwild

Inspired by the beauty of the natural world around us, Everwild is a brand-new game in development from Rare where unique and unforgettable experiences await in a natural and magical world. Play as an Eternal as you explore and build bonds with the world around you.

Reviews

Related