A person whose discovery of a significant Dark Souls hack led Bandai Namco to shut down all PC game servers has informed VGC they would publicly expose the exploit’s specifics before the release of Elden Ring this month.
Dark Souls: Remastered, Dark Souls 2, and Dark Souls 3 PvP servers have been unavailable for three weeks due to discovering an effective remote code execution (RCE) vulnerability that allowed abusers to take control of other players’ computers.
Now, one of the individuals responsible for discovering the vulnerability has informed VGC that they want to publicly share specifics of the exploit after Bandai Namco’s announcement claiming to have resolved the problem.
“FromSoftware has recently disclosed their plans for the Dark Souls servers and verified that the Elden Ring vulnerability will be addressed,” the source informed VGC.
“As a result, I want to proceed with the public revelation. I don’t have an exact date yet since I’ll be extremely busy next week, but it will be within a few days to a week after Elden Ring’s release.”
It is customary for hacking organizations to publicly release information about vulnerabilities to ensure that firms keep their promises to repair them.
As VGC reported last week, the individual who discovered the RCE said that they informed Bandai Namco about it over a month ago, but neither the publisher nor developer From took anything until the warning was presented in a public Twitch broadcast last month (as seen in the video below).
According to people acquainted with the problem, the RCE allows the user to remotely execute code on another player’s computer and subsequently take control of it, possibly giving the user access to personal data or the ability to launch dangerous malware.
Although the exploit is dangerous, it is thought that just a few individuals outside of Bandai Namco are aware of it and have no intention of exploiting it maliciously.
According to the individual who discovered the RCE, there are serious issues with the shared network infrastructure shared by all of the Souls games, and they believe it is “unavoidable” that Elden Ring will feature multiple of the same exploits, which will “likely be ported without issue and used by malicious cheaters upon release.”
Bandai Namco announced this week in a statement that online services for the Dark Souls PC games would remain unavailable until after the February 25 release of Elden Ring.
“We want to express our gratitude to the whole Dark Souls community and to the gamers who have individually reached out to us to express their concerns and propose solutions,” the statement said. “As a result of your assistance, we have discovered the source of the problem and are trying to resolve it.
“We have expanded the investigation to include Elden Ring – our genuine product scheduled to debut on February 25 – and have ensured that all relevant security measures are in place for this title across all target platforms.
“Due to the time necessary to set up adequate testing settings, online service for the Dark Souls series on PC will not restart until Elden Ring is released.” We will continue to make every effort to restore these services as quickly as feasible.”
By the time Elden Ring is released, Dark Souls servers will have been unavailable for nearly a month.