Earlier this year, Bandai Namco took the servers for all three Dark Souls games on PC offline to look into an exploit that essentially made the game a ticking time bomb for players, where hackers could easily take control of a player’s PC. When the community discovered the exploit and went public with it, Dark Souls Bandai Namco took the PC servers down to fix the online experience.
Two months later, with the server for the game still down, one of the people who discovered the exploit has publicly disclosed more information on how the RCE (remote code execution) works, after Bandai Namco released a statement claiming they would fix it. The disclosure, which has been shared via Github, contains documentation detailing the exploit, and according to the description, the vulnerability is available in all the released versions of Dark Souls games on PC.
Allegedly, the vulnerability is available on Sekiro: Shadows Die Twice, but there is no way to trigger it. Speaking to VGC, they said that LukeYui – the developer of the fan-made Dark Souls anti-cheat software Blue Sentinels – sent the documentation detailing multiple exploits in the Dark Souls games to FromSoftware, and they actually fixed every single one of them in Elden Ring- however, they also point out that the Easy Anti Cheat implementation in the game is flawed and can be bypassed in various ways.
They said: “Even if the simple bypasses are patched, it would require a full rework to make proper use of all EAC features, which is necessary for it to be effective.”
As of writing this piece, the servers for the Dark Souls games on PC are still down, so hopefully, FromSoftware and Bandai Namco figure out a way to fix those issues soon.
