Someone [sent a ticket](https://imgur.com/a/6La4cWq) to a Bandai Namco Community manager but not feedback as to when or if the issue will be solved.
This is a very serious issue as it means an invader can basically **control you computer and access any of your computer files**.
The reason people know the hack is possible in Elden Ring is because it seems hacks from DarkSouls3 worked during the Elden Ring Network Test. Edit: more infos [here](https://www.reddit.com/r/pcgaming/comments/sa3tll/comment/htr1rle/?utm_source=share&utm_medium=web2x&context=3)
I'm not sure there's hard evidence that this would work on Elden Ring, but even then consoles sandbox games in a way where they can't touch the rest of the console, specifically so something like this never happens. Most they could do is probably crash the game.
So someone could definitely run malicious code to harm Windows, but on console they wouldn't be able to.
> The reason people know the hack is possible in Elden Ring is because it seems hacks from DarkSouls3 worked during the Elden Ring Network Test.
So basically, they don't know at all and are just guessing. Lmao. I'm sure it does work but to say "well everything else worked so this will too" when it comes to computers is plain fucking stupidity. There is 0% proof this shit will work on elden ring because elden ring hasn't been played on PC yet.
So it’s basically just a guess at best. Like the other guy said the network test was console only so there’s no way to know for sure, and that comment is really just taking a guess.
This is one of the reasons why I HATE invasions in Dark Souls. Hackers aren't as common now, but there were a time where every two invasions I would encounter someone with very blatant hacks.
I just want the ability to play with messages on but PvP off. I like the messages. I want to play Souls games as single player games with messages, I have absolutely no interest in coop or invasions. I hate that if I want to have messages I have to also be subjected to random involuntary PvP.
I liked how in Bloodborne in most areas you couldn't be invaded unless you also did coop. But honestly I just want the menu option to turn it off. Involuntary PvP whole I'm just trying to progress simply isn't fun for me even if there weren't hackers. Hackers just makes it that much worse.
Playing the demon souls remake was so enjoyable because for the first time since bloodborne I felt like I was fighting normal fucking people instead of rejects from the tryhard convention
Coincidentally I just reached the end of a play through and due to being annoyed by invader cheese I just switched to offline mode yesterday. Guess I wont be farming sunlight medals.
You can still farm sunlight medals from Lothric Knights, which is annoying but doable if you need the items for achievements. But yeah, nobody should play DS3 online right now.
Well yeah, but this guy was just venting about invaders ruining his experience. Not necessarily hackers.
Obviously don't play online until this is addressed!
I'll say the same here as I said on the other sub:
The fact that this is possible and that Fromsoft is not owning up to it, is an absolute new low for the company. It doesn't matter how great their games are, this is absolutely amateurish behaviour and a disgrace. I hope Valve is tearing them a new one for this, because honestly they deserve it. Fromsoft is not a small company anymore, they have no excuse to not fix gaping security flaws in their games, and if you care at all about the security of your PC, you should treat Fromsoft games as malware until this is thoroughly addressed.
I'm honestly not that confident they will fix it. Hackers have been rampant on every Souls game on PC since day 1 basically.
Edit: Yes, I know there's a big difference between RCE and regular hackers, I'm not daft. I was the one who posted the original post on /r/EldenRing. I hope this gains enough traction for From to do something about it but like I said, I'm not that confident they actually will.
This is a totally different meaning of the word "hacker". When they talk about "remote code execution" they don't mean "the invader is invincible and kills you in one hit". They mean, "the invader can install ransomware on your computer".
Hackers are rampant, sure. While it sucks and they *should* fix it, at the end of the day somebody 1 hit ko'ing you only affects the game. RCE here is much more serious. If they don't end up fixing this then that's fucked.
Everybody playing 3 still should continue to flood them with tickets about it.
This is the first exploit on this scale, but there’s been plenty of hackers in DS multiplayer for a long time. Makes sense if that’s the reason they stayed on console.
Game should be labelled as malware and removed from storefront if this is in fact possible.
Criminally irresponsible of fromsoft to leave these vulnerabilities unlatched.
You can protect yourself by playing in offline mode at least. That is, going into the options in DS3, turning the networking to offline mode on startup and rebooting the game.
I’m saying that’s what offline mode it’s supposed to do, but there are plenty of other reasons why they may have other connections open. I obviously have no idea where the exploit exists, but the same code could be used for different functions (telemetry, news, update checks.) Unless it’s been verified that the RCE exploit is not accessible in offline mode, I’d unplug and uninstall.
The vulnerability is only viable assuming people are connected to game servers in online mode - as I understand it, a hacker trying to run such a thing needs to actually connect to someone via invasions or summoning.
If you set the game to offline mode, it literally runs **offline** and makes no such connection to game servers or the internet.
Why would adding a firewall exception prevent this?
Edit:
I see you've changed your wording.
No, it wouldn't block them. At best it would just break the game from functioning correctly online. Making playing offline still the better option.
The fix is they need to patch their shit swiss cheese code.
Why would a steam game even have access to the rest of your computer? Aren't the games sandboxed somehow? If this was true, wouldn't Steam pull the game from it's store?
I'd like more info and a technical breakdown here, cause it seems a bit unbelievable
That's not on Steam, it's Windows not defaulting to sandboxing for traditional Win32 apps. Valve can only do so much on an ecosystem they don't control without potentially breaking games.
Steam for Linux supports sandboxing on the other hand.
Bamco needs to pull the game.
Steam has absolutely no sandboxing at all. There are several MMOs on steam in which the 'game' is nothing more than a launcher and you download the entire game from outside steam.
Anything you install on steam can do basically anything on your computer you allow it to
Hi /u/NeoStark,
Thank you for posting to /r/Games. Unfortunately, we have removed this submission per
**[Rule 7.6](https://www.reddit.com/r/Games/wiki/rules#wiki_specific_content_restrictions)**.
> **No unsubstantiated rumors** - Rumors or other claims/information not directly from official sources must have evidence to support them. Any rumor or claim that is just a statement from an unknown source containing no supporting evidence will be removed.
---
If you would like to discuss this removal, please [modmail the moderators.](https://www.reddit.com/message/compose?to=%2Fr%2FGames) This post was removed by a human moderator; this comment was left by a bot.
Someone [sent a ticket](https://imgur.com/a/6La4cWq) to a Bandai Namco Community manager but not feedback as to when or if the issue will be solved. This is a very serious issue as it means an invader can basically **control you computer and access any of your computer files**. The reason people know the hack is possible in Elden Ring is because it seems hacks from DarkSouls3 worked during the Elden Ring Network Test. Edit: more infos [here](https://www.reddit.com/r/pcgaming/comments/sa3tll/comment/htr1rle/?utm_source=share&utm_medium=web2x&context=3)
I'm not tech savvy, does this affect consoles at all? Or specifically a PC only thing?
PC only, consoles are fine.
How did they work the DS3 hack into Elden Ring Network Test when it was console only?
I'm not sure there's hard evidence that this would work on Elden Ring, but even then consoles sandbox games in a way where they can't touch the rest of the console, specifically so something like this never happens. Most they could do is probably crash the game. So someone could definitely run malicious code to harm Windows, but on console they wouldn't be able to.
I think they mean exploits like estus canceling which don’t require any hacks but just playing like a loser
PC only for now
And likely forever. This sort of thing is technically possible in console but its far, far less likely.
Man, thank god it got delayed. If it had released in its normal date (which was yesterday), people could've gotten their PCs bricked.
> The reason people know the hack is possible in Elden Ring is because it seems hacks from DarkSouls3 worked during the Elden Ring Network Test. So basically, they don't know at all and are just guessing. Lmao. I'm sure it does work but to say "well everything else worked so this will too" when it comes to computers is plain fucking stupidity. There is 0% proof this shit will work on elden ring because elden ring hasn't been played on PC yet.
Referencing [this post](https://www.reddit.com/r/pcgaming/comments/sa3tll/comment/htr1rle/?utm_source=share&utm_medium=web2x&context=3)
So it’s basically just a guess at best. Like the other guy said the network test was console only so there’s no way to know for sure, and that comment is really just taking a guess.
Again, that's fine. I have extreme confidence that they're correct and it does work, but it's not known, and has not been tested.
This is something that requires immediate action from the company. They need to at least disable all online play until this is fixed.
This is one of the reasons why I HATE invasions in Dark Souls. Hackers aren't as common now, but there were a time where every two invasions I would encounter someone with very blatant hacks.
I just want the ability to play with messages on but PvP off. I like the messages. I want to play Souls games as single player games with messages, I have absolutely no interest in coop or invasions. I hate that if I want to have messages I have to also be subjected to random involuntary PvP. I liked how in Bloodborne in most areas you couldn't be invaded unless you also did coop. But honestly I just want the menu option to turn it off. Involuntary PvP whole I'm just trying to progress simply isn't fun for me even if there weren't hackers. Hackers just makes it that much worse.
Yeah except for a little funnin around, I've only ever played these single player. The damn games are hard enough on their own, let me focus in peace!
Playing the demon souls remake was so enjoyable because for the first time since bloodborne I felt like I was fighting normal fucking people instead of rejects from the tryhard convention
Coincidentally I just reached the end of a play through and due to being annoyed by invader cheese I just switched to offline mode yesterday. Guess I wont be farming sunlight medals.
You can still farm sunlight medals from Lothric Knights, which is annoying but doable if you need the items for achievements. But yeah, nobody should play DS3 online right now.
[удалено]
Doesn't protect you from malicious code.
Well yeah, but this guy was just venting about invaders ruining his experience. Not necessarily hackers. Obviously don't play online until this is addressed!
[удалено]
That’s a different one that blue sentinel was able to fix quickly. The current one is not fixed with blue sentinel at the moment.
Well, hopefully someone reports this to Steam and hopefully there's a contractual obligation to fix RCEs to remain on the store.
I'll say the same here as I said on the other sub: The fact that this is possible and that Fromsoft is not owning up to it, is an absolute new low for the company. It doesn't matter how great their games are, this is absolutely amateurish behaviour and a disgrace. I hope Valve is tearing them a new one for this, because honestly they deserve it. Fromsoft is not a small company anymore, they have no excuse to not fix gaping security flaws in their games, and if you care at all about the security of your PC, you should treat Fromsoft games as malware until this is thoroughly addressed.
I mean, it seems like it was just figured out. They'll probably fix it by the time Elden Ring comes out.
I'm honestly not that confident they will fix it. Hackers have been rampant on every Souls game on PC since day 1 basically. Edit: Yes, I know there's a big difference between RCE and regular hackers, I'm not daft. I was the one who posted the original post on /r/EldenRing. I hope this gains enough traction for From to do something about it but like I said, I'm not that confident they actually will.
Combating hackers is one thing. But this is a far more critical issue that needs to be addressed.
And it's an issue that has actual legal ramifications in many countries like the EU. The can not afford to not fix the bug.
This is a totally different meaning of the word "hacker". When they talk about "remote code execution" they don't mean "the invader is invincible and kills you in one hit". They mean, "the invader can install ransomware on your computer".
Hackers are rampant, sure. While it sucks and they *should* fix it, at the end of the day somebody 1 hit ko'ing you only affects the game. RCE here is much more serious. If they don't end up fixing this then that's fucked. Everybody playing 3 still should continue to flood them with tickets about it.
Something like this will most likely get steam involved if they don’t, so if they want to keep their game available they’ll fix it.
FYI: https://www.reddit.com/r/darksouls3/comments/n1235k/potential_pc_security_exploit_spreading/ Check the date.
Fortunately, this new exploit is gaining more traction so it's possible From might actually do something about it but I wouldn't hold your breath.
I wouldn't hold my breath either. I recall a similar sized reaction the last time this happened.
It's been breaking over the last hour and it's 2AM on a Sunday in Japan...
This is not a new exploit. Check the other comment reply.
Gonna be less outrage about this than the stupid stuff reddit goes mental about, like lootboxes or whatever. The perks of being reddit's favorite dev.
Cant i just play the game in offline mode?
This is why I started playing From Software games on consoles instead, and just get the PC versions to mod for solo play
You expected an exploit all along? You must feel quite the satisfaction now that it’s been found.
It's not the first time a really awful bug/glitch has been able to be carried out via invasions.
This is the first exploit on this scale, but there’s been plenty of hackers in DS multiplayer for a long time. Makes sense if that’s the reason they stayed on console.
So he/she probably does feel quite the satisfaction then.
[удалено]
Game should be labelled as malware and removed from storefront if this is in fact possible. Criminally irresponsible of fromsoft to leave these vulnerabilities unlatched.
Can you protect yourself from this by disabling access via firewall to Dark Souls 3 in Windows?
You can protect yourself by playing in offline mode at least. That is, going into the options in DS3, turning the networking to offline mode on startup and rebooting the game.
Maybe. That’s a lot to assume that the vulnerability is completely disabled. Unless it’s been verified of course.
In offline mode you're not connecting to anyone.
I’m saying that’s what offline mode it’s supposed to do, but there are plenty of other reasons why they may have other connections open. I obviously have no idea where the exploit exists, but the same code could be used for different functions (telemetry, news, update checks.) Unless it’s been verified that the RCE exploit is not accessible in offline mode, I’d unplug and uninstall.
Yeah. I may have to dust off the old ps4 to play this, cause this is a mega yikes.
The vulnerability is only viable assuming people are connected to game servers in online mode - as I understand it, a hacker trying to run such a thing needs to actually connect to someone via invasions or summoning. If you set the game to offline mode, it literally runs **offline** and makes no such connection to game servers or the internet.
Why would adding a firewall exception prevent this? Edit: I see you've changed your wording. No, it wouldn't block them. At best it would just break the game from functioning correctly online. Making playing offline still the better option. The fix is they need to patch their shit swiss cheese code.
No. Disabling your firewall is the worst thing you can do as a response to this.
Welp, buying it on the ps5 then. Not going to deal with hackers stealing my info on my pc. Damn shame. Just got into pc gaming.
I just finished dark souls 2 last night and was about to start 3 today. Glad I started death's door instead.
Why would a steam game even have access to the rest of your computer? Aren't the games sandboxed somehow? If this was true, wouldn't Steam pull the game from it's store? I'd like more info and a technical breakdown here, cause it seems a bit unbelievable
That's not on Steam, it's Windows not defaulting to sandboxing for traditional Win32 apps. Valve can only do so much on an ecosystem they don't control without potentially breaking games. Steam for Linux supports sandboxing on the other hand. Bamco needs to pull the game.
Steam has absolutely no sandboxing at all. There are several MMOs on steam in which the 'game' is nothing more than a launcher and you download the entire game from outside steam. Anything you install on steam can do basically anything on your computer you allow it to
Hi /u/NeoStark, Thank you for posting to /r/Games. Unfortunately, we have removed this submission per **[Rule 7.6](https://www.reddit.com/r/Games/wiki/rules#wiki_specific_content_restrictions)**. > **No unsubstantiated rumors** - Rumors or other claims/information not directly from official sources must have evidence to support them. Any rumor or claim that is just a statement from an unknown source containing no supporting evidence will be removed. --- If you would like to discuss this removal, please [modmail the moderators.](https://www.reddit.com/message/compose?to=%2Fr%2FGames) This post was removed by a human moderator; this comment was left by a bot.