The major Dark Souls exploit that took servers offline has been published

videogameschronicle.com:

The major Dark Souls exploit that forced Bandai Namco to pull all PC game servers offline in January has been publicly disclosed, as previously promised.

The PvP servers for the PC versions of the Dark Souls games were turned off in January, following the discovery of a severe remote code execution (RCE) vulnerability, which was said to allow abusers to take control of other players’ PCs.

Nearly two months later, they remain down, and one of the people behind the discovery of the vulnerability has now publicly disclosed details of the exploit, after Bandai Namco released a statement claiming it would fix the issue.

The user was initially planning to share the exploit before the release of Elden Ring, but told VGC they instead decided to hold fire on their plans so they could play finish Elden Ring first “instead of reverse engineering it day one”.

The public disclosure, which has been shared on Github, contains proof of concept code and documentation for the RCE exploit that forced From Software to take the PC servers down. According to the description, the vulnerability is confirmed to be present in Dark Souls 1, Dark Souls Remastered, Dark Souls 2 and Dark Souls 3.

Although the vulnerability has not been confirmed for Demon’s Souls it is said to be “very likely”, and it’s also confirmed to be in Sekiro but there’s allegedly no way to trigger it.

However, the person who discovered the exploit has confirmed to VGC that it appears to be “completely fixed” in Elden Ring.

According to them, LukeYui – the developer of fan-made Dark Souls anti-cheat software Blue Sentinel – “sent From Software a huge document documenting many other Dark Souls exploits, including both security vulnerabilities like out of bounds reads/writes and in