Dark Souls Exploit PvP Explained

Dark Souls Exploit That Took Down PvP Servers Explained

By Nicholas Tan

The Dark Souls exploit responsible for taking down the PvP servers for multiple From Software titles on PC has been explained by those who originally found the issue. The remote code execution (RCE) vulnerability allowed certain hackers to execute malicious code on other players, including the remote control of another player’s PC.

How did the Dark Souls exploit work?

Dark Souls Exploit PvP Servers Down PC

The PvP servers for Dark Souls 1, Dark Souls Remastered, Dark Souls 2, and Dark Souls 3 were brought offline in January this year. And while the user who discovered the exploit says that it has been “completely fixed,” according to a statement to VGC, they have remained offline since.

The user behind the discovery of the Dark Souls exploit has now publicly disclosed full details of the vulnerability via Github. It contains proof of concept code and documentation of the exploit, which could be present in Demon’s Souls and Sekiro as well.

As an example of what the exploit could allow, the user says that in Dark Souls III, “a malicious attacker abusing this would have been able to reliably execute a payload of up to 1.3MiB of shellcode on every online player’s machine within seconds.”

The user explains that the vulnerability is actually not due to what most people think it comes from:

“Contrary to popular belief, this is NOT a peer-to-peer networking exploit. It is related to the matchmaking server and thus much more severe, since you do not need to partake in any multiplayer activity to be vulnerable due to another matchmaking server vulnerability.”

As Bandai Namco had ignored his warning of the exploit for 40 days and he was concerned at the time about the release of Elden Ring, the user was compelled to publish a demonstration of the exploit on Twitch. This forced Bandai Namco to take swift action, releasing a statement of the issue and taking the PvP servers offline. While they remain offline for the time being, the entire situation seemed to have cleared any similar exploit for Elden Ring before its release.

In other news, the PvP beta for Overwatch 2 will begin April 26, and Square Enix has “no plans” to abandon Babylon’s Fall.

Nicholas Tan
Nicholas Tan

Nick Tan is a SEO Lead Writer for GameRevolution. Once upon a time, his parents took away his Super Nintendo as a punishment. He has sworn revenge ever since.

Share article

Upcoming Releases
ATLAS
Atlas is an action-rpg with rogue-like elements where you use your ability to control the ground to fight the enemies and move through procedurally generated worlds.
Titanfall 3
Development of Titanfall 3 was confirmed in the acquisition of Respawn Entertainment by Electronic Arts in November 2017.
Damnview: Built From Nothing
Damnview: Built From Nothing is a simulation sandbox game about occidental culture and its different social classes. Immerse yourself into a decadent urban sprawl, all while working precarious jobs where you will either be absorbed into the system, or cast out of society’s machine. Damnview: Built From Nothing is a game about despair, the hostility of capitalism, and the need…
Star Citizen
Star Citizen is an upcoming space trading and combat simulator video game for Microsoft Windows. Star Citizen will consist of two main components: first person space combat and trading in a massively multiplayer persistent universe and customizable private servers (known as Star Citizen), and a branching single-player game (known as Squadron 42). The game will also feature VR support.
Reviews
Related
X