Elden Ring RCE Exploit claimed cover

Latest News

Elden Ring RCE Exploit Claimed to Exist Despite Fixes

March 17, 2022

By: Robert N. Adams

 
 
More Info About This Game
Developer
FromSoftware
Publisher
Bandai Namco
Release Date
February 25,2022 (Calendar)
Purchase (Some links may be affiliated)

A video claims to show an Elden Ring RCE exploit in action, although there is not yet enough convincing evidence to prove that it is genuine.

Elden Ring has been the saving grace for Soulslike fans who wanted something new to play. However, a dark cloud has loomed over the game -- back in February, Dark Souls servers were taken down due to concerns about a potential RCE (remote code execution) exploit.

 

The disabling of Dark Souls servers back in January was followed up a couple of weeks later with an announcement that FromSoftware was investigating the RCE exploit and extending its investigation to Elden Ring. Now, a new video has popped up online that claims to show an Elden Ring RCE exploit in action.

Elden Ring RCE Exploit claimed tweet
A now-deleted tweet shows what was claimed to be a potential RCE exploit in Elden Ring.

Is This Reported Elden Ring RCE Exploit Real?

The purported Elden Ring RCE exploit was shown in a now-deleted tweet via a Reddit submission (which has also been deleted). In the video, an invader challenges the player in PVP. Said invader rapidly moves forward and hits the player with several devastating attacks. Then, the game appears to alt-tab out to a browser that begins opening up several tabs with the same YouTube video, effectively crippling the player in-game.

 
 

A Remote Code Execution exploit (or RCE exploit) depends on a vulnerability in the code of a program. Said vulnerability allows a malicious actor to run code on your machine over the Internet. In the case of the above video, it appears to allow the malicious actor to tab out of the game and repeatedly open up multiple tabs in a web browser, but it could be used for more malicious actions.

While the video certainly looks worrying, concerns have been raised about whether or not this video is showing a genuine RCE exploit in action or whether it is simply an edited video that is intended to troll the Internet.

 
 

The poster of the video pointed me towards @SkeleMann, a FromSoftware enthusiast who had previously published a PSA about Dark Souls vulnerabilities on Twitter. He raised concerns about the YouTuber whose videos open up in the browser tabs in said video. This YouTuber has previously showcased videos with stream sniping in Dark Souls and the Steam account leading an associated Steam Community group has multiple VAC bans, although the most recent ban was nearly four years ago.

Adding to this, @SkeleMann shared details of a Discord conversation from people he says are more knowledgeable on the subject. This conversation points out additional concerns about the veracity of the video, noting that the timing of the remote code execution is odd. You wouldn't need to land a hit on someone to trigger an RCE exploit -- malicious code could be activated at any time if an exploit existed.

To put it more concisely, this video seems suspect. @Skelemann capped things off by sharing his opinion about the video with me in a Twitter DM conversation.

"The video is fake, the maker of the video is running a script in the background themselves as expected," @SkeleMann said. "(Note how they are standing completely still, which I would guess would be them tabbed out.)"

 
 

"They have already shown on their [YouTube] channel [that] they have basic video editing knowledge," he continued. "They know how to make the video have a 'reposted' look to it, by mimicking loss of bit-rate from what would cause by having users repost the video from platform to platform, but all of this is fortunately just a cheap trick to garner attention and reap chaos."

Another strike against the veracity of this video comes from @luke_yui (via Reddit), creator of the Blue Sentinel Dark Souls 3 mod, which serves to protect players from cheaters.

"I'm calling unverifiable with this," @luke_yui said in a tweet. "[FromSoftware] did an excellent job and fixed all of the RCEs both myself and others found in Dark Souls."

"It's very easy to fake this, and I'm pretty sure this is just a troll."

Finally, the original tweet that showcased the video was deleted a few hours later. That Twitter user noted that there is furious debate going on about whether or not the video is real or a troll and that he can't verify it.

So, is the Elden Ring RCE exploit shown in the video the genuine article or is the original source video a setup? We don't have enough evidence to say for certain, but I would take the existence of this exploit with a massive grain of salt until more convincing evidence comes to light.