Capcom installs rootkit (ala Sony) in their Street Fighter 5 game.

Toggle sidebar Toggle sidebar
Elixer

Elixer

Lifer
May 7, 2002
10,371
762
126
If you have SecureBoot ON, you would see this...
Ct_EUu_NEUIAA8_Qvi.jpg


If you don't you wouldn't know what Capcom has done.

http://www.pcgamer.com/capcom-promi...fter-rootkit-discovered-in-the-latest-update/
“It sets up custom handlers for opening the device object, closing the device object, and performing ioctls on the device object. This is pretty normal, although a driver that didn't set up basic security when creating its device should perform security checks when opening the device. This driver does not,” redditor extrwi explained. “The ioctl handler is where everything 'interesting' happens. It checks for control codes 0xAA012044 and 0xAA013044, does some buffer size checks, disables supervisor-mode execution protection and then runs the arbitrary code passed in through the ioctl buffer with kernel permissions. In short, this driver creates a back door which can allow a non-privileged user to run code with permissions of the kernel.”
Click to expand...

In short, idiots installed a rootkit, with the back door wide open.
In response to the uproar, Capcom said on Twitter that it is now “in the process of rolling back the security measures added to the PC version of Street Fighter V,” a time-frame for which would be announced soon. In the meantime, according to multiple posts on Reddit, uninstalling the game will not make the Capcom.sys file go away: Until the rollback takes place, the only way to ditch it is to uninstall, reboot, and then manually delete the file from your System32 folder
Click to expand...
 
ViRGE

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
I'll probably go to hell for this, but...

Personally, I've been wondering how much longer MP PC game developers as a whole would hold off until they did something like this. User mode cheat detection is a losing battle; because of latency you have to trust the client with some pieces of data, and that can be used against you. Worse, the cheats are usually run from admin, so you can't even detect when you're being cheated. At a minimum you need your cheat detection running at the kernel level so that it's on equal footing with the cheats. Punkbuster does something similar to this, and while it's not 100% effective, it's better than the alternative.

The flaw here isn't in the idea, but in the execution. The anti-cheat kernel module should have been clearly communicated to the user base on day 1, if not further ahead of time. And obviously it hasn't been sufficiently developed, given the lack of security checks that disassembly has found. Capcom screwed up here, and massively so.

The right way to do this, besides writing a better module, would have been to give users a choice. They don't have to run the module, but if they don't, then they'll be segregated from the users who do. And limit/remove their ability to earn Fight Money as well. Those would be untrusted clients, so treat them as such.
 
mikeymikec

mikeymikec

Lifer
May 19, 2011
20,760
15,937
136
It sounds to me like this driver could be used to help people cheat rather than the opposite.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom