Capcom installs Windows kernel Rootkit in recent SFV update - Polidicks

[quote]A fresh update for Capcom's Street Fighter V for PCs includes a knock-out move: a secret rootkit that gives any installed application kernel-level privileges. This means any malicious software on the system can poke a dodgy driver installed by SFV to completely take over the Windows machine. Capcom claims it uses the driver to stop players from hacking the high-def beat 'em up to cheat. Unfortunately, the code is so badly designed, it opens up a full-blown local backdoor.[/quote] [url]http://www.theregister.co.uk/2016/09/23/capcom_street_fighter_v/?mt=1474661698184[/url] This is by far the most asinine anti-cheat method I've seen, and it's not even for people trying to cheat while playing with others.

Good thing I uninstalled that game a while ago.

God damnit, did nobody learn from the Sony CD DRM rootkit? I guess Capcom didn't.

I'm glad I decided to play 3rd Strike Online Edition while I waited for a price drop.

I would absolutely ask for a refund over this, and I would absolutely stop purchasing Capcom products if I didn't get that refund.

Cookie for the first person to develop a cheat applying itself and defeating the anticheat by utilising the rootkit provided by said anticheat.

[QUOTE=wauterboi;51095925]I would absolutely ask for a refund over this, and I would absolutely stop purchasing Capcom products if I didn't get that refund.[/QUOTE] Hmm, you're tempting me. Tell me, I bought the game by retail. Would I be entitled to a refund in-spite of that, if I were to seek one?

This is absolutely fucking insane, what the hell goes through these people's minds?

[QUOTE=JohnnyOnFlame;51095942]This is absolutely fucking insane, what the hell goes through these people's minds?[/QUOTE] To be fair ESEA installs something similar to a rootkit onto people's PCs and people still use the service because they 'want' that intrusive anti-cheat. People don't realise how dangerous that is IMO though. And well, there was that Bitcoin and ESEA thing.

[QUOTE=BlackMageMari;51095939]Hmm, you're tempting me. Tell me, I bought the game by retail. Would I be entitled to a refund in-spite of that, if I were to seek one?[/QUOTE] If you bought the game retail your refund policy is determined by your retailer (and they have to comply with EU law, which I know nothing about). Typically with retail game purchases on physical media, you break the shrinkwrap seal and it's no refunds except in the case of defective/damaged media (and then you get a replacement copy of the same title), but again I don't know how EU law changes this.

Capcom had a great chance with Street Fighter 5 and they just keep making it worse, what a shitfest

I'd personally wait a bit before refunding. It is entirely possible that they fucked up and didn't realize how exploitable this is and might correct it.

They already rolled it back [media]https://twitter.com/StreetFighter/status/779415147873914880[/media]

[url]http://steamcommunity.com/games/310950/announcements/detail/832428083953986545[/url] The Steam announcement is literally just the three tweets pasted into one post.

[QUOTE=Keychain;51096095][url]http://steamcommunity.com/games/310950/announcements/detail/832428083953986545[/url] The Steam announcement is literally just the three tweets pasted into one post.[/QUOTE] At least they're scurrying over this.

this game is where the serious discrepancies between devs/publishers show, the game itself is a really solid well made thing littered with money grubbing dlc and scummy tactics

[QUOTE=Durrsly;51095865]I'm glad I decided to play 3rd Strike Online Edition while I waited for a price drop.[/QUOTE] Why anyone would ever play SFV when the series peaked with 3s is a mystery to me

[QUOTE=BlackMageMari;51095953]To be fair ESEA installs something similar to a rootkit onto people's PCs and people still use the service because they 'want' that intrusive anti-cheat. People don't realise how dangerous that is IMO though. And well, there was that Bitcoin and ESEA thing.[/QUOTE] ESEA's drivers don't let every process arbitrarily execute code in kernelmode.

[QUOTE=Duck M.;51096448]Why anyone would ever play SFV when the series peaked with 3s is a mystery to me[/QUOTE] because it isn't widely available and has a much smaller player base most people play sfv because it's what's currently popular in the world of capcom fighters same reason i'd imagine alot of people play csgo over 1.6 or source

The hilarious irony of this is that it's actually very useful to cheat developers. Since a lot of anticheats won't let you simply disable driver signing and they make it difficult to do anything from usermode, devs have been using an old exploitable version of the VirtualBox driver to get their unsigned code running in kernelmode. It's complicated and I think some anticheats will detect that particular method anyways, but thanks to the nice guys at Capcom cheaters now have a brand new signed driver that lets them run whatever code they want with a single ioctl.

This is malware, period.

[QUOTE=Altimor;51096765]ESEA's drivers don't let every process arbitrarily execute code in kernelmode.[/QUOTE] No, it lets them scan the majority of the memory on the PC, allowing them to get things like passwords/etc without your knowing.

They apparently rolled it back now, though I just saw this on twitter [media]https://twitter.com/Circuitous/status/779576621917405185[/media] You guys might wanna do that too if you had it installed

[QUOTE=BlackMageMari;51095953]To be fair ESEA installs something similar to a rootkit onto people's PCs and people still use the service because they 'want' that intrusive anti-cheat. People don't realise how dangerous that is IMO though. And well, there was that Bitcoin and ESEA thing.[/QUOTE] a driver is not a rookit, and esea is also dumb

[QUOTE=BlackMageMari;51095953]To be fair ESEA installs something similar to a rootkit onto people's PCs and people still use the service because they 'want' that intrusive anti-cheat. People don't realise how dangerous that is IMO though. And well, there was that Bitcoin and ESEA thing.[/QUOTE] Except, unlike ESEA, this is literally all capcom.sys does: [IMG]http://i.imgur.com/OLAXwzG.png[/IMG] [IMG]http://i.imgur.com/VRLw9Ni.png[/IMG] It [B]disables SMEP[/B] (and interrupts) and calls user code. It allows any application on your system to bust Window's security model.

[QUOTE=Thunderbolt;51098237]They apparently rolled it back now, though I just saw this on twitter [media]https://twitter.com/Circuitous/status/779576621917405185[/media] You guys might wanna do that too if you had it installed[/QUOTE] Do you have any idea where capcom.sys is located? I can't find it in the game's files and don't know where it would be otherwise.

[QUOTE=O.B.P.F.F.;51108401]Do you have any idea where capcom.sys is located? I can't find it in the game's files and don't know where it would be otherwise.[/QUOTE] its in your system32 directory

anywhere to download this beauty ? (for sake of big giggle)

[QUOTE=Dwarden;51108593]anywhere to download this beauty ? (for sake of big giggle)[/QUOTE] [url]https://a.cocaine.ninja/gowtdk.sys[/url]

Glad they rolled back already, companies need to understand that if you want to stop hacks you can't use these techniques.