Support NeoGAF

[Jimmyfenix]

Since this driver is so small, it's also extremely easy to tell what it does. After taking a look, I would never let this product run on my machine.
The driver first registers itself using a pseudo-randomly generated name. That's kind of suspicious. It also doesn't specify any security, so any user at any privilege level can attempt to open and control the device. That's bad.

It sets up custom handlers for opening the device object, closing the device object, and performing ioctls on the device object. This is pretty normal, although a driver that didn't set up basic security when creating its device should perform security checks when opening the device. This driver does not.

The ioctl handler is where everything "interesting" happens. It checks for control codes 0xAA012044 and 0xAA013044, does some buffer size checks, disables supervisor-mode execution protection and then runs the arbitrary code passed in through the ioctl buffer with kernel permissions.
In short, this driver creates a back door which can allow a non-privileged user to run code with permissions of the kernel.

edit: correction to what the driver does with cr4, thanks /u/Mona3000. SMEP is a security feature designed to prevent kernel mode code from ever running user mode code. The driver restores the original value of the bit after running the user code, but that doesn't really improve the situation.

https://www.reddit.com/r/Games/comments/545cjy/sfvs_new_pc_update_is_accessing_kernel_level_in/d7z4eev

It looks like capcom is rolling back the security updates right now so at least that is somewhat better

https://twitter.com/StreetFighter

We are in the process of rolling back the security measures added to the PC version of Street Fighter V.

 

[Razzorn34]

On a positive note, it's good they are taking this seriously, and will be rolling back immediately.

 

[Jawmuncher]

Still wanna know who at capcom thought they wouldn't be caught.

 

[Eolz]

Good to hear they are rolling it back, can't believe they would do this kind of shit. Haven't seen that in years of pc gaming.

 

[Nzyme32]

edit: nvr mind

Roll back is good but I still don't understand how the decision to go forward with this stuck. Nothing like this has been in a game for a long time

 

[BiggNife]

Kind of bad timing that you posted this thread right as Capcom announced they're rolling everything back. Not your fault, obviously.

Hopefully a mod can update the thread title.

 

[RK9039]

Still wanna know who at capcom thought they wouldn't be caught.

Probably Yoshinori Ono, he's always high.

 

[Primethius]

SFV is a mess in general and Capcom piles this on top.

Amazing.

 

[Brannon]

Capcom.

The fuck, dude.

EDIT: Good that they're rolling it back but... the fuck, dude.

 

[Jimmyfenix]

Kind of bad timing that you posted this thread right as Capcom announced they're rolling everything back. Not your fault, obviously.

Hopefully a mod can update the thread title.

yup if a mod can update the title that would be great

 

[LordRaptor]

On a positive note, it's good they are taking this seriously, and will be rolling back immediately.

Its pretty worrying someone would introduce this in the first place.
Seems fairly unlikely if nobody had noticed they would do a rollback.

 

[Moaradin]

At least they are rolling it back pretty quickly

 

[RK9039]

Its pretty worrying someone would introduce this in the first place.
Seems fairly unlikely if nobody had noticed they would do a rollback.

Yeah it seems like they wanted to sneak this in. Props to those guys on the Steam discussions and reddit for finding out so soon.

 

[Kade]

It's getting fixed but man, aside from the game part Street Fighter V is such a bad PC product.

 

[KingBroly]

Yeah it seems like they wanted to sneak this in.

Not a smart idea when you add a big 'WILL YOU GIVE SF5 ADMIN RIGHTS?' question every time you start the game.

 

[Moaradin]

It's getting fixed but man, aside from the game part Street Fighter V is such a bad PC product.

I mean, not really. It should have features like rebindable keyboard keys and D Input but even with those issues it's still the best version of the game.

 

[hey_it's_that_dog]

Its pretty worrying someone would introduce this in the first place.
Seems fairly unlikely if nobody had noticed they would do a rollback.

Capcom announced they were adding this anti-crack measure. It was 100% certain that someone would look into it further.

 

[LordRaptor]

profound sadness

 

[Seiniyta]

Yeah it seems like they wanted to sneak this in. Props to those guys on the Steam discussions and reddit for finding out so soon.

It's the most Capcom thing for them to think they could sneak it in though. Even more Capcom for their security implementation to be this poor, kinda like using a sledgehammer to a problem a small subset of players really abused and never affected the most important part of the game (the online vs mode).

I am pleasantly surprised how fast they're rolling it back though. That's less Capcom like. (though welcome). I guess there were like "It's fucking friday, let's roll this fucker back. I don't want to deal with this shit" before the weekend.

 

[moltonasty]

SFV is a mess in general and Capcom piles this on top.

Amazing.

preach

it got boring fast for me, and stuff like this definitely doesn't help draw me back in.

 

[Rudiano]

Damn, what a 180 by Capcom

 

[R_thanatos]

capcom.sys ?

i see ... so another update for the pc users , if i understand things right to remove all of this ?

 

[Ploid 3.0]

Ahh, good thing I haven't updated yet then I guess.

 

[Ferrio]

Does uninstalling SFV remove this, or do I have to do something extra?

 

[KingBroly]

capcom.sys ?

i see ... so another update for the pc users , if i understand things right to remove all of this ?

You have to reboot your PC in order to delete capcom.sys first.

I just did a search to find it, but some say it is a hidden file.

 

[thepenguin55]

Capcom! I want to love you! I want to love SFV cause the core of that game is so good! WTF are you doing?!

 

[Razzorn34]

Its pretty worrying someone would introduce this in the first place.
Seems fairly unlikely if nobody had noticed they would do a rollback.

I agree, it's pretty jacked up. I'm not defending that fact. Just trying to find some positive here. I'd rather not be forced to quit one of my favorite games because of some crap like this.

 

[sixteen-bit]

What a catastrophe

 

[TheSeks]

http://www.neogaf.com/forum/showthread.php?t=1282940

Hey, wait you posted the same thing yesterday. WTF?

 

[Jimmyfenix]

http://www.neogaf.com/forum/showthread.php?t=1282940

Hey, wait you posted the same thing yesterday. WTF?

it seems better for a new thread to let people know if they installed the patch

 

[Shadoken]

Ofc they would do this. The Illuminati are working with the Capcops and NSA.

Edit : wait wtf..Two threads on the first page addressing the exact same thing? lol

 

[HotHamBoy]

Kind of bad timing that you posted this thread right as Capcom announced they're rolling everything back. Not your fault, obviously.

Hopefully a mod can update the thread title.

Nope, not bad timing at all. Shit is inexcusable. They got caught, now they're trying to act like it was a "mistake."

They still did something super shady that affected a lot of their customers.

 

[Kalopsia]

Ofc they would do this. The Illuminati are working with the Capcops and NSA.

Edit : wait wtf..Two threads on the first page addressing the exact same thing? lol

The earlier thread was concerned that the patch would disable mods.

This patch is concerned that the patch activates a backdoor into your computer.

 

[Ludens]

I don't understand the point of this. If you really want stop the cheating (even if, to be honest, I never met a cheater while playing offline), just implement VAC. I don't know if it's doable since people won't connect to a server and SFV should be p2p based, but I think there are much better ways than implement a rootkit.
Also I think Capcom disabled the option to mod some files, so the fight money one round money, the only exploit I can't think about, can't be used. But this from this summer, it's not a new thing.

 

[The Spoony Hou]

I'm happy I haven't bought SFV yet.

Capcom, sort your shit out.

 

[SatelliteOfLove]

Its pretty worrying someone would introduce this in the first place.
Seems fairly unlikely if nobody had noticed they would do a rollback.

I hate being right about wrong things.

 

[jacobeid]

Saw on Steam that I had a 5gb patch to download yesterday. I deleted the game instead. Sounds like I made a good choice.

 

[KingBroly]

I hate being right about wrong things.

Any more prognostications?

 

[Lyte Edge]

Does uninstalling SFV remove this, or do I have to do something extra?

I just uninstalled it on my laptop and the capcom.sys file was still in the System 32 folder. Had to manually-delete it.

 

[SatelliteOfLove]

Any more prognostications?

It's not something I can conciously do. It's one of those lame powers like Heart.

 

[prudislav]

I am still laughing at how they called it anti-crack "not-DRM" solution :-D and its basically ootkit :-D

 

[Storm Chamber]

Capcom seems deadset at fucking this game up.

 

[BennyBlanco]

Capcom seems deadset at fucking this game up.

Game would be blunder of the year if it wasn't for battleborn. They fucked it up every step of the way. At least the core game is actually fun.