Page 1 of 4 123 ... LastLast
Results 1 to 10 of 37

Thread: Ubisoft DRM rootkit may allow access to PC files | Forums

  1. #1

    Ubisoft DRM rootkit may allow access to PC files

    Last edited by dex3108; 07-30-2012 at 11:36 AM.

  2. #2
    I just tried it, and the exploit works on my PC. Accessing a web page with the exploit, it was able to use Uplay to launch Windows Calculator without my permission.

    I'm uninstalling Driver and From Dust now, and hoping that is enough.

  3. #3
    How to disable Uplay in Firefox:
    Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins


    In Opera:
    Settings – Preferences – Advanced – Downloads – Search “Uplay”, delete


    In Chrome:
    Visit about: plugins and disable

  4. #4
    Are we talking about the same uplay that didn't work 2 weeks ago?
    Probably our AV was blocking the browser plugin backdoor... But they "fixed" it!
    Last edited by JoxerTheMigthy; 07-30-2012 at 01:05 PM.

  5. #5
    Junior Member
    Join Date
    Aug 2011
    Posts
    2
    Its not a rootkit. its a really crappy written browser plug in that no where says its being installed. One more reason for me to never buy Ubisoft.

  6. #6
    Lawsuit time.

  7. #7
    Quote Originally Posted by Ratboy422 View Post
    Its not a rootkit. its a really crappy written browser plug in that no where says its being installed. One more reason for me to never buy Ubisoft.
    Yea, that's my tough too. Launching a game via a web browser is always a bad idea, that's why I really dislike Battlefield 3. It is odd however, that this plugin can be used to launch non-uplay related programs. It's is relativaly easy to check if the program launch request is legit or not, or to make the plugin only launch 1 program with a parameter that state what game it is (something like: p.start('./uplay --ACR')) ... tus making it impossible to exploit the plugin...

    I am disapointed, not surprised, but disapointed by this...

  8. #8
    LOL, this example actually works.

    http://seclists.org/fulldisclosure/2012/Jul/375

    UBI coders actually used base64 to encode the name of the executable to be launched. FFS, that's n00bism of the highest level! Negligence and zero care for user's safety. Someone at UBI needs to get fired right now!

    Code:
    x.open("-orbit_product_id 1 -orbit_exe_path
    QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode
    -uplay_dev_mode_auto_play")
    
    $ printf "C:\\WINDOWS\\SYSTEM32\\CALC.EXE" | base64
    QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ==
    Ubisoft needs to recall all the DVDs on the market right now. Installing this crap even for a second puts your PC in some serious danger!!!

  9. #9
    The only thing you need to do now is disabling the plugin in your browser.

    dex3108 posted how you do that.

  10. #10
    Banned
    Join Date
    May 2012
    Posts
    103

    Cool **** you ubi****

    So you are telling me that...

    Uplay is a ****ing crappy DRM to prevent pircay?
    Yet every Ubisoft game is out there already pirated?
    And ME who actually BOUGHT the games, get a crappy DRM.
    And ME who actually BOUGHT the game get the risk of being hacked?

    hahaha F U C K ---- Y O U

    U-B-I-S-H-I-T

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •