Street Fighter 5 Knocked Out: Update Rolls back After Hidden Rootkit Discovered
The recent update for Capcom's Street Fighter 5 was knocked out by a secret root kit hidden in it. The kit has been reported to give any installed application kernel-level privileges. Capcom now claims that the update just prevents players from cheating. But the truth is that it's so poorly implemented that it leaves the user's entire system at risk. Capcom has now rolled back the game update after fans' anger erupted all over the internet on the update for Street Fighter 5.
A Capcom representative, during the Update launch on Thursday stated, "As a part of the new system update releasing today, we're also rolling out an anti-crack solution that prevents users from hacking the executable." He also added that the solution prevents memory address hack that have been used in common for illicitly obtaining in-game currency and other entitlements. Things were going pretty well until the hidden rootkit was discovered.
Update make PCs vulnerable to Malware?
The Street Fighter V update released earlier on Thursday night added stage KOs. It also includes Express Men's Urien, and a little feature called Versus CPU mode, states a report on Kotaku. The presence of the root-kit became visible when players found that the most recent update was asking for a kernel level access. The worse news, according to this thread on reddit, was that the Capcom.sys driver doesn't have any specified security level, so any user with the privilege access can open and control the device.
Well, having a kernel level access clearly means that any malicious software present in the system can poke the driver, installed by the Street Fighter 5 update, and completely take over the Users PC. Capcom claims that the only aim of the driver is to stop the players from using hacks. However, the codes are so badly designed; it opens up a local backdoor for the malicious softwares.
The rollback to the PC version of SFV prior to the security measure update is now live. The new September content is included.
— Street Fighter (@StreetFighter) September 24, 2016
Technical Details
The capcom.sys kernel-level driver included in the new Street Fighter 5 update provides an IOCTL service to applications whose aim is to disable SMEP on the PC, execute codes at the given pointers, and then finally to re-enable the SMEP. In simple words, it switches off the crucial security defense of the OS, runs instructions provided by the application and in the end switches the protection back on.
The SMEP is basically a feature that stops hackers from tricking the OS into running malicious softwares. The new Capcom.sys in the Street Fighter 5 update totally blows the SMEP away on Windows: a random application only has to pass the control codes: 0xAA012044 and 0xAA013044 to the IOCTL, a pointer to few instructions, and the driver then jumps to that coding block with full kernel permissions, reports Reddit.
oh dear god this capcom.sys has an ioctl that disables smep and calls a provided function pointer, and sets SMEP back what even pic.twitter.com/jBCXO7YtNe — slipstream/RoL (@TheWack0lian) September 23, 2016
Gamers discovered the root-kit when they realized something off with the new Update demanding OS kernel access to the computer even before the game starts. A number of players also stated on reddit that they couldn't even get the new update to work at all. To conclude the whole scenario, a Capcom rep tweeted:
We are in the process of rolling back the security measures added to the PC version of Street Fighter V. — Street Fighter (@StreetFighter) September 23, 2016
See Now: NASA's Juno Spacecraft's Rendezvous With Jupiter's Mammoth Cyclone
Join the Conversation