CDPR gets Cyberpulled
-
@Applied-Mediocrity said in CDPR gets Cyberpulled:
@Jaloopa said in CDPR gets Cyberpulled:
best selling
...is not really any kind of seal of quality, you know.
Every gamer is wrong except me. I alone know what makes a game "good" and you are an idiot if you disagree with me
-
@Jaloopa Exactly!
-
@Jaloopa said in CDPR gets Cyberpulled:
@Applied-Mediocrity said in CDPR gets Cyberpulled:
@Jaloopa said in CDPR gets Cyberpulled:
best selling
...is not really any kind of seal of quality, you know.
Every gamer is wrong except me. I alone know what makes a game "good" and you are an idiot if you disagree with me
Compared to previous installments in the series, fallout 3 is kinda shit.
-
@Jaloopa said in CDPR gets Cyberpulled:
Haha yeah one of the best selling RPGs of all time is bad and I kno better than anyone else
Yes
-
@Carnage Eh, it got mislabeled. What happened was it went from CRPG to action adventure. With RPG label publishers and gaming press morons (but I repeat myself) generally mean stats, paperdolls, skill trees, quests, crafting and that dialogue options (even as little as Accept Quest | Later). Once that distinction goes out the window, good half of complaints do not apply.
Now, if one has complaints about how continuity was handled*, how DC Wasteland is rather unbelievable even by average fantasy "town is three houses and a tavern" standards or that humor had perhaps become less edgy or shooting mechanics are shit, that's all valid. Doesn't bother me, but I see why it could.
* - nevertheless, if Avellone says it's canon, then it bloody is, and oldschool "but muh Ohnanclave!" fanspergers should just shut it
-
@Jaloopa said in CDPR gets Cyberpulled:
@Applied-Mediocrity said in CDPR gets Cyberpulled:
@Jaloopa said in CDPR gets Cyberpulled:
best selling
...is not really any kind of seal of quality, you know.
Every gamer is wrong except me. I alone know what makes a game "good" and you are an idiot if you disagree with me
I think every gamer ever has said that, or at least thought it.
-
@izzion said in CDPR gets Cyberpulled:
@Atazhaia said in CDPR gets Cyberpulled:
tl;dr: Ori developer gets angry at the games industy continuously overhyping and underdelivering on their products, and blames the games press for assisting in this behaviour and acting as advertisements and sweeping problems under the rug instead of doing a critical look at the shit happening.
And on the filp side of it, you have a game developer who makes the hard decision to delay content to ensure they meet their quality standards & timing deadlines, and the community savages them for that too: https://www.reddit.com/r/ffxiv/comments/ldrvtu/new_ultimate_delayed_until_61/
Well, they certainly could not have afforded to do otherwise once again - FFXIV had to be completely overhauled, after all.
They now seem to have cleaned up their act, however.
-
CDPR releases modding support. Then says to not use mods because of "DLL issues" when the game is modded. Modders respond by saying the issue is because of bad coding in the base game. Will we see another Cyberpull because it apparently also can be used to access Geforce Now?
What CDPR posted above is WRONG, it isn't caused by an external DLL, the vulnerability is caused by a buffer overflow in a function they use to load strings, this function is used more than 100 times in the game, it is used to load the save games, the archive assets and other parts that we haven't investigated. This is 100% CDPR's fault, it isn't anybody else's fault. This is caused by a lack of proper unit testing.
What happened to owning up to your mistakes CDPR? Not only did PixelRick communicate this a week ago and you didn't do anything (this should have been hotfixed a few hours after you knew about it), but then you go public lying about the nature of the vulnerability so that modders take the fall for this? What we do, we do for free, we aren't your scapegoat, and this is definitely on you. The fact that we redirect the buffer overflow to xinput because it doesn't have ASLR does not mean that it's xinput's fault, we shouldn't be able to access xinput in the first place.
Just so you know everyone this isn't just a PC issue, every platform is affected.
It has been exploited to gain access to Geforce NOW already, maybe you should explain to NVIDIA how it is not your fault CDPR, I am not sure that's going to work once they audit the exe.
-
If you plan to use Cyberpunk mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources.
Edit:
The vulnerability has been addressed in Hotfix 1.12.What does this even mean? If you run a DLL it executes code. That’s the very essence of what a DLL is. There wasn’t even any airtight hatchway you could possibly be on the other side of to begin with.
It has been exploited to gain access to Geforce NOW already
I also don’t understand what this means. Do they mean they’ve hacked the Nvidia servers via an exploit in the game?
-
@topspin said in CDPR gets Cyberpulled:
If you plan to use Cyberpunk mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources.
Edit:
The vulnerability has been addressed in Hotfix 1.12.What does this even mean? If you run a DLL it executes code. That’s the very essence of what a DLL is. There wasn’t even any airtight hatchway you could possibly be on the other side of to begin with.
It has been exploited to gain access to Geforce NOW already
I also don’t understand what this means. Do they mean they’ve hacked the Nvidia servers via an exploit in the game?
The patch note I saw yesterday mentioned a buffer overflow in save/load code plus some DLLs which did not use ASLR. Presuming nvidia allows you to load saves on their servers, that would be an attack vector on nvidia.
-
@topspin said in CDPR gets Cyberpulled:
We've been made aware of a vulnerability
Allocating 512 bytes for loading a name from a save file, but then loading up to 512 characters (1024 bytes), smashing the stack. This normally crashes the game, but if you know or can figure out the addresses of other code you want to call, you can set up the save to call that code instead.
@topspin said in CDPR gets Cyberpulled:
in external DLL files
No, the vulnerability is in CDPR's save loading code. The person who found it gave them a proof-of-concept exploit that used the smashed stack to run code in the (comes with Windows, used by the game) DLL that handles getting input from Xbox controllers -- one that, because of Windows XP compatibility, is uniquely easy to attack. Someone could still use the smashed stack maliciously without that DLL, it would just have to do a little more work.
@topspin said in CDPR gets Cyberpulled:
Do they mean they’ve hacked the Nvidia servers via an exploit in the game?
Normally GeForce Now only lets you run specific games, and only unmodded versions of those games. By loading a specially crafted Cyberpunk 2077 save file, they're able to run whatever code they want within their GeForce Now session on nVidia's servers.
-
Yeah, seems the "main bug" is in their save game parsing.
@PleegWat said in CDPR gets Cyberpulled:
plus some DLLs which did not use ASLR
Apparently "some DLLs" include xinput, which AFAIK comes from Microsoft and relates to xbox gamepad handling. There's a Chromium bug that also mentions the lack of ASLR in that particular DLL.
Edit: 'd by @TwelveBaud. :-)
-
@Atazhaia said in CDPR gets Cyberpulled:
CDPR releases modding support. Then says to not use mods because of "DLL issues" when the game is modded. Modders respond by saying the issue is because of bad coding in the base game. Will we see another Cyberpull because it apparently also can be used to access Geforce Now?
What CDPR posted above is WRONG, it isn't caused by an external DLL, the vulnerability is caused by a buffer overflow in a function they use to load strings, this function is used more than 100 times in the game, it is used to load the save games, the archive assets and other parts that we haven't investigated. This is 100% CDPR's fault, it isn't anybody else's fault. This is caused by a lack of proper unit testing.
What happened to owning up to your mistakes CDPR? Not only did PixelRick communicate this a week ago and you didn't do anything (this should have been hotfixed a few hours after you knew about it), but then you go public lying about the nature of the vulnerability so that modders take the fall for this? What we do, we do for free, we aren't your scapegoat, and this is definitely on you. The fact that we redirect the buffer overflow to xinput because it doesn't have ASLR does not mean that it's xinput's fault, we shouldn't be able to access xinput in the first place.
Just so you know everyone this isn't just a PC issue, every platform is affected.
It has been exploited to gain access to Geforce NOW already, maybe you should explain to NVIDIA how it is not your fault CDPR, I am not sure that's going to work once they audit the exe.
They didn't say it's the problem with mods or that it's modders' fault.
In the same post you quoted:I am not saying CDPR explicitly said mods are an issue here, my problem is with the incorrect information and vague description leading to of course many people, including media sites, to misunderstand and think the issue here is mods.
So as usual - people not understanding what they read and juornos making controversies out of everything (and CDPR pretending it's not their fault, that of course too).
-
@Jaloopa said in CDPR gets Cyberpulled:
@MrL said in CDPR gets Cyberpulled:
@Gąska said in CDPR gets Cyberpulled:
@Applied-Mediocrity said in CDPR gets Cyberpulled:
https://www.pcgamesn.com/fallout-4/choices-consequences-cyberpunk-2077
Whoever wrote that headline must have played neither. I've never seen an RPG so devoid of consequences of player's actions as Fallout 4. And I finished Skyrim.
Edit: Initially I liked F4's perk system. Your initial attribute choices determined your play style throughout the entire playthrough, by permanently locking up the best perks unless you're willing to sacrifice something. Then I learned you can spend skill points on attributes.
Yeah, when I read "I loved Fallout 3" in the headline, I knew that the guy has no idea about good RPGs.
Haha yeah one of the best selling RPGs of all time is bad and I kno better than anyone else
The highest grossing movie of all time is Avengers: Endgame. An aggregate critical review score on Metacritic was just 76/100. Was it the best movie of all time? According to your reasoning, yes, absolutely.
-
@Atazhaia quoted in CDPR gets Cyberpulled:
the vulnerability is caused by a buffer overflow in a function they use to load strings, this function is used more than 100 times in the game, it is used to load the save games
Hey, remember the 8MB save corruption thing?
-
@Gąska said in CDPR gets Cyberpulled:
The highest grossing movie of all time is Avengers: Endgame.
And two of the most popular programming languages are PHP and Javascript.
*drops microphone*
-
@Gąska said in CDPR gets Cyberpulled:
According to your reasoning, yes, absolutely.
Good reading comprehension. O certainly wouldn't say that if somebody enjoyed the highest grossing movie of all time that it means they're not qualified to say what counts as a good action movie
-
@Jaloopa said in CDPR gets Cyberpulled:
O certainly wouldn't say that if somebody enjoyed the highest grossing movie of all time that it means they're not qualified to say what counts as a good action movie
The point is that if you like shit movies I won't listen to your opinions about cinema.
Masses are dumb and easily told what to like. Popularity and revenue have nothing to do with actual quality of the product.
-
@MrL What's your favorite wine taste like? Late summer rains over Saint-Laurent, a fast fleeting touch of chimie organique, with palatable longing aftertouch of most exquisite dingleberry marmalade?
-
@Applied-Mediocrity said in CDPR gets Cyberpulled:
Late summer rains over Saint-Laurent
It's mostly snow at that point
-
@TimeBandit I was thinking more of the Louvre, that rises near Mont Gerbier de Jonc and flows through Nevers and Orléans, and I could go on if I actually knew what I was talking about. Sorry, you'll have to educate yourself. It's time for me to pray to the Shrine of Kurosawa and then recite the Three Rules of Ebert.
-
@Applied-Mediocrity said in CDPR gets Cyberpulled:
Sorry, you'll have to educate yourself.
-
@Zerosquare said in CDPR gets Cyberpulled:
@Gąska said in CDPR gets Cyberpulled:
The highest grossing movie of all time is Avengers: Endgame.
And two of the most popular programming languages are PHP and Javascript.
Flagged for anachronism!
-
@Applied-Mediocrity said in CDPR gets Cyberpulled:
@MrL What's your favorite wine taste like? Late summer rains over Saint-Laurent, a fast fleeting touch of chimie organique, with palatable longing aftertouch of most exquisite dingleberry marmalade?
I have no idea what you're talking about.
-
@MrL You got me there. Neither do I.
-
@Applied-Mediocrity that's what you get for trying to bullshit a real wine conneissaeourr.
-
@Gąska I'm sorry, but I saw no other course of action available to me when it dawned on me that @MrL does not and never will like Fallout 3
-
@TwelveBaud said in CDPR gets Cyberpulled:
loading up to 512 characters (1024 bytes)
512 UCS-2 characters
Sorry, I had to.
-
@Applied-Mediocrity said in CDPR gets Cyberpulled:
dingleberry marmalade?
That's the name of my Bloodhound Gang cover band
-
@hungrier said in CDPR gets Cyberpulled:
That's the name of my Bloodhound Gang cover band
It's not a proper cover band unless you also drive a
-
@Applied-Mediocrity said in CDPR gets Cyberpulled:
@TimeBandit I was thinking more of the
LouvreLoire, that rises near Mont Gerbier de Jonc and flows through Nevers and OrléansFTF
-
@remi said in CDPR gets Cyberpulled:
@Applied-Mediocrity said in CDPR gets Cyberpulled:
@TimeBandit I was thinking more of the
LouvreLoire, that rises near Mont Gerbier de Jonc and flows through Nevers and OrléansFTF
:tgv:
-
Looks like they now have something more serious than Cyberpunk 2077's bugs to worry about:
Important Update pic.twitter.com/PCEuhAJosR
— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
-
@Zerosquare said in CDPR gets Cyberpulled:
Looks like they now have something more serious than Cyberpunk 2077's bugs to worry about:
Important Update pic.twitter.com/PCEuhAJosR
— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021image will go down the shitter even more and people will see how you shitty your company functions
-
Status: looking forward to perusing the source code to Gwent and Witcher 3.
-
I was kind of hoping they'd be able to focus their effort on finishing the game they released last year, but this might hinder that.
-
@error said in CDPR gets Cyberpulled:
I was kind of hoping they'd be able to focus their effort on finishing the game they released last year, but this might hinder that.
They will never finish the game. Bug fixes is all you can hope for.
-
@MrL said in CDPR gets Cyberpulled:
@error said in CDPR gets Cyberpulled:
I was kind of hoping they'd be able to focus their effort on finishing the game they released last year, but this might hinder that.
They will never finish the game. Bug fixes is all you can hope for.
Maybe with the source code out we will see an unofficial bugfix patch from the community, like Skyrim had.
-
@error said in CDPR gets Cyberpulled:
@MrL said in CDPR gets Cyberpulled:
@error said in CDPR gets Cyberpulled:
I was kind of hoping they'd be able to focus their effort on finishing the game they released last year, but this might hinder that.
They will never finish the game. Bug fixes is all you can hope for.
Maybe with the source code out we will see an unofficial bugfix patch from the community, like Skyrim had.
Eh, I have 20 hours left in the game, I don't think anything substantial will come out until then.
And unlike with Wither 3 I see no reason for a second playthrough.
-
@Zerosquare Man, that CDPR sure got EPICALLY PWNED!! this time!
-
@error said in CDPR gets Cyberpulled:
Status: looking forward to perusing the source code to Gwent and Witcher 3.
Basically my first thought as well. Well, that and the source for Cyberpunk.
Edit: The other significant piece of information is that CDPR actually seems to have functional backups. Given what we commonly get to hear about these incidents, this almost deserves a ++confidenceInCDPR;.
-
@MrL said in CDPR gets Cyberpulled:
@error said in CDPR gets Cyberpulled:
I was kind of hoping they'd be able to focus their effort on finishing the game they released last year, but this might hinder that.
They will never finish the game. Bug fixes is all you can hope for.
I think they will finish it, but it will be done through DLCs.
-
@cvi said in CDPR gets Cyberpulled:
Edit: The other significant piece of information is that CDPR actually seems to have functional backups. Given what we commonly get to hear about these incidents, this almost deserves a ++confidenceInCDPR;.
That, or they're hoping they can soon get their source code back off thepiratebay.
-
@Gąska said in CDPR gets Cyberpulled:
I've never seen an RPG so devoid of consequences of player's actions as Fallout 4.
Ever play Mass Effect 3?
-
@Carnage said in CDPR gets Cyberpulled:
@Jaloopa said in CDPR gets Cyberpulled:
@Applied-Mediocrity said in CDPR gets Cyberpulled:
@Jaloopa said in CDPR gets Cyberpulled:
best selling
...is not really any kind of seal of quality, you know.
Every gamer is wrong except me. I alone know what makes a game "good" and you are an idiot if you disagree with me
Compared to previous installments in the series, fallout 3 is kinda shit.
At least it will actually run. I've never been able to get 1 or 2 to load, on any computer. I've tried multiple times over the years because I keep hearing good things about them, but they just won't run.
-
@TwelveBaud said in CDPR gets Cyberpulled:
@topspin said in CDPR gets Cyberpulled:
We've been made aware of a vulnerability
Allocating 512 bytes for loading a name from a save file, but then loading up to 512 characters (1024 bytes), smashing the stack.
If you're allocating buffers on the stack in the first place, particularly in a language without mandatory bounds checking, you're just begging for something to go wrong somewhere.
Dennis Ritchie's true legacy that he left to the rest of the world was the buffer overflow.
-
@error said in CDPR gets Cyberpulled:
@MrL said in CDPR gets Cyberpulled:
@error said in CDPR gets Cyberpulled:
I was kind of hoping they'd be able to focus their effort on finishing the game they released last year, but this might hinder that.
They will never finish the game. Bug fixes is all you can hope for.
Maybe with the source code out we will see an unofficial bugfix patch from the community, like Skyrim had.
When did they release the source code to Skyrim?
-
@Mason_Wheeler I guess some confusion. The unofficial Elder Scrolls patches are made with the official modding tools. But the official modding tools for Cyberpunk are, well, as buggy as the rest of the game, so...
-
@Mason_Wheeler said in CDPR gets Cyberpulled:
@Gąska said in CDPR gets Cyberpulled:
I've never seen an RPG so devoid of consequences of player's actions as Fallout 4.
Ever play Mass Effect 3?
Aside from the very end, ME3 is quite good about the consequences.
Major plot spoilers
In particular, I'm very impressed how well they handled the continuation from ME2 ending, where basically any of the old team members could be dead. Sure, there are substitute characters for the main plot where necessary, but no such luxury in side quests. Also, a lot of dialogues and cutscenes are changed appropriately. And the whole Citadel DLC is basically Consequences Boss Rush.Also, the various available romances all have some impact on the story, each in its own unique way. Not a major difference, but it feels really nice when the game acknowledges you have made choices.
-
@Mason_Wheeler said in CDPR gets Cyberpulled:
@Carnage said in CDPR gets Cyberpulled:
@Jaloopa said in CDPR gets Cyberpulled:
@Applied-Mediocrity said in CDPR gets Cyberpulled:
@Jaloopa said in CDPR gets Cyberpulled:
best selling
...is not really any kind of seal of quality, you know.
Every gamer is wrong except me. I alone know what makes a game "good" and you are an idiot if you disagree with me
Compared to previous installments in the series, fallout 3 is kinda shit.
At least it will actually run. I've never been able to get 1 or 2 to load, on any computer. I've tried multiple times over the years because I keep hearing good things about them, but they just won't run.
Have you tried GOG version? GOG releases special updated versions of old games that are (supposed to be) compatible with new systems.