Apparent security flaw discovered in Ubisoft's uPlay

A

AmberClad

[H]ard|Gawd
Joined
Aug 19, 2005
Messages
1,062
EDIT: See Mas's post #13 for an update regarding patching this issue.

Couple of quick notes:
- this exists as a proof of concept for now -- it hasn't been used for malicious (i.e. rootkit) purposes yet
- YMMV as far as whether the demonstration website they set up to show the flaw will affect you (I tried it on Win 7 / Chrome / with Anno 2070 and Splinter Cell: Conviction installed, and the uPlay plugin did not activate)
- No evidence that it's an intentional backdoor left there, as opposed to simple oversight

Ubisoft "Uplay" DRM exposed as rootkit; dozens of popular games hacked

- Direct link to the test script
- Link to RPS commentary article
 
Last edited:
Right now it's just a POC, but man oh man, haven't these companies learned from the Sony debacle?
 
The first time I ran UPlay, it felt like it wasn't polished enough to me due to little issues I saw (lack of error messages for one; couldn't figure out why I couldn't register for an account and I think it turned out to be that UPlay accounts weren't allowed to have symbols in the password or something. Once I removed those it worked)... Guess that was more accurate than I thought.
 
TheWeazmeister said:
Right now it's just a POC, but man oh man, haven't these companies learned from the Sony debacle?
Click to expand...

If you click the test script in the OP and have UPLAY installed it will launch calculator on your PC. You can swap out calculator for Format C: if you like. :)
 
Is it possible to play games like Assassin's Creed or Driver without it?
 
AmberClad said:
Are you talking about legitimately? Or...;)
Click to expand...

I have them on Steam - but I certainly bought them. I'm annoyed enough to have both Steam and uPlay running for one game. If there's a security hole in uPlay, I'm willing to avoid it. I'm assuming an alternate exe (I don't want this to break any forum rules) would bypass uPlay, yes?
 
Maybe this will be enough for Valve to finally come down hard on Ubisoft and other publishers and ban their 3rd party DRM schemes from Steam. They've done it for 3rd party DLC stores to support their own interests, let's hope they take a similar stand against outside DRM to protect their customers' interests.
 
CEpeep said:
Maybe this will be enough for Valve to finally come down hard on Ubisoft and other publishers and ban their 3rd party DRM schemes from Steam. They've done it for 3rd party DLC stores to support their own interests, let's hope they take a similar stand against outside DRM to protect their customers' interests.
Click to expand...


I couldn't agree more. If a game is already on Steam, for example, that's all the DRM that's required and then some.
 
Domingo said:
I'm assuming an alternate exe (I don't want this to break any forum rules) would bypass uPlay, yes?
Click to expand...

Not necessarily. I'm not sure about uPlay but a lot of the time these "alternate exes" will still run the services, just in some sort of offline mode.
 
MavericK96 said:
Not necessarily. I'm not sure about uPlay but a lot of the time these "alternate exes" will still run the services, just in some sort of offline mode.
Click to expand...

I thought one of the fixes was intended to not simulate the service, but the stop the requirement of a service.


I must say, "Alternate exe" must be legit and ethical if you already bought the product.
 
Ubisoft begged for this and more when they started running off at the mouth. Call it a giant bullseye.
 
Organizations that don't know how to write secure applications shouldn't be writing applications that require network access. Simple as that.
 
I like Wings of Prey. Nice little basic, entry level flight sim. But Uplay prevents me from enjoying it. Just logging on is a chore, getting it to allow me to join the MP lobby is very difficult. :(

Hopefully this will get dumped, or at least improved upon soon.
 
Flogger23m said:
I like Wings of Prey. Nice little basic, entry level flight sim. But Uplay prevents me from enjoying it. Just logging on is a chore, getting it to allow me to join the MP lobby is very difficult. :(

Hopefully this will get dumped, or at least improved upon soon.
Click to expand...
That's actually "YouPlay", not "uPlay". No relation other than a similar name. It's made by Gaijin and is only used for a single game that I'm aware of.

I agree that YouPlay is very annoying as well, especially since they insisted that patches go through that instead of Steam-update. It also does not close by default when you exit Wings of Prey.
 
AmberClad said:
That's actually "YouPlay", not "uPlay". No relation other than a similar name. It's made by Gaijin and is only used for a single game that I'm aware of.

I agree that YouPlay is very annoying as well, especially since they insisted that patches go through that instead of Steam-update. It also does not close by default when you exit Wings of Prey.
Click to expand...

It's actually YuPlay & they use it for more than just 1 game.
 
Q-BZ said:
I couldn't agree more. If a game is already on Steam, for example, that's all the DRM that's required and then some.
Click to expand...

It's integrated into the game. Just like how steamworks titles have it integrated. Yet its okay for Valve to do it? But not other companies? And steam isn't the only place where they sell Ubisoft games.

It amazes me how people just ignore the fact that both companies do the same thing. Just to defend there baby Steam.
 
Dion said:
It's integrated into the game. Just like how steamworks titles have it integrated. Yet its okay for Valve to do it? But not other companies? And steam isn't the only place where they sell Ubisoft games.

It amazes me how people just ignore the fact that both companies do the same thing. Just to defend there baby Steam.
Click to expand...

When uPlay offers me the same level of organization, convenience, and functionality as Steam, then I'll stop complaining. Until then... :rolleyes:
 
Dion said:
It's integrated into the game. Just like how steamworks titles have it integrated. Yet its okay for Valve to do it? But not other companies? And steam isn't the only place where they sell Ubisoft games.

It amazes me how people just ignore the fact that both companies do the same thing. Just to defend there baby Steam.
Click to expand...
Way to miss the point. Steam/Valve per se is irrelevant -- it could be any platform or company. The complaint pertains to layered DRM ; it is redundant and more often than not intrusive.
 
_PixelNinja said:
Way to miss the point. Steam/Valve per se is irrelevant -- it could be any platform or company. The complaint pertains to layered DRM ; it is redundant and more often than not intrusive.
Click to expand...

This. Games bought through Origin have Origin DRM. Games bought through Steam have Steam DRM. It's fine if games purchased through uPlay have uPlay DRM, but it's not acceptable to force uPlay DRM on games purchased through another marketplace. It's like buying an Xbox game and finding out you have to register for the Playstation Network in order to play it.
 
AmberClad said:
That's actually "YouPlay", not "uPlay". No relation other than a similar name. It's made by Gaijin and is only used for a single game that I'm aware of.

I agree that YouPlay is very annoying as well, especially since they insisted that patches go through that instead of Steam-update. It also does not close by default when you exit Wings of Prey.
Click to expand...

That is confusing indeed. HAWX uses "uPlay" I believe. Both YouPlay and uPlay give me plenty of issues. HAWX was working fine when I tried it, and now it CTDs at start up even after a reinstall. The game (non-Steam version) ran fine in the past for me. Not sure if it is a uPlay, HAWX, or Steam issue.

I wish Valve would let companies sell expansions in game (like DCS World). At the sametime, I would like for Valve to ensure that no future Steam title has another crappy Steam/Origin like program that must be run in addition to Steam.
 
You must log in or register to reply here.
Back
Top