Bliblablubb
Arcane
But... it requires savescumming. How would you savescum in a multiplayer game?
IIRC in TW3 you just had to turn around to reroll, but here you need to reload AFAIK.
-
Welcome to rpgcodex.net, a site dedicated to discussing computer based role-playing games in a free and open fashion. We're less strict than other forums, but please refer to the rules.
"This message is awaiting moderator approval": All new users must pass through our moderation queue before they will be able to post normally. Until your account has "passed" your posts will only be visible to yourself (and moderators) until they are approved. Give us a week to get around to approving / deleting / ignoring your mundane opinion on crap before hassling us about it. Once you have passed the moderation period (think of it as a test), you will be able to post normally, just like all the other retards.
CD Projekt's Cyberpunk 2077 Update 2.0 + Phantom Liberty Expansion Thread
- Thread starter Sam Ecorners
- Start date
IIRC in TW3 you just had to turn around to reroll, but here you need to reload AFAIK.
typical user
Arbiter
- Joined
- Nov 30, 2015
- Messages
- 957
Farming quests. Look at Destiny or The Division.
Bliblablubb
Arcane
Isn't repeating the same encounter over and over to get phatt lewt a defining characteristic of those games?
Serious_Business
Best Poster on the Codex
Fucking hell man
Fenix
Arcane
Well, this is a game I can skip, I'm not giving CDPR more incentives to release half baked shit. What to anticipate next, Bloodlines 2? Never mind, let me know when this diversity hiring fad is over and commies swing at the end of ropes.
- Joined
- Jun 28, 2017
- Messages
- 28,111
The game isn't hard enough to warrant the need for minmaxing equipment..
CanadianCorndog
Learned
- Joined
- Feb 2, 2021
- Messages
- 148
I enjoy watching people stream this game and constantly complain about how it is broken. It's a sick relationship.
KeighnMcDeath
RPG Codex Boomer
- Joined
- Nov 23, 2016
- Messages
- 13,062
Seeing some dildo wielding cyber ninja is disturbing.... good lord no!
JustMyOnion
Educated
- Joined
- Jul 3, 2015
- Messages
- 97
It will basically be Fallout 76.They care that much, because they planing to use this code again for multiplayer version.I am always deeply suspicious of SINGLE player games that put FAR too much effort into preventing such things.
Like the patch notes stating that preventing people from savescumming to reroll loot is a priority.
Seriously if CDPR's hubris makes them think those are the game's most glaring problems, they have a lot bigger problems than we thought....
I for one am looking forward to the patch that completely changes the stats of all guns, because some dev was triggered people weren't using HIS favorite guns.
A first multiplayer game in history of studio, from devs who created such mess of a code as Cyberpunk2077...
Well it would be hilariously to watch.
typical user
Arbiter
- Joined
- Nov 30, 2015
- Messages
- 957
It will basically be Fallout 76.They care that much, because they planing to use this code again for multiplayer version.I am always deeply suspicious of SINGLE player games that put FAR too much effort into preventing such things.
Like the patch notes stating that preventing people from savescumming to reroll loot is a priority.
Seriously if CDPR's hubris makes them think those are the game's most glaring problems, they have a lot bigger problems than we thought....
I for one am looking forward to the patch that completely changes the stats of all guns, because some dev was triggered people weren't using HIS favorite guns.
A first multiplayer game in history of studio, from devs who created such mess of a code as Cyberpunk2077...
Well it would be hilariously to watch.
I doubt it. After this shitshow people will be posting warnings over their tweets, YT trailers, every article or on their official subreddits warning anyone remotely interested that multiplayer will be subpar experience or complete disaster like single-player.
Fallout 76 wasn't a huge surprise to anyone familiar with past games from Bethesda and their laughable support. It's just people didn't expect them to ask for apology letters explaining how people were able to cheat to get unbanned, sell merch with fake adverts showing different products, refunding a fraction of money by handing over in-game currency or introducing paid-subscription to a broken, empty game. CDPR so far has only issued an official statement regarding PS4 and Xbox One performance or bugs which backfired at them almost instantly. Also Cyberpunk 2077 has drawn different audience, people who wanted to play more challenging games with lasting outcomes than your next walking simulator from Todd.
Last edited:
racofer
Thread Incliner
https://www.eurogamer.net/articles/...ods-and-custom-saves-after-exploit-discovered
Cyberpunk hacking is so realistic it can actually hack you. You cannot make this shit up
Cyberpunk hacking is so realistic it can actually hack you. You cannot make this shit up
JustMyOnion
Educated
- Joined
- Jul 3, 2015
- Messages
- 97
On one hand: I doubt most games have super secure savegame loading mechanisms. Aren't they one of the typical means for console jailbreaks?
On the other hand: Buffer overflows in 2021 are a sure sign of horrendous coding practices.
On the other hand: Buffer overflows in 2021 are a sure sign of horrendous coding practices.
racofer
Thread Incliner
It gets better:
https://forums.cdprojektred.com/index.php?threads/important-pc-version-vulnerability.11078852/
The vulnerability was discovered a little while ago but only now CDPR acknowledges it, by shifting blame to modders. Whatever happened to Marcin Iwiński "owning up to their mistakes". Apparently, something happened over at the Geforce Now platform where this vulnerability was used to gain privileged access, so expect more to come out of this.
Here is a summary about the vulnerability:
https://github.com/PixelRick/CyberpunkSaveEditor/blob/main/README.md
https://forums.cdprojektred.com/index.php?threads/important-pc-version-vulnerability.11078852/
The vulnerability was discovered a little while ago but only now CDPR acknowledges it, by shifting blame to modders. Whatever happened to Marcin Iwiński "owning up to their mistakes". Apparently, something happened over at the Geforce Now platform where this vulnerability was used to gain privileged access, so expect more to come out of this.
Here is a summary about the vulnerability:
https://github.com/PixelRick/CyberpunkSaveEditor/blob/main/README.md
A quick summary about the vulnerability I found in the game
The vulnerability impacts DATA files. A buffer overflow can be triggered in the game when it loads those files. The reason is that the game uses a buffer of 512 bytes to serialize a maximum of 512 wide-characters for identifier strings, and that is 1024 bytes (a wide-character is 2 bytes). This buffer overflow can be exploited with the help of a second vulnerability that is a third-party library that the game uses: xinput1_3.dll. This dynamic library is not relocatable and thus is a direct bypass for a security feature called ASLR (Address Space Layour Randomization). Also, this library is enough to build a ROP-chain to bypass DEP (Data Execution Prevention) in order to execute code that has been inlined in the overflowed buffer. (This ROP-chain won't be disclosed any time soon as it represents a risk not only for CP77 but for every piece of software using it..)
I chose to work on the most scary scenario that is code hidden in harmless-looking save files. When the game does read this file it uses a specific reader object that I use in the shellcode to read more after the 1024 bytes string and thus load an even bigger shellcode.. this second shellcode does different things: it hides the exploit from the file reader so that it can load the original save file afterwards; it reads a payload dll and manually maps it; it repairs the stack to be able to call load_save again; it repairs other things i won't disclose here; it does a copy of the exploit in memory; it hooks the file writing method to be able to inject the exploit in future save files when the game does save or auto-save.. At this point it is what we could call a virus-dropper worm that would use save files sharing to spread. Don't worry though, the only version I shared with trustworthy people is one that crashes the game and has no worm capabilities at all. But it is possible someone else found it earlier and kept the information secret, and that's why cdpr relayed the warning to the community.
This is a shared responsiblity between CDPR for the buffer overflow and Microsoft for not providing a safe backward compatible version of xinput to companies in need. CDPR did fix the buffer overflow internally, and this fix is expected to arrive with one of the next two patches.
Thanks to yamashi who is currently protecting people from this exploit by patching the first vulnerability dynamically with his mod https://github.com/yamashi/CyberEngineTweaks/ that is used by many.
Please mind that it is only about data files. Once the vulnerability is patched, only data files will be safe to use again (texture, model mods, saves, etc..), whereas executable mods will remain potentially dangerous and will always be (so at least check their authors and comments about them first).
There wasn't any bug bounty program so I received peanuts for the discovery.
If you wish to thank me for it, I wouldn't be against being offered a cyberpunk t-shirt
Gargaune
Magister
- Joined
- Mar 12, 2020
- Messages
- 3,213
What a circus. "MODS WILLIt gets better:
https://forums.cdprojektred.com/index.php?threads/important-pc-version-vulnerability.11078852/
The vulnerability was discovered a little while ago but only now CDPR acknowledges it, by shifting blame to modders. Whatever happened to Marcin Iwiński "owning up to their mistakes". Apparently, something happened over at the Geforce Now platform where this vulnerability was used to gain privileged access, so expect more to come out of this.
Here is a summary about the vulnerability:
https://github.com/PixelRick/CyberpunkSaveEditor/blob/main/README.md
A quick summary about the vulnerability I found in the game
The vulnerability impacts DATA files. A buffer overflow can be triggered in the game when it loads those files. The reason is that the game uses a buffer of 512 bytes to serialize a maximum of 512 wide-characters for identifier strings, and that is 1024 bytes (a wide-character is 2 bytes). This buffer overflow can be exploited with the help of a second vulnerability that is a third-party library that the game uses: xinput1_3.dll. This dynamic library is not relocatable and thus is a direct bypass for a security feature called ASLR (Address Space Layour Randomization). Also, this library is enough to build a ROP-chain to bypass DEP (Data Execution Prevention) in order to execute code that has been inlined in the overflowed buffer. (This ROP-chain won't be disclosed any time soon as it represents a risk not only for CP77 but for every piece of software using it..)
I chose to work on the most scary scenario that is code hidden in harmless-looking save files. When the game does read this file it uses a specific reader object that I use in the shellcode to read more after the 1024 bytes string and thus load an even bigger shellcode.. this second shellcode does different things: it hides the exploit from the file reader so that it can load the original save file afterwards; it reads a payload dll and manually maps it; it repairs the stack to be able to call load_save again; it repairs other things i won't disclose here; it does a copy of the exploit in memory; it hooks the file writing method to be able to inject the exploit in future save files when the game does save or auto-save.. At this point it is what we could call a virus-dropper worm that would use save files sharing to spread. Don't worry though, the only version I shared with trustworthy people is one that crashes the game and has no worm capabilities at all. But it is possible someone else found it earlier and kept the information secret, and that's why cdpr relayed the warning to the community.
This is a shared responsiblity between CDPR for the buffer overflow and Microsoft for not providing a safe backward compatible version of xinput to companies in need. CDPR did fix the buffer overflow internally, and this fix is expected to arrive with one of the next two patches.
Thanks to yamashi who is currently protecting people from this exploit by patching the first vulnerability dynamically with his mod https://github.com/yamashi/CyberEngineTweaks/ that is used by many.
Please mind that it is only about data files. Once the vulnerability is patched, only data files will be safe to use again (texture, model mods, saves, etc..), whereas executable mods will remain potentially dangerous and will always be (so at least check their authors and comments about them first).
There wasn't any bug bounty program so I received peanuts for the discovery.
If you wish to thank me for it, I wouldn't be against being offered a cyberpunk t-shirt
DeepOcean
Arcane
- Joined
- Nov 8, 2012
- Messages
- 7,395
Also, modders discovered that most clothing mods and some cyberware dont apply their effect and every single ultimate perk in the game break on reload, yes, this after the latest patch, they still didnt fix it. Yeah boys, so much for that "The PC version is perfect, we are only having problems with consoles." that Marcin was bullshiting about.
racofer
Thread Incliner
- Joined
- Mar 25, 2012
- Messages
- 2,233
Nah, it is extremely common in games to assume all data are valid, after all they're not made with security in mind. Exception being online games (and engines like unity/unreal that are often used for online games), but when it comes to singleplayer games - especially those using custom engines - you can crash a lot of them by inserting random bytes in savegames, data files, etc.
But TBH this is the case with any data file or program, downloading random crap from the Internet can harm your computer - just because it doesn't have an .exe extension it doesn't mean it is safe. I think people are overblowing this.
Myobi
Liturgist
- Joined
- Feb 26, 2016
- Messages
- 1,394
Bliblablubb
Arcane
Turns out I might have been blaming the game for a violent bug that might have not (entirely) been his fault after all. 
As I said before, my game liked to crash repeatedly on startup during the title cards for... reasons.
I had read about people having similar problems thanks to galaxy overlays, but since I am not using it, I dismissed that.
But, it brought mysuspishuns suspicions about the radeon bloatware back up. So, I made a new clean install of all drivers and fired it up again, FOR SCIENCE.
Lo and behold, no crashes anymore. Where it would crash, I now get... a tiny "press alt-r for options" overlay.
What. The. Fuck.
How can the failure to display that lead to violent crashes up to bluescreens?
But, I am not beyond admitting if I was wrong, so: Sorry game. Probably.
As I said before, my game liked to crash repeatedly on startup during the title cards for... reasons.
I had read about people having similar problems thanks to galaxy overlays, but since I am not using it, I dismissed that.
But, it brought my
Lo and behold, no crashes anymore. Where it would crash, I now get... a tiny "press alt-r for options" overlay.
What. The. Fuck.
How can the failure to display that lead to violent crashes up to bluescreens?
But, I am not beyond admitting if I was wrong, so: Sorry game. Probably.
According to this, CP77 has had 2 million copies refunded: https://youtu.be/hNYIe7Aj2zw
As an Amazon Associate, rpgcodex.net earns from qualifying purchases.