Ubisoft browser plugin DRM--uPlay (pre 2.0.4)--has backdoor - Page 2

Big-Al · 3rd Aug 2012, 12:42 AM

https://addons.mozilla.org/en-US/firefox/blocked/p113

FireSlash · 5th Aug 2012, 05:51 PM

I feel I should probably point out that what ubisoft has installed here isn't a backdoor. The bug isn't even related to DRM beyond the fact that the addon itself is packaged with their DRM.

It's really just a common programmer mistake on a piece of code that probably should have been reviewed a few more times before shipping.

U-play installs a browser addon that allows them to produce clickable links to launch uplay. The idea here was probably to help aid support and integrate better with their website by allowing you to click a link that might, for example, connect you to a server, or launch a game. Similar to how the steam:// url scheme works but implemented as a browser addon instead.

The problem is that the programmer who wrote this little bit of code forgot to scrub the input for malicious input. As a result, someone figured out how to embed other launch commands into the scheme that will fire off raw. Basically it allows a website to run program. This obviously becomes problematic when you start command chaining to produce solutions like "download this file, then run it, then i just pwnd you".

So while you may hate Ubisoft, Uplay, or whatever for introducing this security flaw, It's kind of annoying to see people crucifying them for installing a backdoor when they didn't. It should also be pointed out that Ubi had a fix out the same day the story broke.

*Sir_Brizz* · 5th Aug 2012, 06:52 PM

Quote:

Originally Posted by FireSlash

It should also be pointed out that Ubi had a fix out the same day the story broke.

Within 6 hours, actually, which is rather quick for them.

rejecht · 9th Aug 2012, 11:01 AM

Quote:

Originally Posted by FireSlash

The problem is that the programmer who wrote this little bit of code forgot to scrub the input for malicious input.

Was it you? :>

It wasn't a backdoor by design, but by function. "Backdoor" would probably be more correctly used in a context where we're talking about malicious software, but it's just a quickpost as a heads up. Add to that I don't own any Ubisoft titles because I don't own any Ubisoft titles. In retrospect I'd change the subject to something like "PC vs Console (Was: Ubisoft uPlay bug opens computer to interwebs)."

FireSlash · 10th Aug 2012, 12:57 AM

Quote:

Originally Posted by rejecht

Was it you? :>

No, this is my claim to bug fame.

*Sir_Brizz* · 10th Aug 2012, 10:23 AM

Quote:

Originally Posted by FireSlash

No, this is my claim to bug fame.

Wait... you work for Valve on Steam?

Capt.Toilet · 10th Aug 2012, 12:35 PM

If Fireslash does then I shall say this. Brizz gets games for free so I want games for free. Free games for me = yay. Get on it.

FireSlash · 10th Aug 2012, 09:55 PM

Quote:

Originally Posted by Capt.Toilet

If Fireslash does then I shall say this. Brizz gets games for free so I want games for free. Free games for me = yay. Get on it.

No.

rejecht · 11th Aug 2012, 06:27 AM

I could hear Sir Brizz's eyes salivating all the way from Norway.

Programming is still a multi-contextual experience. Logical glitches are simply not avoidable. Add to that, some logical glitches come with a higher public multiplication factor than others. (I still remember Service Pack 6 (SP6) for Windows NT 4.0--after a reboot, the TCP/IP stack would stop working, thus was born SP6a.)

3rd Aug 2012, 12:42 AM	#21
Big-Al amateur de bière Join Date: Jun. 14th, 2003 Location: Under a black flag. Posts: 7,631	https://addons.mozilla.org/en-US/firefox/blocked/p113 __________________ I drink moosepiss

5th Aug 2012, 05:51 PM	#22
FireSlash Whats a FireSlash? Join Date: Feb. 3rd, 2001 Location: Central Ohio Posts: 4,300	I feel I should probably point out that what ubisoft has installed here isn't a backdoor. The bug isn't even related to DRM beyond the fact that the addon itself is packaged with their DRM. It's really just a common programmer mistake on a piece of code that probably should have been reviewed a few more times before shipping. U-play installs a browser addon that allows them to produce clickable links to launch uplay. The idea here was probably to help aid support and integrate better with their website by allowing you to click a link that might, for example, connect you to a server, or launch a game. Similar to how the steam:// url scheme works but implemented as a browser addon instead. The problem is that the programmer who wrote this little bit of code forgot to scrub the input for malicious input. As a result, someone figured out how to embed other launch commands into the scheme that will fire off raw. Basically it allows a website to run program. This obviously becomes problematic when you start command chaining to produce solutions like "download this file, then run it, then i just pwnd you". So while you may hate Ubisoft, Uplay, or whatever for introducing this security flaw, It's kind of annoying to see people crucifying them for installing a backdoor when they didn't. It should also be pointed out that Ubi had a fix out the same day the story broke. __________________ Theory is when you know everything and nothing works. Practice is when things work, and no one knows why. Here we combine theory and practice. Nothing works and no one knows why.

11th Aug 2012, 06:27 AM	#29
rejecht Attention Micronians Join Date: Jun. 15th, 2009 Location: .no Posts: 428	I could hear Sir Brizz's eyes salivating all the way from Norway. Programming is still a multi-contextual experience. Logical glitches are simply not avoidable. Add to that, some logical glitches come with a higher public multiplication factor than others. (I still remember Service Pack 6 (SP6) for Windows NT 4.0--after a reboot, the TCP/IP stack would stop working, thus was born SP6a.) __________________ When all else fails, post on forums with fellow zombies.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode