[someperson]

A remote code execution exploit in GTA 5 Online should not a surprise to anybody who has played GTA 5 Online.

Cheaters have been rampant for many years, with people using apparently purchased cheat tools that allow them to choose to do server-side things like drop unlimited money and spawn vehicles anywhere, rapidly cycling through weather changes, and locking people permanently in cages.

But get on the bad side of a cheater and they can crash the games of people in the server they want to kick.

It's very sad, because despite the immense flaws of the game, the game play loop can be very engaging.

[formerly_proven]

The fact that there's so many different ways for mod menus to crash other players should have been a pretty obvious signal to infosec-aware people that there's almost certainly RCEs just waiting to be found. And even story mode being potentially impacted shouldn't come as a surprise, because previously there was the "FoG" (finger of god) series of exploits that allowed mod menu users to manipulate story mode sessions of other players, as long as they were connected to the internet.

[5e92cb50239222b]

Technically, the online game is a complete joke. I don't know if this still works, but a couple of years ago you could kick everyone from the server by simply pausing the main game process in Process Explorer for a few seconds (8-10 IIRC), and then unpausing it. Very handy when transporting stuff like cars that may be interesting to other players.

[bunnybender]

Yes it still works, but that is quite normal and fine, actually. The game's lobbies/sessions are based on peer-to-peer, so obviously when you cut connections to other players you will get to play by yourself (in other words, you are just "kicking" yourself out of the current session). Someone could join your "solo" session at any time, it just isn't very likely, as the game's services usually find more populated sessions for everyone.

Then again, nowadays you can play the game without restrictions in invite-only and friends sessions, too.

[tgsovlerkhgsel]

A RCE in any and all video games should not be a surprise to anyone who took a cursory look at software quality, complexity, and the constraints (and rush) that come with game development.

[giancarlostoro]

> Cheaters have been rampant for many years, with people using apparently purchased cheat tools that allow them to choose to do server-side things like drop unlimited money and spawn vehicles anywhere, rapidly cycling through weather changes, and locking people permanently in cages.

First I ever played with friends, we were driving down a highway, stopped by spikes that killed our tires, and someone spawned bags of money in front of us. I took a few million, logged out, and did not touch GTA till many years later. I remember I also bought cars and apartments with my friend, I figure we didnt have impossible amounts of money, so Rockstar would never ban us, sure enough, we were fine.

I played a year back with the same friend, but despite there being less hackers, I hate not being able to do gameplay more isolated to just friends, even if you lock out some missions.

[someperson]

You can create a private room with just friends by the way. The option is buried deep in the menus, but it is there.

[giancarlostoro]

Of course it is... Well, my friends have moved on, not worth the hassle. Thanks for the tip!

[autoexec]

I wouldn't have assumed that a cheater's ability to effect things on a game server would mean they could execute whatever code they wanted on my personal computer unless that server was running on my system.

Spawning money and vehicles sound like pretty harmless cheats you'd expect in a game like grand theft auto.

[mopsi]

I would assume it. If attacker can send my game arbitrary commands for execution without client side filtering out things like moving my character around (unless context allows it, eg waiting for a mission to start), there are good odds they can cause a buffer overrun and execute code directly too. Games usually aren't in memory-safe languages.

[doodlesdev]

Also remember this game is P2P, there is no saving that on PC, on consoles it works because it's a "safe" environment but on PC even with rootkit levels of anticheat you don't have control over the machine running the game and can't prevent it from messing things up

[Lendal]

I knew this was coming. GTA V is the game that finally caused me to quit PC online gaming entirely some years ago, and purchase a game console instead. I had to relearn everything, because I grew up on mouse/keyboard control and had never used a console controller before. (It's not that difficult, really.) The move was worth it. The amount of headaches caused by cheaters and hackers in PC gaming just isn't worth the time, money, aggravation and risk. User-created game mods aren't worth it. Building a faster rig than everyone else is interesting, but in the end wasn't worth it. My life is much easier & simpler now.

[Spastche]

this is like burning down your house and deciding to live in a tent because your roof is leaky. multiplayer console gaming is even buggier than it's PC gaming counterpart, or at least has been traditionally.

[BoorishBears]

I like how you left yourself an out with "or at least has been traditionally"... the 8th generation consoles came out a decade ago now and mostly put an end to widespread arbitrary code execution on consoles.

If there's anything that consoles absolutely blow PCs out of the water with, it's multiplayer gaming for that exact reason, and I say that as someone with a pretty serious gaming PC

[marcsj]

Really hoping that GTA 6 Online uses dedicated servers. It's not that expensive, and lets you have the option of being more authoritative with clients.

[dns_snek]

This is very likely, not to aid player experience but so that they can make even more money through grindy in-game currency and microtransactions.

[xcvbjbhvfgx]

not to mention the dozen shaddy EA extra apps you are forced to install just to be able to open the game. none to combat cheats but just abandoned attemps at lame game stores and desktop spammers