Ubisoft uPlay Launcher Exploit Strips DRM From All Publisher's Games

from the oopsie dept

Ubisoft's history of DRM use has been...interesting. One could nearly write an entire book on how to fail at DRM using nothing but examples from the company. DRM that allows hackers to take control of gamers' machines. DRM punishing only paying customers when Ubisoft decides to move their servers. DRM that is, seriously, comprised of f$#%ing vuvuzelas. What you'll notice as a trend in these examples, however, is that at least Ubisoft was content to punish only their own customers or themselves, depending on the situation.

Not so, any longer. Their uPlay client for PCs was built so poorly that a simple tool developed by hackers can fool the client into thinking users already own copies of games, allowing for completely DRM-free versions of games from other publishers to be downloaded for free from their platform. As an apparent sign of solidarity by Ubisoft, they also managed to offer up their own unreleased game via the exploit as well.

The vulnerability is allegedly present in the uPlay launcher, which when exploited gives DRM free access to gaming titles from almost all game publishers including the likes of EA Games and Square Nix. Far Cry 3: Blood Dragon, which hasn’t been released yet, is lying on Ubisoft servers which hackers have downloaded. As a proof of the exploit, hackers even posted an 1 hour 30 mins long footage of the game.
Typically, when one does something over a long period of time, one gets better at it. Ubisoft appears to be an anomaly in this respect, going so far backwards on the practice of DRM that even their own client software can strip it out with but a little assistance from hackers. Nevermind how stupid and useless DRM is to begin with; now publishers can't even trust the software that is supposed to deliver it. With enemies of DRM hidden everywhere, even in inanimate software, perhaps it's time to give it up entirely.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: drm, failures, uplay, video games
Companies: ubisoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 10 Apr 2013 @ 5:01am

    Typically, when one does something over a long period of time, one gets better at it. Ubisoft appears to be an anomaly in this respect, going so far backwards on the practice of DRM that even their own client software can strip it out with but a little assistance from hackers.

    I think they are not going backwards. Removing something that takes valwe away from your games and annoys paying customers seems like they are doing it spectacularly right. [sarcasm] Maybe I'll start buying their titles now that they've gone DRM free? [/sarcasm]

    Now... Why the heck do you have EA and Square games available via UBISOFT system?

    Also, considering Square has been failing regularly in listening to their customers (FFIV fail anyone?), EA are a bunch of morons (Sim City 5) and Ubisoft themselves are clowns (erm...) does that make uplay some sort of Fail League of Justice?

    link to this | view in thread ]

  2. icon
    Akari Mizunashi (profile), 10 Apr 2013 @ 6:02am

    Great, all this hack means is there's going to be bigger push for digital-only "ownership" and always-on internet connections by developers to console makers.

    It's bad enough rumors already about Microsoft's next console will require an internet connection, but if developers don't feel confident in releasing games (even if all evidence to piracy can be debunked), it's not going to matter.

    Console makers need software developers, so it's not going to be surprising to find out Ubisoft's on the phone with Microsoft at this moment.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 10 Apr 2013 @ 6:08am

    Aw, misleading title Tim. :(

    I thought when reading it at first you met Ubisoft released a patch to uPlay that purposely strips the DRM from all their games.

    Back to hating Ubisoft again.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 10 Apr 2013 @ 6:13am

    Re:

    That's being phased out throughout this year, which means that some games are still going to have that.

    link to this | view in thread ]

  5. icon
    Ninja (profile), 10 Apr 2013 @ 6:15am

    Re:

    Always-on DRM may seem awesome but it'll inevitably backlash in many ways. If you have to pay a subscription to use the services there are only that much services people will subscribe simultaneously before closing down to new entrants (considering they'll not just hop between them reducing the revenue even more). Then there's games that require only a one-time payment but then who is paying for the server expenses? And what about when the servers go down? Many are not willing to pay for such bs (at least among those who I know). Then you have pseudo-free games that rely on micro DLC (or extra online-only content). But they still rely on servers and will need to be very compelling to make people pay.

    Personally always-on has become a very high barrier preventing me from buying if it's not mandatory (ie: mmorpgs like World of Warcraft though I do believe any of those mmo could make an offline version for you to enjoy if they wanted. And even then with so many free alternatives all around I'm becoming less and less inclined. Meanwhile my offline old games are still being the joys of my life.

    I hope next console generation isn't as screwed up as it seems it's going to be.

    link to this | view in thread ]

  6. icon
    charliebrown (profile), 10 Apr 2013 @ 6:19am

    Can I?

    Can I now play SimCity with no DRM? Sorry, no non-DRM?

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 10 Apr 2013 @ 6:30am

    Re:

    "Now... Why the heck do you have EA and Square games available via UBISOFT system?"

    If my memory doesn't fail me (it might very well) there were a deal between EA and Ubisoft not long ago where ubisoft joined EA in "Fuck steam, let's not release our new games there and let's keep our old game at 50euro even tho we only sell them for 20euro on our own system". That and cross releases - basically gamers can buy games from either company on either service.

    This is a good thing tho, makes it easier to boycot them both as neither of their new games show up on steam :)

    link to this | view in thread ]

  8. icon
    Akari Mizunashi (profile), 10 Apr 2013 @ 6:33am

    Re: Re:

    Sadly, this looks to be the future of software. Unless the majority speak up against it (and don't buy the products using it), it's pretty much inevitable.

    Look at the people who paid for SimCity and the resulting attitude by an EA executive because of it.

    Think Microsoft will be any different?

    link to this | view in thread ]

  9. icon
    Rikuo (profile), 10 Apr 2013 @ 6:49am

    Re: Re:

    Which is why I don't subscribe to the premium membership options of either the Xbox 360 or the PS3

    Xbox: Most of the services I could potentially want (like say Netflix) are locked behind a paywall, in addition to their own fees. Heck, even the freaking Internet Explorer is restricted to Live Gold.

    PSN+: Looked at it, and its good for getting some games cheap or for free...until you realize that the moment your subscription lapses, you're locked out of your games.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 10 Apr 2013 @ 7:09am

    Re:

    Ubisoft's uplay drm IS always-online, unless they hacked that part of it too. So that doesn't appear to be helping them here.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 10 Apr 2013 @ 7:18am

    My favorite comment on Reddit about the release of Far Cry 3: Blood Dragon was "Ubisoft announces that nothing of value was taken."

    link to this | view in thread ]

  12. icon
    Rikuo (profile), 10 Apr 2013 @ 7:31am

    Re:

    Please please please please tell me that was an official comment! I burst into laughter upon reading that. That's it, first word for you!

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 10 Apr 2013 @ 8:13am

    Re: Re:

    Actually, this was a Slashdot comment, quoted below:


    The only thing to really say is.

    "And nothing of value was lost."


    so it wasn't an official statement.

    link to this | view in thread ]

  14. icon
    gorehound (profile), 10 Apr 2013 @ 8:13am

    Dirty Rotten Media is not in my home ! I won't Support it and will do all I can against it.

    link to this | view in thread ]

  15. identicon
    Michael, 10 Apr 2013 @ 8:19am

    uPlay launcher

    So what you are saying is that the uPlay launcher is a tool for circumventing DRM.

    We need to put a stop to companies creating such tools. Promoting this kind of pirate activity is causing the destruction of the gaming industry! They should be sued out of existence for producing such a tool of piracy! It does not matter that this tool could be used for legitimate purposes, the fact that it is clearly being used for such illegal activity makes Ubisoft a clear conspirator in these activities and they should be punished.

    link to this | view in thread ]

  16. icon
    Rikuo (profile), 10 Apr 2013 @ 8:33am

    Re: uPlay launcher

    Good angle. It clearly violates the anti-circumvention clause of the DMCA. However, since this is a major multinational, nothing will happen to them. They can just go "Oops, my bad" and patch it.
    Whereas if this were someone else, they'd get the book thrown at them.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 10 Apr 2013 @ 8:35am

    Thay should have done like EA and told everyone even though it's DRM it's really not DRM.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 10 Apr 2013 @ 8:36am

    Re:

    They* derp

    link to this | view in thread ]

  19. identicon
    vastrightwing, 10 Apr 2013 @ 8:42am

    Re: uPlay launcher

    I see what you did here. You're basically saying Ubisoft purposely built this "DRM" in order to appease the industry. But the real purpose was to crack open the DRM so that everyone could infringe.

    Then by infringing, Ubisoft can now sue everyone under the DMCA law and make even more money than by selling the game with no DRM.

    Did I get that right? Brilliant!

    link to this | view in thread ]

  20. icon
    Mason Wheeler (profile), 10 Apr 2013 @ 9:42am

    DRM that allows hackers to take control of gamers' machines.

    Isn't that all DRM everywhere? When you get down to it, the fundamental point of DRM is to transfer basic control over the functionality of the machine from the machine's owner to a remote programmer, to make it do what the DRM author wants instead of what the owner wants. If that's not an act of hacking, I don't know what is.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 10 Apr 2013 @ 10:11am

    Re: Re: Re:

    I already have my next-gen console in GoG.com

    link to this | view in thread ]

  22. icon
    John Fenderson (profile), 10 Apr 2013 @ 10:57am

    Re:

    Strictly speaking, no. DRM and computer intrusion are distinct things that have some overlap in the Venn diagram.

    For example, always-connected DRM that introduces a functional dependency on a remote server for the game to operate is DRM, but is not "hacking" by any definition -- nobody is directing the operation of your computer except you. The game just won't work unless you direct your computer to connect to the internet.

    link to this | view in thread ]

  23. icon
    Uriel-238 (profile), 10 Apr 2013 @ 12:39pm

    Re: Re: Persistent Online Connection

    Ubisoft's uplay drm IS always-online, unless they hacked that part of it too. So that doesn't appear to be helping them here.

    Only with specific titles. It wants you to activate on first launch of the game but otherwise you can play offline. At least so it was with me and Driver SF (granted this is AFTER they updated-out the POC requirement.)

    There was a time before when UPlay created a web-vulnerability on systems that had it installed. Perhaps this is compensation for that.

    link to this | view in thread ]

  24. icon
    Mason Wheeler (profile), 10 Apr 2013 @ 2:30pm

    Re: Re:

    For example, always-connected DRM that introduces a functional dependency on a remote server for the game to operate is DRM, but is not "hacking" by any definition -- nobody is directing the operation of your computer except you.


    I wouldn't say that. Just look at the most recent example of always-connected DRM: the new SimCity. It does not "introduce a functional dependency;" it actively breaks the whole system. It has been shown by a few modders that no real "functional dependency" exists; the game is perfectly capable of playing with no internet connection.

    The only thing that the DRM does is take control of the system away from you by making you unable to run the program without complying with requirements that do nothing except satisfy the DRM. This is holding your game, that you paid for with your own money, hostage. This is an act of hacking, period.

    link to this | view in thread ]

  25. icon
    Uriel-238 (profile), 10 Apr 2013 @ 2:53pm

    Not exactly Hacking.

    A persistent online connection requirement (not intrinsic to the software, such as a webbrowser) such as the one for Sim City 5 wouldn't be considered hacking since EA is the establishment.

    If it was data-mining your computer surreptitiously, then that may be qualified as hacking, certainly malware. Probably criminal or at least litigable.

    DRM that requires a persistent online connection is definitely unethical, and possibly actionable if you have the backing to make a case. But regarded as hacking on its own? No.

    link to this | view in thread ]

  26. icon
    Uriel-238 (profile), 10 Apr 2013 @ 2:54pm

    Re: Not exactly Hacking.

    apologies to all re: my horrendous sentence structure.

    link to this | view in thread ]

  27. icon
    Uriel-238 (profile), 10 Apr 2013 @ 3:02pm

    Oh, and...

    Allowing software companies to make it so that their releases are dependent on the well being of the company is (and has always been) unethical and dangerous to consumers.

    I warned everyone this was a bad idea when we were having to activate our copies of Windows XP and now, when XBOX Live can block your box for any reason without explanation, and EA:Origins commonly revokes entire accounts full of games for minor infractions (e.g. speaking unwisely on non-Origin forums) we're now in an era where the norm is that consumers have no respected rights.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 10 Apr 2013 @ 10:00pm

    Re: Re:

    The pirated copy of the original FarCry 3 uses a server emulator to bypass it, wouldn't suprise me if they just didn't adapt that one to function the same. Or maybe the hack, as you said, allows them a drm-free version.

    link to this | view in thread ]

  29. identicon
    AbbaDabba, 19 Apr 2013 @ 11:32am

    Win for ME

    I filed a complaint with PayPal for the purchase of the non-functioning SimCity and WON. They refunded my money. All I had to do was cite company officials who 1) admitted they created a mess, 2) admitted their game did not function on release and 3) offered compensation for those who purchased in the form of a free game. Apparently, they couldn't argue with that logic and gave me my money back.

    What a debacle for EA. I had purchased quite a few EA games at full price in the past, but they will NEVER get a penny from me again. Way to go, EA! Destroy your loyal fan base. Who are you going to sell to when we're all gone?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.