Elden Ring has been hacked. Maybe that comes as no surprise, considering Souls games often have copious issues with game-breaking exploits. But this is no ordinary hack. No, Elden Ring is just the latest FromSoft game to be targeted by a notorious Souls hacker with a particular penchant for invading players’ worlds and softbanning them.
If you’re familiar with Dark Souls hacker Malcolm Reynolds, then you can probably guess what’s happening. For the uninitiated, Reynolds is a longtime hacker of FromSoft games who caused myriad problems for Dark Souls 3 and Dark Souls Remastered players some years ago. In both cases, he modified the game’s code to softban people by giving them invalid items and status effects. Well, he’s up to the same antics in Elden Ring, invading people’s worlds and giving them items they’d be better off without before killing them.
Reynolds uploaded a video to YouTube on March 9 showing his latest hack, all his mischief set to the jaunty sounds of “Rama Lama Ding Dong” by The Edsels. First, Reynolds’ mouse cursor checks a box marked “Hardscoping Tutorial,” then another box marked “This bans them,” complete with a little smiley-face emoticon next to it. After that, the video becomes a rapid succession of him invading players’ worlds and laying absolute waste to them with a massive beam of fire shooting out of his hand, as well as a few other destructive spells. It’s such bullshit, particularly because every spell he used—like the fire beam—is heavily modified. Reynolds shed some light on just how he makes other players’ lives in the Lands Between hell, and what he sees as the justification for doing so.
Reynolds told Kotaku over Discord messages that the exploit he used, that “Hardscoping Tutorial” thing, is actually a debug item called pavel, used by the devs in testing and still lingering in the game’s code but not present in the game itself. He injects this into a player’s inventory through various altered spells, including the Meteorite spell that drops several clusters of purple rocks onto the environment. Once the player dies and is returned to their own world, Elden Ring registers this pavel as an invalid item, which the game interprets as evidence that the player is a cheater, which in turn results in a softban where the affected player can only play online with other cheaters.
Reynolds said that the game’s Easy Anti-Cheat system is exploitable.
“How you manage to bypass easy anti-cheat is another thing,” Reynolds said. “There’s basically a mask over the anti-cheat. While this mask is on the game [only] cares about ‘who it is’ and ‘what it’s doing,’ but once you take that mask off the anti-cheat, the game doesn’t care who it is anymore.”
This is how he was able to softban folks, by circumventing the Easy Anti-Cheat system and hacking Elden Ring to ruin people’s time—as if the game doesn’t do that enough already with how punishing it is. It’s a headache being invaded by Reynolds. There’s nothing you can do when he pops up. His spells are broken and too powerful, so you kinda just…take it. Complaints about Reynolds’ actions in Elden Ring haven’t started surfacing yet, but it may only be a matter of time, as his name often appears in the Dark Souls and Elden Ring subreddits.
What do you do? According to a popular Reddit post from April 2016, the best course of action is to either disconnect or suicide to avoid a softban. However, it should be noted that frequent disconnects could get you softbanned, too.
Surprisingly, Reynolds wants to get caught hacking Elden Ring. He said Bandai Namco and FromSoftware should use this as a lesson to implement better anti-cheat software that prevents hackers from exploiting game code.
“I’m necessary evil,” Reynolds said. “You might be asking if getting caught is part of the plan, and yes it is. If I pull it off will the game die? I don’t think so, but maybe Bandai will fix it. Time to go mobile.”
Bandai Namco did not respond to a request for comment.