Store Page
DARK SOULS™ II: Scholar of the First Sin
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

DARK SOULS™ II: Scholar of the First Sin

Store Page
View Stats:
Global Achievements
Radai Dec 5, 2021 @ 8:13am
On Dark Souls II item injection
Hello everyone, Radai here. I am a physics student and reverse engineer, my attention is mostly directed towards my favourite game of all times, Dark Souls II.
I have plenty of experience with the game, I've researched it a lot, I found the full damage formula and I'm currently maintaning the public Cheat Engine table (SotFS version).
All of this is to say, I know a bunch of stuff about how the game works, and today I want to share how one of the most infamous cheats work: Item Injection.

I've read some posts about a guy named Hitler/Stalin or whatever, that went around in the arena and forced items onto people, so I became curious and started researching:
I opened my trusted Cheat Engine table, and started seeing what happened when a player in the session picked up an item I left on the ground. Here's what I found:

All items are managed by the host client: when a phantom drops an item, the game sends a duplicate of the dropped item sack to the host, specifying who created the sack, what type of sack it is (mob dropped sack, white dot, or player dropped sack, the brown bag) where it is and whats inside it, then the host's client sends this information to all the other players in the session.
When someone approaches the bag and tries to pick it up, the client sends a request to the host, asking him if the bag can be picked up (this is done to prevent duplications), if the bag is still available (no one picked it up before), then the host sends the item bag ID to the client that asked, allowing it to pick the item up.

In short:
1) Player 1 drops an item, the game creates an Item Bag with the item in it.
2) Player 1 game sends a duplicate of the Item Bag to Host, telling them where he created it and whats inside it. (ItemCreate packet)
3) Host accepts the bag, spawns this sack in the specified coordinates and relays the informations to all the other players connected.
4) Player 2 approaches and tries to pick the item up.
5) Player 2 game sends the pickup request to Host. (ItemPickUpRequest packet)
6) Hosts game checks if the item bag is still available, if yes sends Item Bag ID (not its content, just the ID and some other informations) to Player 2. (ItemPickup packet)
7) Player 2 game checks whats inside the Item Bag with the specified ID and puts its content into Player 2 inventory.

If its the host picking the item up, the game skips step 5, the host always knows if the item is available. This means that Phantoms normally never sends ItemPickup network packets to the host, but the host game can receive and accept these requests.

How all of this can go wrong? Simple, for one, the client receiving the ItemPickup packet does not check if a request has been made in the first place, so a cheater who forces an item on you is doing the following things:
1) Sending an ItemCreate packet to you
2) Sending an ItemPickup packet to you

Okay, how do you protect yourself? Use this powerful tool, made by the almighty LukeYui:
https://www.nexusmods.com/darksouls2/mods/998
LukeYui is also the author of Blue Sentinel for DS3 and Sekiro online.

PS: For the curious ones, the host in the arena is the one who queued up first.

EDIT: Worst thing about all of this? Literally everyone that looks deep enough can find the functions to do all of these things. Sending items is extremely easy, it took me 8 hours more or less to get everything laid out (I was helped with what some values did by Luke, not gonna lie).
Last edited by Radai; Dec 5, 2021 @ 8:24am
< >
Showing 1-15 of 15 comments
Call Sign: Raven Dec 5, 2021 @ 8:21am 
I've been protecting myself by playing offline for the past few years. Works great.

Joking aside, great post. Thanks for the detailed info :)
#1
Dexter Dec 5, 2021 @ 9:34am 
Originally posted by Radai:
...
How all of this can go wrong? Simple, for one, the client receiving the ItemPickup packet does not check if a request has been made in the first place, so a cheater who forces an item on you is doing the following things:
1) Sending an ItemCreate packet to you
2) Sending an ItemPickup packet to you
...
Interesting.
Do You happen to know how some items are injected in PvE? For example, the Fang Key, needed to rescue Ornifex. I always thought this was the case with this hack.

Thanks for the in depth info.

side note: You did not mention if the game is checking if the item is valid or not, like glorious poison binoculars.
Originally posted by Radai:
2) Player 1 game sends a duplicate of the Item Bag to Host, telling them where he created it and whats inside it. (ItemCreate packet)
3) Host accepts the bag, spawns this sack in the specified coordinates and relays the informations to all the other players connected.
Fromsoftware did not even cared to put some sort of test for invalid items? Cut content aside , there is no way to get +15 equipment or already mentioned poison binos.

I am curious on how this all works and how incompetent, yet again, Fromsoftware is with all of this.
#2
Radai Dec 5, 2021 @ 11:25am 
Originally posted by Majiin Vegeta:
Originally posted by Radai:
...
How all of this can go wrong? Simple, for one, the client receiving the ItemPickup packet does not check if a request has been made in the first place, so a cheater who forces an item on you is doing the following things:
1) Sending an ItemCreate packet to you
2) Sending an ItemPickup packet to you
...
Interesting.
Do You happen to know how some items are injected in PvE? For example, the Fang Key, needed to rescue Ornifex. I always thought this was the case with this hack.

Thanks for the in depth info.

side note: You did not mention if the game is checking if the item is valid or not, like glorious poison binoculars.
Originally posted by Radai:
2) Player 1 game sends a duplicate of the Item Bag to Host, telling them where he created it and whats inside it. (ItemCreate packet)
3) Host accepts the bag, spawns this sack in the specified coordinates and relays the informations to all the other players connected.
Fromsoftware did not even cared to put some sort of test for invalid items? Cut content aside , there is no way to get +15 equipment or already mentioned poison binos.

I am curious on how this all works and how incompetent, yet again, Fromsoftware is with all of this.
The game doesn't use this function to give you an item, it uses something that's not sent over the network. It's the same function I put in the general table that's public, I called it ItemGib in honor of its variant from DS3, which was also called this way by the fellow hackers that helped me write the one for DS2.

And for your second question, yes, the game checks for invalid items to determine whether or not to ban you, so you can get banned by having a poison binoculars +15 in your inventory.
#3
QuentinTeo Dec 5, 2021 @ 11:58am 
Originally posted by Majiin Vegeta:
side note: You did not mention if the game is checking if the item is valid or not, like glorious poison binoculars.

I think I can't sleep without knowing how the poison binos would work: you get poisoned by using them or you poison everything that your eyes focus? 😂
#4
Radai Dec 5, 2021 @ 12:30pm 
Originally posted by QuentinTeo:
Originally posted by Majiin Vegeta:
side note: You did not mention if the game is checking if the item is valid or not, like glorious poison binoculars.

I think I can't sleep without knowing how the poison binos would work: you get poisoned by using them or you poison everything that your eyes focus? 😂
They do not. They are just there to ban you, they behave like a normal bino would.
#5
Dexter Dec 5, 2021 @ 12:31pm 
Originally posted by QuentinTeo:
Originally posted by Majiin Vegeta:
side note: You did not mention if the game is checking if the item is valid or not, like glorious poison binoculars.

I think I can't sleep without knowing how the poison binos would work: you get poisoned by using them or you poison everything that your eyes focus? 😂
They don't work. They will crash your game if you have them in inventory. It is one of the many invalid items that are used, mostly, by cheaters to get people banned.

Originally posted by Radai:
...

And for your second question, yes, the game checks for invalid items to determine whether or not to ban you, so you can get banned by having a poison binoculars +15 in your inventory.
We don't seem to understand each other. And for now we will ignore the item injection hack and focus on normal item dropping by cheater(dropping invalid items like +15 weapons).

The game does not check it. From what I understand and what You wrote, it creates the duplicate of item ID, right? And the game does not check in any shape or form what this item ID trully is, it simply copies it. Right? There is no filter.

As for checking and banning, it is wierd. Really wierd. Some say, they check for invalid data once a week. Some say, they do it in waves from time to time. Some say they were softbanned for using x360ce and other software. I know people that were flying, did corrosive urns machine gun griefing and all that "fun" stuff but were never banned.

I played around in CE with moveswapping and I also applied what I believe was Strong Magic Shield on a weapon and never was banned. And this is another point. Game and the anticheat system does not check if something like Magic Shield was applied on actual shield or not. If weapon that could not be buffed(boss weapons) is buffed and so on.

Me, personally, I had poison binos couple of times in my inventory and had install CE to prevent game from crashing and discard the damn item. edit to add to this: and I am still not softbanned.
Last edited by Dexter; Dec 5, 2021 @ 12:32pm
#6
Paradox Dec 5, 2021 @ 12:31pm 
Originally posted by Radai:
Originally posted by Majiin Vegeta:
Interesting.
Do You happen to know how some items are injected in PvE? For example, the Fang Key, needed to rescue Ornifex. I always thought this was the case with this hack.

Thanks for the in depth info.

side note: You did not mention if the game is checking if the item is valid or not, like glorious poison binoculars.

Fromsoftware did not even cared to put some sort of test for invalid items? Cut content aside , there is no way to get +15 equipment or already mentioned poison binos.

I am curious on how this all works and how incompetent, yet again, Fromsoftware is with all of this.
The game doesn't use this function to give you an item, it uses something that's not sent over the network. It's the same function I put in the general table that's public, I called it ItemGib in honor of its variant from DS3, which was also called this way by the fellow hackers that helped me write the one for DS2.

And for your second question, yes, the game checks for invalid items to determine whether or not to ban you, so you can get banned by having a poison binoculars +15 in your inventory.
Well, isn't that nice, the game will check for invalid items when determining to ban you, but not when determining whether to let you pick it up.
#7
Radai Dec 5, 2021 @ 1:34pm 
Originally posted by Majiin Vegeta:
The game does not check it. From what I understand and what You wrote, it creates the duplicate of item ID, right? And the game does not check in any shape or form what this item ID trully is, it simply copies it. Right? There is no filter.
Yes, no check happens on what items are passed inside the NetItemCreate function. When you create an item bag by dropping an item, the game automatically sends it over the network, no filters and all. Not all items present in the game can be picked up however, for example I could give you ItemID 10 (which is literally called "no item"), and you wouldn't be able to pick it up, it would say your inventory is full. This has nothing to do with the network, and hackers can't do anything about this because its hardcoded in your game.

As for checking and banning, it is wierd. Really wierd. Some say, they check for invalid data once a week. Some say, they do it in waves from time to time. Some say they were softbanned for using x360ce and other software. I know people that were flying, did corrosive urns machine gun griefing and all that "fun" stuff but were never banned.

I played around in CE with moveswapping and I also applied what I believe was Strong Magic Shield on a weapon and never was banned. And this is another point. Game and the anticheat system does not check if something like Magic Shield was applied on actual shield or not. If weapon that could not be buffed(boss weapons) is buffed and so on.

Me, personally, I had poison binos couple of times in my inventory and had install CE to prevent game from crashing and discard the damn item. edit to add to this: and I am still not softbanned.

I am convinced that softbans here do not have a fixed date. I've done A LOT of stuff with CE to test the bans, and they sometime came like a day after I did something that was flagged.

As for what flags, pretty much nothing really. If you don't touch your soul memory or make your souls not match the Soul memory, you're pretty much safe. Moveswapping involves editing literal excel files called Params that are loaded when you boot the game/load a char, and are all safe to edit (unless you boot the game with modded param files, that's bannable, but its not doable with CE, you need a tool called Yapped to mod them).

What you did on your weapon was simply applying the Great Magic Shield SpEffectID, the game doesn't check these things.

EDIT: The reason I have five Steam accounts is because of these softban tests.
Last edited by Radai; Dec 5, 2021 @ 1:37pm
#8
Dexter Dec 5, 2021 @ 2:39pm 
Aye! Cheers for additional info.
#9
ShiroiŌkami (白い狼) Dec 5, 2021 @ 3:06pm 
Interesting
I always wanted to know how the process worked, there were some people that refused to believe item injection was possible. Now we got a back up from someone that actually helped developing DS2 CE tables.
Crazy how innocent player bans would have been significantly reduced from putting in the game a function that would scan the dropped item, checking if it was valid or not before anyone would pick it up
#10
Radai Dec 5, 2021 @ 3:27pm 
Originally posted by ShiroiŌkami (白い狼):
Interesting
I always wanted to know how the process worked, there were some people that refused to believe item injection was possible. Now we got a back up from someone that actually helped developing DS2 CE tables.
Crazy how innocent player bans would have been significantly reduced from putting in the game a function that would scan the dropped item, checking if it was valid or not before anyone would pick it up
The smartest thing to do would be putting up another step before you actually get the item, which is check if you actually asked for it. The mod I linked in the post does just that, that's how it prevents this cheat from working.

Injection is def possible, I can show those who do not believe it is, without endangering them of course :)
#11
JellyPuff Dec 5, 2021 @ 3:37pm 
Originally posted by Radai:
Injection is def possible, I can show those who do not believe it is, without endangering them of course :)
So much is already clear from player reports. It first happened in DS3 and probably inspired whoever wrote the script for DS2.

The things cheaters can do in DS3 these days is just absurd. Just a few days ago, my brother played some DS3, summoned a guy, killed a boss, he went home, all was good. What he didn't knew was that this co-op phantom had set his "re-spawn on death" location to an out-of-bounds area at Cemetery of Ash (perhaps similar to the unused bonfire at Irithyll, showing Cemetery of Ash on the character select might have also just been an error, i'm not familar with how that cheat worked exactly), causing a death-loop the next time my brother died. Though you could escape via quit-out which would warp you to the start of the area you died before the loop and then go sit at any bonfire to escape for good.
#12
Dexter Dec 5, 2021 @ 3:54pm 
Originally posted by JellyPuff:
Originally posted by Radai:
Injection is def possible, I can show those who do not believe it is, without endangering them of course :)
So much is already clear from player reports. It first happened in DS3 and probably inspired whoever wrote the script for DS2.

The things cheaters can do in DS3 these days is just absurd. Just a few days ago, my brother played some DS3, summoned a guy, killed a boss, he went home, all was good. What he didn't knew was that this co-op phantom had set his "re-spawn on death" location to an out-of-bounds area at Cemetery of Ash (perhaps similar to the unused bonfire at Irithyll, showing Cemetery of Ash on the character select might have also just been an error, i'm not familar with how that cheat worked exactly), causing a death-loop the next time my brother died. Though you could escape via quit-out which would warp you to the start of the area you died before the loop and then go sit at any bonfire to escape for good.
That is why playing Elden Ring will be so scary. We already know that estus cancel, exploit/glitch present in Ds3, is also present in Elden Ring. We can only assume that similar glitches and what comes with it, similar cheats will be present in Elden Ring.

I remember one guy who had step by step instructions on his steam profile on how to kill NPCs in someone else world in Majula, lol. Does not take much.

Oh and btw, we also do not know what actual hackers can still do in Ds3. Remember the NG+ hack? There were rumors that it is possible to bypass any kind of security for your PC while playing Ds3 online.

edit: oh and btw part 2: It still baffles me how one of the most influential games and series that even got its own genre is a literal ♥♥♥♥ show when it comes to multiplayer aspect in every.single.game of the franchise on PC
Last edited by Dexter; Dec 5, 2021 @ 3:56pm
#13
Radai Dec 5, 2021 @ 11:27pm 
Originally posted by Majiin Vegeta:
So much is already clear from player reports. It first happened in DS3 and probably inspired whoever wrote the script for DS2.
edit: oh and btw part 2: It still baffles me how one of the most influential games and series that even got its own genre is a literal ♥♥♥♥ show when it comes to multiplayer aspect in every.single.game of the franchise on PC
Well it only became a problem with DS3, they never had to learn before. Also, I'm positive they fixed this and some other weird stuff in ER, it's been some time since Luke made BS, he even emailed From with the technical details of their netcode flaws.
Last edited by Radai; Dec 5, 2021 @ 11:28pm
#14
Dexter Dec 6, 2021 @ 2:53am 
Originally posted by Radai:
Originally posted by Majiin Vegeta:
So much is already clear from player reports. It first happened in DS3 and probably inspired whoever wrote the script for DS2.
edit: oh and btw part 2: It still baffles me how one of the most influential games and series that even got its own genre is a literal ♥♥♥♥ show when it comes to multiplayer aspect in every.single.game of the franchise on PC
Well it only became a problem with DS3, they never had to learn before. Also, I'm positive they fixed this and some other weird stuff in ER, it's been some time since Luke made BS, he even emailed From with the technical details of their netcode flaws.
Good to know
#15
< >
Showing 1-15 of 15 comments
Per page: 1530 50

DARK SOULS™ II: Scholar of the First Sin > General Discussions > Topic Details
Date Posted: Dec 5, 2021 @ 8:13am
Posts: 15

Discussions Rules and Guidelines