Oculus Rift’s latest security update made it easier to hack
May 24, 2016
Shah Sheikh (1294 articles)

Oculus Rift’s latest security update made it easier to hack

Virtual reality is the latest battlefield in the war against digital piracy, as Oculus Rift is now more vulnerable to illegal software.

In April, a piece of independent software called Revive was released, allowing Oculus-exclusive games to run on rival VRheadsets, notably HTC Vive. It did this by “reimplementing functions from the Oculus Runtime and translating them to OpenVR calls,” according to LibreVR, Revive’s anonymous programmer.

Although users would still need to legally own the games they wanted to play on rival formats, Revive was always likely to be locked out by Oculus. True enough, the latest firmware update, Oculus App 1.4, includes “Bug fixes and security updates, including updates to platform integrity checks”. Unfortunately, the same update has had an unfortunate side effect – it now makes it easier to play pirated games.

In updating Revive to work around the workaround, LibreVR found it was now possible to ignore DRM protections entirely. Beyond tricking non-Oculus APIs into recognising the Facebook-owned company’s runtimes for exclusive games, the software can now totally bypass authentication and ownership checks.

“I really didn’t want to go down this path, but I feel there is no other way. This release bypasses the Oculus Platform DRM in Unreal Engine games, so the entitlement check doesn’t fail because the headset isn’t connected,” LibreVR writes on thelatest Revive distribution.

The new version of Revive has only been tested on Oculus Dreamdeck – the taster pack for Oculus Rift’s offerings – but should theoretically work on any Unreal Engine game. LibreVR is working on bypassing DRM in Unity engine games and expects to add that functionality into the next version. However, the coder also stresses, “I still do not support piracy, do not use this library for pirated copies.”

Oculus’ moves to block Revive had been unpopular in some circles, especially after founder Palmer Luckey had previously posted on Reddit that he was unconcerned by mods. Earlier this year, he wrote, “If customers buy a game from us, I don’t care if they mod it to run on whatever they want. […] Our goal is not to profit by locking people to only our hardware – if it was, why in the world would we be supporting GearVR and talking with other headset makers?”

It’s unlikely Oculus will leave the vulnerability open for long – virtual reality gamers should expect a further update sooner rather than later to close the exploit.

Source | Wired