serious security hole

05-25-2020, 09:52 PM #1

in a previous version i ran i could run dolphin for more than a week before i got hacked through it. the latest version however i can not run for more than a few days before i get hacked through it. hackers takes complete control over my pc when i run dolphin and use hypernation mode in windows.

**mstreurman** · 05-26-2020, 06:58 AM #2

(05-25-2020, 09:52 PM)andreasaspenberg Wrote: in a previous version i ran i could run dolphin for more than a week before i got hacked through it. the latest version however i can not run for more than a few days before i get hacked through it. hackers takes complete control over my pc when i run dolphin and use hypernation mode in windows.

Dude... Reinstall your Windows... you have an exploit somewhere in your system and Dolphin is not the cause, Dolphin is 100% safe and anyone can see the source code. If there would be a hack inside Dolphin it would have to be put in there by the developers and then everyone would be able to see that they did that. No... Your problem lies elsewhere in your system.

05-26-2020, 08:18 AM #3

if anybody can see the source code, it is easy for hackers to know what to look for. there is also a vulnerability in the cpu(other programs have been hacked too) but, i am going to contact intel regarding that(i tried today but, they did not have any available ataff in the cpu support department and had to get back to me). one solution for the dolphin team is to create a version with absolutely no net code(all network functions disabled). security holes is a common problem however.

**JosJuice** · 05-26-2020, 08:21 AM #4

(05-26-2020, 08:18 AM)andreasaspenberg Wrote: one solution for the dolphin team is to create a version with absolutely no net code(all network functions disabled).

If you want that, you can set up the Windows firewall to block all connections for Dolphin.

mimimi · 05-26-2020, 10:45 AM #5

The only way i see for a computer to get hacked by using Dolphin, would be to install a manipulated auto-update. But if that is the case, 1. disable auto-updates in Dolphin, and 2. and much more important: Your network is compromised and any download of any program would get your hacked. Now, if that's the case, disable your wifi, use a wired connection and get a VPN.

Are the files downloaded by the auto-updater signed? I just love how public-private-key encryption could fix that potential issue, and you could even download the update from a compromised network. Worst case then would be that the update fails, because it notices that the update was manipulated.

05-26-2020, 06:47 PM #6

i have already disabled my wifi. i did that years ago.

**mbc07** · 05-27-2020, 01:29 PM #7

Whatever hacked you, definitely didn't come from Dolphin. The emulator source code is public and the few network-related communications it does are handled through widely known, free libraries, like PolarSSL.

(05-26-2020, 10:45 AM)mimimi Wrote: Are the files downloaded by the auto-updater signed? I just love how public-private-key encryption could fix that potential issue, and you could even download the update from a compromised network. Worst case then would be that the update fails, because it notices that the update was manipulated.

The files itself aren't signed, but the manifest containing the file hashes are, so even on a compromised network the updater would notice tampered files and abort. There's a document here that explains better how the updater works...