.brk file PSA + Client Security Report

A blog post by Dragonian? Well, that's new!

Let's preface this by saying I don't write blog posts at all, but I have some valuable information that I need the general public (you) to be aware of.
So forgive me for the amateurish writing at best.

.brk files are great, Its always fun to share around your creations with other users, what's not so great however is that .brk's have the potential to completely wreak havoc against your computer - only in combination of being hosted.

(Raw .brk files just sitting in your downloads folder cannot harm you.)

Malicious .brk file executing command prompt gif - courtesy of Leon.

Pictured above is a .brk file that when hosted can execute cmd.exe, which is literally the equivalent of having someone sitting at the front of your computer inputting commands into command prompt - this in return can lead to file deletion, file execution, viruses, and a whole lot of other disastrous anomalies.

You cannot be affected by simply joining a game that is hosting a malicious .brk file, it only affects the host. I can't stress this enough, if someone asks you to host a .brk file or you receive one from another player, make sure to review it for anything suspicious (any kind of strange keywords like delete, or cmd.exe should raise some red flags), or alternatively just avoid hosting it at all.

However, it should be noted that we have never observed this exploit being used against any users yet.

I have created a discord bot in our discord that uses various algorithms to scan .brk files uploaded in the discord on the fly to alert me if any malicious files are being shared in our discord. This isn't entirely fool-proof, but should suffice for the time being. You should not depend on this bot with your life, always review any .brk files you are sent.

A client update was released today that aims to amend this sort of behavior (though this cannot be fully fixed without an immense amount of effort) - by ultimately halting the execution of any malicious script detected, along with another very crucial security patch - so, it is extremely important that you update as soon as possible.

Should you host a malicious .brk file, script execution will be stopped and this warning will be displayed.

If you do not update (either by joining a game, hosting, etc), don't sweat it because the auto-updater will take care of this for you. The auto-updater relies on the site being up, so you should encourage any of your friends who have Brick Hill installed to either update now (or uninstall 😳) to ensure their safety. But don't fret, we're not going anywhere.

In the near future, the new client will not have any of these issues as script execution is handled entirely by us - and will be sandboxed, preventing you from doing such things like this.

With all that being said, I will continue doing my job to find any security vulnerabilities, and get them patched as soon as possible.

Dragonian

Read more posts by this author.