Gamehack Violation (UPDATE)
•
23 Mar 2008, 22:47
•
News
UPDATE This now effects Call of Duty - If you are a Call of Duty player who did not read this, make sure you do!
As many of you have seen nC have today unleashed their latest weapon and this is how it works.
The source of their new found ability comes from "pnkbsra / b .exe" - basically they've isolated that what this does is scan the entire virtual memory for vm signatures and they find certain vm signatures that PB will kick for. That pnkbsra scans the entire virtual memory, so if you've MSN or iRC open at the time, and you get sent this message when you're connected to PB then it will show up in your VM and you will get kicked.
The method they used to get to this conclusion was reverse engineering - their justification for claiming that is legal is because 3 different virus scanners pick PB up as a trojan and thus is a threat and its legal to reverse engineer a threat (apparently).
This has been explained further by Fried Fish Tail;
This information was all forwarded to Clanbase earlier this week, aswell as punkbuster being kept in the loop of todays activities courtesy of SplashDamge.
Addition information
IRC or MSN Logs have nothing to do with the Gamehack kicks! People are already saying "delete logs and dont do this", but thats not necescary, closing irc should terminate the string from memory, and this string on the memory is the only problem. (tnx2meez)
THIS INCLUDES READING ARTICLES, JOURNALS AND NEWS ON CROSSFIRE with the strings!
***UPDATE***
Another string has been circulated which results in people being kicked for '(MULTIHACK) #70476'. It's likely that there's an endless amount of strings which will result in people being banned for all kinds of reasons.
As many of you have seen nC have today unleashed their latest weapon and this is how it works.
The source of their new found ability comes from "pnkbsra / b .exe" - basically they've isolated that what this does is scan the entire virtual memory for vm signatures and they find certain vm signatures that PB will kick for. That pnkbsra scans the entire virtual memory, so if you've MSN or iRC open at the time, and you get sent this message when you're connected to PB then it will show up in your VM and you will get kicked.
The method they used to get to this conclusion was reverse engineering - their justification for claiming that is legal is because 3 different virus scanners pick PB up as a trojan and thus is a threat and its legal to reverse engineer a threat (apparently).
This has been explained further by Fried Fish Tail;
This information was all forwarded to Clanbase earlier this week, aswell as punkbuster being kept in the loop of todays activities courtesy of SplashDamge.
Addition information
IRC or MSN Logs have nothing to do with the Gamehack kicks! People are already saying "delete logs and dont do this", but thats not necescary, closing irc should terminate the string from memory, and this string on the memory is the only problem. (tnx2meez)
THIS INCLUDES READING ARTICLES, JOURNALS AND NEWS ON CROSSFIRE with the strings!
***UPDATE***
Another string has been circulated which results in people being kicked for '(MULTIHACK) #70476'. It's likely that there's an endless amount of strings which will result in people being banned for all kinds of reasons.
Edit: I understand you've been busy btw, and awesome Casting, especially for Call of Duty 4!
Edit 2: I saw you on tv!
football = game for girls
Jeaves, pack the car we're oofff to the cuntry.
I'm really disappointed with PB..
__________________________________________________
working on that...
pbbans will erase all of these bans and yes lio and alexl will get unabanned asap...
IRC or MSN Logs have nothing to do with the Gamehack kicks! People are already saying "delete logs and dont do this", but thats not necescary, closing irc should terminate the string from memory, and this string on the memory is the only problem. (tnx2meez)
My irc was closed and I still got kicked.
It´s got nothing to do with irc or msn. They must have done something to PB in general.
in the end this here is just funny cause now i see that im not the only one with this problem.
a big HAHA to you punkbuster-pussies
fo
Just get source code from an detected hack and off you go :(
bullshit, I stopped getting kicked only after I deleted my logs.
Also could thank me for being first who posted these strings @ pub-chans. 8D
Edit: I don´t even had IRC or MSN installed on my new computer :(
It´s got nothing to do with irc or msn. They must have done something to PB in general.
i shut down firefox, and it went all good :)
More like they were copy/pasting code (ripping little shites) with ET open and got kicked.
String, the string, what mysterious you bring.
Are you unicode, ascii or some other thing.
String, the string, to kill you is my thing.
But protection by locking makes you king.
if this keeps on going i'm gonna go out and get wasted.
laterz and cheers m8's
Anybody can go online and blame nC for finding/doing it.
you and going to get wasted, cant quite imagine that one, but call me and i will join in, if its actually gonna happen. :DDD
its the fault of some idiots who knew that if u post on msn or irc this aimbot shit that u get banned then...
ps. http://img201.imageshack.us/img201/8039/shot0001qd3.jpg
by a PBBANS admin
http://freek.sh.free.fr/voila.JPG
U SIR IZ RIGHT
so why wasnt there any statement, like, that gamehack-thingy IS a bug... i dont mean that someone should have posted the stings earlier, but why didnt anyone posted a single note, that the problem is recognized at cb & pb and there will be an update soon...!?
i really would like to know, what comes next... maybe you can tell me?
Do we know if PB scans the entire memory, or just the allocated memory? If it only scans the allocated memory then closing mIRC saves you, but if not, then you'll have to overwrite the memory (that is, reboot, memory defrag, or open a huge thingy and close it again).
and /me forgot about swap persisting over reboot. See the posts below.
RAM is cleared the moment it loses power. Virtual memory, swap memory/pagefile is the problem, but you have info on how to clear it on shutdown in my comment
But true, I didn't think of that swap is preserved over reboots
So here's a little update to meez' solution: http://www.microsoft.com/technet/archive/community/columns/tipsfortechs/dlpgfile.mspx?mfr=true
After enabling this option in registry, it will be cleared whenever you restart computer.
To make sure everything is clean, reboot it and join an ET server without irc running.
Unfortunately, there is no other real solution to this because the next time someone posts it anywhere, you will have to reboot again. :(
ET = fucked until this is fixed
Is it possible it even comes from vent comments?
just block all contacts @ msn icq that send you this :x
Punkbuster has been going about it the wrong way. They didn't ban players for actual cheats anymore and that's where they went wrong. They started banning players based on suspected cheating since they knew they were one step behind the hackers/cheaters. Punkbuster tried to make a shortcut. They were lazy and that backfired. Badly. They opened up a giant door for hackers to enter and really mess things up.
Thank god for evolution. Punkbuster will probably be extinct now. Yay!
Someone up for setting up a good anti cheating company with proper tools? :)
Netcoders... they are little children. Look mommy at what I can do! I pity them. I really do.
Cash is right though. It sucks right now. The way it happened wasn't necessary but evolution is a good thing. Something better will come out of this. Probably not for ET but future games will benefit from this. Even though, I'm repeating myself now, this could have been handled better.
That's true, but it's also what the community itself chose to do with the MD5 tool (banning for cvars and pk3 files).
edit: nvm @ meez :>
P.S.: Sadly to see that tons of people are falling for nC's propaganda shit. It's a group, which earns money with destroying "our" game and who has simply no moral.
That pb is shit was known before and they found a bug, while they were trying to make their private cheats undetectable again. Instead to publish it instantly or to tell it evenbalance they have kicked innoncents and planned to use it for some propaganda shit...
and it also doesnt say anything about scanning in the console anymore
so kitty for the win.
any evidence available that this is working also for other games? :)
also, the nC people are absolutely hilarious and absolutely pathetic at the same time. this has been proven a lot of times before but it keeps on amazing me how they seem to have no life at all =(
EDIT: also pretty funny, are those who thought this was actually not a bug and who thought lio actually was a cheater. if possible, those idiots are even bigger idiots than nC are
WHO'S CLEAN NOW??????????????!!!!!!!!!!!!!!!!!!!!!
HIGH FIVE
IRC or MSN Logs have nothing to do with the Gamehack kicks! People are already saying "delete logs and dont do this", but thats not necescary, closing irc should terminate the string from memory, and this string on the memory is the only problem. (tnx2meez)
actually my first gamehack kick yesterday happened when i had nothing opened but the game itself? :(
some people say so
No tolerance policy plz, kick/ban 4 all ! kkthx, bye
p.s. I want to congratulate DoneX aswell for a banning job well done(X) ! Keep it up mr. superAdmin with great all around attitude (#NOT) !
Now you all know why :)
Want to thank meez for the greet JPG he made the other day!
Go pwn Lio & cya @ CDC5
<3 lelle :D
So everyone who types three specific words in sequence is now creating a cheat, and everyone receiving the text is using it.
lol
[don't mind me, i'm in such mood today :P and no offence of course]
could someone contact him and menace him untill he starts coding a new etpro :o) ?
rofl
(waiting for someone to shout: this is punkbustaaa)
(screen in killerboys post)
It is however as stated above considered a threat by many AV engines =)
Spyware.
cuz they dont get paid by sd anyomore :<
Sandboxie Homepage
This only proves how big nubs they are when they are happy from such a small coding shit
seems like its a good time for me to quit et.
Having said that, I don't think EB think they're more than dirty little grubs stuck to the sole of gaming's proverbial shoe, and thus not worth the effort.
How effective can the memory scanner be without searching for text strings that can occur without a person cheating.
So lets all be happy and do the gogo dance and go IRL, no matter what i did i could not get it away.