• Welcome to Valhalla Legends Archive.
 

BNLS

Started by Denial, February 26, 2007, 11:21 PM

Previous topic - Next topic

Barabajagal

Wonderful. Then they change it because it's been released and everyone's screwed again. Keep your bright ideas to yourself.

Don Cullen

#16
I disagree, RealityRipple. This was an anti-cheat move, not an anti-bot move. So most likely they would not change the Crev system just because it was released. The point of them forcing the Crev to run based on a hash from memory was to ensure that nothing was being injected into the game process at time of program execution. If you examine all of the latest hacks, you'll see their effort to clean up the initial execution was successful-- now hacks are forced to wait until AFTER the game has completed connecting to Battle.net before injecting themselves into the game process.

Now the only move Blizzard needs to do is add another timer packet that'd be sent every say, 5 minutes to the game client requesting that it run a hash of game memory, and it'd disconnect the client after two minutes of lack of response, if the client failed to send a valid hash of game memory and got disconnected three times in a row, an ip-ban would occur.

This would drastically reduce the amount and efficiency of the hacks out there. Of course, that's assuming that the Crev formula wasn't released, and also that's assuming the hacks don't become semi-bots running off the Crev bin that was released, and that BNLS would not support that specific anti-hack packet. :-\
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

Barabajagal

Except that it only checks when you first log in. If you enable your hacks after you log in, you're perfectly fine. I will never believe this was anti-hack, even if you dispute my proof. It affected bots much more than it ever affected hackers.

Don Cullen

If you say so. I believe that once they established a timer-based regime of memory hash request-response system, that'd ensure that hacks would be severely impaired. If Blizzard limited those timer-based hashing requests to in-game only, that'd certainly deliver a considerable blow against hackers and not further impair bots from being able to connect to Battle.net.
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

Barabajagal

Warden always checks for hacks and such, but lockdown is all during connection, which most hacks aren't enabled for, or don't need to be.

Don Cullen

#20
Quote from: [RealityRipple] on March 04, 2007, 09:00 PM
Warden always checks for hacks and such, but lockdown is all during connection, which most hacks aren't enabled for, or don't need to be.

Hacks ORIGINALLY needed to be executed for injection PRIOR to executing StarCraft. So Blizzard responded by requesting memory hashes instead of file hashes. This effectively crippled hacks. It was an unfortunate side effect that it also crippled bots. Because Battle.net now checks memory hashes, this meant hacks now have to be executed AFTER connecting to Battle.net. Warden is also now weakened as hack-makers have figured out a way to bypass Warden. Now all Blizzard needs to do is require the memory hash checking server-side to be done every once  in a while during games and that'd pretty much put an end to injection for the long term, thus severely limiting what hacks can do.

Hacks will always be able to read from memory and also be able to alter their signatures to bypass Warden, but with the advent of lockdown, injection is very much crippled to as what it can do and writing to memory is now extremely difficult due to Warden.

If you took the time and effort to research what exactly Warden and Lockdown does and monitored popular hacking sites, you'd quickly see just what kind of effect Lockdown and Warden had on them.

Edit: Added emphasis.
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

UserLoser

Quote from: Kyro on March 04, 2007, 08:03 PM
Now the only move Blizzard needs to do is add another timer packet that'd be sent every say, 5 minutes to the game client requesting that it run a hash of game memory, and it'd disconnect the client after two minutes of lack of response, if the client failed to send a valid hash of game memory and got disconnected three times in a row, an ip-ban would occur.

Hmm, that is called the WardenClient.  It doesn't check every 5 minutes, it's always checking :o

Don Cullen

Quote from: UserLoser on March 04, 2007, 09:28 PMHmm, that is called the WardenClient.  It doesn't check every 5 minutes, it's always checking :o

I said server-side:

Quote from: Kyro on March 04, 2007, 09:23 PMrequire the memory hash checking server-side to be done every once in a while during games

As Warden is being bypassed easily client-side. I suspect by every time Warden checks something, the hacks most likely replaces the resulting hash from Warden's check with a fake correct hash before Warden runs a comparison check. By just making a hash and sending it to Battle.net for server-side checking in-game, that'd ensure that it'd be even more harder to fake the hashes. The lockdown MPQs are seemingly random, so the hacks would not be able to predict which section of memory is being hashed and fabricate a fake hash in place.

Edit: Perhaps the hacks work by monitoring the Warden? Nicely ironic, wouldn't you say; the Warden is monitoring the hacks while the hacks are monitoring the Warden. Heh.
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

UserLoser

Quote from: Kyro on March 04, 2007, 09:36 PM
Quote from: UserLoser on March 04, 2007, 09:28 PMHmm, that is called the WardenClient.  It doesn't check every 5 minutes, it's always checking :o

I said server-side:

Quote from: Kyro on March 04, 2007, 09:23 PMrequire the memory hash checking server-side to be done every once in a while during games

As Warden is being bypassed easily client-side. I suspect by every time Warden checks something, the hacks most likely replaces the resulting hash from Warden's check with a fake correct hash before Warden runs a comparison check. By just making a hash and sending it to Battle.net for server-side checking in-game, that'd ensure that it'd be even more harder to fake the hashes. The lockdown MPQs are seemingly random, so the hacks would not be able to predict which section of memory is being hashed and fabricate a fake hash in place.

Edit: Perhaps the hacks work by monitoring the Warden? Nicely ironic, wouldn't you say; the Warden is monitoring the hacks while the hacks are monitoring the Warden. Heh.

Be careful what you say.  Warden is a bit more complex than you may think (have you actually looked at it?)

Don Cullen

I haven't looked at the assembly code. But the main point here is that RealityRipple is saying this was an anti-bot action rather than an anti-hack one. I was trying to show that his theory is nothing more than a conspiracy theory, that Blizzard was just trying to combat hackers.
Regards,
Don
-------

Don't wonder why people suddenly are hostile when you treat them the way they shouldn't be- it's called 'Mutual Respect'.

Barabajagal

Except that warden is much older than lockdown, and once again, lockdown only affects the connection, whereas warden is ingame.

warz

Currently, it does not matter what lockdown, or warden even, was designed to combat. Whatever it was aiming at, it disabled many emu bot developers along the way.

Barabajagal

It does matter what lockdown was designed to combat. The day Ringo released his listing, they changed the cache on us. If that's not a big enough hint, I don't know what is. If anyone releases a perfect workaround for lockdown to the public, they will change things around again. That is what makes it matter.

Sixen

Quote from: [RealityRipple] on March 04, 2007, 11:13 PM
It does matter what lockdown was designed to combat. The day Ringo released his listing, they changed the cache on us. If that's not a big enough hint, I don't know what is. If anyone releases a perfect workaround for lockdown to the public, they will change things around again. That is what makes it matter.

Right, that is what I was going to point out. I forgot who said it previously, to release a lockdown file workaround so all bot-authors can use it. This, would be a bad idea, and could in fact make Blizzard change the MPQ's once again. I'm not saying they are targeting Chat Bots, etc, but if bot-authors have these lockdown workarounds, so will hackers.
Blizzard Tech Support/Op W@R - FallenArms
The Chat Gem Lives!
http://www.diablofans.com
http://www.sixen.org

l)ragon

The whole thing is what does hacking have to do with logging in.
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

|