IPB





Welcome Guest ( Log In | Register )

> Many recent bans, PB memory scanner / hacks checks
MonkeyFiend
post Mar 26 2008, 11:08 AM
Post #1


Security and Projects
**********

Group: Clan Dogsbody
Posts: 4,687
Thank(s): 1098
Points: 2,440
Joined: 31-August 07
From: A Magical Place, with toys in the million, all under one roof
Member No.: 1




From Evenbalance:

CODE
March 25, 2008

We rarely announce anything regarding commercial cheats and hacks. However, we are aware of the numerous "You Tube" type videos and posts on various sites where hackers who sell cheats make claims that are false but sound believable about PunkBuster and hack detection status. We receive numerous emails daily by concerned honest players regarding advertisements for undetectable hacks, etc. The truth is that via recent enhancements to PunkBuster's detection capabilities, we have cracked down hard on cheaters who pay for hacks in the games we support. Some commercial cheat sites have closed down due to our new methods and others have private forums where punks routinely complain about getting caught with the "undetectable" hacks, demanding refunds, etc. We have always maintained a strict policy of not giving money to punks, but thanks to community volunteer moles who have helped us obtain access to private hacks via donations of their time, etc., PunkBuster has been catching hacks from virtually all commercial cheat sites in recent weeks and months.

One of the recent enhancements involves our memory scanner which aggressively scans for patterns included in known cheats (public and private). A commercial hack site where we have had recent success catching their subscribers has recently staged a few demonstrations of inserting text-based patterns via certain chat-related systems such as IRC, Instant Messaging, etc. directly into the memory of computers. These are specific text patterns that we have deployed in some supported games in the recent past. It is clear that many of the demonstrators are cheat-supporters willingly participating in the demonstration, but there is evidence that some innocent players had PunkBuster violations triggered during the past few days by the hackers who sent specific text patterns into the chat programs that were open during gameplay. We are removing these text based patterns from our system and encourage admins to not ban for PB violations that occurred during the past few days.

Online gamers who play with other programs running should always enable security features in their messaging and chat programs to deny auto-download of files and only accept downloads from people they know and trust. As always, from PunkBuster's standpoint, if a known cheat pattern is in the memory of the computer during gameplay, then a violation will be triggered. We have always suggested closing other programs while you are playing multiplayer games on PunkBuster servers and that remains the safest policy. Leagues that require chat room usage for competitive play should take steps to ensure that only league participants have access and suspicious activity should be reported to us when there are concerns about manipulating the system.

Source [url="http://www.evenbalance.com/"]http://www.evenbalance.com/[/url]


You won't get banned online for having an xfire overlay on. You may get banned if someone on your xfire list sends you a message containing text that matches the pattern of a hack (or if you have a 3rd party program set to auto download files from friends/strangers)

Basically if someone sends you the dodgy code, when the PB mem scanner checks you computers memory it will find a string that matches a known hack in the xfire programs memory and ban you for it.

For example if the code 'while (!=sleep; sheep++)' was part of the code of a hack and someone messaged that to you in IRC, MSN, Xfire etc., - when PB scanned your memory and found the code it would ban you for it.

The PB memory scanner is an excellent (if not slightly buggy tongue.gif) tool against the major hacks - the sad script kiddies trying to break it by forcing dodgy code on innocent people to get them busted is quite pathetic.

If anyone is banned for this it will show up as a ban for violations 50096 or 50100 or a 79000 series multihack

I have removed the ability for non-registed users to post text to the TS server (registered users still can) as this can also trigger this - of special significance to the various friendly clans that use public TS. I also advise people not to have IRC sesions open when playing bf2 - there have been known issues of peeople spamming the hacks codes into IRC rooms.

I'm also planning to reactivate the swear word filter so that people can't spam the codes in in-game chat - I've had unconfirmed reports that spamming certain code in-game results in everyone on the server being banned :s

I've also had unconfirmed reports that people who have browsers open that contain the codes while playing also get banned. (I have a list of various codes that trigger this, but will obviously not post them to the public, if you want them then PM me but please be aware of the risks)

I'm currently working on this (expect me to be busy for a while)

Best thing I can suggest is when playing bf2 - do not have MSN/IRC open, make sure if you're on TS that public can't post txt messages and don't have any browsers open with iffy code on them. Then you'll be free of problems.

cheers,

MonkeyFiend


--------------------

Go to the top of the page
 
+Quote Post
 
Start new topic
Replies
MonkeyFiend
post Mar 26 2008, 11:38 AM
Post #2


Security and Projects
**********

Group: Clan Dogsbody
Posts: 4,687
Thank(s): 1098
Points: 2,440
Joined: 31-August 07
From: A Magical Place, with toys in the million, all under one roof
Member No.: 1




ahh yes, I believe I had a brief convo with him about GUID spoofing in the in-game chat biggrin.gif

I'll see what I can do about the bans being removed sooner rather than later (as they are going to be removed anyway)


--------------------

Go to the top of the page
 
+Quote Post

Posts in this topic


Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 24th November 2024 - 10:54 PM
Sneaky Monkeys Clan :: MonkeyFiend.com