Security issue with BOI

    Share

    vuduy
    Site Admin
    SINSBOT Creator


    Site AdminSINSBOT Creator

    Posts : 888
    Points : 1266
    Reputation : 176
    Join date : 2010-03-17
    Age : 39
    Location : Canada

    Re: Security issue with BOI

    Post by vuduy on 2010-04-12, 8:45 am

    Ecko wrote:I downloaded this game before BOI. But it wont let me login -.- i have account in there.


    If u have Outpost firewall (HIPS) that in "Block most" u can tell wether its trojan or backdoor. it will tell you what process it will try to target.

    There no backdoor on the launcher, it just it connect to 2 server. The perfectworld.com and the patch server

    The Game.exe detect as trojan because the way its been encrypted/compressed. but when u look at any firewall that have HIPS protection (which show the target/hook before it get executed) it does not target any process or read registry.

    no wonder my account doesnt work here, u need beta key -.- they didn't even say anything about beta key when i registered.

    Like I said, if you think you can trust the game developers, then by all means. What you are describing is an active backdoor; they're not stupid enough to make it active.

    You should try open it up in IDA or Olly, look at its Import table and decide for yourself what the fuck a game wants to do with those functions if not for some malicious purposes.

    If you compare to elementclient.exe for other PWE games, at least you can see what it's doing and know that you are safe.

    Ecko
    Elite Sinner
    Elite Sinner

    Posts : 234
    Points : 299
    Reputation : 7
    Join date : 2010-03-21
    Age : 29
    Location : USA, MD

    Re: Security issue with BOI

    Post by Ecko on 2010-04-13, 8:43 am

    I never said I trust them. What im saying is you cannot make an Backdoor without targeting a process or hook it to active process. which they would show on software that uses HIPS

    How can they backdoor me?. (Use Global) = Not allowed.
    http://i40.tinypic.com/xfsyrn.png

    Only let IP connect to certain ports. :P so let say for example their backdoor logs send at 74.201.183.72:9999. It wont send any data to that port unless u add it.
    http://i43.tinypic.com/299ydv.png

    Give me BETA KEY! -.-

    vuduy
    Site Admin
    SINSBOT Creator


    Site AdminSINSBOT Creator

    Posts : 888
    Points : 1266
    Reputation : 176
    Join date : 2010-03-17
    Age : 39
    Location : Canada

    Re: Security issue with BOI

    Post by vuduy on 2010-04-13, 9:07 am

    You are so clueless. If you run the game 24/7 connected to their server, the GMs can send commands to your client from the game server to do malicious stuffs like scanning your browser history, checking cookies, reading your emails, or even format your PC, etc....

    My point is, with elementclient.exe, everything is in plain sight; therefore you can see if there is any malicious codes. Whereas, with game.exe, any codes can be inside and you are totally under their control.

    Think about it; they don't advertise "Paid 2 Play" or getting salary to play the game in JD, PWI, or ESO, why BOI? Why are they paying people to stay connected 24/7? Why don't they do that to JD, PWI, ESO? It's the same company?

    Ecko
    Elite Sinner
    Elite Sinner

    Posts : 234
    Points : 299
    Reputation : 7
    Join date : 2010-03-21
    Age : 29
    Location : USA, MD

    Re: Security issue with BOI

    Post by Ecko on 2010-04-13, 12:16 pm

    that what HIPS for.

    The code are different because Game.exe is based on Unreal Engine. You have to decompile it?

    The salary system in the game was already built in before Perfect World host the game. u have to ask those CHinese why they built that salary system in-game in BoI. wanmei game dev. not perfectworld.com which only buy the game and host it.

    PW develop in 06 and Boi dev in 09. So they didn't have the idea back then to implement the salary system.


    I GOT IN-GAME! Great Disappointment

    I just look at salary shop. They are different from Cash Shop.
    Its like Card Quest/Treasure in Ether Saga
    The salary shop in BoI sell bots/buff -.- In ether saga u trade it for cards. u know those auto loot AUX u put in ether saga...yea that what they trade the salary for :P.

    Fuk it, they said u can use salary to be able to buy in Cash Shop.
    But u cant use it to purchase Cash Shop at all .
    the cash shop and Salary sell different items.

    I QUIT this game, the thing is completely bogus. LoL i just wait for Forsaken world

    vuduy
    Site Admin
    SINSBOT Creator


    Site AdminSINSBOT Creator

    Posts : 888
    Points : 1266
    Reputation : 176
    Join date : 2010-03-17
    Age : 39
    Location : Canada

    Re: Security issue with BOI

    Post by vuduy on 2010-04-13, 1:45 pm

    You are missing the point.

    1. It is not based on Unreal Engine or any other engine. It is proprietary.

    2. You cannot decompile it. It is obfuscated; that is why I said that there can be any malicious codes inside that you don't know about.

    3. The concept of salary where the longer you stay CONNECTED, the more you get paid. This is the suspicion. JD has the induction system where you get special shop cash for INVITING new players - and those new players spending $$$. They don't have anything that ENCOURAGES players to STAY CONNECTED. That is what you should worry about.

    4. HIPS cannot protect you from it. Because all the traffic going between you & the game server is masked as game data. It is NOT POSSIBLE FOR ANY SYSTEM to protect against this. What you are claiming is like running a known TROJAN on your computer but thinking that HIPS will protect you from harm. You are deluding yourself.

    5. All of these are all speculative. It is not known for sure whether there is any malicious code in the game engine or not. There could be nothing or there could be something really nasty inside. It is not possible to determine this unless the exploiting code is in progress.

    Ecko
    Elite Sinner
    Elite Sinner

    Posts : 234
    Points : 299
    Reputation : 7
    Join date : 2010-03-21
    Age : 29
    Location : USA, MD

    Re: Security issue with BOI

    Post by Ecko on 2010-04-13, 2:27 pm

    1.) The reason why I think is not proprietary Cube engine because its not 3D at all..Since its 2D graphics It would be probably same as Conquer which is 2D graphics too -.-

    3.) THe salary System is like Ether Saga Treasure and Card Quest. Its doesn't have anything to do with Cash Shop like they said. The Salary was just build into Cash Shop (Press o) there will be a tab called Salary. Use it to buy pots/buff/bots.

    In ether saga we use treasue to trade for pots/upgrade equipment. And card to trade for bots..

    Really have nothing to do with Cash Shop. The cash shop is called "Zen".

    4.) HIPS does not allowed to any changes from other directory no matter what you do. just because its masked doesn't mean it cannot be detected, it still a packet any packet that go outside the folder will be detected.

    Game.exe <--> To server that the only thing they do.

    That why Direct Disk Access is disable to them in HIPS. No matter what they trying to do they cannot read anything except their own folder. They cant read any sector in your hard drive if its disabled or Obtain any Information of your data.

    See look they cant do anything it BLOCK them before changing anything. downside with HIPS is lag.


    look GAME.exe persistent of trying to read info of my active window I am. LOOOL



    in HIPS there a option rawsocket access. U can allow/block/prompt. that why those masked data from server to game.exe cant do anything.

    vuduy
    Site Admin
    SINSBOT Creator


    Site AdminSINSBOT Creator

    Posts : 888
    Points : 1266
    Reputation : 176
    Join date : 2010-03-17
    Age : 39
    Location : Canada

    Re: Security issue with BOI

    Post by vuduy on 2010-04-13, 3:02 pm

    This is way out of topic, but one of these days, you will be shocking to find that your system is compromised.

    I will say this again, HIPS will not be able to protect you 100%. It will help to identify and protect you from common attacks, but it also has vulnerability. Actually, the vulnerability is in the kernel of the Win32 design.

    The only true way to protect yourself is either running the game in a sandbox (eg. sandboxie) or a virtual machine like VMWare, where the environment is SEPARATE from the host.

    Here's an old but still very true article about the weakness of HIPS you can read about http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-tsyrklevich.pdf

    Ecko
    Elite Sinner
    Elite Sinner

    Posts : 234
    Points : 299
    Reputation : 7
    Join date : 2010-03-21
    Age : 29
    Location : USA, MD

    Re: Security issue with BOI

    Post by Ecko on 2010-04-13, 3:29 pm

    1.) I use x64 which kernel cant be bypass even sandboxie or any AV out there cant still a find a way to bypass x64 patchguard :P

    2.) I use Deep Freeze lol and all my games are located in different drive F: and the real Drive C: is locked. here



    the only thing they be able to read in C: is bunch of movies lol. E: drive access is lock *need password* to enter.. its annoying everytime i open any file that is E drive it ask for password.

    I dont recommend sandboxie on x64 its not yet stable since it doesn't completely virtualize the entire application due to patchguard.

    vuduy
    Site Admin
    SINSBOT Creator


    Site AdminSINSBOT Creator

    Posts : 888
    Points : 1266
    Reputation : 176
    Join date : 2010-03-17
    Age : 39
    Location : Canada

    Re: Security issue with BOI

    Post by vuduy on 2010-04-13, 5:36 pm

    Oh boy, do you even know what KPP is? and what protection it offers? There's a wiki on it http://en.wikipedia.org/wiki/Kernel_Patch_Protection Read and learn its limitations.

    I am only a noob coder, but even I can get around KPP on Windows Server 2008 x64 and Windows Server 2003 x64.

    And Deepfreeze cannot protect you from information theft; things like your emails, your browser cookies, your personal documents can still be accessed, read, copied, and transmitted without you knowing it.

    Sponsored content

    Re: Security issue with BOI

    Post by Sponsored content Today at 9:43 am


      Current date/time is 2016-12-10, 9:43 am