PDA

View Full Version : Keysniffer armor



Mr Guy
11-04-2002, 08:30 AM
I had trouble deciding where to put this, so I put it here for now. My question is about what steps can be taken to even give ourselves a slight bit of protection when using the key sniffers.

I'd assume step one would be to simply rename and relocate the sniffer to somewhere more interesting.

C:\Progra~1\McAfee\vscan.exe
C:\Progra~1\Norton\nshield.exe

Perhaps.


I'd also assume adding in some 'junk' code wouldn't hurt, simply to to distort function size and memory footprint (large allocated arrays and what not).

What else should/can be done to slip the code farther to the background?



Another tought I had is more defensive in nature: Is there
A) A predefined 'rat' package that we know of, one that simply passes information back to SOE that could be used for banning purposes
or
B) A packet we haven't figured out, or functions watching for packets we haven't figured out.

The reason I ask is that I figure if they are going to watch for processes or memory sniffers or whatever, they have to transmit that at some point right? How would they do that? Would we know about it if it happens? Would we be able to prove they are sniffing memory looking for us perhaps? Can we decompile and check for THEM checking memory? How can we look for their counter measures, if there are any?

Right now I'm too paranoid to use a keysniffer. Is this silly of me?

Gullork
11-04-2002, 12:00 PM
I've been wondering some of the same things.

And is it silly of you? Absolutely not. If you are not willing to take the risk, then don't try it. Period. Of course, that was true even of the passive Showeq.

There is always risk, especially when they don't have to tell you why they ban you, don't have to offer any explanation whatsoever.

I'm keep wondering if it is possible for someone running a real virus scanner to get banned for the proggy accessing those areas of memory. But I'm not a programmer (yet. yes I finally broke down and am learning c++. Having fun too.).

lane
11-04-2002, 05:54 PM
If people start getting band and they "us the people" suspect that SoE is monitoring our computer and what is running on it EQ will most likely stop because of the lawsuits against them.

There is no way in hell that they can legally monitor programs running on our computers and get away with it. There are far too many smart people on these boards. Someone would find a way to see what they are doing and it would stop. Either by them or the law.

I'm not saying you wouldn't get banned etc. I'm just saying if this gets to that point SoE could be in some serious trouble.

-Lane

Edit: Fixed a stupid mistake.

throx
11-05-2002, 12:57 PM
There is no way in hell that they can legally monitor programs running on our computers and get away with it.

I've heard this a lot. Does anyone actually have any precedent to suggest this is anything more than urban myth?

Repard
11-06-2002, 03:09 PM
In my own twisted way of thinking I think that this would apply.

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.


Main problem is that they can ban you for ANYTHING they want. If you catch them scanning your system then you might have a case but if you just login one day and find that you are banned because they want to then too bad. You're banned. They don't even need to give a reason. Kinda sucks but they don't. We access their servers and they have the right to refuse service to anyone if they want. I don't agree with them scanning my system to find what I'm doing on it but if they do and I don't catch them doing it what can I say? If I get banned what can I say? They don't have to do a damn thing for me.

Just my 2cp

P.S. I may be wrong in my assumption on the 4th amendment but my perception is my reality. :)

high_jeeves
11-06-2002, 03:58 PM
I've heard this a lot. Does anyone actually have any precedent to suggest this is anything more than urban myth?


Its an urban myth.



Amendment IV


This applies to GOVERNMENT search and seizure... SOE != Government... They can scan your system...

--Jeeves

BonZolI
11-07-2002, 01:27 PM
You can't sign away your constitutional rights.

Worse then stopping some SEQ users, having your game known as Spyware will cause many new users to look at other RPG's and many current Paying customers to stop paying to keep those accounts they aren't using but dont want to kill 200days played.

The Spyware stigma has killed many a good idea on the net. Which is worse Paying SEQ users or non paying Xgamers/nogrowth? Money is what matters most here.

The spyware stigma posted to every geek board and gaming site would ruin the community feeling for Everquest.

Its always easier to believe the bad things about someone versus the good things. Its definitely easier if you are the market leader.

Just my 2 cents.

high_jeeves
11-07-2002, 01:58 PM
There is a big difference between a stigma and illegal.. They can scan.. it isnt illegal. Yes, it would be very bad PR.. but that doesnt make it illegal.

--Jeeves

Mr Guy
11-08-2002, 10:13 AM
I'm not sure you are right on that one Jeeves. I do know you can press charges and even have store security arrested on the grounds of illegal search and false imprisonment. (Hint: if they say, may I check your receipt, or may I look in your bag, say No and keep walking. If they stop you, call the police and inform them they are committing assault. If they touch you, it's battery. If they say, "Come with me" , again, say No.)

I'm not sure how hard it would be to push that issue over into cyber space. They most certainly can NOT search you, your computer, without your permission. The permission in a EULA is a tough question though.

high_jeeves
11-08-2002, 02:45 PM
They most certainly can NOT search you, your computer, without your permission.


Again... this is an urban myth. Show me a law, or case where this has been proven. You installed the software.. they didnt break any laws getting the software installed. Dont you think that if this were thy case, lots of these "spyware" application companies (located in the US) would be out of business by now? They clearly search your computer for information, somtimes including information like internet history and contacts, which is MUCH more sensitive than what applications you are running. Yet, nobody has been able to succesfully shut those down. Applications search your system ALL THE TIME without your permission... sometimes they are looking for previously installed components, or conflicting libraries, etc... do they every ask you, or even warn you that they are going to do this? No.

Its not a law just because people dont like it.. it actually has to be written somewhere.

Now, if they were scanning your machine and sending back data, there might be an argument here (Although, I still dont think there would be). Scanning your hard drive, and sending back a flag saying that something "offensive" was found however is not illegal.

The store clerk searching your bag is a different scenario.. they dont have a right to search your bag. If they ask to search, you can say no. If they grab you to search, you can charge them...
This doesnt line up at all with the computer search analogy tho.

--Jeeves

Cryonic
11-08-2002, 05:33 PM
Actually, if they don't ask your permission (which VI/SOE and most spyware companies do), then it can be considered a Virus and dealt with as such. Most spyware gets installed along with other software (e.g. Kazaa), so it's EULA is part of the other software's agreement. Most users don't read before clicking "I agree", so they don't notice the inclusion of other apps.

high_jeeves
11-08-2002, 10:39 PM
Actually, if they don't ask your permission (which VI/SOE and most spyware companies do), then it can be considered a Virus and dealt with as such.


Yes.. that is correct... it is a different situation, where the software was placed on your machine without your knowing or consent. That is handled by one of the more recent computer security laws (I beleive it was passed in 1996 or 98? Dont remember exactly).

--Jeeves

seqmage
11-09-2002, 02:20 AM
yes i installed their software, yes i play their game and access their servers..
their software must work as intended(what a reasonable person would expect the software to do).. unless they expliciltly inform you that they will be scanning, they cant do it.

The funny thing is, A lot of the stuff SEQ shows us is now avaliable by using a custom skin in the game.
the compas, the percentages you can add for health, the numbers for skills, so it seems to me that they did learn from SEQ...

They should look at changing the encription back to the old way.. cause with everyone having to put stuff on Windows, its only a matter of time before SEQ becomes WSEQ all over.

LordCrush
11-09-2002, 06:43 AM
Hmm shall we write an anonymous petition -

"Plz change the encryption to that was pre 31.10.02" ? :p

- JK

sequser5516
11-09-2002, 07:35 AM
How often do people actually read the EULA when they log on? It wouldn't be to hard for SOE to put a clause in there stating that they may scan your memory. All most of us do is hit the "Accept" button as soon as we log on. By the time anybody actually found out that it was there, they could have any number of people banned, and you just accepted their ammendment.

high_jeeves
11-09-2002, 08:23 AM
unless they expliciltly inform you that they will be scanning, they cant do it.


Again... urban myth. Just people dont like it, doesnt make it so. Show me the law, or court case that shows this to be true. Until that time, it isnt. If they were going to scan and send your data back to sony, you MIGHT be able to get a judge to listen to you. However, if they scan your system for a particular signature, and sending back a bit saying whether or not they found, they havnt done anything illegal.

--Jeeves

jbjam
11-09-2002, 04:44 PM
Last i remember blizzard got its ass sued over visimilar practices mentioned here (not that VI will ever do so I think they are smarter) is some pres about the case... If VI did in fact scan your memory and send info that is from your own personal applications it would be an easy case to win.

http://www.cdmag.com/articles/013/057/blizzard_settles_privacy_suit.html

Exo
11-09-2002, 04:59 PM
Lets think about the number of software packages that scan at least part of your system. Virus scanners, Program Installers, and Even Web Browsers when chacking to see if you have a plug in (at least IE). No judge is going to rule to make this activity illegal and he shouldn't. You can't invite me into your home and then have me arrested for looking at the paintings on your wall.

This argument is even more silly than that, no one is gonng to court to defend SEQ because you got banned. That's a fact you can face right now. As far as them getting bad press, I've yet to see a game company take any serious bad press for taking a stand against cheaters. Sure you'll not like it but YOU ARE THE CHEATER THEY ARE TAKING THE STAND AGAINST!

What this would needs is a good two dollar plasma rifle.

jbjam
11-09-2002, 05:21 PM
The law suit isnt about cheating or not, it would be about them monitoring your system and retreaving information... YOU know when you do the windows update what does it say? All this is done without retreaving sending any information about your computer to MS why? THink about that... Virus programs can scan your computer but they cant start stealing text documents and sending them to Nortan etc roflmao.. This would not be a case about cheating it would be about them taking information about personal programs im running on my computer..

Anyone remember UO extreme, and OSI long battle w/ that.. There was a reason they never checked to see if UOE was running on your computer etc, that woudl have been an easy as hell solution....

high_jeeves
11-09-2002, 06:35 PM
You are confused between two very different issues. Blizzard was scanning information AND SENDING IT BACK TO THEIR SERVERS... The scanning isnt illegal.. the sending back it where they got into problems. EQ wouldnt need to send any (specific) information back.

This is the reason they were sued (from your own link):



Driscoll’s suit alleged that Blizzard had violated sections of the California Business and Professions Code and the California Penal Code by using a program to transmit user information without the permission of the user.


Which clearly doesnt apply here. So, while your link is interesting, it is in no way at all related to the discussion at hand.

--Jeeves

falkore
11-09-2002, 07:53 PM
Originally posted by Mr Guy
I'm not sure you are right on that one Jeeves. I do know you can press charges and even have store security arrested on the grounds of illegal search and false imprisonment. (Hint: if they say, may I check your receipt, or may I look in your bag, say No and keep walking. If they stop you, call the police and inform them they are committing assault. If they touch you, it's battery. If they say, "Come with me" , again, say No.)

I'm not sure how hard it would be to push that issue over into cyber space. They most certainly can NOT search you, your computer, without your permission. The permission in a EULA is a tough question though.

I AM an armed guard for a retail store, and It's False arrest. Under the US constitution, ANY person that is a Us citizen has the RIGHT to arrest another person (and this varied by state) IF:

1) a Misdemeanor has been commited in the Arrestor's prescence.

2) a Felony (Or the knowledge of one) has been commited in the Arrestor's presence.

3) Any behavior that causes a public disturbance.

Now, onto the Legal aspects of Arrest;

an ARREST is understood when a person's normal life activities have been disrupted.

so, yes, IF you are asked to "Come with me" Tell the store IMMEDIATELY that you want the police called. Tell the manager that you WANT the police present (assuming you are innocent) when and if you are detained from your "normal lilfe activities" and they are disrupted. You can Sue for false arrest, slander, and a myriad of other things. You WILL win. (I have to know these things)

Does this pretain to SEQ? No.

Can SoE legally enter your personal space (your computer) where you could have sensitive documents, and (in my case) Classified and Secret, For internal use only documents, HELL NO! If you can catch them, SoE is in for a MYRIAD of charges to be brought against them, not to mention all the international rules about invasion ov privacy, as there are players all over the world.

The ELUA isn't a lock for SoE's lawyers to invade your privacy, but catching them is a MUST if you want to have an ice cube's chance in HELL of wining a suit against them.

jbjam
11-09-2002, 08:58 PM
Ok.... not to repeat 34343 things that have been said before..
But basically LAWS are normally not decided by your senate they are decided by previous cases. Judges will look back and go ok thats how it went there thats how it goes form now on.. Example abortion..

On to the contract issue, someone could make you sign a contract saying they will pay you 10 million dollars for your company to make their company 10 straws.. THAT WILL never hold up in the court of law because a contract that favors one party heavily over another is never legal.. Now onto the EULA EQ has it change everytime you boot up, sure they cannot scan your computer and (Sure they dont send back everyprogram, your runnign but they do sendback different results based upon what your running and that could be grounds for a law suit. Because it was not in the orignal EULA! THEY could retype it sure, but lets say I paid for 1 year of service and the EULA I read did not have that in, even if it say ssubject to change that doesnt cover a company's ass at all.... Legal issues are sooo fun like that.. Just like everyone is an at will employe a company still cannot fire you for no reason even if its in your contract, if your a good worker etc and they have no valid reason YOU have a law suit... It happens all the time, being a bus add major these are all the fun things ive learned in my legal classes.

If Sony got the balls and tried somthing visimilar to scanning what your running and sending back results, a case would be easy to make and win.

high_jeeves
11-09-2002, 10:11 PM
As somebody pointed out in another thread.. Origin did the exact same thing for detecting UOExtreme. There was lots of similar "privacy invasion", and other "reasons" why they couldnt do this (all spouted by people who couldnt actually post a case that showed WHY they couldnt do this, but think they cant because its "wrong", or because the eula isnt enforceable, or what not).

To date: all of those people are still banned. No lawsuit were ever succesfully filed. So, while I dont agree with your premise that it is illegal, the bottom line is: just like with Origin and UO, it wont matter. If they want to find people using keysniffers and MacroQuest, they will. They will ban those people. Those people either cannot (I beleive) or will not succesfully file a lawsuit. If they do, they will lose (Sony has more money, time and lawyers than you do).... I am going to work on the expectation that my system is getting scanned. Feel free to beleive they wont... I'll let you know how the game is going, once you get banned.

--Jeeves

jbjam
11-09-2002, 10:49 PM
What are you talking about Origin doing that??? That was my post about a few posts up.. saying OSI never did anything to that effect.. They never put in any code to detect UOE.

high_jeeves
11-09-2002, 11:51 PM
Actually, if you search around the web, it appears that they did.

Here is the post to which I am referring:

http://seq.sourceforge.net/showthread.php?s=&threadid=2354&perpage=15&pagenumber=3

--Jeeves

jbjam
11-10-2002, 12:01 AM
Ahh, thats all fine and dandy but the only lawsuits filed against EA was for lag/mental stress and... a bunch of counselors who were disgruntled and thought they should be paid... I know this for a fact.. ALSO OSI never put in code to detect UOE, I am good friends w/ Schultz if u happen to know who that is... a key developer for UOE when it was around.

high_jeeves
11-10-2002, 01:11 AM
Well, be that as it may, but there are many many newsgroup threads and web-pages found that discuss mass bannings, and detections of UOExtreme.. so, somehow they figured out that people were using it, and banned them for it...

I'm still waiting for somebody to post something that actually talks about why it is illegal. I agree that if they send your information from your computer to their servers, they could get in trouble. However, there is nothing that protects you from them scanning your memory and/or HDD for a particular program/signature/whatnot. If you think that there is, then please post either a relevant case, or law. Until then, its all just talk. I have researched and read extensivly on this topic in the past few days. I strongly recommend that everyone who has an opinion on the matter do some research, and back up their assertions. Until then, its all baseless.

I would recommend www.cybercrime.gov as a beginning reading source. It contains (among other things) a legal analysis of various laws and cases.

These particular comments are interesting:



The Fourth Amendment does not apply to searches conducted by private parties who are not acting as agents of the government.

The Fourth Amendment "is wholly inapplicable to a search or seizure, even an unreasonable one, effected by a private individual not acting as an agent of the Government or with the participation or knowledge of any governmental official." United States v. Jacobsen, 466 U.S. 109, 113 (1984) (internal quotation omitted).



--Jeeves

lildr00d
11-10-2002, 04:34 AM
Someone told me once they cant search your machine like that as it would be a "Trogen Horse" Bascially a backdoor into your system. Classified as a Virus and thus not legal. Mabey I misunderstoon. Just my 2 coppers.

high_jeeves
11-10-2002, 08:57 AM
Someone told me once they cant search your machine like that as it would be a "Trogen Horse" Bascially a backdoor into your system. Classified as a Virus and thus not legal. Mabey I misunderstoon. Just my 2 coppers.


It is a trojan horse if it sends data/information back from your machine to VI. It wouldnt be doing that, so it isnt a Trojan horse. Oh, and if that is the case, please sue MS, Real, and a number of other companies that do this.

--Jeeves

Mr. Suspicious
11-10-2002, 10:50 AM
Well, be that as it may, but there are many many newsgroup threads and web-pages found that discuss mass bannings, and detections of UOExtreme.. so, somehow they figured out that people were using it, and banned them for it...

OSI (Origin Systems Incorporated) NEVER scanned their customer's computers.

Macroer's were catched by Senior Counselors and Shard Counselors ("boss" of the senior counselors on a shard) walking around the world and tagging players that were macroing. It was quite easy to tag upto 50 macroers an hour. Just walk around houses, look for animals inside houses that shouldn't be there and were trapped in a corner using furniture and see the person standing next to it... doing nothing for an hour. Pull up his stats and see the skill points fly up. Speak to him 5 times and "tag" he's out.

UOExtreme itself was easilly detectable. By manipulating the memorry of UO it also manipulated the datastream going back to OSI's servers. How easy do you think it's to implement a trap into a program to see if the datastream is tampered with? Does such a trap scan the users system? no. Does such a trap scan the users memory? no. Does such trap violate any "laws" (even tho opinions if such laws apply vary)? no. Can such a trap exist server side and do nothing by check the data for sanity? yes. The first "mass bannings" of people using UOExtreme was those who used the "speed hack". You tell me how much time it would take Verant/Sony to detect a player that increases his moving speed in EverQuest using the movement speed offset.