• Visit Rebornbuddy
  • DB Security Improvements

    Discussion in 'Demonbuddy Forum' started by Foss, Aug 28, 2012.

    1. Foss

      Foss New Member

      Joined:
      Aug 21, 2012
      Messages:
      149
      Likes Received:
      0
      Trophy Points:
      0
      I am not a security expert but I have been in the Punkbuster environment for some time and suggestions like these could always be implemented.

      Security Improvements which I think should be accounted for in DB and lower the risk of ban are:

      Code:
      -Static process name change that uses ascii. (do not have it called Demonbuddy.exe)
      -All dll's and common file names should all be compiled into ONE ".exe"
      -Registry files should have a static directory (if DB drops reg files)
      -checksum randomize knowing warden system could and probably explains in the EULA that they can search your computer.
      
      All profile randomize will have to be done from the creator of course which I see people are catching on.

      Any feedback and possible forwarding this to the dev's would help protect DB users... in my opinion.
       
      Last edited: Aug 28, 2012
    2. Nab

      Nab Member

      Joined:
      May 31, 2010
      Messages:
      381
      Likes Received:
      2
      Trophy Points:
      18
      Good suggestions, but it has been stated a few times before that even though the eula states that they can search our computer,
      it doesn't make any difference because they would risk violating privacy laws, which they can't afford.
       
    3. Foss

      Foss New Member

      Joined:
      Aug 21, 2012
      Messages:
      149
      Likes Received:
      0
      Trophy Points:
      0
      That may be true but there are different laws for different countries and the legal system can always be exploited and has loop holes to it. Everyone knows that blizzard has plenty of money and can delay a case for years on end until the defending entities have pretty much bankrupt. One could guess that blizzard has spent millions on a lawyer for constructing an EULA which meet legal terms.

      My suggestions are just meant as a precaution. So one may never have to go through setting up a petition in order to fight privacy claims stated in the EULA.

      It is like having a seat belt. Its there to protect you and there are laws to make you wear it but it does not always save your life. 90% of the time it does but i rather have that chance to be safe.
       
      Last edited: Aug 28, 2012
    4. Giwin

      Giwin Well-Known Member Buddy Store Developer

      Joined:
      Dec 3, 2011
      Messages:
      3,431
      Likes Received:
      49
      Trophy Points:
      48
      the system setup is for warden, not punkbuster... they know what they're doing and doing more than what is necessary means that there's a performance hit on the bot.
       
    5. Foss

      Foss New Member

      Joined:
      Aug 21, 2012
      Messages:
      149
      Likes Received:
      0
      Trophy Points:
      0
      And that is why I said I am not a security expert, and I am using the PB system as a compassion. My first post is implying that DB take the same precautions (from what I stated in the first post) as if we were protecting ourselves against PB. I would consider PB the greatest anti-cheat system in the market right now, and I would think the warden system is up there too. So researching outside sources does not hurt? A great offense is a good defense, right?

      Now if you look and research these links all these systems are in relates and have some sort of compassion, plus at the bottom of each wiki there is a "See Also" which all link each other.
      PunkBuster - Wikipedia, the free encyclopedia
      Warden (software) - Wikipedia, the free encyclopedia
      Valve Anti-Cheat - Wikipedia, the free encyclopedia

      They all scan the game directory and memory and task's.
       
      Last edited: Aug 28, 2012
    6. Giwin

      Giwin Well-Known Member Buddy Store Developer

      Joined:
      Dec 3, 2011
      Messages:
      3,431
      Likes Received:
      49
      Trophy Points:
      48
      no I think warden is terrible according to some devs and has been dumbed down, I think after the mmoglider lawsuit warden couldn't go outside the wow memory space.
       
    7. Foss

      Foss New Member

      Joined:
      Aug 21, 2012
      Messages:
      149
      Likes Received:
      0
      Trophy Points:
      0
      true but it does not hurt to take these precautions and only takes several hours to implement them. And doing this would make people feel safer agreed? If any 3rd party programs impact and impede the Auction House and Real Money Auction house I would think blizzard would want to strongly enforce there EULA.
       
    8. Foss

      Foss New Member

      Joined:
      Aug 21, 2012
      Messages:
      149
      Likes Received:
      0
      Trophy Points:
      0
      Here is a great example of what I am talking about:
      Blizzhackers • View topic - WARDEN = UP

      Please read that thread and now think that something like this should be implemented. All blizzard needs to do is add "Demonbuddy.exe", "DemonBuddy" and md5 checksum to there warden filter and that is it, flagged.

      I want a dev to respond to this, and/or moderator forward this to a dev to maybe get some of these features added.
       
      Last edited: Aug 28, 2012
    9. CodenameG

      CodenameG New Member

      Joined:
      Jan 15, 2010
      Messages:
      38,397
      Likes Received:
      230
      Trophy Points:
      0
      exactly, its not the same, thing not only that but all the information you can find on warden by googling now a days is more then a few years old, and dosnt apply to the warden variants we are seeing now, we have the best experts on warden working for us, if they would think that taking the kind of mesures discussed above would do anything then we would of done it.

      not only that but most of the bans we're seeing aren't even from warden detecting the program, most of them are from blizzard doing server side monitoring and pattern detection that has nothing to do with warden.
       
      Last edited: Aug 28, 2012
    10. Foss

      Foss New Member

      Joined:
      Aug 21, 2012
      Messages:
      149
      Likes Received:
      0
      Trophy Points:
      0
      True, but if you read this whole thread you will see how a related each other. I understand what you are saying, but there is no harm, but rather good in adding something like this. It simply doesn't hurt even though it may be over kill.
       
    11. Giwin

      Giwin Well-Known Member Buddy Store Developer

      Joined:
      Dec 3, 2011
      Messages:
      3,431
      Likes Received:
      49
      Trophy Points:
      48
      there is harm when performance sacrifices are made over security measure which make absolutely no difference in safety, although I understand why you want these features because you think the bot will be more secure but it would be the same (exactly the same) as when warden changes or updates then the tripwire will go off and then the people working on the warden protection can implement features such as you've stated but until then.
       
    12. Foss

      Foss New Member

      Joined:
      Aug 21, 2012
      Messages:
      149
      Likes Received:
      0
      Trophy Points:
      0
      Ya i just do not want to wait for the "until then". But I hope someone will look at this and be like.. "that was not bad of an idea" lol
       
    13. Apoc

      Apoc Moderator Staff Member Moderator

      Joined:
      Jan 16, 2010
      Messages:
      2,790
      Likes Received:
      94
      Trophy Points:
      48
      Ok, so, I'm honestly getting a bit tired of replying to threads like these. (Please, go search for other warden related posts by me, MaiN, Nesox, Hawker, or any other developer here...)

      Warden will not reach out of it's own process any more. (Scan.dll does this in WoW to catch stuff like CheatEngine, etc. Nothing too fancy, nor worth worrying about) They can't read our window titles, as we're not "in" the game process. (See: warden doesn't leave the game proc)

      Warden does do module hash scans. Yes. But only for modules loaded in the game. We don't load any in the game, so those scans are completely pointless to us.

      Warden does driver hash scans as well. Nope, we don't touch kernel level stuff (drivers). So again, scans are completely pointless.

      Warden does not check the current process list for any scanning. (They check it, but don't do anything "detection" related with it. It's just a requirement to do some other scans.)


      So, to shut down all 4 of your suggestions:


      Warden doesn't do anything with the process list. So this isn't necessary. (We do have full support for renaming the exe, and our built-in updater will even rename updates to whatever you named your exe to) Feel free to rename. (This changes the process name as well btw)


      ... we do. For the exception of some that we can't (due to .NET restrictions on managed/native code) We leave other libs out as they can be updated without us needing to push a full update. Plus, they are all widely-used libraries, so there's no harm in leaving them by themselves.


      The windows registry is the devil! (It's being used less and less, and according to MS, will be removed in an OS in the not-too-far future.)


      ...what? I assume you mean modify the exe so that the checksum changes and can't be detected by warden's scans? If so; see my statements about warden not leaving the game's process.
       
      1101011 likes this.
    14. ryan12345

      ryan12345 New Member

      Joined:
      Aug 16, 2012
      Messages:
      392
      Likes Received:
      0
      Trophy Points:
      0
      Now this is the stuff I like reading about. Even though I only understand 25% of it. : )
       
    15. mephuser1000

      mephuser1000 Active Member

      Joined:
      Jun 10, 2011
      Messages:
      1,636
      Likes Received:
      1
      Trophy Points:
      38
      The above is very much needed. Even custom-made profiles that aren't randomized will result in bans.
       
    16. sparks

      sparks Active Member

      Joined:
      Apr 23, 2010
      Messages:
      1,174
      Likes Received:
      1
      Trophy Points:
      38
      I like the ideas and I also trust the DB staff.
      Yea you have to be carefull, look at glider in their may bans.
      bliz put some stuff in the front end when they did a warden update and everyone went bye bye LOL

      I bet that DB have seen worse and they are the ones I trust but there is always new ideas and thoughts on this.

      And since bliz staff can't read this will be read to them at the next beach party. LOL

      sorry ass money grabbing lying ASDF@#$@#$@#%@#%^@#
       
    17. Foss

      Foss New Member

      Joined:
      Aug 21, 2012
      Messages:
      149
      Likes Received:
      0
      Trophy Points:
      0
      @Apoc Well thanks man for reply if it was repetitive for ya. And seeing that you have more knowledge I would think you are part of the security team, But it is good to have a thread like this once and a while to insure that people feel secure in some way running a 3rd party program they paid for lol. As long as you guys stay ahead of it and add things which may improve the security then people like myself will feel better about it. And I am speaking out for everyone else not including myself.
       
      Last edited: Aug 29, 2012

    Share This Page