It's been said over and over again: Punkbuster is always right, defensive and will never cause false positives... ...netCoders is proud to finally prove the opposite! The inability of Punkbuster to detect private cheats has never been questioned - at least from our side. From my perspective looking back on the last 5 years all I can say is that any action from Evenbalance did not severely harm the cheat community.
Instead, the honest player is harassed to play PB games with administration privileges (while Microsoft introduces a more strict model on Vista), local disk drives are scanned and a critical RING0 spyware driver has to be installed. The sad thing is: None of these inconvenient things improved Punkbuster's ability to stop cheating.
These are facts. Another myth yet to be busted is:
Punkbuster never fails, if you get kicked then you're a punk. You don't stand a chance to prove the opposite. Nobody would believe you at all. Not even Evenbalance. Filing a support ticket reveals the arrogance and self-assurance of a monopolist that has nothing to fear:
Well you wont feel sorry for the guy cheating. But was he? Yes he was you'll say... that's the only answer to that question. But Im sorry to teach you better: He wasn't! How can I tell? Well... (yes crossfire)
IT WAS US! Footage (XVID)
RapidShare: Movie: How we kicked Alex Part 1/2 RapidShare: Movie: How we kicked Alex Part 2/2 Do we have a fat grin smiley here? It's a special day! Now how did we manage to do that? Quite easy... Punkbuster - desperate to get our private cheats detected, thought it might be a good idea to randomly sniff any PC's
physical (!!!) memory. Basically it's acting like a virus-scanner trying to find blacklisted sequences of bytes found in cheat files. Which is not even a bad idea - it's just been used badly. Give a monkey a gun and he shoots himself. Don't blame the gun...
First of all I was surprised to find my private chat aswell as passwords (paypal/online banking/...) just everything inside PnkBstrB's process memory. Thanks to helios for pointing me to this.
[IMG]http://www.**********.com/forum/mozilla%20history00.jpg[/IMG]
Do you know what PB is doing with that data? Do you trust them? Of couse you do. Punkbuster never fails. I don't trust them. So I kept digging deeper. After a while I found out what rsHook got detected for: Some noob leaked the files to Punkbuster. As they couldn't manage to reverse or crack them, they've just added some random string to their signature blacklist.
Quote:
Game: ET v2.60
PB: version (add)
Violation: #80332
Signature dump:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 2C 20 22 52 69 66 6C 65 20 41 69 6D 20 50 72 65 , "Rifle Aim Pre
00000010 64 69 63 74 69 6F 6E 3A 22 00 diction:". |
Neither Rainer nor I could believe what's happening here. All it takes to get kicked is to have that sequences of bytes in a computer's memory, and you will get kicked for #80332, even without hacks!!! That exploit ... no let's call it by it's real name
GIGANTIC STUPIDITY of Evenbalance was asking to be exploited. As such we started looking into almost any Punkbuster game and found similar strings. Of course we could not resist to try this on a couple of servers and different games - with surprising results: We
were able to kick players from almost any Punkbuster game for different violations.
Where's Punkbuster's defensive attitude here? To yield to despair? If those signature violations you people over in Texas made such a blown-up secret about (
#Gamehack,
#Multihack,
#Aimbot) would be handled with precaution, just like the
Corrupted Memory (fried RAM VS memory patch),
thousands and thousands of CDKEYs wouldn't be banned and wasted for now!
In other words:
YOUR FALSE POSITIVES already caused thousands of innocent people to be banned! Just imagine how many cdkeys have been wasted on Call of Duty 4 already because of that bug? Well alot of keys went down the lavatory eversince we found out, that's for sure
Quote:
Interview with lio (Team Belgium)
Kicked by nC for #80332
Match GamesTV.org :: Match Details :: Belgium vs Sweden
Innocent Ban PBBans | MBI - BanID 61106 (ae6987d5 | RTCW:Enemy Territory)
Reputation ruined.
Punkbuster reaction: You did cheat. We never fail.
MigrosBudget: Hi lio, please introduce yourself to our readers.
EDiT'lio: Hi I'm Lieven ' lio ' Melsens and started picking up gaming at the age of 14. It all started out with some random games like spec ops etc but on my 15th birthday I ordered RTCW to start playing that. I played RTCW for like 1.5 year and then headed over to ET which I am still playing up to date. I’m coming 21 years old now so you con do the math..
MigrosBudget: What LAN's have you been performing on in the game Enemy Territory?
EDiT'lio: I have been on several lan’s since, I played at some FOM edition which is like the most famous lan in Belgium always reaching a top 3 spot with my team but mostly ending up first. What would you want if your playing with teammates like (mAus, sneek, vila, acid, lio random). And besides that I have been at all the cpc/cdc editions where I have grown every year to get higher and higher. Last cdc4 I ended up 3rd with my team and was considered to be one of the best offline players then..
MigrosBudget: Lets get straight to the point, last week in the nationscup match Belgium versus Sweden you were kicked from the match server for (Gamehack) #80332, what were your first thoughts beside the "wtf" effect?
EDiT'lio: Well on that time I was laughing on vent with my EDiT mates, I have been playing for years with them so they knew this wasn't possible. I was thinking what might have caused that but then I just decided it had to be somekind of bug. A joke that didn't last for to long as the whole community had other thoughts than me and my mates did..
MigrosBudget: As you can see, most of the active clanplayers on crossfire are on your side, none actually believes that you cheated. Even most of the crossfire admins believe you, so what do you think is the reason that Clanbase has banned you within less than half a week after the kick? Normally it takes ages for Clanbase to ban a player if they do it at all.
EDiT'lio: Well you might have heard that I got into some issues with cb admin DoneX, I got kicked and banned on a pbstreaming server which was casting ettv but the guys from Poland had bad pings there so we went to play on another server. He heard about this and then he made us play the server where I got banned on again, I just deleted my etkey in the hope I could play again and it worked so… But before that there was alot of flaming going on with the admin and me so I think he banned us so fast merely on personal reasons. And if its ok I want to add something about our lovely community aswell. You are saying most of the community is standing at my side, that is for the players that have been at lans and the admins that have been at lans. People are always complaining about the fact that there are to much cheaters in ET but when someone gets 'busted' it seems like theres a big party starting where everybody can flame the person in question. Everybody should be sad seeing a player like me might have cheated but no, they just make a media fest from it with me as target, nice community I would call that..
MigrosBudget: So now we heard your opinion about the community, what is your opinion about Punkbuster after this unjustified kick then?
EDiT'lio: Well sometimes I have been thinking why PB is actually there, Punkbuster is mainly busting the public random players that I never get in touch with but if it comes to busting players that are playing in competitive ways I think you will have a very short list. I, as a player can almost immediately tell when playing a 1v1 if a player is aiming normal or not, pb on the other hand is only working with theorie and not with practical things, and thats what makes pb 'not convincing' for me now anyway.
MigrosBudget: Would you continue playing if you would get unbanned from Clanbase or do you think that your reputation was already damaged too much?
EDiT'lio: Well as you might have noticed I'm a pretty hated player in the community aswell, you can be hated for cheating but you can be hated for flaming everyone aswell. And as you might know EDiT might be the team with the worst reputation in the whole community. I never had a really good reputation but for me the game is all about my friends and playing with them. And due to the fact they know I wasn't cheating I would start playing again for sure, the fact that for the first time cb / esl are giving some prize money for their cups might be a big factor also..
MigrosBudget: Well thanks a lot for this interview, I wish you and your team good luck for the coming cups, and I’m pretty sure that your ban will be lifted quite sure, any final words from your side?
EDiT'lio: Thanks you for helping me out with this case and clarify some things for me. I hope for the sake of other players I will be the last player to have experienced something like this. |
Oh well what a nice story... I still don't believe a single word you're saying. That guy might have cheated... We expected that. Who believes punks anyhow. We are the bad guys. So here's another "proof of concept" you will find more difficult to explain: Today we decided to put this up to public after having fun with it for a couple of month. So we chose our beloved friends at
crossfire.nu (revenge is sweet, isn't it) to help us out. People wont trust us, but them. They're loyal.
So we put up one of our signatures and send it as a message to their IRC master channel. Soon, more than 300 players got kicked for #80332.
Crossfire 3.0 - A Gaming Community 1 Crossfire 3.0 - A Gaming Community 2 GameHack #80332 - PBBans Crossfire 3.0 - A Gaming Community - powered by Game-Hosting.com 
Game over. Evenbalance will disable these scans or at least remove critical signatures quickly. If you cannot reproduce our results, dont worry. We have all the proof. Punkbuster might fix the terrible mistake, but there is no fix to the damage of it's reputation.
Now my question is, Evenbalance, how are you dealing with this? Lift all bans based on signatures or keep thousands of innocent people banned just because you'd also unban a few real punks? PS: To prevent misunderstanding:
This issue involves almost ANY PB game (COD I is not affected for example) that has given
#AIMBOT, #GAMEHACK or #MULTIHACK violations for the last couple of months, not just Enemy Territory! Causing false positives works for any game, using a valid signature PB is searching for on a specific game.
Here are some signatures for other games:
We kicked people in COD2, COD4, BF2, BF2142, ET and almost any other PB game
Footage Index of /pbbust Update 25.03.08 - 2.30am GMT - PB removed #80332 (ET) from the signature blacklist.
You can kick players for #70476 Multihack (ET) using
scripts/eth32.shade now!
Update 26.03.08 - PB removed #70476 (ET)
Evenbalance posted an official statement about the issue. They admit that the "exploit" was real and has been fixed - a LIE! The signature we've used to demontrate the major
security hole of the whole concept(!) has been taken of the blacklist, that's all. But there are plenty of other's that do work the same way, and there is even more... (plan B, you know
Evenbalance does not admit that's been a terrible mistake and the whole system caused alot of false positives eversince beeing introduced, instead the company underlines the great benefits and achievements by "aggressively scanning for patterns" which forced certain commercial cheat websites to shutdown. Thats propaganda, and to a certain extend thruth. The signatures have been (this is over now) the only thing causing headaches to cheat creators lately, meanwhile Punkbuster seem to be absent for the last 4 years! Certain nC hacks haven't been detected for almost 3 years! And if they did, it's just because some idiot leaked the files.
We expected all that to happen. Innocent people that lost their cdkeys in the last few months will not be able to play again. Punkbuster will not stop physical memory scans and fix the security hole. Thats unprofessional, pathetic and just unfair towards the gaming community. Let's hope people will speak up against the arrogance and insensibility that contract-thristy management in Texas treats it's users with.
Update 27.03.08 - Statement by EB CEO Tony Ray, founder and CEO of Evenbalance took a statement on recent events.
Source
BASHandSlash.com - Home Except to discredit the other side (= us), to trivialize the incident, ignore the effects and result to hornest players, you will find no word of excuse, no confession ("Yes we made a mistake") and no sense of learning aptitude. Instead, lies and propaganda: Anyone playing multiplayer games will disagree but still Tony Ray claims: There are no undetected cheats. Total ignorance, arrogance and absolute resistance to learn. An interesting insight about the policy of public affairs of that company, and the spirit of the folks that represent it. My motivation to scew PB has never been higher.
Update 28.03.08 I've added some comments on Tony Ray's latest interview.
Read Credits- Delikon
- Blackdove
- Inspire
- RainerStoff
- Helios
- MigrosBudget
- ***********
Cheaters always win! netCoders.cc This article has been referenced 300+ times.
Wikipedia:
http://en.wikipedia.org/wiki/PunkBuster