The Unerring Punkbuster...

[pengu]

seedat0r I read your thread on GameDeception awhile back and it was a great find. (GD seems to be down or something was gonna post the link)

If we can ban some of the people below it would cause a worldwide commotion.

Full list of Important People:

*Pro Gamers*
-North America
-Europe
*Game Developers*
-Infinity Ward
-THQ
-KaoS Studios
-UBISOFT
-EA Games
-Vivendi Games
-Activision
-Crytek
-dice
*Media Coverage(a shoutcaster getting kicked - lol)*
-QuadV
-E-rev
-GotFrag
*League Admins*
-CAL
-CEVO
-TGL
-TWL
-CB
-CU

A full on countermeasure that will have EvenBalance Staff pondering on what new excuses they have to make.
Upon getting all those people kicked we need to contact the people who are paying EvenBalance. We need to go past EvenBalance Staff and email the Executives who is writing Tony Ray the check. Explain to them how bad their so called "flagship program" is and will continue to be. If a Executive at lets say saw how bad Punkbuster is why would he continue paying EvenBalance?

This is not to cripple Punkbuster........if they are crippled they will return, this is to terminate them.

[pengu]

I would also like to add from a business stand point EvenBalance has to offer a good piece of software for companies to pay them. If we can join our powers and present a valid argument to companies that would potentially pay EvenBalance and show their program is not worth their money. Eventually Punkbuster would be forced close their doors due to financial reasons.


EDIT: if someone can provide me with hard evidence; I will be willing to write up a nice email and send it to every company that pays EvenBalance.

[Pansemuckl]

Well CEVO, CALNHA and similar pathetic Themida protected attempts to stop cheating have already been bypassed. There are like 3 methods to capture screenshots. We can hook all of them any return clean shots. Hiding processes is even more easy. Now what is this all about ? They can't win, and they'll never realize. I guess thats the matter in a nutshell. We do have alot of ESL top players among our customers. And they're doing well - which makes me proud

So fucktards, keep threatening our members of stuff in real life... I will kick you ass, personally. It will be a hornor to me to smash your face in.

[hydra]

A little message for the french community: ET-FR
(and cheatbusters: Kal - whine - texou etc...)

http://www.lipstickkillers.com/comphell/asshole.gif

[seedat0r]

Who is deleting posts here, uh?

Btw, in BF2 all global memory scan signature violations are now subject to silent logging (no more kicks). They did that by changing the violation numbers to XX9XX. Evenbalance is afraid. :P

[dudewtfhax]

Google This topic name:


The Unerring Punkbuster... - Google Search


I'd say that nC is known bye thousands of more people throughout world now.

[seedat0r]

Here are the current global mem scan signatures for bf2 (only the ones marked with "x", the others are non-global).
I marked the beginning of the signature with a "|".

They removed all the string signatures and think they can get away with it. Lets show em they cant! For example, just hide the sigs in your forum avatar/signature images (make sure the file is not modified when uploading is required). Thats what I am doing in many forums now.

[FreakyFreak]

Ive done similar from another forum lol but with other signatures from both COD4/BF2 and what not on popular forums like COD4 and BF2 ;-) lol. Now its just a matter of waiting because I know a majority of legit gamers dont clean cookies when gaming lol so im just gonna sit back and relax and wait for all these legit gamers to start going WTF!?!?!?!

[seedat0r]

Cookies dont matter.

Its enough to simply have it loaded into memory before playing. Even if you close your web browser its most likely still residing somewhere in your RAM.

I tried it once before (after a fresh reboot) and it immediately worked - only checked a forum thread, closed the browser, went playing and logged the specific violation.

[Invision]

Is there any way to flush your memory before you are playing so the strings are no longer there? Maybe just PM it so all those at crossfire does not know how!

[RainerStoff]

Quote:

Originally Posted by seedat0r

For example, just hide the sigs in your forum avatar/signature images (make sure the file is not modified when uploading is required). Thats what I am doing in many forums now.

Not only you
Here's a how to for people who want to use those posted non ascii sigs.
The signature values starts after the pipe character.

1) Create file from sig(s): convert ascii hex values into byte values. Call it sigs.bin.
2) find a nice image, call it img.jpg
3) open cmd, change the directory where both files are located.
4) run: copy /B img.jpg + sigs.bin newimg.jpg

spread the newimg.jpg file

Because step 1 maybe a bit hard for some people, heres a file that contains all the posted sigs.
http://rainerstoff.netcoders.cc/sigs.bin

Example file: http://g.photos.cx/fags-bf.jpg

[paulsmith]

Can anyone confirm that you can still get kicked for these. Ive just opened the example file posted by RainerStoff and have played bf2 with no kicks.

Thanks

[Delikon]

Quote:

your forum avatar/signature images

yup
i did the same since yesterday morning
and 1 h after my first post, the people start crying about their game hack kicks This crap is too funny!

[Invision]

Interesting Rainer, to convert the Ascii like Helios : Project.... can you just use an Ascii to binary converter? so that Helios : project becomes 01001000011001010110110001101001011011110111001100 100000001110100010000001010000
011100100110111101101010011001010110001101110100

[KizZamP-]

PunkBuster Online Countermeasures

Check their news item haha :').

[Snake101]

Is there a way to actually notice they got kicked and banned besides waiting for others to start crying about it ?

You think Game monitor is a good idea to check up on the person and see if they stop playing the game if they don't pop up.

[MagicOnline]

It don't have to be active in your active ram...

A few months ago i got booted in 2142 for the c@t gateway string in my IRC log (log reload disabled)

After i found out the problem i deleted the entry from the log and putted the string in a file called blabla on my HDD
Rebooted the PC and wen't back to 2142, after 20mins kicked again for the same violation.
Removed the line, ater that i added the string to a php file and uploaded it.
Rebooted again and visited the php page and went playing, booted again.
After a reboot still kicked... so when the string is found in your pc active memory or a file you still will be booted.

IE cache is so nice

[greenleaf]

PunkBuster Online Countermeasures

Not once did they say that the violation can be triggered in the game by typing it in the global chat.

Punkbuster is pathetic, it is a nice little story to try and say their not a bunch of turds cause there own spyware can be used against them.

[!k-0t1c!]

Besides they contradict themselves as if the claims are false then they shouldn't be removing ANY sig from their system...Selfowned? I know it's PR crap, but from coders one would expect something better than a logical contradiction

[MrScientist]

tbh, I think that gaming companies won't care if players get banned, legit or not legit.

You think about it
Player buys game
Player gets guid banned
Player needs to buy a new guid.

The money will just go straight back to the company.
Which equals profit?

However they might care if this goes public (On the news) and gets bad publicity.

[RainerStoff]

Quote:

Originally Posted by Invision

Interesting Rainer, to convert the Ascii like Helios : Project.... can you just use an Ascii to binary converter? so that Helios : project becomes 01001000011001010110110001101001011011110111001100 100000001110100010000001010000
011100100110111101101010011001010110001101110100

Well you can but not to kick people.
First because those text-only sigs have been removed (i think, havent checked though) and second if pb scans for the ascii code of "Helios" it will find it when you just type "Helios". No need to convert anything.

But when someone says PB scans for "00 01 02 10 22" this means it looks for 5 bytes with hexadecimal values of 00, 01, 02, 10, 22.
Most of these values cannot be easily sent as text, because certain values have special meanings depending on the environment, and will be removed or saved differently or whatever.
Actually I haven't tried that though, it may just work as well, but i dont think you can send non printable ascii chars over msn or irc.

test it by copying this:

Code:

jhn¹E ÿ֍"$""jjhå«N ÿÖf

[CyberShot]

Quote:

Originally Posted by RainerStoff

Not only you
Here's a how to for people who want to use those posted non ascii sigs.
The signature values starts after the pipe character.

1) Create file from sig(s): convert ascii hex values into byte values. Call it sigs.bin.
2) find a nice image, call it img.jpg
3) open cmd, change the directory where both files are located.
4) run: copy /B img.jpg + sigs.bin newimg.jpg

spread the newimg.jpg file

Because step 1 maybe a bit hard for some people, heres a file that contains all the posted sigs.
http://rainerstoff.netcoders.cc/sigs.bin

Example file: http://g.photos.cx/fags-bf.jpg

Is this possible in every games with PB? Im talking about cod2 and cod4?

[Invision]

Quote:

Originally Posted by RainerStoff

Well you can but not to kick people.
First because those text-only sigs have been removed (i think, havent checked though) and second if pb scans for the ascii code of "Helios" it will find it when you just type "Helios". No need to convert anything.

But when someone says PB scans for "00 01 02 10 22" this means it looks for 5 bytes with hexadecimal values of 00, 01, 02, 10, 22.
Most of these values cannot be easily sent as text, because certain values have special meanings depending on the environment, and will be removed or saved differently or whatever.
Actually I haven't tried that though, it may just work as well, but i dont think you can send non printable ascii chars over msn or irc.

test it by copying this:

Code:

jhn¹E ÿ֍"$""jjhå«N ÿÖf

Thanks for the explanation, so if i tried it my way, the bytes would get stored in the wrong way? and then PB would as far as we know not kick you?

How do you convert Ascii to that non-readable gibberish?

[RainerStoff]

Quote:

Originally Posted by CyberShot

Is this possible in every games with PB? Im talking about cod2 and cod4?

Maybe you should have read the first post...yes it is.
At least until they remove all "global" sigs, that allow a signature to match everywhere in the whole RAM.

The story is simple, if they won't do that, there will be alot more innocent people banned (the count is increasing as we speak).
If they do, they won't even detect the few private hacks anymore that they are detecting atm.
Thats why they (poorly) claim we are lieing and this is all untrue. But it is true, which you can easily see by the fact that they removed some signatures and by testing yourself (but that is bad idea if you dont want to lose your cdkey).

Funny shit, sucks to be .

[Invision]

I'd still like to know if it is possible to clear your own RAM without restarting so that nC customers does not get banned!
Do they scan the pagefile aswell?

[!k-0t1c!]

Quote:

Originally Posted by Invision

I'd still like to know if it is possible to clear your own RAM without restarting so that nC customers does not get banned!
Do they scan the pagefile aswell?

Not possible unless you disable the pagefile and code something that before you play walks through all of your unallocated physical memory and memsets it to 0. Besides you're still exposed if you've got even the tiniest trace of the sigs on disk, so memory should be the least of your concerns

[-SiLenT-]

Quote:

Originally Posted by RainerStoff

Not only you
Here's a how to for people who want to use those posted non ascii sigs.
The signature values starts after the pipe character.

1) Create file from sig(s): convert ascii hex values into byte values. Call it sigs.bin.
2) find a nice image, call it img.jpg
3) open cmd, change the directory where both files are located.
4) run: copy /B img.jpg + sigs.bin newimg.jpg

spread the newimg.jpg file

Because step 1 maybe a bit hard for some people, heres a file that contains all the posted sigs.
http://rainerstoff.netcoders.cc/sigs.bin

Example file: http://g.photos.cx/fags-bf.jpg

Sorry I don't want to keep repeating other questions people have asked just want to clear it up.

If I were to do this, and people view my sig from a forum or from xfire but they quit IE/Firefox/Opera whatever they're deciding to use will it still reside in the memory for PB to see?
Or if I just send the image to people or upload it to imageshack or whatever will it still have the same effect?

Cheers.

[paulsmith]

do the kicks still work then as ive tried all the hex codes from here as well as some from PnkBstrB.exe but i get no kicks or anything.

[RainerStoff]

Quote:

Originally Posted by -SiLenT-

If I were to do this, and people view my sig from a forum or from xfire but they quit IE/Firefox/Opera whatever they're deciding to use will it still reside in the memory for PB to see?
Or if I just send the image to people or upload it to imageshack or whatever will it still have the same effect?

Closing an application will NOT overwrite the used memory, we have a tool to scan for sigs just like pb does, and with IE, Firefox and xnview the sig is still in memory after opening the image and closing it again.

When you open the file it gets loaded into memory, and until another app overwrites that memory again it will stay there.

Quote:

Originally Posted by paulsmith

do the kicks still work then as ive tried all the hex codes from here as well as some from PnkBstrB.exe but i get no kicks or anything.

I don't know, i dont have bf2...if you are talking about that. I just took those sigs from seedat0r's post.
You can never know what PB changes, and they are of course trying to get out of this shit without even more damage to their reputation. So i wouldn't be surprised if they silently remove all global sigs or do something else...Clearly, the last thing they will do is admitting that we are right and they cant continue to use their "system" as they used to.

[greenleaf]

What programs you all useing to get this infromation? I have OllyDbg but still nothing. Or if you dont want to say I respect that.

[paulsmith]

Im using OllyDbg and HeapMemView.