The Unerring Punkbuster...

[mcfc4life]

tony ray is stupid he mixes up the terms undetected and undetectable...., when people right our hacks our undetected they are undetected at the time of writing it.

[!k-0t1c!]

seedat0r, I swear I was 100% clueless on that 1st byte being the length.
However thanks for notifying, I've uploaded a fixed version (gotta love the ease of regex and .net )
If I'll get some decent feedback I'll make a DLL exposing some procedures to do the job (so that one will be able to directly integrate it into a sig dumper) and a batch dumper working on filesets rather than parsing files one by one.

[Pansemuckl]

Quote:

Originally Posted by penguin1337

Pansemuckl since they are interviewing Tony Ray why dont they get your side of the story and interview you?

Thats a thing he will never do for principle. I would. Smart people know: To succeed, you not just have to talk to your allies, you also have to talk to your enemies. Keep your friends close, keep your enemies closer

That's pretty much the biggest mistake ever: Brand punks to be evil not talking to them. If they'd hire some skilled people, they'd do alot better.

[todensengel]

wow that interview is rife with circular logic and false statements, utter nonsense and blatant displays of why most of America hates texans not to mention the rest of the world

[seedat0r]

Yea, exactly Pansemuckl, Tony Ray is the one that puts hatred out into the world. He is not a professional programmer trying to counter hacks, he is like a fundamentalist whose life goal is to bring grief to as many cheaters as possible. Tony, you always get what you give, and now its payback time for you. You can deny it for the rest of your life, but the truth lies there now for everyone to see.

Somehow he reminds me of that other fucker called George Bush. God, are all people from Texas so fundamentalist and ill-minded?

[Snake101]

Quote:

Originally Posted by -SiLenT-

Don't know if its deliberate but when using seedat0r's pbdata files with !k-0t1c!'s program I only get a few hacks returned when I choose dump to ASCII, example:

cod2_pbpat.txt dump to ASCII, I get this:

4ÿÃ�Xjÿ5AAAAè¹F Â�A €. ·ßé „m¢3ðiîÂ�%ú«è
U‹Ã¬Ã¨ ]ÃU‹Ã¬Â¡@
1è¾ Y‰Ã‡Â£AAAAƒ=AAAA ujèæ Y‹]øë*‰ÃšƒÃˆÃ¿@€< uùÂ�p
92CoD 2 Private Wallhack ^11.4 ^2by Warlord - ********.com
Tköj Â�L$0QƒÃ¬‰t$(+ÂÙT$ÑèÙ\$Â�@ÛD$(Ã’…ÒØD$0Ù\$ (ÙD$(‰T$(Ù\$ÙD$,ÛD$(}ØHv ¡¼‡ ÞéÙ
TÞv@G à
D
y” ` @
@ @ @.vmp0 wq
p r
R @ à.reloc ð
TPE L c(¡G à
‚

Ã’
@

Is that right or should they're be more hacks included in that?
It's the same with CoD4, only see by Warlord from elitecoders and Mombot.

edit: even though I'm not sure it's gonna work, I got one of my mates to test it, I sent him a link to the image, he opened it, then went straight onto CoD2 to start playing, hes been in about 5 - 10 minutes now, I also uploaded the pic to my xfire (not sure if that will work though will it? )
Well I can't wait to see if it actually works. ;D

Yeah i get this for cod4_pbpat.txt.


‹O`‰Gd‹PÿR`ÿw`‹Ã�èVïÿÿ^‹Ã‡[ÉÂ$ V‹Ã±Ã¨ öD$tVè¢ YÙEèßñrH‹C8Øpè˜Â¨ ‹KhÂ�t1‹N+ÈPQ‹Ã†Â�MÜèKüÿÿ‹j Â�M‹D$(ƒÃ€$èAAAAÙ\$|‹D$(Ù€4 ´ Ø@xÂ�Œ$€ Ù\$hèAAAAóNüÙ\$lWÀÙDby Warlord from elitecoders.orgr‹]SVÿuèfâÿÿ‰EäƒÃ¾u;Çu
SWÿuèøýÿÿ;÷tƒÃ¾u)SVÿuèåýÿÿ…Àu‰}ä9}à ¤thttp://www.********.com/pbupdate.html iexplore.reloc j @ À.osh .rsrc ¬ à P @ À.idata ð ` @ ÀMombÿRHÙC€{L ØeàÂ�sÂ�C(Ù]ðPÙCÂ�C$ØeäPÙ]ôÙEðÃ�AAAAÜÉÙÉÙ]èØMôÙ]ìÙØEèÙ]øÙFØEìÙ]ütÂ�C Pè¹ ‹Ã¬ƒÃ¬Ã™Eÿu‹Ã™]ðÙEÿuÙ]ôÂ�UðÙERÙ]øÙEÙ]üÿPAÉ @ @.vmp0 ¹ß
` à
N @ à



and both the binary and the ASCII are the same code.

[seedat0r]

!k-0t1c!, you should remove the ASCII dumping, its broken. The signatures in it get broken and like 100 bytes are added (for cod2) compared to the bin without a reason - and yes, it looks the same in editor, but editor seems to drop bytes. If people use this it wont cause any violations.

What is ASCII dumping anyway? You just write the bytes and thats it. Oh and adding CRLF for newline also is a bit unneeded, and newlines can be caused by the sig bytes themselves as well. Besides, its not readable stuff anyway.

EDIT: Oh, would be nice if you could add support for files that contain LF format instead of CRLF as well. Evenbalance seems to mix it. For example, the bf2 pbpat.1 uses LF only. You could also make the parser independent of newlines altogether.

EDIT2: Tried the bf2 file with CRLF format. Get an "index out of range" error.

[Pansemuckl]

Here it is. My comments on the latest interview:

Cheating in Online MultiPlayer Games.


WolfManz611.: Before we get into the questions could you please tell the readers of wolfmanzbytes who you are what position you hold at Even Balance and how long you have worked for Even Balance?

Tony Ray..: Hello, I'm Tony Ray, founder of the PunkBuster project and President of Even Balance, Inc. I've been involved in fighting cheating since the late nineties and with PunkBuster since initial development began in September of 2000.

WolfManz611..: When the guys at PunkBuster get word of a game hack or exploit how long does it take roughly before you guys update the PunkBuster client to detect that hack or exploit?

Tony Ray..: Well just to clarify, our research team needs to actually have the hack or a memory image of the hack running in memory. Hearing that a hack supposedly exists does not allow us to develop a detection. Our system is designed to obtain a positive match on a known hack which generates a cheat violation. In some cases, we use restriction kicking (as opposed to cheat violations) for cases where we do not have a positive match of a known cheat but where the player’s system has been compromised (could be a hack or could be a virus for example). Once we have an actual working hack, we usually have detection working and tested within 24-48 hours. Kicking for the hack will be turned on at some point after that, it could be a few hours or a few days depending on the circumstances. In some cases, we silently detect known cheats over time to catch a larger group of hackers for a more effective long-term ban or stat-wipe situation.

Pansemuckl..: We know all that, however most hacks are protected very well so that PB will never get a memory image or the hack itself. It's still possible that they do, especially if people leak files, but past occassions have shown that this is not a serious threat at all. Talking about the time before the spyware driver was introduced (signatures), PB failed to detect hacks at all, for years. The nC codBot did not have a single detection ever.

WolfManz611..: Users don't pay for the PunkBuster client so how much does a game company have to pay before they can use PunkBuster or is it free for them to use?

Tony Ray..: We have remained committed from day one to not charge our users for anti-cheat tools in PunkBuster supported titles. We have always believed a measure of security should be included in the price a player pays for a multiplayer game. Who would buy a car without an ignition key or locks on the doors? PunkBuster support is not free to game developers/publishers but it is very reasonably priced (for example, several years of our support usually costs less than the cost of packaging the game).

Pansemuckl..: Charge money and fail to deliver. What sounds so generous here (hey its free!), only serves one party: Evenbalance. They do get the money from the game companies, because it's a lot more convenient to them compared to what effort it takes to charge millions of users. Who would pay for PB doing such a lousy job anyhow? People would pay any competitior in the field and support them instead. That's called free market. Instead of competition, we have a lazy monopolist sitting on his chair waiting for more contract to step in. My call here: No company should agree to any pre-defined contracts with anti cheat developers any more. Instead, support alternate (game specific) developers. If you think its better to have a single company dealing with cheaters instead of 20, than you have no clue whats going on here.

WolfManz611..: Is there anything either the game manufacturer or PunkBuster can do about web sites that are charging to get access to the latest cheats? For example is there any legal way to shut these sites down?

Tony Ray..: In general, I do not believe cheating/making cheats is against the law (unfortunately). Consider the case of radar detectors as an analogy. Everyone knows a radar detector is mainly used to allow people to break the law (by driving above the speed limit with almost no fear of getting a ticket). However, the manufacturers of these devices are allowed to continue making them year after year and selling their products in public department stores with impunity. The authorities can only improve their equipment to be undetectable by the latest devices in an effort to keep up. I believe there have been a few cases where cheat sites were shut down but they always just resurface from a different host where they prove to be hardened against subsequent shut down attempts. From our standpoint, that approach is a waste of energy and is primarily used by developers and publishers who just want to say they are fighting cheating when they really have no intention of putting any real resources into the effort.

Pansemuckl..: At least at that point I agree. The weird thing is: Commercial sites are born because of commercial anti-cheat software. In other words: If everybody was allowed to cheat, both Punkbuster aswell as cheat websites (real ones) seized to exist. Punks and Punkbuster depend on each other. Tony would be unemployed working at McDonalds in a world free of cheats, so he can't be that angry to have guys like us around. McAfee need malware and viruses, Punkbuster needs nC. Round and round we go.

WolfManz611..: How much improvement can you make on the current PunkBuster technology? For example a lot of hacks for various games seem to be bypassing PunkBuster in shorter and shorter periods of time. Are you working on anything new that could put an end to how fast cheats / hacks can bypass PunkBuster?

Tony Ray..: Actually from our viewpoint, it is the other way around. Our system detects the “bypasses” quicker and quicker. The only thing that prevents quick detection is restricting access to a cheat so that it takes longer for our research team to actually acquire it for detection development. And of course in that case, the honest players still win because by default this approach means less punks have access to a cheat than otherwise. But to specifically answer your question, yes, we are always updating to improve PunkBuster both from a standpoint of being harder to bypass and being better at detecting advanced hacks. More and more of our code runs in kernel mode as a device driver. Successful bypassing will eventually pretty much require cheaters to run dangerous rootkits in order to hope for a few extra days of undetected status for their cheats. Many of the most well-known private cheats are very unstable at this point. Some regularly crash to desktop or disconnect the cheaters at random due to their code attempting to bypass detection. We expect this situation to continue escalating in our favor.

Pansemuckl..: WolfManz611 has a point here, as expected, Tony rejects it. As I said before, the latest hacks are protected best against reversing and cracking. Some are streamed, others are encrypted. Chances are little that PB will ever get a memory image of the actual hack. Without having the code, as Ray says, there is no chance to put a detection on the bypass. Its been pretty straight line of PB to put more and more stuff into kernel mode, which will – and thats my prediction – continue escalating in OUR FAVOUR. I hope you read The Unerring Punkbuster thread – it's a must! Screwing with the physical memory had some amazing effects for both side: Punkbuster was causing cheat creators some headaches for a couple of weeks. Then, it went the other way around: We made use of the spyware driver to kick THOUSANDS of innocent people FOR MONTHS, which we will continue to do. I'm looking quite forward to continue the battle in RING0, which will also cause Punkbuster to crash from time to time. Kernel mode is sensitive, not just for us. If you think it will be harder to bypass PB that way, think again. I'm also not worried about the punks who won't be able to do so, less competition = more benefit to us

Tony Ray..: Back to the original point of this question, the primary issue here is perception. As far as I am concerned, without exception every commercial cheat site is fundamentally a scam. Every one of them claims their hacks are PunkBuster proof or undetected or however they want to phrase it. And in not one case is that true unless it is a new, tiny enterprise that hasn’t gotten anyone’s attention yet. They use cheap tactics (just what a thinking person would expect) to trick punks into sending them money to cheat and rarely or never provide what they advertise especially when they say the hacks are undetectable.

Pansemuckl..: All commercial cheat sites are scams – I didn't realize. Hey nC customers, it's all a scam! After 5 years I have to tell you. There is no such thing like a PB undetected hack! LOL ... Bullshit. If there was no PB undetected hacks, why would people still complain about cheaters?? Common sense?? That statement is total nonsense. For the record: nC NEVER EVER claimed that there is such thing like an "undetectable" hack, on principle. I've posted proof why that cannot be the case based on Goedel's theorem. Okay Rainer yeah I forgot... PB, hire someone with education!

Tony Ray..: The worse case is a popular commercial cheat site that claims to have over 100,000 members (actual paid subscribers is more like a few thousand at most). There is virtually nothing truthful on the public web page, it is designed solely to make money for the punks who run it. The forums that are not available to the public are filled with confused, angry and unhappy “customers” who paid money but who do not get a working cheat or who are detected often by PunkBuster. To protect themselves, the site owners have even gone to the point of explicitly selling “access to their private forums” and claiming that the hacks are free if you buy access to the forum. That way when they can’t provide what they promise (which is pretty much all the time, some games for which they advertise cheats have not even been released and others have never had a working hack), then they can say “oh well, you bought forum access, the hacks are free so tough luck”.

Pansemuckl..: Tony, wake up. Spend some time on Earth for a change. M S X is history. It's been taken down by punks, does this make any sense? Yes it does! Real punks don't like scam sites. We treat our people right.

Tony Ray..: Obviously, such a lame attempt at claiming the hacks are free (i.e. you can’t get the hacks if you don’t pay for forum access) would never hold up in court, but the point is they use that to justify not being able to provide what they advertise once they have the money. From our standpoint, this whole commercial cheat thing is just punks giving money to other punks. We’ve always viewed forcing punks to go private as a win for honest gamers. It greatly reduces the number of people who are willing to cheat (due to the cost) plus we still often catch the punks who think they are safe with their private cheats.

Pansemuckl..: We know that public cheating is dead. We knew from the very beginning, or at least I did, that the future is private. Some ignorant or ideologic-blindfolded still try/tried to keep it up (*C etc), but there is no future with it. So the question is: How do we prevent sharing/leaking? People love filesharing, and something that virtually doesn't exist is easy shared and duplicated in the virtual world. Punks share cheats, but not their CDKEYs. Why? Because they had to pay some good money for it. So money works, and people will not waste it by sharing files. Thats the idea behind it. Charging less money obviously increases sales, which in turn decreases the privacy. As a result cheap hacks sold 2000 times are more likely to be leaked/detected, than expensive ones. That is a problem yet to be solved, as we do not want to lock out punks because of money.

WolfManz611..: Do you ever see a day where a online multiplayer game will be 100% cheat free?

Tony Ray..: Yes, the same day that society is 100% crime free. The children of darkness will always be willing to break rules in selfishness in hopes of getting away with it (at least until judgment day). Whether that involves committing crimes or less severe offenses against others such as multiplayer online cheating, both are born from the same spiritual depravity and utter selfishness (I’m sure you didn’t expect such an answer ). The point is, the best anyone can expect is to attach a real cost to getting caught cheating. That is the same thing traffic cops do, they attach a real cost to getting caught speeding. Try to imagine the problem we’d have on our streets and highways if we didn’t have traffic cops.

Pansemuckl..: Let me rephrase the question: Do you ever see the day when you're gonna be unemployed?

WolfManz611..: Do you think using a hardware hash to ban computers is a better idea then banning a cheater by IP. Also if you do think that’s a better way are there any plans to implement something like that in the future?

Tony Ray..: Banning by IP address is not something that we do because it is very inexact for several reasons. But we provide a means for PunkBuster enabled server admins to ban by IP address on their own servers. It really is a last resort for a punk who has proven to join only for the goal of causing trouble and grief and who is willing to keep buying or stealing cdkeys/accounts in order to be a griefer. We have been banning hardware, when we believe it necessary, for several years in order to enforce our license agreement. When a hack is detected that interferes with PunkBuster’s normal operation, we reserve the right to terminate our license at that point. Unfortunately, this can affect innocent players (i.e. banning a computer where the child cheats during the day means for example that the father who never cheated can’t play on PB servers when he gets home from work). However, the greater good is served. Honest players who are able to keep their computers cheat-free deserve a place to play as devoid of punks as possible. As with “real life”, sometimes otherwise innocent people are guilty by association and suffer the consequences of that association.

Pansemuckl..: The hardware bans - the other big failure. Spoofers all over the place and I still laugh when I think about the poor guy that purchased my HW-banned Seagate disk drive on eBay. That's the real story you should tell people here. Hardware-bans have been stopped for certain games already, as they didn't work out. Another point these idiots didn't think about is their contractor. Would you purchase another MP game if your computer won't allow you to play online? I don't think so. So as I said years ago, that strategy is to be up a blind alley.

WolfManz611..: With the cheats and hacks getting more advanced is there ever going to be a point where PunkBuster has to do so much it would make a users machine very unstable while playing a game that uses PunkBuster?

Tony Ray..: We are devoted to keeping PunkBuster as stable as possible. There have been cases where PunkBuster conflicts with certain other programs or debugging applications. In those cases, the user will just have to choose which to run at any given point in time. It will always be that way. In fact, what we see happening is PunkBuster getting more and more stable having less conflicts with other legitimate apps with each update and cheats/hacks getting less stable with the tricks they have to use trying to stay undetected. It is a rare cheater who does not have to deal with reboots, lock ups and occasional or regular hard drive reformatting due to using cheats. Add to that the fact that a large percentage of cheats send personal information to the cheat author (including the punk’s cdkeys, etc.).

Pansemuckl..: He seems to know you, Warl0rd Just kidding. Oh yes Tony, when you have a minute, will you explain to me why your software triggers a crash when PowerDVD is running? What about “as stable as” regarding debugging applications – Browsing ollydbg.de = debugging PB?

WolfManz611..: How effected are big companies over cheating? Do big game companies really care about cheating at all or do they just stick in PunkBuster just so they can say they are being active against cheaters?

Tony Ray..: If we believed a client was using our name/product/service for such a purpose, then we would terminate the contract(s) with that client and stop supporting their games. We believe all of our current clients really care about the cheating issue because their players have told them how important it is to them. In most cases we’ve seen, cheating is the number one complaint from honest gaming customers that directs a new client to inquire about our product and services. All of our clients have been supportive of our efforts as they have changed over time and give us pretty much free reign to do what is necessary to fight cheating in their games.

WolfManz611..: How closely do you work with someone like EA when it comes to integration of PunkBuster into one of their games? Do both of you sit down and try to figure out new ways to stop cheating or do they leave that up to you guys?

Tony Ray..: We work closely with EA developers (a little more than with some clients and less than others, it is up to each client to decide how involved they want to be in the day to day cheat fighting effort) but all of the cheat analysis and detection work is provided by us. They provide several ways to support us in that effort for their games.

Pansemuckl..: That's the big fault. Prevent cheating when developing a game is far more effective. If speedhacking isn't possible by principle, we don't need a crappy software failing to detect numerous speedhacks. But of course, Tony ... McDonalds ... remember?

WolfManz611..: Some people think PunkBuster causes extra strain on their computers cpu. How much cpu does PunkBuster use when its looking for cheats?

Tony Ray..: Our goal is to use as small a footprint as possible both from a cpu usage and bandwidth standpoint. There is no single answer to your question because there is so much variance from computer to computer. For example, on computers with more than one cpu or with a dual/quad core cpu, PunkBuster may use as much as 50% of the total cpu power of the machine. But this rarely causes strain because modern games will never use more than 50% anyway in those cases. PunkBuster has quite a bit of code to cause it to scale as gracefully as possible based on running conditions during game play. There are a few isolated cases where we have seen PunkBuster negatively affect performance during game play but those are the rare cases. Plus we are always looking for ways to make PunkBuster more efficient and as conflict free as possible with other non-cheat apps and drivers.

Pansemuckl..: Any percent computing power wasted on something useless is too much. For me, and for pro gamers. The “small footprint as possible” just reminds me of > ,”Rifleaim Prediction:” ,
Sometimes less isn't more.

WolfManz611..: What game that supports PunkBuster is the least hacked/exploited? and do you happen to know why its the least hacked/exploited game?

Tony Ray..: Over the years, popularity of a game has always determined the level of cheating. The more popular the game, the bigger the cheating problem. Punks who create game cheats and hacks generally do not waste their time if the game is not being played online by lots of people

Pansemuckl..: I'd say any game. Am I wrong?

WolfManz611..: Do you guys go actively out onto the Internet looking for cheats so you can update your client with the newest cheats? or do you rely on the game users to report the exploit/hacks to you? Also if you are going out onto the net looking for cheats how many people do you have working for you that do this?

Tony Ray..: About one fourth of our staff actively searches for cheats that are available to the public. In the case of private and commercial hacks, we definitely rely primarily on the community. We never give money to punks, so for us to gain access to a commercial hack requires someone outside of our staff to send us either the hack or the login information so we can obtain the hack ourselves.

Pansemuckl..: Just one ¼? What's the rest doing? Giving stupid interviews?

WolfManz611..: Is there anything the game makers can do to help stop or slow down cheating that they currently are not doing?

Tony Ray..: There are definitely areas in game design that affect the cheating problem. Unfortunately, due to constraints on today’s hardware and average player bandwidth, trade offs often occur during design and development that weaken a game engine with regard to exploit ability. None of our clients that I am aware of are consciously making their games easy to exploit unless they believe it is absolutely necessary to enhance the game play experience. The one area that could use the most improvement overall is in multiplayer authentication (i.e. cdkeys or accounts), but these days most game publishers outsource that to a third party and we just have to deal with the situation the best we can. From our standpoint, an ideal authentication design would require the end user to pay the publisher directly for a new account creation (even after buying the game) and account passwords would not be stored on the player’s hard drive. For example, the publisher would sell the multiplayer game with no copy protection for only the cost of manufacturing and distribution (say $10), then would charge an online fee (say $40) to create the online account during the installation process or by using a web browser. So a $50 game is still a $50 game. This way, it would be impossible for punks to generate fake cdkeys or steal cdkeys from Walmart, other innocent players, etc. This probably is not going to happen any time soon because so many players are under aged and would not have a credit card and thus the ability to open a multiplayer account. But this approach would definitely positively impact the cheating problem. So many games these days allow a cheater right back in the game at no cost with a different “online identity” and in some cases they can even keep their stats and leader board rank after getting caught cheating. Unfortunately, this greatly waters down the deterrent aspect of getting caught.

Pansemuckl..: I quite agree here. On the other site that kinda system would strengthen PB's influcence and power regarding multiplayer gaming. With the massive false positive that can be caused (nC proved this), nobody would want PB to be in possession of that power over that much money. Ignoring the fact that you could steal cdkeys (which is illegal and not tolerated by punks either), you do already have to purchase the game again if your key was wasted.

WolfManz611..: How will PunkBuster deal with Vista? You talk about the fact you’re getting down to the kernel level in terms of the detection and that the cheaters will have to start using rootkits. Is Windows Vista going to get in the way of your cheat detection at all with all the new protections it has in place? if so how do you plan on getting around that?

Tony Ray..: Currently we still require that games having PunkBuster enabled must run as an Administrator user, including under Vista. We are in transition to a new architecture that allows part of PunkBuster to run as services and kernel drivers so that the Administrator requirement can be removed. These are signed with a Verisign certificate using Microsoft’s authenticode system to “play nice” with Vista and meet the security requirements. Just to clarify, some cheaters have already begun using rootkits. That is why we have had to move part of PunkBuster into a kernel driver; otherwise, there would be no way to detect the more advanced hacks and cheats. New Vista-aware games released in the future will be able to install parts of PunkBuster to run as a service under Vista (as well as under XP/2K) so that the game itself can run under a limited user account to improve overall security. By using this approach, PunkBuster complies with Microsoft’s Vista-related design guidelines, etc. We are using Microsoft’s recommended tools and capabilities in this regard.

Pansemuckl..: PB. 4.5 million copies of EULA compliant spyware. Most famous malware ever. The more PB integrates into any standard computer, the more likely other powerful movements/communities will join the battle reversing, analysing, exposing, abususing and bypassing the PB rootkit. For now, PB has been unseen by the crack/hack scene from Russia or China. But that's soon going to change as PB presence on computers becomes a common place. My dear friends from Russia, China and South America, there is work yet to be done! God bless y'all. Lets teach them a better one!

[destiny]

PunkBuster - Wikipedia, the free encyclopedia


ROFL @ no5 in the reference list!

'On March 23, 2008, attackers published and implemented a proof of concept exploit of PunkBuster's indiscriminate memory scanning. Because PunkBuster scans all of a machine's physical memory, malicious users were able to cause mass false positives by transmitting cheat program signatures as text on a high population IRC channel. When PunkBuster detected the signatures within users' IRC client text buffers, the users were banned.[5] On March 25, 2008, Even Balance confirmed the existence of this exploit, and advised users not to run any other programs at the same time as PunkBuster protected games.[6]

Other false positives have been documented. A well known gamer under the handle eDiT'Lio was banned by PunkBuster during an ETTV International match between Belgium and Sweden.'

[seedat0r]

Quote:

Originally Posted by Wikipedia

PunkBuster is a computer program published by Even Balance, Inc. Its purpose is to prevent cheating in online games by banning players.

I loled.

[5huuk]

nice interview panse. i like it

[!k-0t1c!]

Thanks to the help of seedat0r who reported the bugs.
Changes:
- ASCII dumping now works fine
- Doesn't throw exceptions anymore with certain pbpat.1 files
- As long as either a CR or an LF are found, it'll parse the file properly
- Added a dll to parse files from within other programs. Prototype of the export is as follows (no explanation for the parms, too obvious)

Code:

bool __stdcall DumpSignatures(const char * p_sourceFile, const char * p_destFile, bool p_produceASCII)

Edit: the function return true if successful.
For the least experienced, the actual name to GetProcAddress for is _DumpSignatures@12
Use it!

.Net Framework 3.5 is still required

[-SiLenT-]

Quote:

Originally Posted by !k-0t1c!

Thanks to the help of seedat0r who reported the bugs.
Changes:
- ASCII dumping now works fine
- Doesn't throw exceptions anymore with certain pbpat.1 files
- As long as either a CR or an LF are found, it'll parse the file properly
- Added a dll to parse files from within other programs. Prototype of the export is as follows (no explanation for the parms, too obvious)

Code:

bool __stdcall DumpSignatures(const char * p_sourceFile, const char * p_destFile, bool p_produceASCII)

.Net Framework 3.5 is still required

Thanks for the new version, just created the file, I'll test it with someone later see if it has any effect (i.e a kick/ban)

Thansk again

[Invision]

Here is all the sigs from Seedator put in one file, there is the original binary file with all the sigs.
Then the .bin file to include in an image.
Then the Ascii dump.

Now to create some images with these..
Maybe it would be a good idea to remove that file !k, maybe PB starts scanning the memory for that...

Now can someone tell me how to put all these in a 1x1 transperant image file... i dont get Panses Art creator..

[alts]

So will those sigs work and kick people in ET?

[Invision]

I think they disable the scans in ET and other games, Panse said that i think.

[alts]

So what are these for then?

[!k-0t1c!]

The sigs they're not kicking for at the moment are still generating violations, but they log the violations on their master servers. If we flood those servers with violations, they'll still be defeated.

[snowy]

i really dont get what i need to use to get people kicked? ... can some 1 explain how/what i need to use to get people kicked for cod2/cod4

[-SiLenT-]

Quote:

Originally Posted by snowy

i really dont get what i need to use to get people kicked? ... can some 1 explain how/what i need to use to get people kicked for cod2/cod4

Ok first you need to get the sigs that seedat0r posted (thanks again for these) and then you need to download the program in !k-0t1c! post that he kindly made to make it alot easier for everyone (special thanks to !k-0t1c! for making this, appreciated).

(To start with work off yoru desktop, easier)
Ok so start with the cod2_pbpat.txt, open up the PbSigTobin.exe that you just downloaded, broowse to the cod2_pbpat.txt, and select the option "Create binary file", a window will come up asking where to save, save the file with the name cod2.bin.
Next grab an image preferably a .gif or .jpg, name it img.jpg or img.gif (depending on the file type).
Now go to Start > Run > cmd
You'll start in your documents and settings folder when you open cmd, since your working from your desktop type "cd desktop", then you should be on your desktop.
Next type "copy /B img.jpg (or .gif) + cod2.bin newimg.jpg
You should get a confirmation message in the cmd window saying (1) files successfully copied. You should then have a new file on your desktop called newimg.jpg (or .gif) which will have the signatures included within the image, now upload the image, make sure when you upload the image it doesn't get modified, once its uploaded you can link it as your avatar/forum sig or can you simply send the image to people or send the link, if they load it and go play cod2 you should be able to successfully get someone kicked/banned if PB haven't removed the scans.

Hope this helps

P.S. If I've missed anything out someone tell me, I'll correct it.

[Pansemuckl]

It still bothers me that people say: "Punkbuster was hacked by nC". That isn't true. We just proofed that PB can be wrong and false positives aren't impossible!

We did not patch/modify any files to do so. Neither did we attack/infiltrate servers or websites. It's a proof-of-concept - the demonstration of circumstances that may have caused false violations.

The ones we triggered on purpose versus those violation trigged accidently if certain conditions are met. It doesn't matter that nC found the "security hole" and published it. It does not change the fact that false positives have been (and apparently will be) possible.

[-SiLenT-]

Quote:

Original