Author Topic: For your viewing pleasure (ss of kyle hackin' tha chatz lol)  (Read 30800 times)

Offline EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #45 on: December 30, 2015, 01:37:24 AM »
Word, send me a PM if he's back.


Sent from my Motorola DynaTAC 8000X using Tapatalk

-Administrator of Clan EviL
-Developer (Trivia Development and Analytics)

Offline {Lance}

  • Sappers
  • ******
  • Posts: 889
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #46 on: December 30, 2015, 02:00:24 AM »
Kyle just started using the AH a week ago?  Really?  No wonder he got caught.  He's not use to how it works yet I guess :/  iL will be able to determine what the issue is easily with the logs.  He seems to be a bit MIA at the moment.  The hilarity looms large though :D  It's amazing what a simple SS can do lmao.  Poor old Kyle was having a complete nuclear meltdown in chat tonight,  that was rather humorous.

BTW, just take a look at the SS and pick someone who was on and ask them what was being said.  There were LOTS of people saying "Someone should post a SS of it in the forums".  Ogremage, Deathknight, VietPro, Slick, Koin, etc.  We were ALL playing games for hours and people were talking about the status page all night.  I waited patiently to see if someone would do it,  no one did, so I did it myself.  Theres nothing suspicious in the least about it.  Either he hacked, or theres a problem with the AH.  I'm leaning more towards the scenario of kyle not being familiar with how things work and got messed up when switching accounts after hacking on a smurf (what? swift smurfs?!  no way!  LFMAO,  probably one of the biggest smurfs out there except for blid ;),  so it's not exactly uncommon for him to be smurfing to begin with,  it seems to fit).  That's the only explanation I can come up with that makes any sense at all.  He probably was smurfing with the AH OFF of course,  and then switched to his own name and then went to bed.  That's how I see things.

Until iL pipes in with the exact memory locations and values that were being reported,  all we can go on is speculation.  But thats the fun part :D  I'm betting that it was a spell or build hack location since those are persistent unlike the map hack location/values.  They persist across war2 reloads.
« Last Edit: December 30, 2015, 02:23:12 AM by {Lance} »
Dk At hall is cause I started with temple at start and didn't need the castle . Not a hack .  I wouldn't bother editing a ss btw

^---- Dellam doesnt hack!  See, even by his own admission, no hack!!  LMFAO.

Offline thaydrad

  • Critter
  • *
  • Posts: 1
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #47 on: December 30, 2015, 02:30:47 AM »
Thank you  for blocking us.   We were not hacking.  We were playing against each other.

Offline iL

  • Administrator
  • Ogre Mage
  • *****
  • Posts: 1653
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #48 on: December 30, 2015, 07:47:05 AM »
Just checked logs.
However, that looks like a false positive, so i'm sorry.

Let me explain:

How my antihack works:
It reads the memory values known as used by hacks from war2 memory. Then it sends that values to the server. And then the server compares that values to "known clean war2 values" and reports HACK if differs.
For map hack known "clean" value = XX. "Hack" value = 00.
That's why when i see value 00 from someone i can definitely say that he activated maphack. When i see XX i can definitely say that maphack is not being activated for him.

But what if value changes from XX to anything else, like 02? I have no idea if the map will be open (as in maphack) or ok (as usual), but that definitely means something strange happens. Normally that value is ALWAYS XX. That's why that will also be reported as HACK.


Another question is, what happens if reading the memory value will cause error for some reason? I've been so stupid that i didn't check that properly until last update.
Technically, value possibly be sent to the server then is not defined, but that should be 00 most likely.
I still don't understand how that can happen that defined and existing memory data in existing process can be checked most of the time, but not in several moments.

But I added that check to new version, just to be sure, marking failed-reading values as UNDEFINED.

And now what i can see in server logs:
These are several akas being marked as "HACK!":
- thaydrad:
map value: XX changed to YY and then changed back to XX.
other values also have been also changed to YY and then back to proper values.
YY is not any of known hacking values.
No idea what that can mean, but that's not kell-known hacks.

- 8472:
values have been clean most time. But sometimes changes to UNDEFINED.

- 00Kyle:
values have been ok at the beginning. But then they have been changed to UNDEFINED. After that they all have been changed to 00. And then to UNDEFINED again, many times.
00 means hack for maphack, but not for other hacks. So, 00 for all values could mean something else than hacking. No idea what exactly.

- Miron:
All values changed to UNDEFINED also.

Returning to the past:
xXxSmeagolxXx used previous version and i rechecked now:
All values have been changed from ok to 00. That could mean hack for maphack, but other values should be different.
I think that means antihack have not been able to read his memory values properly for some reason and then sent 00 instead. I classified that as hack. And i think i was wrong.
So i think that was false positive with xXxSmeagolxXx  also.

I'm sorry again.

My future plans:
1. the problem in loader have been fixed. So, no more false positives. There are some more problems (not related to false positives) i plan to fix soon, so several new versions should be released.
2. my idea to consider any non-proper value as hack have been bad. I think 3 states should be shown: definite OK, definite HACK and undefined.
3. my idea to keep everything secret have been failed also. I have to discover at least several basic concepts about antihack and it's logic. Such discovering could cause the rish of hacking the antihack, but i can't keep everything secret anymore.
4. i still plan to rewrite the backend of server side from scratch to handle input data more careful. So, i'll consider these new conditions also.

I'm sorry again, but antihack project is still in testing stage. So, some bugs in code and in concept appeared in real environment only.
I'll make efforts to never repeat such situations.
Need help to translate War2Combat to German, French, Italian, Polish or another language: http://forum.war2.ru/index.php/topic,4728.0.html
Please, contact me if you are interested in that.

Offline Knitter

  • Axe Thrower
  • ****
  • Posts: 251
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #49 on: December 30, 2015, 08:09:22 AM »
Just checked logs.
However, that looks like a false positive, so i'm sorry.

Let me explain:

How my antihack works:
It reads the memory values known as used by hacks from war2 memory. Then it sends that values to the server. And then the server compares that values to "known clean war2 values" and reports HACK if differs.
For map hack known "clean" value = XX. "Hack" value = 00.
That's why when i see value 00 from someone i can definitely say that he activated maphack. When i see XX i can definitely say that maphack is not being activated for him.

But what if value changes from XX to anything else, like 02? I have no idea if the map will be open (as in maphack) or ok (as usual), but that definitely means something strange happens. Normally that value is ALWAYS XX. That's why that will also be reported as HACK.


Another question is, what happens if reading the memory value will cause error for some reason? I've been so stupid that i didn't check that properly until last update.
Technically, value possibly be sent to the server then is not defined, but that should be 00 most likely.
I still don't understand how that can happen that defined and existing memory data in existing process can be checked most of the time, but not in several moments.

But I added that check to new version, just to be sure, marking failed-reading values as UNDEFINED.

And now what i can see in server logs:
These are several akas being marked as "HACK!":
- thaydrad:
map value: XX changed to YY and then changed back to XX.
other values also have been also changed to YY and then back to proper values.
YY is not any of known hacking values.
No idea what that can mean, but that's not kell-known hacks.

- 8472:
values have been clean most time. But sometimes changes to UNDEFINED.

- 00Kyle:
values have been ok at the beginning. But then they have been changed to UNDEFINED. After that they all have been changed to 00. And then to UNDEFINED again, many times.
00 means hack for maphack, but not for other hacks. So, 00 for all values could mean something else than hacking. No idea what exactly.

- Miron:
All values changed to UNDEFINED also.

Returning to the past:
xXxSmeagolxXx used previous version and i rechecked now:
All values have been changed from ok to 00. That could mean hack for maphack, but other values should be different.
I think that means antihack have not been able to read his memory values properly for some reason and then sent 00 instead. I classified that as hack. And i think i was wrong.
So i think that was false positive with xXxSmeagolxXx  also.

I'm sorry again.

My future plans:
1. the problem in loader have been fixed. So, no more false positives. There are some more problems (not related to false positives) i plan to fix soon, so several new versions should be released.
2. my idea to consider any non-proper value as hack have been bad. I think 3 states should be shown: definite OK, definite HACK and undefined.
3. my idea to keep everything secret have been failed also. I have to discover at least several basic concepts about antihack and it's logic. Such discovering could cause the rish of hacking the antihack, but i can't keep everything secret anymore.
4. i still plan to rewrite the backend of server side from scratch to handle input data more careful. So, i'll consider these new conditions also.

I'm sorry again, but antihack project is still in testing stage. So, some bugs in code and in concept appeared in real environment only.
I'll make efforts to never repeat such situations.


Did you just admit that your anti hack used to the be just crap?
Just wondering why always the same people which have had a hacking history get caught again and no1 else.
Just wondering why no1 else like Joe, Cola, Lego, Braviet, Jesk, Alf.... ect..people which used anti hack daily but never had the same issue. Always gets the same people we talk about.
But again its the wrong script and not the player :)
When Martin-18 got caught, he didnt get the ban.   
Obvious it was his brother or his cousin who played on his name, no ban.
ZZzzZZzzZ


Offline ~ToRa~

  • Server Admin
  • Death Knight
  • *****
  • Posts: 3544
  • The General
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #50 on: December 30, 2015, 08:14:04 AM »
I've probably banned martin18 100 times since I've become admin. The problem is the guy plays on proxies and thus is able to circumvent any ban we give him .

Which is why ive left him alone for now. At least if u see martin18 join a game u know he is a known hacker. And not just some random smurf
war2 > war3

Offline Certified MENSA Genius Brain (smart)

  • "The Architect"
  • Global Moderator
  • Dragon
  • *****
  • Posts: 5384
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #51 on: December 30, 2015, 09:54:44 AM »
yeah I've also banned martin18 a couple dozen times.  i'm shocked there's so many proxies out there he can play from??  the martin18/dellam issue is definitely one that needs to be solved by a hardware ban.  until then just know we are banning their IPs but if you see martin-18 online that he's a hacker.
    

Offline EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #52 on: December 30, 2015, 09:56:16 AM »
  ..i'm shocked there's so many proxies out there he can play from??  ...

[emoji23]

It shouldn't shock you.


Sent from my Motorola DynaTAC 8000X using Tapatalk
« Last Edit: December 30, 2015, 09:58:49 AM by EviL~Ryu »

-Administrator of Clan EviL
-Developer (Trivia Development and Analytics)

Offline tk[as]

  • Server Admin
  • Dragon
  • *****
  • Posts: 5021
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #53 on: December 30, 2015, 11:52:48 AM »
I like playing Martin-18. he doesn't even try to hide the hacks (especially if there's no watchers). Him blatantly hacking improves my game imo.

he's got me 3-2 but those 2 wins were damn hard to do and required an insane amount of scouting and unit control.

Offline {Lance}

  • Sappers
  • ******
  • Posts: 889
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #54 on: December 30, 2015, 12:29:35 PM »
How ironic.  The only one that seems to actually look like a real possible hack is the 00Kyle username (dont get your panties in a wad kyle,  there is still no timestamp for the detected values yet,  so its still uncertain at this point,  but if it turns out these were during chat time, then that is a major bug and this thread would be well worth the effort to fix such a bug).  That looks to me a lot like toggling with a game trainer (artmoney for example).

Here is a question.  Have you tried to actually test the values you are receiving while in a game to see what they do?  Also,  you should NEVER be checking values of someone that is in chat (00Kyle for example,  while his values look the most suspicious,  we all saw him idle in chat,  so a timestamp for the detected values is necessary to see if it was during a game or not).  Sitting idle in chat will almost certainly result in bizarre values as war2 does it's housework and clears values periodically,  checks statuses of servers, ping, video, etc.

Another question.  Are you timestamping these detections at all?  Like can you crosscheck the timestamp to see if that person is in a Game log anywhere?  Maybe ask the people that were in that game if anything suspicious seemed to be happening?
« Last Edit: December 30, 2015, 12:34:43 PM by {Lance} »
Dk At hall is cause I started with temple at start and didn't need the castle . Not a hack .  I wouldn't bother editing a ss btw

^---- Dellam doesnt hack!  See, even by his own admission, no hack!!  LMFAO.

Offline Swift

  • Sappers
  • ******
  • Posts: 868
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #55 on: December 30, 2015, 12:33:30 PM »
iL, thanks for semi-clearing this up for me.

However, I am going to maintain that I highly suspect Lance of triggering the false positive. I find it very suspicious that Lance was one the first on the scene, and the one to make the thread. Of the people who were on that night, many told me it was Lance who brought it to their attention. The part that gets me though is how much of a personal interest he has taken in this. He's the only one really seems to care much. He made sure a handful of people on the server aware of the "Hack!" and he also made this thread, and already began making up potential narratives to feed peoples minds as to how it could have went down, and he also was on the server privately messaging people to try to convince them that it was definitely legitimate and that I was hacking. Taking his immediate campaigning into account and given Lance's lack of character, his personal issues with me dating back to when I caught him, and the fact that hes renowned for programming and messing with the server in way or another over the years (it's a fact that he was ddosing players like the_g0d and I at one point, btw, he made no point to hide it) - I think its fair to at least raise an eyebrow in suspicion.

Also - iL & Blid please speak on this. ~ToRa~ told me that it wasn't a false positive with xxxsmeagolxxx and that he had hacks on in the channel? He also implied other adminstration knows about it as well?
The official Legend©®™ of Warcraft II.

Offline {Lance}

  • Sappers
  • ******
  • Posts: 889
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #56 on: December 30, 2015, 12:40:23 PM »
If you read my post swifty, you'll see that checking values during chat is an unrecommended method since it would indeed result in bad values.  That's why I've asked to see if he's been timestamping them.  There is absolutely no reason to be checking during chat.  If yours were during chat,  then why not accept it as having helped?  As for msging people,  you're just making things up on that one.  The only people I even spoke to were 00Joe and Tora.  Joe will tell you everything I told him, and he'll tell you that everything I just said in my posts all jive with what I was telling him.  The fact that it's all speculation until hard evidence can be found to detract it.  If however these things are happening DURING games,  then I think the likelyhood of "false positives" just took a huge nose dive and are very likely iL's non-understanding of just what types of hacks are possible and what they would do to memory locations/values.  It's at that point that he should seek either myself or Tupac's help in deciphering the results which he may very well be doing now as we speak.

I think 1 addition to the UI of the Status page that is missing is a Timestamp field.  The *Hack* always staying on is GOOD,  but it's completely useless without a timestamp to go along with it.  Even a link to the Game log would be nice.
« Last Edit: December 30, 2015, 12:50:23 PM by {Lance} »
Dk At hall is cause I started with temple at start and didn't need the castle . Not a hack .  I wouldn't bother editing a ss btw

^---- Dellam doesnt hack!  See, even by his own admission, no hack!!  LMFAO.

Offline Swift

  • Sappers
  • ******
  • Posts: 868
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #57 on: December 30, 2015, 12:50:05 PM »
Backtrack in whichever manner you may like. Finally throwing in a few areas of saving grace for me in your posts now that it looks like iL is going to rule it a false positive. It was not so earlier. You've the only one who took a personal interest in this and you even went so far as to campaign against me with random narratives you made up to act as possibilities. Nothing you say matters to me, I am 99% sure you're involved and I am certainly not the only one who is suspicious.
The official Legend©®™ of Warcraft II.

Offline {Lance}

  • Sappers
  • ******
  • Posts: 889
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #58 on: December 30, 2015, 12:53:54 PM »
Just ask Joe and Tora what I said.  I've said, and maintain still, that it's speculation until proven otherwise.  If these are happening during a game,  you're probably not going to like the outcome however.  I just hope for your sake that these all happen during chat.  If thats the case (which it should never have been to begin with),  then this is a bug that needs fixing.  See unlike you I see this as a debugging process.  You view it as some sort of personal crusade.  I knew you would which is why I mentioned that hilarity would ensue after I posted it.  You delivered in every way possible, even exceeding my own expectations by trying to say I somehow had something to do with it.  That was like one of the "cool scenes" in a movie hahaha.  That was especially hilarious :)  I had to go back to walmart to get more popcorn because it's a pretty cool movie :D
Dk At hall is cause I started with temple at start and didn't need the castle . Not a hack .  I wouldn't bother editing a ss btw

^---- Dellam doesnt hack!  See, even by his own admission, no hack!!  LMFAO.

Offline {Lance}

  • Sappers
  • ******
  • Posts: 889
    • View Profile
Re: For your viewing pleasure (ss of kyle hackin' tha chatz lol)
« Reply #59 on: December 30, 2015, 01:02:34 PM »
I still don't understand how that can happen that defined and existing memory data in existing process can be checked most of the time, but not in several moments.

There is actually an explanation for this.  If a game trainer is active, it can and will lock access to specific memory locations (or even all locations an entire process).  ArtMoney (as do most other trainers) has a "Lock value" feature for example that will do just that.  So this happening is not surprising to me.  You should never run into issues reading memory addresses UNLESS something is blocking it, and if thats the case, then you should sound all the whistles.
« Last Edit: December 30, 2015, 01:09:01 PM by {Lance} »
Dk At hall is cause I started with temple at start and didn't need the castle . Not a hack .  I wouldn't bother editing a ss btw

^---- Dellam doesnt hack!  See, even by his own admission, no hack!!  LMFAO.