Register
Events
Popular
More
Post #1I am seeing strange HTTP requests going out to "http://gsin256345.elasticbeanstalk.com/" every 15 - 20 minutes..
I had to block this URL because it seemed very similar to a trojan.. Any comment from developers?
-
-
You didn't provide enough info, your game is attempting to connect to that page? Not even sure how cause I don't believe the game even have a web client
-
That's probably Cheatpunch at work. Welcome to this morning.
-
http://www.elasticbeanstalk.com/ is an amazon cloud service. I assume that the hacking tool has server components running here.
-
Hacking tool? You mean the Anti-Hacking tool used by Rust?
I don't cheat in Rust.
-
You can thank the 10000 others that did it for that.
-
I would think.. (hope) that if Rust Anti-Cheat is talking to a webserver.. it would be using a Secure protocol.. The type of information being sent means that I could get other Steam ID's banned if I was so inclined..
EDIT:
Just would like to point out that this Rust Anti Cheat works closely to how Punk Buster did.. and many people were falsely banned because a certain group of people figured out how PB was reporting hackers..
-
You're not the first person trying to pick apart the packets, and we don't know what the server does with them on the other hand.
For all we know cheatpunch could be steganographically embedding your Steam ID in the images sent. Or in the images' binary data in encrypted form.
-
I didn't look at the packets at all.. I looked at something else and I know how these images are generated, They use the Unity Screencapture tool, I am sorry but there is no encrypted message..
(I actually have a huge fondness for embedding images within the pixel data of images, I did an entire course on it in College it's really interesting)
-
Short answer : cheatpunch is sending your screenshot/data to that addr.
-
Long Answer: I am not worried about hackers getting around it.. I am worried about the system being abused to ban legit users.
-
Would be lovely if not receiving screenshots would equal a ban.
-
Make the already abusable system even worse you mean?
I send a packet of data to that address with your steam ID and the correct payload saying you were cheating.. now I don't even need to photoshop a plausible screenshot showing the said hack.. just need to spam the server with random ID's..
baldrnl was it? Now Cheatpunch thinks you were on my computer using Dizzy's ESP.
EDIT:
That wasn't a threat btw.. It was a hypothetical situation of how this system can be abused.
-
Funny how garry knows your IP from you using Facepunch...
You don't think it'd be suspicious if a mass of players from various IP ranges all decided to a) have a LAN party at your house, and b) get Cheatpunch hack reports in one after another?
Any fake report will suffer from that.
-
Assuming I wasn't using a proxy.. Your right but what does that matter? Ip Validation is useless because a steam client can be any computer.
Unless your saying I will be banned?
-
its cheatpunch
-
Can you explain how someone could teleport across nations just in time to get cheatpunched?
If I've been delivering clean cheatpunch check-ins from my home ISP's range for weeks, and then two hours later a completely different IP in, day, Sweden hits while I'm still delivering cheatpunch reports from home, you don't think that would be weird at all?
-
No it won't.. Again.. there is something called a proxy.. they aren't hard to find.. My IP doesn't need to match his.. it only needs to be different from the last report.Funny how garry knows your IP from you using Facepunch...
You don't think it'd be suspicious if a mass of players from various IP ranges all decided to a) have a LAN party at your house, and b) get Cheatpunch hack reports in one after another?
Any fake report will suffer from that.
This system is also largely automated.. This would only come up if they argued they weren't hacking and Garry checked the root of the ban.. Now take 10 000 people all asking Garry how they were banned?
Does he have that large of a company to check those?
Again.. do you think Garry individually banned all 4000 of those players? Do you think he cares about the IP?
If cheatpunch was really strict.. (lets pretend because it probably isn't) getting an proxy address for even his state wouldn't be hard.
if your IP is dynamic aka you use DSL.. it happens all the time.. Right now my IP says I am located in Toronto.. I live about 4 hours away from there.. in an hour I will probably live in Ottawa according to my IP.
-
Yeah, sorry - thats what I meant.
Edited:
It would seem pretty dumb for the server to simply trust that an ID (used to identify the player) sent from the client (the bit running on your PC) is correct. There are good ways to avoid this problem, and I would assume these have been used.
When you login to a system (like steam, this website forum, and so on) with a username and password you have a session, until you logout. Steam, for example, remembers your username and password on the client and creates a new session with the steam servers each time you start it.
As a simple to understand example (it is a bit more complicated than this), say you login to a system. The system checks your username/password, and sends you a "secret" code generated just for that session. This all happens behind the scenes, without you knowing it. When your PC sends messages back to the server, it must include this secret code before the server recognises them as genuine. This all means that you cannot impersonate another user without their username/password or by somehow directly "sniffing" their communications - which is why logging in to a system on public wifi is a risk.
As long as basic common security is implemented, a hacker would have to directly compromise your PC, the server, your wifi (meaning they are physically close to you), or have access to your ISP. All of which makes it extremely difficult to target a specific person for a false ban.
-
Or you know, compromise one of those bounces on a trace route from your sending to the server... I think you have a false understanding of how packets flow from point A to point B. This is all under the assumption your packets are encrypted... Which is a bad thing to assume.
Why are we even stuck on the IP issue? If I know your IP... I'll just corrupt a packet, change the header to your IP and send it off...
-
wmdx is correct.. but above and beyond that.. The IP doesn't matter.. and can't matter in the steam world.
Fact of the matter is.. Steam profiles login from different machines and those IP's are not reliable. Country marking them is the best a system could do and Facepunch isn't doing that.
The protection has to come in the transmission. I need something unique to me that other people can't get or I need to go to steam who won't be fooled by a spoofed ID..
Please understand this people.. Cheatpunch is not VAC.. it doesn't go to steam servers and it can't cross reference with valve servers that everything is on the level..
Nobody said it would be easy but HTTP is definitely not enough. Nobody cares if hackers can get around it.. I don't want to be framed for hacking because my SteamID is a public key that anyone can send as a "Ban this guy" packet
EDIT:
Anyone who speaks out against hacking communities.. I would highly suggest you remove your steamid from your facepunch profile.. I am seeing some Disassembly dumps that are very worrisome.
-
I am a developer and not a security or comms expert. Sounds like you are talking about intercepting internet communications?
What I am getting at is that simply sending a different ID (which is the fear some people had) is something that can be caught by the system as long as there is a session in place.
This is unless your session is somehow hijacked, which is possible but a whole different level of hacking. If you can hack someone like that then you can also potentially hijack internet banking sessions, email and so on, putting them in a lot more danger than getting a ban on rust.
I would sure hope this stuff is encrypted and running against a session on the server!
I wasnt talking about IP? Not sure what you mean here.
Edited:
Are you saying that the ID is sent without any other user verification? I had assumed there would probably be some kind of steam integrated way of doing it.
OK if that is the case I am wrong. It does seem incredibly crazy to do things that way, and they would need to make things work the way I was describing... even if it required a new login for Rust.
EDIT:
OK ive been thinking about this. There must be an API or something in steam that allows the games to verify a user. You can't just play a steam game and impersonate another user easily, can you? The game does know who you are on steam, right?
I am not saying the tool works that way, I haven't looked at it in any way. But I think it could, and should.
-
You can't just "corrupt a packet and send it with a new IP" because the server and client, if implemented correctly, should then have a transmission from the server to the client asking to acknowledge that he sent that packet. It's like ordering a pizza and giving your friends address and phone number as a prank. Then they call up to verify and your friend says he never ordered it, so they ignore it.
-
This is partially cheatpunch. But it's other stuff too. We gather errors, hardware stats and framerates through it.
-
So what happens if I just block all traffic to it?
-
Thanks Garry for the clarification.. but I am more worried by the disassembled packet pay loads and C# code I am seeing posted on places I don't wanna see it posted.
A spoofed packet is around the corner.. and it worries me a lot.
I made an exploit thread to cover it.. I leave it in your hands, thanks..
-
I'm curious aswell, since my antivirus seems to be blocking an adress from time to time when I play rust.. (While I'm not using anything else, also it only happens while I am playing rust.)
-
Nice try, but that's all spoofable.Funny how garry knows your IP from you using Facepunch...
You don't think it'd be suspicious if a mass of players from various IP ranges all decided to a) have a LAN party at your house, and b) get Cheatpunch hack reports in one after another?
Any fake report will suffer from that.
He also collects things like token.bin and other data. Why? I don't know.
That's why someone said it looked like a trojan. For anti cheat purposes of course :)
Is it possible to frame innocent people, who knows. I'm not fucked up enough to ban random innocent players.
-
Any proof of this being possible?
It probably has some kind of sessionid associated with it, this might even be regenerated after every request. It's not a simple matter of changing a header.
Until people have proof of it being possible those stirring shit are just malcontents trying to slander garrys anticheat, butthurt because its damaging the sales of their hacks or they got banned for cheating.
edit: like that guy saying it was a trojan with no proof. Just another parasite.
-
Seriously? Any first year software student or even someone with a bit of computer knowledge could notice that it acts like a Trojan with a spare minute of their time
If you have no idea what you're talking about, why bother chiming in?
-
And still you don't go into detail what is so trojan about it.
-
And where exactly did we agree to share all this stuff with you ?
What happens If we block that traffic ?
-
"I write malicious software which injects code into somebody else product. They have written some software which stops me doing that. On close inspection it turns out their product is a trojan which will steal your bank details"
Its just a petty ad hominem, trying to defame garry and rally some common cause against an anti-cheat which WILL hurt their hack sales.
It needs to communicate with garry's servers, how would you have it do that? Email?
Edited:
Probably in the terms and conditions of taking part in an alpha version of a game, which you didn't read.
-
-
It doesn't matter.
If I was a serious asshole, I could it at least get Rust banned in the EU if I were to spend enough time and money on it.
Why? Because it's illegal. Just like reverse engineering someone's property to make cheats for.
Because cheat/gamehacks and anti cheats aren't on politicians/law radars
-
that would never hold up in court "we are stopping cheaters, and it ONLY takes images of assumed cheaters for proof", VS "that is bad and illegal"
How is it illegal exactly? does it prevent you from personally aimbotting?
Edited:
STEAM_0:1:51494798
I willingly and knowingly want to see them try to ban my account
please go ahead "leet hackers", get my steam account banned from rust.
-
Taking "screenshots" of others peoples computers is a fine line in the illegal/illegal section without their express permission (Need a lot more info on the TOS for that one)/warrant, mainly because the user in question has no power over what is seen on that screenshot. From what I can tell, it only takes screenshots from the Rust frames, but I couldn't and wouldn't put money on that, and I have no was off knowing what else its taking a picture off.
-
if you don't want your game screencapped don't cheat, it's that simple.
it only takes images of rust, and apparently only after it detects hacks.
if you don't want to be arrested and videotapped, don't run around naked flapping your dick. This isn't NSA 101, this is "don't cheat", it's not hard.
-
Are you a lawyer?
-
Try flicking between full screen applications when recording using PlayClaw or the like. See what happens.
Dumb x 3
Agree x 1
Disagree x 6
Late x 2
Winner x 2
Informative x 6
Useful x 1
Zing x 13