Gunbound - When software protection goes too far...

Discussion in 'ProcessGuard' started by Wayne - DiamondCS, Sep 13, 2004.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    When the author of a simple game tells its users to turn off their system security software in order to run their game, have they gone too far? ...

    (See also this thread) - link fixed :)

    We've been informed by many Gunbound users over the last couple of days who are not happy about the action taken by Softnyx (the company behind Gunbound) asking Process Guard users to uninstall the program before they're allowed to run the game, and indeed it is a very aggressive way to go about things. Let's look at what's happening ...

    On the 10th of September, Softnyx made the following public announcement which is still linked to from their main homepage (note that they've never contacted us):

    ... as you can see, they don't even say why Process Guard is banned, leaving the impression that Process Guard is some type of crackers tool, and you don't even need half a brain to work out that it clearly isn't.

    So, why would a GAME company ban its users simply for using a SECURITY program when the two programs have nothing to do with each other? Let's put aside their announcement for a moment and just look at the facts ...

    GunBound is a game. A game should have nothing to do with interfering with system security which makes their announcement even more surprising, but apparently a lot of crackers target GunBound to try to modify the game to give their user character various advantages, as this simple Google search shows (65000+ results). This is nothing new - software cracking is a huge underground 'industry', and it is virtually impossible to prevent a software program from being cracked - given enough time, anything can be cracked, our software included - nobody is exempt from the laws of the 1's and 0's that we work with. So software developers often add various tricks to prevent cracking, such as anti-debug countermeasures, self-modifying code, packed executables, and so on.

    So what does any of that have to do with Process Guard? Absolutely nothing, but these are the tricks that GunBound tries to use. Let's continue...

    A further brief analysis of GunBound shows that the author of GunBound do not use many of their own protections (and that's fair enough - they're game developers not security experts), but instead are using several 3rd-party protectors, such as a packer made by a hacker called "y0da" and a Korean protection program called nProtect Gameguard (not to be confused with a Symantec/Norton tool of the same name). So that's somewhat ironic, stating to their users "we need your help you to prevent the hack", yet using hackers tools to implement that protection.

    However, many Process Guard users run dozens of programs and games without any problems - this is the first time something like this has ever happened, so what is it about Process Guard that has caused the GunBound author to react the way they did, or what is it about GunBound that makes it so different to normal programs?

    We're not 100% sure yet, it's still early days and we haven't finished our analysis yet, but for some reason if you run GunBound while Process Guard is installed you'll get an error message about GameGuard failing to initialize, which is probably nProtect failing. Because the GunBound author has no control over nProtect (its not his program), he can't modify it to get it to work with Process Guard, so his only other option is to stop using nProtect, which seemingly they don't want to do. Because one of Process Guard's main security roles is to stop processes from being interfered with, it seems crackers are using Process Guard (free and full editions) to prevent nProtect from guarding over the main GunBound.exe, thus bypassing its protection.

    nProtect, y0da's crypter and the various other techniques they use are very trivial to bypass using various other methods, so why bother using them? The protections they've implemented might seem strong to the GunBound author, but in reality they're quite trivial and there are an infinite number of more conventional protection techniques that will actually make GunBound a lot harder to crack, yet without inconveniencing any users by making them turn off system security software just to run a game.

    Thus, it would be in everyone's best interests if GunBound implemented a proper protection scheme rather than using hackers tools which do things they have no understanding or control over. Then the GunBound author would have a more secure and crack-resistant program (which is his main aim), and GunBound users would still be able to maintain the security of their system by leaving kernel protection systems such as Process Guard up. Think back to their first statement - "we have worked hard to provide secure security for our users". Turning off security software obviously does not make you more secure, so it's clear they're putting the security of their program before the security of its users, and in this case it seems they've gone too far.

    We'd be more than happy to help them with a few real protection tricks if they bother to contact us, but this issue must be addressed first.

    Best regards,
    Wayne
     
  2. 420

    420 Guest

    WELL I WANT PROCESS GUARD And gunbound so something big man
     
  3. xanatos

    xanatos Guest

    hey i tell you why it was used its because hackers used process guard to hide their hacking processes which would bypass nprotect
     
  4. d0zy

    d0zy Guest

    ehh .. i cant even use Safety System Monitor with gunbound.. a blank error pops up then gunbound closes.. whats up with that?
     
  5. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    HUH? Please explain!!!!!

    You saying ProcessGuard is being used BY hackers to HIDE their actions?

    ROFL. That's tooo funny for even comment.

    TAS
     
  6. thanks for all the time explaining this! =P
     
  7. xanatos

    xanatos Guest

    yes people used it to hide their aimbot (which told u how to aim and do a direct hit in the gunbound shooting game) well they used it and protected the aimbot in process guard. So nprotect wouldnt detect the aimbot. Thats why everyone is going crazy from gunbound how it was patched so they can hide their hack processes and get by nrpotect.
     
  8. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    OK, thanks for reply. :)

    I've never played, so best to leave Wayne explain further, but it seems impossible to me to use a Security Program to 'hack' back into a game running on a server which is supposed to be protected by nprotect?

    IF this is so, that means nprotect is very weak, doesn't it.
    I won't comment any further, leave to DCS, if they feel there is a need to.

    Thanks, TAS
     
  9. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Well without actually looking at the "aimbot", I would think it would act like a proxy, receiving packets from the game, altering them, then sending them to the real server. Hence the actual gunbound process isn't modified or changed.

    There are still many ways to detect such programs (even with Process Guard protecting them), to me it just looks like the authors took the easiest way out. If their current methods of detection are based around looking for signatures in the "aimbot" hacking tools, they are also fighting a losing battle there.

    Alternatively what is so hard for the determined hacker to simply route all the packets through another computer, and on that computer the aimbot is installed to change packets, before finally sending them out to the real server? There are ways to stop hacking like these people do, but it involves a lot of knowledge and constant hard work. It doesn't involve taking the easiest way out everytime a problem pops up.
     
  10. Colton

    Colton Guest

    The aiming applications do not change packets. They merely search for offsets, read them, then display a line on the screen for you to use. It reads where your mobile is, the wind, the mobile you chose, and a few other bits and pieces to put a perfect arc on your screen for you.

    There are some programs that change the incoming/outgoing packets, but they are not aimbots.

    Nothing really important, just thought i'd leave a comment
     
  11. Radicand

    Radicand Guest

    This is pathetic, they should fix the servers, not the clients. They should stop bullshitting around and learn how to code. I have had process guard for months until now
     
  12. Gunboundaim

    Gunboundaim Guest

    ok i think this is how the "Aimbot" work i saw a screenshot on it. it actully work like reading the wind n the angle n then u drag the power bar n the line on the screen will move it's normally pink i donno y. but sometimes it will miss cos the user hold the space bar for too long so it's kinda like a programme that helps u aim so they call it as aimbot thats all as easy as that

    A program that helps u aim
     
  13. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Thanks for pointing that out Colton. I havn't seen this particular aimbot mentioned.

    If this aimbot program they are blocking does indeed modify the gunbound process, then it is even easier for them to detect this. It's just like asking anyone here how easy it is for them to know if someone is in their house if a burglar starts making noise . :)
     
  14. Whiteguy

    Whiteguy Guest


    How did u see a screen shot? When u take a screen shot in the game, the line will not show up.


    But yeah like the other guy said. We were useing Precess Guard to make the hacks we used work.. Bypassing npro.

    Onllydbg is used for AIMbot, so we just select the exe and it worked...Thats why so many people used Process Guard.

    But GIS is gay for making us uninstall our program befor we run gunbound.. HOW GAY
     
  15. Whiteguy

    Whiteguy Guest

    Would it be possible for gunbound not to block this program??
     
  16. Gunboundaim

    Gunboundaim Guest


    if u r asking how to take a screenshot please press the printscreen button above Insert button n click on paint n press Ctrl+V that should work
     
  17. Whiteguy

    Whiteguy Guest

    Umm thanks man. No I was stateing that while Protohell shot is running (thats the aim bot program) If U take a screen shot in the game u can not see the line. Its like another program running on top of another? When u take a screen shot your taking a shot of the window u have clicked, and the window u have clicked is Gunbound, not protohell. So u only capture Gunbound's window.
     
  18. Falcon70713

    Falcon70713 Guest

    Heh... well... my friend had a good idea, what if Process Guard changed it's process name every hour or so to a random name and everytime you boot up pg it deleted the old reg. keys and makes new ones with random names?
     
  19. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    INTERESTING but this would give the wrong signal to these kind of companies using this tactic.

    this is quite an interesting read if I may say.
     
    Last edited: Sep 14, 2004
  20. KoreaBoy

    KoreaBoy Guest

    Shouldn't you keep the hack conversations to the hack forums. Discuss here only DiamondCS' programs. In this case, keep the conversation to the usage or not of ProcessGuard + Gunbound.
    Probably no one in DiamondCS has any relation to these hacks nor can give you support.
     
  21. SunDance

    SunDance Guest

    What Xanatos forgot to tell you people is that HE started the whole nProtect bypassing methods in the first place. He used some modified trojan rootkit to hide the hacks, and because people said his 'hProtect' (that's what it was called) is a trojan, he went spinning to GIS and joined them...As you've figured by now, they have a HACKER working for them...So, GameGuard could be stealing info from your computers and you wouldn't even notice...Thanx, Xan...you ****...
     
  22. SunDance

    SunDance Guest

    There is always a better hacker then the ones already existing at the moment. Also, this is a 2 sided road : u want to use PG, stop playing GB; u wanna play GB, uninstall PG...
     
  23. KoreaBoy

    KoreaBoy Guest

    The game itself isn't worthy of this discussion. Uninstall the game, play something else.
    The Gunbound team seems to trust the judgement of a kid named Xanatos, as I understood correctly, to classify aplications as dangerous to 'the game' or not. This is both hilarious, and dangerous to the users.

    As for you and this kid Xanatos, please keep personal quarells to private conversations.
     
  24. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    This topic will be closed if there are ANY personal remarks are made about ANY individuals.

    This topic is about Process Guard & Gunbound - Any deviation to this subject line will be edited or deleted.

    Thanks for your co-operation Pilli
     
  25. So the Thing now is Pg or GB either 1 right?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.