Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

A new hack enables other players name change - so framing legit players for bans is now possible

DMKanoDMKano Member LegendaryPosts: 19,314

Originally posted on reddit here:

https://www.reddit.com/r/blackdesertonline/comments/4h1tvm/psa_theres_new_script_hack_that_changes_other/

Yes it's a client side change - but it allows screenshots and videos to be submitted to Daum with any players name.

With Daums new "ban hackers and get rewarded initiative" you can submit videos with whatever names (including family) that you want.

So Daum is going to have to be really careful on banning on pictures and video alone - as the names can be altered on client.


«1345

Comments

  • DullahanDullahan Member EpicPosts: 4,514
    This is getting rich. /popcorn


  • MaygusMaygus Member UncommonPosts: 374
    If daum ban based on screenshot / videos alone... I've seen similar done in other games for adjusting the display name of other characters/NPCs locally so this isn't something new.
    Visit the Chronicles of Elyria official site and the Official Wiki... an upcoming MMO from Soulbound Studios with real consequences to your actions.
    Finite Resources, WYSIWYG looting to player created and maintained maps and a deep modular crafting system. So much more that hasn't been said, ask questions! Post your thoughts! Spread the word of COE!

    If you haven't yet, register with my referrer code on the official website: B0E240
  • DMKanoDMKano Member LegendaryPosts: 19,314
    edited April 2016
    Maygus said:
    If daum ban based on screenshot / videos alone... I've seen similar done in other games for adjusting the display name of other characters/NPCs locally so this isn't something new.
    Definitely not new - just that so far I've been submitting videos to Daum as proof - and that's what they want in their new "anti-hacker" program that gives rewards for reporting hackers.

    Apparently this is the frame-ban setup - it takes 2 players and whatever target you want to frame - one player creates the same class and wears the same armor/costume as the target - then you go to the hunting ground where the target is (to place you in the location and timeframe when Daum checks the logs, they will see the actual innocent player being there) - then you run your hack with the lookalike in the same hunting spot - your friend records you hacking and changes your name on his PC to be the one you want to frame.

    It's beyond F'd up but a completely innocent player would look like a cheater on  that video and the fact that the innocent players was actually hunting the same mobs in that area in the same timeframe would make it look even more incriminating. 

    Also this gives an excuse to actual cheaters that "someone change the name in the video to my name - it wasn't me"

    It's just a mess any way you look at it.

    I hope that Daum does a detailed investigation on each account to confirm foul play first hand instead of just going on submitted video/picture evidence alone.
    Post edited by DMKano on
  • justastudentjustastudent Member UncommonPosts: 16
    @DMKano ;
    It seems like you go out of your way to badmouth this game. Can you please tell me why? I am very interested - both for myself and for my class.


  • BitterClingerBitterClinger Member UncommonPosts: 426
    I was about to post that I did not believe this and it was complete BS, but after reading your post...

    Yes, what you described is absolutely possible. It's the same kind of hack that occurs on websites known as cross-site scripting (or XSS). It's all client-side, but it is absolutely possible to change any data that is passed to the client.
  • H0urg1assH0urg1ass Member EpicPosts: 2,091
    I can't even believe the utter shitshow this game is turning into just weeks after it being the greatest thing since intercourse.

    This, folks, is why I don't shove money into Kickstarters, pre-order's or buy them on the first day.  Just hanging out a couple months and seeing how things turn out has saved me a lot of heartache.  I will never have to wonder "Hooo boy, I sure hope the game that I just dropped $250 KS bux on doesn't decide to put half the code on the client side."
  • Octagon7711Octagon7711 Member EpicPosts: 7,899
    H0urg1ass said:
    I can't even believe the utter shitshow this game is turning into just weeks after it being the greatest thing since intercourse.

    This, folks, is why I don't shove money into Kickstarters, pre-order's or buy them on the first day.  Just hanging out a couple months and seeing how things turn out has saved me a lot of heartache.  I will never have to wonder "Hooo boy, I sure hope the game that I just dropped $250 KS bux on doesn't decide to put half the code on the client side."
    Have to agree.  If I do pre-order a game it's because it has a solid history of doing things right.  Now a days it's the wild wild west all over again so I wait and see before jumping in.  If it's a good game it's not going anywhere so no need to rush.  If it's a bad game I just saved myself some money.  Plus some games now take a year or two to get their game together, so why not wait for all the bug fixes and get the game at a discount.

    "We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa      "We don't see things as they are, we see them as we are."  SR Covey

  • DMKanoDMKano Member LegendaryPosts: 19,314
    edited April 2016
    @DMKano ;
    It seems like you go out of your way to badmouth this game. Can you please tell me why? I am very interested - both for myself and for my class.



    People need to know that they can get reported with video evidence for hacking without doing anything wrong just because they piss off someone in game, and hackers can in fact  create a very damning video framing an innocent player.

    Spreading awareness is badmouthing? 

    Interesting.

    Also something tells me you are not just a student ;)
    Post edited by DMKano on
  • KefoKefo Member EpicPosts: 3,696
    DMKano said:
    Maygus said:
    If daum ban based on screenshot / videos alone... I've seen similar done in other games for adjusting the display name of other characters/NPCs locally so this isn't something new.
    Definitely not new - just that so far I've been submitting videos to Daum as proof - and that's what they want in their new "anti-hacker" program that gives rewards for reporting hackers.

    Apparently this is the frame-ban setup - it takes 2 players and whatever target you want to frame - one player creates the same class and wears the same armor/costume as the target - then you go to the hunting ground where the target is (to place you in the location and timeframe when Daum checks the logs, they will see the actual innocent player being there) - then you run your hack with the lookalike in the same hunting spot - your friend records you hacking and changes your name on his PC to be the one you want to frame.

    It's beyond F'd up but a completely innocent player would look like a cheater on  that video and the fact that the innocent players was actually hunting the same mobs in that area in the same timeframe would make it look even more incriminating. 

    Also this gives an excuse to actual cheaters that "someone change the name in the video to my name - it wasn't me"

    It's just a mess any way you look at it.

    I hope that Daum does a detailed investigation on each account to confirm foul play first hand instead of just going on submitted video/picture evidence alone.
    Feel free to correct me since I have no clue how the server would save information but in your example wouldn't it be rather glaringly obvious that it was set up? Example

    Kano and Kefo want to frame Maygus for hacking. We both go into the same area as Maygus, I use the script to change my name to Maygus and begin hacking while Kano films it. GM gets the video, goes into the logs and sees that the account name associated with Kefo is the one who is doing the hacking and not the account with the character Maygus (since the name hack is client side). GM then proceeds to ban Kefo's account for hacking and possibly Kano's account if he was stupid enough to plan this through in game chat channels
  • RealizerRealizer Member RarePosts: 723
    Did you post this on official forums so it can actually be looked into, or did you just post it here where it won't do any good?
  • justastudentjustastudent Member UncommonPosts: 16
    DMKano said:
    @DMKano ;
    It seems like you go out of your way to badmouth this game. Can you please tell me why? I am very interested - both for myself and for my class.



    People need to know that they can get reported with video evidence for hacking without doing anything wrong just because they piss off someone in game, and hackers can in fact  create a very damning video framing an innocent player.

    Spreading awareness is badmouthing? 

    Interesting.
    I apologize if I offended you, but I am collecting data for a class and checked your post history. It is quite negative.

    So a follow up question then, why do you feel the need to spread this awareness to this community?
    Do you also have any other accounts where you spread said awareness to other communities?

  • DMKanoDMKano Member LegendaryPosts: 19,314
    edited April 2016
    Kefo said:

    GM gets the video, goes into the logs and sees that the account name associated with Kefo is the one who is doing the hacking and not the account with the character Maygus (since the name hack is client side). GM then proceeds to ban Kefo's account for hacking and possibly Kano's account if he was stupid enough to plan this through in game chat channels

    Again GM gets the video - he sees the Maygus name and will go into Maygus's account.

    You can submit a hacking video from an unregistered email, just like you can post in official forums from unregistred accounts (that don't even play the game) - how would they know WHO filmed, and WHO was the real hacker in the video at all?

    I am trying to open the official Hacker And Exploit report form - but the website is failing to load:

    https://blackdesert.zendesk.com/hc/en-us/requests/new?ticket_form_id=101685

    Since I can't load it (maybe someone else can) - I can't see if they are requiring a valid play account to submit videos now.


    Ok finally got it to load - yeah any email address will work in there - so you can submit videos from emails not associated with black desert.


    Post edited by DMKano on
  • FrodoFraginsFrodoFragins Member RarePosts: 4,303
    so did nobody take advantage of this stuff in korea and it took releasing in the west for all of the hackers to show up?
  • KefoKefo Member EpicPosts: 3,696
    DMKano said:
    Kefo said:

    GM gets the video, goes into the logs and sees that the account name associated with Kefo is the one who is doing the hacking and not the account with the character Maygus (since the name hack is client side). GM then proceeds to ban Kefo's account for hacking and possibly Kano's account if he was stupid enough to plan this through in game chat channels

    Again GM gets the video - he sees the Maygus name and will go into Maygus's account.

    You can submit a hacking video from an unregistered email, just like you can post in official forums from unregistred accounts (that don't even play the game) - how would they know WHO filmed, and WHO was the real hacker in the video at all?

    I am trying to open the official Hacker And Exploit report form - but the website is failing to load:

    https://blackdesert.zendesk.com/hc/en-us/requests/new?ticket_form_id=101685

    Since I can't load it (maybe someone else can) - I can't see if they are requiring a valid play account to submit videos now.


    Ok finally got it to load - yeah any email address will work in there - so you can submit videos from emails not associated with black desert.



    They would go into Maygus's account and see that nothing was recorded for their account name. If they then went into the server logs for that time frame and in that area they would see the account name Kefo doing the hacking and be able to put 2 and 2 together. Unless your saying the server is being fooled into thinking that Kefo's account is actually Maygus's account while Maygus's account (and therefore recording to the server logs as 1 account in 2 different places at once) is also active which should throw up warning flags in the server and boot one if not both accounts
  • DullahanDullahan Member EpicPosts: 4,514
    edited April 2016
    H0urg1ass said:
    I can't even believe the utter shitshow this game is turning into just weeks after it being the greatest thing since intercourse.

    This, folks, is why I don't shove money into Kickstarters, pre-order's or buy them on the first day.  Just hanging out a couple months and seeing how things turn out has saved me a lot of heartache.  I will never have to wonder "Hooo boy, I sure hope the game that I just dropped $250 KS bux on doesn't decide to put half the code on the client side."
    That's probably a good idea with new games, but kickstarting games is something entirely different.

    If everyone sat back and waited for the crowdfunded indie game they want to play to become a reality, none of them would.
    Post edited by Dullahan on


  • ZyerneZyerne Member UncommonPosts: 29
    edited April 2016
    so did nobody take advantage of this stuff in korea and it took releasing in the west for all of the hackers to show up?
    They require a Korean ID number to play most of these games in Korea if I'm not mistaken. So free to play or whatever, getting an account banned with your ID number is quite different than random email you can replace in 10 seconds in the west.

    Guess the equiv would be like if it took our state ID or SSN number to make accounts and they only accepted valid ones. So getting your account banned means your basically locked out of the game for good.

    So seems like a pretty big deterrent.
    Post edited by Zyerne on
  • DMKanoDMKano Member LegendaryPosts: 19,314
    DMKano said:
    @DMKano ;
    It seems like you go out of your way to badmouth this game. Can you please tell me why? I am very interested - both for myself and for my class.



    People need to know that they can get reported with video evidence for hacking without doing anything wrong just because they piss off someone in game, and hackers can in fact  create a very damning video framing an innocent player.

    Spreading awareness is badmouthing? 

    Interesting.
    I apologize if I offended you, but I am collecting data for a class and checked your post history. It is quite negative.

    So a follow up question then, why do you feel the need to spread this awareness to this community?
    Do you also have any other accounts where you spread said awareness to other communities?


    No offense taken - but your story is not adding up at all.

    If a game has major exploiting problems - and I talk about those problems - that makes my posts negative?


    Again your agenda is showing.

    I knew about BD exploits since BETA - I waited to write my posts about until CM_Jouska wrote a post on official forums admiting that there is a problem - I waited for that moment to post about it here - because I wanted official acknoledgment before I said anything.

    This seems negative to you - I've gotten more thanks for spreading the word - so it's a positive thing.

    Exposing exploits is the only positive way to go about it as that's how they get fixed - Daum hasn't been exactly proactive as this has existed for over a year in Korea, they were made aware of exploits in BETA and nothing was done.

    So posting about it, exposing it openly is what drives positive change  - exploits and hacks that nobody talks about spread like cancer and kill games.


  • RealizerRealizer Member RarePosts: 723
     So we still don't know what their logs look like and what they keep record of. From what I've seen in previous game logs, I'd be under the impression that since these are client side hacks the server is still needing to log dmg delt to whatever the target is fighting. If a GM brings up the log for character, but the logs don't show odd behavior it's likely that person won't be banned. 

     In the end the player can only change someones name in video, but he can't make the logs show someone was hacking when they weren't. Right now we are operating on the assumption these logs don't show the hacks, but it's more likely that they do have specific things to look for in the logs to prove hacks were used. 
  • DMKanoDMKano Member LegendaryPosts: 19,314
    Realizer said:
     So we still don't know what their logs look like and what they keep record of. From what I've seen in previous game logs, I'd be under the impression that since these are client side hacks the server is still needing to log dmg delt to whatever the target is fighting. If a GM brings up the log for character, but the logs don't show odd behavior it's likely that person won't be banned. 

     In the end the player can only change someones name in video, but he can't make the logs show someone was hacking when they weren't. Right now we are operating on the assumption these logs don't show the hacks, but it's more likely that they do have specific things to look for in the logs to prove hacks were used. 

    I hope their logs are clear enough to show the actual offenders - otherwise Daum is flying blind. 

    They MUST match up video proof with logs to conclusively isolate players using actual exploits.  
  • RealizerRealizer Member RarePosts: 723
    edited April 2016
    DMKano said:
    Realizer said:
     So we still don't know what their logs look like and what they keep record of. From what I've seen in previous game logs, I'd be under the impression that since these are client side hacks the server is still needing to log dmg delt to whatever the target is fighting. If a GM brings up the log for character, but the logs don't show odd behavior it's likely that person won't be banned. 

     In the end the player can only change someones name in video, but he can't make the logs show someone was hacking when they weren't. Right now we are operating on the assumption these logs don't show the hacks, but it's more likely that they do have specific things to look for in the logs to prove hacks were used. 

    I hope their logs are clear enough to show the actual offenders - otherwise Daum is flying blind. 

    They MUST match up video proof with logs to conclusively isolate players using actual exploits.  
     Agreed, and with this issue becoming known by GM's hopefully they will improve the process for how these logs are viewed, and how hacking is proven to be true or false. Only they know their process right now, but the more these things are bought to their attention, the better they can be handled.
    Post edited by Realizer on
  • justastudentjustastudent Member UncommonPosts: 16
    DMKano said:
    DMKano said:
    @DMKano ;
    It seems like you go out of your way to badmouth this game. Can you please tell me why? I am very interested - both for myself and for my class.



    People need to know that they can get reported with video evidence for hacking without doing anything wrong just because they piss off someone in game, and hackers can in fact  create a very damning video framing an innocent player.

    Spreading awareness is badmouthing? 

    Interesting.
    I apologize if I offended you, but I am collecting data for a class and checked your post history. It is quite negative.

    So a follow up question then, why do you feel the need to spread this awareness to this community?
    Do you also have any other accounts where you spread said awareness to other communities?


    No offense taken - but your story is not adding up at all.

    If a game has major exploiting problems - and I talk about those problems - that makes my posts negative?


    Again your agenda is showing.

    I knew about BD exploits since BETA - I waited to write my posts about until CM_Jouska wrote a post on official forums admiting that there is a problem - I waited for that moment to post about it here - because I wanted official acknoledgment before I said anything.

    This seems negative to you - I've gotten more thanks for spreading the word - so it's a positive thing.

    Exposing exploits is the only positive way to go about it as that's how they get fixed - Daum hasn't been exactly proactive as this has existed for over a year in Korea, they were made aware of exploits in BETA and nothing was done.

    So posting about it, exposing it openly is what drives positive change  - exploits and hacks that nobody talks about spread like cancer and kill games.


    I have no agenda. I actually play Black Desert online myself. I have to stay completely impartial to get my grade. The only reason I even picked BDO was because a search for "MMORPG Hacks" set for the past 24 hours shows nothing but BDO topics.

    I see, so you are of the opinion that sharing exploits is the only way of getting them fixed?
    That is good to know.
    About 53% of all gamer's think the same, so you are in good company (from a survey a classmate conducted with 371 responses).

  • H0urg1assH0urg1ass Member EpicPosts: 2,091
    Dullahan said:
    H0urg1ass said:
    I can't even believe the utter shitshow this game is turning into just weeks after it being the greatest thing since intercourse.

    This, folks, is why I don't shove money into Kickstarters, pre-order's or buy them on the first day.  Just hanging out a couple months and seeing how things turn out has saved me a lot of heartache.  I will never have to wonder "Hooo boy, I sure hope the game that I just dropped $250 KS bux on doesn't decide to put half the code on the client side."
    That's probably a good idea with new games, but kickstarting games is something entirely different.

    If everyone sat back and waited for the crowdfunded indie game they want to play to become a reality, none of them would.
    I'm sorry, but this is a complete and total falsehood.  If products relied on free money to get made, then nothing on earth would have been produced in the world until 2009.  BioWare made fantastic games before KS, as did Blizzard, Bohemia Interactive, CCP, Eidos Interactive, Ensemble Studios... the list is very very long of game developers who made fantastic games from near penniless beginnings.  

    In fact CCP spent months creating a board game and sold enough copies of that game to finance the development of EVE Online.  In other words, they worked hard in order to work harder.  These days companies just put their hands out "please sir, I'd like to make a video game from this idea I scribbled on a diner napkin last week" and the players are just like "Sheeeeit yeah buddy! Here have $250 bux, cause I belieeeeeve in yooo!"

    The reason that companies want you and me to believe that their games would never get made without KS funding is because KS funding comes with no strings attached.  If they go take out a loan, then they have to repay the loan if the game makes millions or if the game never gets finished.  If they beg for free money on KS, then they don't owe a single damn thing once the goal is reached and the money is inserted into their pockets.

    What kind of business wouldn't want that freedom?
  • nephren25nephren25 Member UncommonPosts: 143
    I play BDO and i enjoy the game but i feel like this event just shows that they cant handle it the hacking problem that is. I'm guessing that this is just a way so they can post big numbers for accounts banned so it looks like they are doing something about it or they could be using it as a tool to scare ppl to stop using them.
  • RamajamaRamajama Member UncommonPosts: 271
    @DMKano ;
    It seems like you go out of your way to badmouth this game. Can you please tell me why? I am very interested - both for myself and for my class.


    OP is just trying to help. We can all see that :smiley: 

    For some strange reason he is happy if less people come and play BDO (not that it matters). Probably hoping that they will go to Archeage lol
  • VrikaVrika Member EpicPosts: 5,150
    Realizer said:
     So we still don't know what their logs look like and what they keep record of. From what I've seen in previous game logs, I'd be under the impression that since these are client side hacks the server is still needing to log dmg delt to whatever the target is fighting. If a GM brings up the log for character, but the logs don't show odd behavior it's likely that person won't be banned.
    If the devs had logs about damage done, who did it, and when he did it, then they'd have also included ability used to that kind of log. Because the cooldown hackers are not banned yet they clearly don't have that kind of log.

    They might have a log about kills done, or loot acquired, or some other such log that can show when a video is fake.
     
Sign In or Register to comment.