OCG Anticheat

Since someone spammed the thread, lets discuss again rationally.

Repost below:

the anticheat uses SMTP data via plaintxt to track logins and send data

So easy to spoof. And so easy to intercept since it's not TLS. Also fix the RDNS, it's not proper.

login@ocgaming.org
process@ocgaming.org
scanner@ocgaming.org
screenshots@ocgaming.org
logoutmacro@ocgaming.org

Comments

  • CFLErick wrote: »
    So what does this mean?




    (sarcasm)

    I can get the data, login on another desktop and spoof being another player. and then use cheats as normal. It looks for DNS and login credentials and will use them based on previous logins against the ISP provided in past logins by the user. As well, it sends non critical data that does not need to be sent.

    Or, more importantly it is possible to intercept the e-mail and collect the data. It's not being Hashed or protected properly when it's being sent from your PC to the e-mail address.
  • ocgevan got ript on. 2 busy copying posts
  • Go for it, get banned :)

    I'm pretty sure we don't have encryption layers or anything blocking you from doing that! :)

    Be my guest, but from my standpoint, thats not even close how the acs would work. lol
  • OCGEvan wrote: »
    Go for it, get banned :)

    I'm pretty sure we don't have encryption layers or anything blocking you from doing that! :)

    Be my guest, but from my standpoint, thats not even close how the acs would work. lol

    wanna stop dodging our questions and replies to your posts from the other thread?
  • DELLZORR wrote: »
    wanna stop dodging our questions and replies to your posts from the other thread?

    What question did he not answer?
  • KKeLP wrote: »
    wheres the other thread?

    Prob deleted or moved. Most likely deleted.
    Lets focus on the topic at hand. Shall we? :)


    Delacos wrote: »
    I can get the data, login on another desktop and spoof being another player. and then use cheats as normal. It looks for DNS and login credentials and will use them based on previous logins against the ISP provided in past logins by the user. As well, it sends non critical data that does not need to be sent.

    Or, more importantly it is possible to intercept the e-mail and collect the data. It's not being Hashed or protected properly when it's being sent from your PC to the e-mail address.

    *Scratches head*
    So basically you're placing a mirror in front of the acs to have it look at a legit player while at the same time using my own to cheat off of in front of it?

    Sorry, can you like provide more of an example? A little confusing for me. Sorry.
  • one_9 wrote: »
    Prob deleted or moved. Most likely deleted.

    Lets focus on the topic at hand. Shall we? :)

    what a surprise, didn't see that one coming... feel like the mods are a tyrant, apparently someone said that it could also be a virus.
  • KKeLP wrote: »
    what a surprise, didn't see that one coming... feel like the mods are a tyrant, apparently someone said that it could also be a virus.

    Okay just to clear the air. When a thread becomes so derailed due to the spam and flame-baiting and trolling, which I will admit I did participate to a degree in the ridiculing of the poor CF director of OCG... Anyways. When a thread becomes so off-topic and convoluted its better off to just trash it away.

    It has NOTHING to do with OCG or trying to "hide" info from people or even being tyrannical. It's called moderating. If you have an issue with how a particular mod moderates then you should privately bring up the issue with that mod.

    Trash is trash and belongs in the trash bin.

    Now you should try to keep this on topic. Really. There's no reason why you should run around in circles.
  • Delaco: even though he's using starttls to encrypt the data being sent, I can pause the authentication and alter the data as it's collecting it for the e-mail since he's using plain text authentication
    Delaco: and he's not using a databash to hash the data he's collecting. It's all in e-mail accounts
    Delaco: which is a risk to all the users.
    ***XX: it wont reencrypt and wont send in the format
    Delaco: it's unencrypted as it collects
    Delaco: i can modify what it see's
    Delaco: since it's a plain text e-mail on my end
    Delaco: it's basically scanning for bad files, but in a poor way.

    ____

    See the e-mail being sent below from my computer

    220-ns1.ocgaming.org ESMTP Exim 4.80 #2 Fri, 17 May 2013 02:43:19 +0000
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    EHLO Desktop-PC
    250-ns1.ocgaming.org Hello cpe002129a980cf-cm00222d6b624d.cpe.net.cable.rogers.com [LOL NO]
    250-SIZE 52428800
    250-8BITMIME
    250-PIPELINING
    250-AUTH PLAIN LOGIN
    250-STARTTLS
    250 HELP
    AUTH login
    235 Authentication succeeded
    MAIL FROM:<process@ocgaming.org>
    250 OK
    RCPT TO:<process@ocgaming.org>
    250 Accepted
    DATA
    354 Enter message, ending with "." on a line by itself
    MIME-Version: 1.0
    From: process@ocgaming.org
    To: process@ocgaming.org
    Date: 16 May 2013 22:43:21 -0500
    Subject: Process List: delaco
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: quoted-printable
    DESKTOP-PC,D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe,,DESKT=
    OP-PC,softOSD,C:\Program Files (x86)\softOSD\softOSD.exe,,DESKTOP=
    -PC,explorer, ECT ECT ECT ECT
    250 OK id=1UdAdc-0002Wl-2m
    QUIT
    221 ns1.ocgaming.org closing connection
  • one_9 wrote: »
    Okay just to clear the air. When a thread becomes so derailed due to the spam and flame-baiting and trolling, which I will admit I did participate to a degree in the ridiculing of the poor CF director of OCG... Anyways. When a thread becomes so off-topic and convoluted its better off to just trash it away.

    It has NOTHING to do with OCG or trying to "hide" info from people or even being tyrannical. It's called moderating. If you have an issue with how a particular mod moderates then you should privately bring up the issue with that mod.

    Trash is trash and belongs in the trash bin.

    Now you should try to keep this on topic. Really. There's no reason why you should run around in circles.

    first of all, why don't they close the thread, then delete the unwanted, trash post it would repeat others going "around the circle" because clearly i'm/others out of the loop and now you're accusing me of asking a useless question, maybe I wouldn't of asked if I saw the whole other thread...

    I understand why you're defending the mod decision to delete the post but people don't want to spend the whole entire day on these forums just to see if a good topic comes up and once it does it immediately gets deleted because of people that are trolling and once someone like me rolls around on these forums all I see is new from a week ago, HOW EXCITING ARE THESE FORUMS?

    and I did have a particular problem with some mod, but he just chose to ignore me, isn't it great being ignored??? especially when you wanted to clear something up with someone?

    im a hoarder so if something that contains any sentimental value is considered 'trash' I would still keep so your point is invalid.
  • the TLDR of the e-mail issue

    STARTTLS is encryption based on your username and password authenticating that you are you, and this e-mail is secure

    Since we have anon authentication, it's not a secure e-mail being sent from the client.His server HAS starttls as an option, but we are not using it with anon credentials.
  • Have fun, our acs derives a different content-type on our to a private key. unfortunetly im guessing our system encryption protects that from your eyes seeing the actual content. now you can see your processlist like normal, you just dont see the tree, memory, etc

    If you feel like you can bypass it be my guest, but the minute you get caught, please do not cry when you are banned from ocg.
  • OCGEvan wrote: »
    Have fun, our acs derives a different content-type on our to a private key. unfortunetly im guessing our system is encryptions protects that from you seeing the actual content. now you see your processlist like normal, you just dont see the tree, memory, etc

    If you feel like you can bypass it be my guest, but the minute you get caught, please do not cry when you are banned from ocg.

    stop dodging.
  • OCGEvan wrote: »
    Have fun, our acs derives a different content-type on our to a private key. unfortunetly im guessing our system is encryptions protects that from you seeing the actual content.

    lol what


    like, i respect you and stuff and what youre trying to do



    i defended your stuff in the other post






    but like

    what?


    edit: i am pretty drunk so like

    if i don't make sense, ignore me


    d00ds
  • I respect your criticism, but please give it a break, if you would like to try to violate the anticheat be my guest, but as I said above, don't come back crying when your banned from ocg.

    If you have any more concerns or comments, please post it on our forums, and I will then answer you back. i will no longer reply to this thread.

    http://ocgaming.org/forums/forum.php
  • OCGEvan wrote: »
    Have fun, our acs derives a different content-type on our to a private key. unfortunetly im guessing our system encryption protects that from your eyes seeing the actual content. now you can see your processlist like normal, you just dont see the tree, memory, etc

    If you feel like you can bypass it be my guest, but the minute you get caught, please do not cry when you are banned from ocg.

    Are you referring to the auth key's that are generated before the scan?

    wxy9CUa.png
  • Run AC on computer A, log into anticheat, open crossfire

    Move to computer B, run cheats, play match

    profit = ??
  • star0dust wrote: »
    Run AC on computer A, log into anticheat, open crossfire

    Move to computer B, run cheats, play match

    profit = ??

    Nope.

    Who's Online shows who is logged in on the Anti cheat.

    OCG can look at another page and see if you're logged in onto CF.

    So if you try to run on a different CF account, the AC would pick that up. They AC can tell if you're logged on or logged off of CF and what account it is.
  • OCGEvan wrote: »
    If you feel like you can bypass it be my guest, but the minute you get caught, please do not cry when you are banned from ocg.

    Considering your team can't even complete something as simple as a draft, I don't really see the problem here.
  • OCGEvan wrote: »
    Go for it, get banned :)

    I'm pretty sure we don't have encryption layers or anything blocking you from doing that! :)

    Be my guest, but from my standpoint, thats not even close how the acs would work. lol

    shaddap u can only code simple "Hello, World!" from visual basics.
  • KKeLP wrote: »
    wheres the other thread?

    Hey guys,

    Just here to confirm that a Moderator has not deleted the thread, it has only been moved into a private section where it will be brought to Saidin's attention quicker as it was already closed before doing so.
  • SHA256: fea20ec11bf2497fb0f4d12cfc9f4d98aa243bdc29f5d97bea55979987aa9a5a
    File name: OCG AntiCheat.exe
    Detection ratio: 7 / 47
    Analysis date: 2013-05-17 13:56:39 UTC ( 0 minutes ago )

    https://www.virustotal.com/en/file/fea20ec11bf2497fb0f4d12cfc9f4d98aa243bdc29f5d97bea55979987aa9a5a/analysis/1368798999/
  • Let's be a little realistic any program that scans a computer, gets data. Is going to pop up on antiviruses as a information getter.

    Unless we use a fud encrypter, but we aren't interested in using that.