OCG Anticheat
Since someone spammed the thread, lets discuss again rationally.
Repost below:
the anticheat uses SMTP data via plaintxt to track logins and send data
So easy to spoof. And so easy to intercept since it's not TLS. Also fix the RDNS, it's not proper.
login@ocgaming.org
process@ocgaming.org
scanner@ocgaming.org
screenshots@ocgaming.org
logoutmacro@ocgaming.org
Repost below:
the anticheat uses SMTP data via plaintxt to track logins and send data
So easy to spoof. And so easy to intercept since it's not TLS. Also fix the RDNS, it's not proper.
login@ocgaming.org
process@ocgaming.org
scanner@ocgaming.org
screenshots@ocgaming.org
logoutmacro@ocgaming.org
Comments
-
So what does this mean?
(sarcasm)
I can get the data, login on another desktop and spoof being another player. and then use cheats as normal. It looks for DNS and login credentials and will use them based on previous logins against the ISP provided in past logins by the user. As well, it sends non critical data that does not need to be sent.
Or, more importantly it is possible to intercept the e-mail and collect the data. It's not being Hashed or protected properly when it's being sent from your PC to the e-mail address. -
Go for it, get banned
I'm pretty sure we don't have encryption layers or anything blocking you from doing that!
Be my guest, but from my standpoint, thats not even close how the acs would work. lol
wanna stop dodging our questions and replies to your posts from the other thread? -
wheres the other thread?
Prob deleted or moved. Most likely deleted.
Lets focus on the topic at hand. Shall we?I can get the data, login on another desktop and spoof being another player. and then use cheats as normal. It looks for DNS and login credentials and will use them based on previous logins against the ISP provided in past logins by the user. As well, it sends non critical data that does not need to be sent.
Or, more importantly it is possible to intercept the e-mail and collect the data. It's not being Hashed or protected properly when it's being sent from your PC to the e-mail address.
*Scratches head*
So basically you're placing a mirror in front of the acs to have it look at a legit player while at the same time using my own to cheat off of in front of it?
Sorry, can you like provide more of an example? A little confusing for me. Sorry. -
what a surprise, didn't see that one coming... feel like the mods are a tyrant, apparently someone said that it could also be a virus.
Okay just to clear the air. When a thread becomes so derailed due to the spam and flame-baiting and trolling, which I will admit I did participate to a degree in the ridiculing of the poor CF director of OCG... Anyways. When a thread becomes so off-topic and convoluted its better off to just trash it away.
It has NOTHING to do with OCG or trying to "hide" info from people or even being tyrannical. It's called moderating. If you have an issue with how a particular mod moderates then you should privately bring up the issue with that mod.
Trash is trash and belongs in the trash bin.
Now you should try to keep this on topic. Really. There's no reason why you should run around in circles. -
Delaco: even though he's using starttls to encrypt the data being sent, I can pause the authentication and alter the data as it's collecting it for the e-mail since he's using plain text authentication
Delaco: and he's not using a databash to hash the data he's collecting. It's all in e-mail accounts
Delaco: which is a risk to all the users.
***XX: it wont reencrypt and wont send in the format
Delaco: it's unencrypted as it collects
Delaco: i can modify what it see's
Delaco: since it's a plain text e-mail on my end
Delaco: it's basically scanning for bad files, but in a poor way.
____
See the e-mail being sent below from my computer
220-ns1.ocgaming.org ESMTP Exim 4.80 #2 Fri, 17 May 2013 02:43:19 +0000
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO Desktop-PC
250-ns1.ocgaming.org Hello cpe002129a980cf-cm00222d6b624d.cpe.net.cable.rogers.com [LOL NO]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
AUTH login
235 Authentication succeeded
MAIL FROM:<process@ocgaming.org>
250 OK
RCPT TO:<process@ocgaming.org>
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
MIME-Version: 1.0
From: process@ocgaming.org
To: process@ocgaming.org
Date: 16 May 2013 22:43:21 -0500
Subject: Process List: delaco
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
DESKTOP-PC,D:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe,,DESKT=
OP-PC,softOSD,C:\Program Files (x86)\softOSD\softOSD.exe,,DESKTOP=
-PC,explorer, ECT ECT ECT ECT
250 OK id=1UdAdc-0002Wl-2m
QUIT
221 ns1.ocgaming.org closing connection -
Okay just to clear the air. When a thread becomes so derailed due to the spam and flame-baiting and trolling, which I will admit I did participate to a degree in the ridiculing of the poor CF director of OCG... Anyways. When a thread becomes so off-topic and convoluted its better off to just trash it away.
It has NOTHING to do with OCG or trying to "hide" info from people or even being tyrannical. It's called moderating. If you have an issue with how a particular mod moderates then you should privately bring up the issue with that mod.
Trash is trash and belongs in the trash bin.
Now you should try to keep this on topic. Really. There's no reason why you should run around in circles.
first of all, why don't they close the thread, then delete the unwanted, trash post it would repeat others going "around the circle" because clearly i'm/others out of the loop and now you're accusing me of asking a useless question, maybe I wouldn't of asked if I saw the whole other thread...
I understand why you're defending the mod decision to delete the post but people don't want to spend the whole entire day on these forums just to see if a good topic comes up and once it does it immediately gets deleted because of people that are trolling and once someone like me rolls around on these forums all I see is new from a week ago, HOW EXCITING ARE THESE FORUMS?
and I did have a particular problem with some mod, but he just chose to ignore me, isn't it great being ignored??? especially when you wanted to clear something up with someone?
im a hoarder so if something that contains any sentimental value is considered 'trash' I would still keep so your point is invalid. -
the TLDR of the e-mail issue
STARTTLS is encryption based on your username and password authenticating that you are you, and this e-mail is secure
Since we have anon authentication, it's not a secure e-mail being sent from the client.His server HAS starttls as an option, but we are not using it with anon credentials. -
Have fun, our acs derives a different content-type on our to a private key. unfortunetly im guessing our system encryption protects that from your eyes seeing the actual content. now you can see your processlist like normal, you just dont see the tree, memory, etc
If you feel like you can bypass it be my guest, but the minute you get caught, please do not cry when you are banned from ocg. -
Have fun, our acs derives a different content-type on our to a private key. unfortunetly im guessing our system is encryptions protects that from you seeing the actual content. now you see your processlist like normal, you just dont see the tree, memory, etc
If you feel like you can bypass it be my guest, but the minute you get caught, please do not cry when you are banned from ocg.
stop dodging. -
Have fun, our acs derives a different content-type on our to a private key. unfortunetly im guessing our system is encryptions protects that from you seeing the actual content.
lol what
like, i respect you and stuff and what youre trying to do
i defended your stuff in the other post
but like
what?
edit: i am pretty drunk so like
if i don't make sense, ignore me
d00ds -
I respect your criticism, but please give it a break, if you would like to try to violate the anticheat be my guest, but as I said above, don't come back crying when your banned from ocg.
If you have any more concerns or comments, please post it on our forums, and I will then answer you back. i will no longer reply to this thread.
http://ocgaming.org/forums/forum.php -
Have fun, our acs derives a different content-type on our to a private key. unfortunetly im guessing our system encryption protects that from your eyes seeing the actual content. now you can see your processlist like normal, you just dont see the tree, memory, etc
If you feel like you can bypass it be my guest, but the minute you get caught, please do not cry when you are banned from ocg.
Are you referring to the auth key's that are generated before the scan?
-
Run AC on computer A, log into anticheat, open crossfire
Move to computer B, run cheats, play match
profit = ??
Nope.
Who's Online shows who is logged in on the Anti cheat.
OCG can look at another page and see if you're logged in onto CF.
So if you try to run on a different CF account, the AC would pick that up. They AC can tell if you're logged on or logged off of CF and what account it is. -
If you feel like you can bypass it be my guest, but the minute you get caught, please do not cry when you are banned from ocg.
Considering your team can't even complete something as simple as a draft, I don't really see the problem here. -
Go for it, get banned
I'm pretty sure we don't have encryption layers or anything blocking you from doing that!
Be my guest, but from my standpoint, thats not even close how the acs would work. lol
shaddap u can only code simple "Hello, World!" from visual basics. -
wheres the other thread?
Hey guys,
Just here to confirm that a Moderator has not deleted the thread, it has only been moved into a private section where it will be brought to Saidin's attention quicker as it was already closed before doing so. -
SHA256: fea20ec11bf2497fb0f4d12cfc9f4d98aa243bdc29f5d97bea55979987aa9a5a
File name: OCG AntiCheat.exe
Detection ratio: 7 / 47
Analysis date: 2013-05-17 13:56:39 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/fea20ec11bf2497fb0f4d12cfc9f4d98aa243bdc29f5d97bea55979987aa9a5a/analysis/1368798999/
Categories
- All Categories
- Z8Games
- 1 Z8 Forum Discussion & Suggestions
- 15 Z8Games Announcements
- Rules & Conduct
- 2.5K CrossFire
- 715 CrossFire Announcements
- 714 Previous Announcements
- 2 Previous Patch Notes
- 323 Community
- 12 Modes
- 393 Suggestions
- 16 Clan Discussion and Recruitment
- 73 CF Competitive Forum
- 1 CFCL
- 16 Looking for a Team?
- 524 CrossFire Support
- 7 Suggestion
- 15 CrossFire Guides
- 37 CrossFire Off Topic