Epic Games, UTAN and stolen GUIDs

  • Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.

Taleweaver

Wandering spirit
May 11, 2004
2,630
0
36
43
Off course
ShiningSquirrel said:
Actually it was deleted from the atari forums completly and I was warned not to discuss "cheating" on their forums.
No one here has done any censoring that I know of.
That's why I reposted here, because I knew at least on this site it would stay and no one would be afraid to talk about it. The people who run this site have some scruples unlike the Atari forum.
That's a pretty lame excuse. I'd think they would have deleted the thread because those who quickly read threads to find new information will remember only one small sentence about it:

your cd-key can be hacked by playing online

Stripped from all the extra information, it can mislead quite a few readers. And worse: potential customers. And what about giving the coders a moment of victory, which is really stroking their ego? I could have understand that they'd deleted it for these reasons, but "not to discuss cheating" is like putting the blame on your end. It's like shooting the messenger :(
 

-AEnubis-

fps greater than star
Dec 7, 2000
3,298
0
36
43
The Nicest Parts of Hell
They had their ego stroking with the UTAN crew, lol

I can't really imagine anything more rewarding then that thread... especially since the whole operation was a big finger to the UTAN screw specifically.
 

dub

Feb 12, 2002
2,855
0
36
I would imagine that they also deleted the post because it makes them look bad. As Piglet correctly stated, they are wrong and provided a little miss-information... and they probably don't like to see that discussed frequently. :)
 

SkaarjMaster

enemy of time
Sep 1, 2000
4,870
8
38
Sarasota, FL
ShiningSquirrel, that sucks about your servers crashing and the hate mail. Just goes to show there are a lot of lamers out there. I guess if my key gets hijacked, I'll just play offline since I won't have any recourse beyond that except to pay again for the game. Is this the only method for doing this (server hijack) or can someone randomly generate a key?

Can't someone write a letter to Epic and tell them what their key is now, where they live, user name and whatever else info is needed to identify them. Then if their key is ever stolen, they can get it back?
 
Last edited:

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
SkaarjMaster said:
ShiningSquirrel, that sucks about your servers crashing and the hate mail. Just goes to show there are a lot of lamers out there. I guess if my key gets hijacked, I'll just play offline since I won't have any recourse beyond that except to pay again for the game. Is this the only method for doing this (server hijack) or can someone randomly generate a key?

Can't someone write a letter to Epic and tell them what their key is now, where they live, user name and whatever else info is needed to identify them. Then if their key is ever stolen, they can get it back?


I have been thinking about what could be done, sort of like what you suggest.

I play several other online games, some of them have you setup an account on thier server and you enter your CD key there to "register" to your account.
It works greaat if you accidently lose it, or what not.

UT needs something similier.
When installing, you go to a website from the machine you will be playing on.
You setup an account for yourself, then enter in your CD Key or GUID to register it to your account, along with your IP address.
It's not hard to setup a page to display an IP of a machine that visits it, but instructuions for finding you IP would be just as good.
Once your CD Key/GUID is registered with your IP, only that unique combination would be allowed to join a server online. If it was checked on a master server level only then there would be less chance of it being compromised.
If you change your IP for some reason, log into your acount and update it.

I know IPs can be spoofed, but maybe a combination of GUID/IP/MAC address would work?

The cheats like the DD clan change IPs all the time (at least some of them do) and GUIDs, so maybe a unique combination might work?

I don't think epic would make any changes at this late date, but maybe some uscript coder out there might get an idea?

I'm afraid I do not know much about it so please point out any obviouse flaws in it I overlooked.
 

Sir_Brizz

Administrator
Staff member
Feb 3, 2000
26,020
83
48
The problem with this is that UT players, in general, have been tweakers. If I install the same game on another machine with the same CD-Key, I should have a different GUID. At that point, I would be using it illegally.

A better system would be for them to have a system similar to Steam in spirit, where you register with your name, address, cd-key, and perhaps phone number, password, and then a secret question. If you could also keep a list of all of your valid IPs by this system, that would be great, too. It's not likely you are going to be hacked by someone on your network.

Even that wouldn't work very well, though.
 

SkaarjMaster

enemy of time
Sep 1, 2000
4,870
8
38
Sarasota, FL
Like Steam, except you would be able to play offline without being online.;)

Also, using the IP would be a bad idea as a lot of us I'm sure have dynamic IPs and they change a lot. Maybe a system like this won't be perfect, but it would be better than what they have now.
 

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
How about this.
When you want to play online, you log into the master server, similier to WOW or Guild wars.
After you log into your account there, it allows you to see the other online servers to join.
Dont't log in, you can't play online unless it's a lan or local network?
 

-AEnubis-

fps greater than star
Dec 7, 2000
3,298
0
36
43
The Nicest Parts of Hell
Did they spoof IP's too? I would think that is a really easy way to appeal a UTAN ban.

If you tracert the gateway of an IP, or any ip in a range, you can usually easily tell where it is... I'd imagine most times, they'd be in totally different areas of the country. I mean, if I'm from Alabama, and some a-hole get's my GUID banned with a North Dakota IP, and UTAN doesn't appeal it, I'm gonna be livid.
 

_Lynx

Strategic Military Services
Staff member
Dec 5, 2003
1,965
8
38
40
Moscow, Russia
beyondunreal.com
Hope that will work but if it doesn't... I don't know what i'll do if my GUID will get spoofed. I guess I will do all to get it back. After all buying UT in Russia is a real pain in the ass. when it only hit the shelves it costed 80USD. My Limited SE costed me 140USD. Even now the game cost here varies from 30USD up to 60. All the abroad internet shops I know say they don't shop the CD's to Russia. And even these 30$ is not a one day salary for me.
 
Last edited:

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
-AEnubis- said:
Did they spoof IP's too? I would think that is a really easy way to appeal a UTAN ban.

If you tracert the gateway of an IP, or any ip in a range, you can usually easily tell where it is... I'd imagine most times, they'd be in totally different areas of the country. I mean, if I'm from Alabama, and some a-hole get's my GUID banned with a North Dakota IP, and UTAN doesn't appeal it, I'm gonna be livid.

Actually that IS the reason for a ban.
If they see your GUID coming from multiple IPs they mark it as stolen/warez and list it as using an aimbot even if it was never caught using a bot or not.

If the IPs do not match, there is a zero chance UTAN will remove the ban.
That is one of the general problems.

If nForce where to use your GUID/hash, etc and simply log on to one of the multiply.co.uk servers for instance, not use a bot or anything, just log on with it, then your GUID would be globally banned with no hope of it being removed matching IPs or not.
 

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
_Lynx said:
Hope that will work but if it doesn't... I don't know what i'll do if my GUID will get spoofed. I guess I will do all to get it back. After all buying UT in Russia is a real pain in the ass. when it only hit the shelves it costed 80USD. My Limited SE costed me 140USD. Even now the game cost here varies from 30USD up to 60. All the abroad internet shops I know say they don't shop the CD's to Russia. And even these 30$ is not a one day salary for me.

Exectly!
That is why the "buy a new copy" attitude is so aggrevating to see, but if UTAN bans you, you have no recourse, you can ask Epic for a new key, which they have been consistently saying no to since 2k7 was announced (funny that) or buy a new copy.
 

Noobnugget

New Member
Jan 10, 2006
121
0
0
ShiningSquirrel said:
Actually that IS the reason for a ban.
If they see your GUID coming from multiple IPs they mark it as stolen/warez and list it as using an aimbot even if it was never caught using a bot or not.
you wont get banned right away from a server/utan/the whole damn game if you have played with multiple ips if youve never cheated. ive been between 3 different isps(56k(w/ 3 access #'s), dsl, and cable) and about 5 different ips in the past year. i can still play just fine. wether the server has utan or not.
 
Last edited:

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
Noobnugget said:
you wont get banned right away from a server/utan/the whole damn game if you have played with multiple ips if youve never cheated. ive been between 3 different isps(56k(w/ 3 access #'s), dsl, and cable) and about 5 different ips in the past year. i can still play just fine. wether the server has utan or not.

I should have been more precise and you should read the whole thread and take comments in context rather then jumping to conclusions.

No one said it would be right away, and unless the IPs are in different countries or states no one is probobly even going to look at it.

The issue is if they see a GUID coming from say the UK and the USA then they mark it as a stolen CD key and it's banned. I assume you have not been world hopping while you have been changing addresses?

Just a different IP address is not the problem as even if you change ISPs multiple times or on DHCP and get a new address constently, they still point to the same geographic area. Once you start border hopping then it becomes an issue. Since DD has members in several countries it is not hard to imagine that one of them from a different country then yours would be the one to use your GUID and get it banned.
 
Last edited:

TAZTG

Your face, Your ass-Whats the Difference
Sep 12, 2001
3,748
2
38
62
Brunswick, MD
That would really Suck for folks who Travel and Play on Laptops. I never did like UTAN.
 

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
TAZTG said:
That would really Suck for folks who Travel and Play on Laptops. I never did like UTAN.

UTAN was good at first, when it was a ban management system and for that function it does work well. The problem is the admins are trying to be proactive and you just can't do that with a system like that.
The "idea" of a global ban made sense at the time, a player would be caught botting or cheating on several servers, (unless he had the misfortune to play on any of the admins servers then it was instant) banned, then the bans upgraded to global. It was an easy way to ban all the known bottersand keep them off of all your servers at once. Now, they ban just for the name being used. If you add the DD tag to your name, or use ELF Helios or one of the other well known ones, log on to the wrong server and your instently banned.
 

Imaginos

Deathball addict?
Sep 13, 2000
804
0
0
55
New Joisey, USA
Visit site
ShiningSquirrel said:
UTAN was good at first, when it was a ban management system and for that function it does work well. The problem is the admins are trying to be proactive and you just can't do that with a system like that.
The "idea" of a global ban made sense at the time, a player would be caught botting or cheating on several servers, (unless he had the misfortune to play on any of the admins servers then it was instant) banned, then the bans upgraded to global. It was an easy way to ban all the known bottersand keep them off of all your servers at once. Now, they ban just for the name being used. If you add the DD tag to your name, or use ELF Helios or one of the other well known ones, log on to the wrong server and your instently banned.
As a ban management system for multiple servers, it's excellent. In that they act as judge/jury/executioner on some things that they have no authority over is when I have an issue with it. And the Nick bans are being done on the master server, so it's not always UTAN to blame for that one.
Either way, I have never set my servers to accept global bans from UTAN. Only GISP bans are enforced. And that's the way it will stay thanks to the possiblility of stolen key/false aimbot/grudge ban shennanigans.
 

Sir_Brizz

Administrator
Staff member
Feb 3, 2000
26,020
83
48
So wait... the real danger of this is getting UTAN banned and not Epic banned??