Epic Games, UTAN and stolen GUIDs

  • Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.
ShiningSquirrel

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
This was posted on the official atari forums, but the mods deleted it and I recieved a warning that they do not want it discussed.

Those of you who remember me from unrealadmin.org know I was always a strong supporter of UTAN and what they where trying to accomplish.
I can't in good faith support thier stance any longer.

As you may or may not know, nForce and the DD clan have been forging GUID's and getting innocent players globally banned for some time now.

It has been getting worse and worse, with no sign of any improvement.
Currently, it goes something like this:

1) nForce, DD, etc forge a GUID and get an innocent player banned.

2) The player goes to UTAN and posts an appeal.

3) Player is told his key was used to cheat, ban will not be removed
"contact Epic games for a new key or buy a new copy of the game".

Epic has time and time again refused to issue a new key that has been globally banned by UTAN, even after Epic has endorsed it by including it in one of thier patches!

The cheaters don't care, they just use a new key and play again while the original player who purchased the game is left out in the cold.

Why?

Epic has the IP and ISP info for most of these cheaters.
nForce has admitted in an online forum where is IP could be tracked that he is stealing keys/forging GUIDs and getting people banned.

Epic asks players to report cheaters, then does NOTHING about the most high profile ones out there. Something has to give.

Is this what we have in store when 2007 comes out?
Are we going to be fighting the same battles over and over again?
Is this just a marketing ploy to sell more copies of the game?

As to UTAN, one of thier own admins had his GUID forged and banned.
I have to wonder, will they keep it banned? or will they remove the ban so he can play with it again?

Am I the only 1 who feels that things are getting out of hand?

I know this sounds like a rant (which it is) or a troll and I expect someone from Epic/Atari to delete it, but I am just getting so sick of seeing innocent players abused by nForce, Digital Death, UTAN and Epic games who all seem to be working with each other, even if they do not intent to.

And no, before you ask I have never been banned nore has anyone I personally know.
 
CyMek

CyMek

Dead but not gone.
Jan 4, 2004
1,932
0
36
cymek.deviantart.com
I agree it is a problem. Thing is, there isn't much Epic can do about it. The sole way to track these people is by GUID, and as is evident, this changes often, and getting the GUID banned is kinda the point anyway.

I can almost bet you that Eppic will not do **** about this. They are busy with GoW, UT2007, and mostly, their engine. I'd be surprised if the UT2004 master server was still up 6 months after UT2007 comes out. It just isn't profitable to keep up with the cheaters anymore.

The UTAN admins are one of the really big problems here. I have always liked the idea of UTAN, and always hates its implementation. Why? The unrealadmins will ban people for nothing, and the appeals section of the forum is a joke. You need less evidence to be convicted there than you did in Salem in the 1600s. Simply posting in that section almost guarantees you will never get off of the list.

Oh, and as far as I know, no Epic or Atari admins have admin here. All the admins and mods are good people and know thier stuff with adminning a board. As long as the topic is kept off of flaming and personal attacks, you're good to go. This is a good community, hope you stick around.
 
hal

hal

Dictator
Staff member
Nov 24, 1998
21,409
19
38
54
------->
www.beyondunreal.com
So is this incorrect?
http://www.beyondunreal.com/daedalus/singlepost.php?id=9316

Some of you may know that recently there has been a bit of an outcry about the possibility of spoofing GUIDs (the hash sent between you and the server to identify you) in order to get people that you don't like banned. There have been a couple posts about this on our forums, and some discussion about this on the UnrealAdmin page, but we've finally gotten something official on this from the ut2004servers mailing list provided by Epic.
You can not use the global id to spoof your way on to a server. Furthermore you cannot spoof the global id without the cdkey.

You can post a global id without worrying it will be used illegitimately.

Joe Wilcox​
There you have it, folks. According to Joe Wilcox, spoofing GUIDs is not possible.
Click to expand...
 
Sir_Brizz

Sir_Brizz

Administrator
Staff member
Feb 3, 2000
26,020
83
48
hal said:
So is this incorrect?
http://www.beyondunreal.com/daedalus/singlepost.php?id=9316
Click to expand...
No, it's correct.

What is happening is that people are spoofing the CD-Key hash that is sent to the server. The only way to get this is to be an admin on the server that is being joined. There is a lengthy post by Piglet on the mods list about it, essentially your GUID is safe, but your hash is not when joining servers owned by these people. The best advice is to be smart and not join servers you aren't sure you can trust (within reason). The second best advice, of course, is to not piss anyone off in a public server ;)

As an aside, iirc the hash won't let you get the CD-Key back, unless you crack the encryption and obviously run a decrypter for hours/days.
 
Last edited by a moderator:
ShiningSquirrel

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
Sir_Brizz said:
No, it's correct.

What is happening is that people are spoofing the CD-Key hash that is sent to the server. The only way to get this is to be an admin on the server that is being joined. There is a lengthy post by Piglet on the mods list about it, essentially your GUID is safe, but your hash is not when joining servers owned by these people. The best advice is to be smart and not join servers you aren't sure you can trust (within reason). The second best advice, of course, is to not piss anyone off in a public server ;)

As an aside, iirc the hash won't let you get the CD-Key back, unless you crack the encryption and obviously run a decrypter for hours/days.
Click to expand...

Actually, thats completly wrong.
While your CD key appears to be safe at this time, and with the way an MD5 hash is generated should be for a while.
It has been proven beyond a shadow of a doubt that GUIDs can and are being spoofed on a daily basis.
The UTAN admins also insisted it could not be done, and made a big show of it, until nForce and his buddies gave them a first hand demonstration of how easy it is.

The challenge:
http://www.unrealadmin.org/forums/showpost.php?p=85003&postcount=18

The response:
http://www.unrealadmin.org/forums/showthread.php?t=14147

With the response from Epic, it seems more and more that they want ut2k4 to die so everyone will purchase 2k7. I would rather take my servers rogue and break off all communication with the master servers then allow them to minipulate us like that.
 
Last edited:
ShiningSquirrel

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
hal said:
So is this incorrect?
http://www.beyondunreal.com/daedalus/singlepost.php?id=9316
Click to expand...
No, it is not true.
That is the problem.
Joe Wilcox and Epic are lying to us and have been all along.
They claim it cannot be done, even while the cheaters are giving demos of how easy it is to do. Why do you think I was forbidden to discuss it on the Atari/Epic forums?
Epic screwed up and is refusing to admit there is a problem.
They "tried" to fix it by strengthening the encryption of the key in the last patch, but it did not work, as can be seen by the increase in spoofed GUIDs.
Joe Wilcox has not been a friend to the UT2k4 community for some time as can be seen by many of his mailings on the admins mailing list. It seems they do not want UT2k4 to survive after 2k7 is released. but if 2k7 suffers from the same problems as 2k4, do we really want it?
 
dXII][Pa

dXII][Pa

FABRICATI DIEM, PVNC
Jan 3, 2004
546
0
0
The more I think about this, the more I feel a rant coming up. Sorry for hijacking the thread.

DC, I'll try to explain why I feel that the whole "lol pubs" attitude is a bad thing. We all started out playing multiplayer games on public servers. It's our roots you may say. That's were we (at least most of us...) learned how to play, tried new gametypes and most importantly, got in contact with people we really didn't knew before. I've gotten to know a lot of people during my years as UT player simply due to meeting them in a random server.

As we get better we start looking at clans, leagues and perhaps cups. And this is were a lot of people turn their backs on public servers, saying "nah, that's not for me, I rather play only with people I know, that has the same skill level, and besides, pubs are for noobs (don't take this personal DC, it's a general statement). We forget where we all came from.

New players, either completly new or new to a certain gametype, will find it increasingly harder to find players when the pubs get deserted or left with cheaters, lamers and so on. If all the good players, with good skills and good attitudes, leaves the public servers it means that they will die. And this will kill the community faster than anything else. No matter how good leagues are, no matter how good the passworded servers are, they'll still be isolated islands where nothing changes and eventually they will die too.

You need the public servers to move people between gametypes, to teach new players the basics, to keep the community alive. In UT I spent 5 years playing mostly public servers. Loved every minute of it. In 2k4 I saw that there were a lot less public servers and most of them are looked down on.

When TAM started out, and let's not have a discussion about if TAM is good or if it's the worst game mode ever here, there were a lot of new servers popping up, all of them public. And people from almost every other gametype came to try it out. I've played people from the AS, CTF, TDM, vCTF and ONS community in TAM and they all started playing TAM on public servers. Today, there's still a LOT of public servers in TAM and it's never a problem to find a TAM game anytime of the day.

Perhaps a few of you now say "yea, but I can find a CTF game anytime, I have a great list of servers in my favorites" and that might be true. It doesn't changes the fact though that you'll end up playing the same players over and over again and as people stop playing the game for whatever reason you'll one day find yourself alone on those servers.

We need the public servers. It's a simple as that. No matter how big the tree is, if you kill the roots, you kill the tree.
 
Last edited:
-AEnubis-

-AEnubis-

fps greater than star
Dec 7, 2000
3,298
0
36
43
The Nicest Parts of Hell
Well, I guess the thing to do is find out how they harvest, and avoid that.

I mean, it sucks, but the game is old, I can afford another 10$ guid, DD actually has some valid points against UTAN (it's uses, not intents), and getting a full hash is a difficult thing to do, if admins pay attention.

Serverlogs use full guids, especially for bans, etc, tcc and safegame should be configured for partials. Server spoofing seemed to be the only way to get ids effectively, and it takes one mistake to identify that, or just building a good database of favorite servers.

I think chat restriction ini thing is broke as of a recent patch, because epic knew about this.

If they aren't going to do anything, they are going to do anything, educate yourselves, and do what you need to do to avoid it.
 
ShiningSquirrel

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
dXII][Pa said:
The more I think about this, the more I feel a rant coming up. Sorry for hijacking the thread.

DC, I'll try to explain why I feel that the whole "lol pubs" attitude is a bad thing. We all started out playing multiplayer games on public servers. It's our roots you may say. That's were we (at least most of us...) learned how to play, tried new gametypes and most importantly, got in contact with people we really didn't knew before. I've gotten to know a lot of people during my years as UT player simply due to meeting them in a random server.

As we get better we start looking at clans, leagues and perhaps cups. And this is were a lot of people turn their backs on public servers, saying "nah, that's not for me, I rather play only with people I know, that has the same skill level, and besides, pubs are for noobs (don't take this personal DC, it's a general statement). We forget where we all came from.

New players, either completly new or new to a certain gametype, will find it increasingly harder to find players when the pubs get deserted or left with cheaters, lamers and so on. If all the good players, with good skills and good attitudes, leaves the public servers it means that they will die. And this will kill the community faster than anything else. No matter how good leagues are, no matter how good the passworded servers are, they'll still be isolated islands where nothing changes and eventually they will die too.

You need the public servers to move people between gametypes, to teach new players the basics, to keep the community alive. In UT I spent 5 years playing mostly public servers. Loved every minute of it. In 2k4 I saw that there were a lot less public servers and most of them are looked down on.

When TAM started out, and let's not have a discussion about if TAM is good or if it's the worst game mode ever here, there were a lot of new servers popping up, all of them public. And people from almost every other gametype came to try it out. I've played people from the AS, CTF, TDM, vCTF and ONS community in TAM and they all started playing TAM on public servers. Today, there's still a LOT of public servers in TAM and it's never a problem to find a TAM game anytime of the day.

Perhaps a few of you now say "yea, but I can find a CTF game anytime, I have a great list of servers in my favorites" and that might be true. It doesn't changes the fact though that you'll end up playing the same players over and over again and as people stop playing the game for whatever reason you'll one day find yourself alone on those servers.

We need the public servers. It's a simple as that. No matter how big the tree is, if you kill the roots, you kill the tree.
Click to expand...

Very well said.
 
Sir_Brizz

Sir_Brizz

Administrator
Staff member
Feb 3, 2000
26,020
83
48
Piglet said:
Joe is right when he says that "You can not use the global id to spoof your
way on to a server.". Nobody has shown that they can use a GUID for anything
illegitimate. However somone with a hacking background has boasted that they
can - so on the precautionary principle UTAN is now masking the middle section
of GUIDs when they display them.

When Joe said "Furthermore you cannot spoof the global id without the cdkey.",
he's not correct. If you join a server run by hackers they can obtain
information by which they can spoof your identity elsewhere online and appear
to be using your copy of the game. They do not have your CD key - but will
appear on the server with your GIUD. A raft of the global UTAN bans are where
these compromised keys were spotted by IP and name matching and banned. This
first came to our attention when the Titan 32 ONS server was deliberately
crashed; a look-alike server had been set up (same name & number of players)
and a number of players connected to the look-alike thinking it was the Titan
server. At this time we investigated and got detailed information about how
the server was crashed and how the information was gathered on the fake server
and then subsequently used. This we passed on to Epic. We also supplied Epic
with unrealscript code to patch the specific server crashes we'd been targeted
with. Patches 3363 and 3364 had test code in them relating to this issue - but
was not released for other reasons. The crash exploits used on us were fixed
in patch 3369 along with tweaks to make the gathering of spoof information a
little more difficult.

For servers running prior to 3369 ONSPlus and current versions of ATCC provide
protection against those specific crashes.

The situation with the chap spoofed in the thread I mentioned in my last post,
ArPharazon, is this. I contacted him on IRC and discussed the exploit with him
but he was unconvinced that I was telling the truth. He contacted the hackers
and connected to their server. Shortly after this they spoofed as him online
and so the thread was started.

Personally I'd not be inclined to connect to any US or French server with
patch level less than 3369.

I hope that this helps.

Piglet
Click to expand...
I think I misread the first part last time I read his post.
 
ShiningSquirrel

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
Well it looks like someone did not like my posts. :con:
Got some hate mail and had 2 of my servers crashed so I guess I made a splash.

As Bush said "Mission Accomplished"!

I have gotten people to atleast admit there is a problem, getting it fixed is another matter and beyond me but atleast now maybe someone who CAN fix it will notice and do something.

Seeya round boys and happy fragging!
 
Last edited:
CyMek

CyMek

Dead but not gone.
Jan 4, 2004
1,932
0
36
cymek.deviantart.com
postmynuts.gif
(c) t2a.
 
N

neilthecellist

Renegade.
May 24, 2004
2,306
0
0
San Diego, California
www. .
The issue intrigues me. There is definitely room for debate, but as you've mentioned, your topic was locked on ataricommunity.com and discussion on the topic was censored there?

That's a grey area of attack... You could contact er... brb, lemme check who.
 
ShiningSquirrel

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
neilthecellist said:
The issue intrigues me. There is definitely room for debate, but as you've mentioned, your topic was locked on ataricommunity.com and discussion on the topic was censored there?

That's a grey area of attack... You could contact er... brb, lemme check who.
Click to expand...

Actually it was deleted from the atari forums completly and I was warned not to discuss "cheating" on their forums.
No one here has done any censoring that I know of.
That's why I reposted here, because I knew at least on this site it would stay and no one would be afraid to talk about it. The people who run this site have some scruples unlike the Atari forum.
 
You must log in or register to reply here.
Top Bottom