GAME HACK #81518

[XSGamers]

What seems odd about these bans is the amount of people who are fighting their corner in a mature and sensible manner.

The normal "F*ck you I no Hax" brigade don't seem to be prevalent on this one. My gut feeling is that something is wrong and not 100% definite hacking.

 

I hope EB look into this in more depth as I can imagine nothing worse than being accused of doing something you haven't, especially with the option of Cross Game banning. The collateral damage could possibly be high on this and that makes me wonder.....

 

Are EB sticking to their guns even though they suspect things might not be so water tight with the bans ,as they don't want another climb down over another ban wave?

[NaiduR]

Will just post it here with screened personal info. I've sent non-screened logs to SuperTaz and Benway. Logs taken from server I'm renting. EDIT: took a while (3 days) to find player with 50856 who accepted my friends request and then agrees to join my server.

 

Player with 50856 gets kicked immediately, player with 81518 stayed on server until I've asked him to disconnect (~10 minutes).

 

Server PB log for player with 50856 violation. (Ranked / Non-official / PB on / FF on / Non streaming)
PunkBuster Server: New Connection (slot #1) xx.xx.xx.xx:3659 [?] "xxxxxx" (seq xxxxxx)
PunkBuster Server: Player GUID Computed xxxxxxxxxxxxx(-) (slot #1) xx.xx.xx.xx:3659 xxxxxxxxxxxxxxx
PunkBuster Server: VIOLATION (AIMBOT) #50856: xxxxx (slot #1) Violation (AIMBOT) #50856 [xxxxxxxxxxx(-) xx.xx.xx.xx:3659]
PunkBuster Server: Kick Command Issued (Violation (AIMBOT) #50856) for (slot#1) xx.xx.xx.xx:3659 xxxxxxxxxxx xxxxxx
PunkBuster Server: Lost Connection (slot #1) xx.xx.xx.xx:3659 xxxxxxxxxxxxx (-) xxxxxxx

 

Server PB log for player with 81518 violation. (Ranked / Non-official / PB on / FF on / Non streaming)
PunkBuster Server: New Connection (slot #1) xx.xx.xx.xx:3659 [?] "xxxxxxxx" (seq xxxxxxx)
PunkBuster Server: Player GUID Computed xxxxxxxxxxxxx(-) (slot #1) xx.xx.xx.xx:3659 xxxxxxxxxxxxx
PunkBuster Server: Player List: [slot #] [GUID] [Address] [status] [Power] [Auth Rate] [Recent SS] [O/S] [Name]
PunkBuster Server: 1  xxxxxxxxxx (-) xx.xx.xx.xx:3659 OK   1 3.3 0 (V) "xxxxxxxx"
PunkBuster Server: End of Player List (1 Player)

 

 

Are EB sticking to their guns even though they suspect things might not be so water tight with the bans ,as they don't want another climb down over another ban wave?

 

Exactly. But they're loosing control on situation. More players started to realize something is wrong and why they're unable to play on a good share of servers. Some estimate they can't play on 30-40% of servers, some report 2 out of 3.

 

P.S. and B1aze14's post... He was banned on server of his own clan with dad known as 'BanHammer', holy smoke.

Edited December 2, 2013 by NaiduR

[fozzer]

What seems odd about these bans is the amount of people who are fighting their corner in a mature and sensible manner.

The normal "F*ck you I no Hax" brigade don't seem to be prevalent on this one. My gut feeling is that something is wrong and not 100% definite hacking.

 

I hope EB look into this in more depth as I can imagine nothing worse than being accused of doing something you haven't, especially with the option of Cross Game banning. The collateral damage could possibly be high on this and that makes me wonder.....

 

Are EB sticking to their guns even though they suspect things might not be so water tight with the bans ,as they don't want another climb down over another ban wave?

I see a fair few appeals including the EB troubleticket and I would say the opposite is more like it.

 The appeals I have read (including the EB troubleticket) have been full of outrageous indignation and nothing else.

The #81518 violation will remain in play until one of those on the receiving end can reproduce that violation, on demand, by running none cheat software.

Up to now no one has done that.

It is no skin off the Even Balance nose to declare a "false positive" because the default "punishment" for raising this cheat violation is a 2 minute kick.

It is the proactive server admin or third party streaming service that turns those 2 minute kicks into a ban.

[fozzer]

Will just post it here with screened personal info. I've sent non-screened logs to SuperTaz and Benway. Logs taken from server I'm renting. EDIT: took a while (3 days) to find player with 50856 who accepted my friends request and then agrees to join my server.

 

Player with 50856 gets kicked immediately, player with 81518 stayed on server until I've asked him to disconnect (~10 minutes).

 

Server PB log for player with 50856 violation. (Ranked / Non-official / PB on / FF on / Non streaming)

PunkBuster Server: New Connection (slot #1) xx.xx.xx.xx:3659 [?] "xxxxxx" (seq xxxxxx)

PunkBuster Server: Player GUID Computed xxxxxxxxxxxxx(-) (slot #1) xx.xx.xx.xx:3659 xxxxxxxxxxxxxxx

PunkBuster Server: VIOLATION (AIMBOT) #50856: xxxxx (slot #1) Violation (AIMBOT) #50856 [xxxxxxxxxxx(-) xx.xx.xx.xx:3659]

PunkBuster Server: Kick Command Issued (Violation (AIMBOT) #50856) for (slot#1) xx.xx.xx.xx:3659 xxxxxxxxxxx xxxxxx

PunkBuster Server: Lost Connection (slot #1) xx.xx.xx.xx:3659 xxxxxxxxxxxxx (-) xxxxxxx

 

Server PB log for player with 81518 violation. (Ranked / Non-official / PB on / FF on / Non streaming)

PunkBuster Server: New Connection (slot #1) xx.xx.xx.xx:3659 [?] "xxxxxxxx" (seq xxxxxxx)

PunkBuster Server: Player GUID Computed xxxxxxxxxxxxx(-) (slot #1) xx.xx.xx.xx:3659 xxxxxxxxxxxxx

PunkBuster Server: Player List: [slot #] [GUID] [Address] [status] [Power] [Auth Rate] [Recent SS] [O/S] [Name]

PunkBuster Server: 1  xxxxxxxxxx (-) xx.xx.xx.xx:3659 OK   1 3.3 0 (V) "xxxxxxxx"

PunkBuster Server: End of Player List (1 Player)

 

 

 

What are you trying to prove :dunno:

All the above is quite normal.

Last time I checked the 50856 cheat violation came complete with a globalguid ban issued by EB themselves.

This means that anyone raising the 50856 violation will not be able to join any PB enabled server.

The 81518 cheat violation just incurs the standard punishment PB normally employ .... a 2 minute kick.

It is the proactive admin or third party anti cheat service that turn the 2 minute kick into a ban.

Not every server streams via PBBans and not every server uses the PBBans banlist, in fact only a small fraction of servers stream to a third party anti cheat site so I would dispute the 2 out of 3  comment :P

[NaiduR]

@fozzer

 

I do feel really sorry if questions raised here made you think I'm trying to prove something. Let me assure you, in neither way I'm trying, it's just a (stupid) curiosity since the only problems I had with PunkBuster 'till ban day were 'Communication failure' and 'Auto update failed' (don't remember exact error messages, but those are close enough).

 

On the other side, I've made an attempt in helping both gaming community and EvenBalance to find the reason why quite a few of us raised this violation because I'm sure it "could be triggered by non-cheat software", and I will be happy if even a bit of my efforts will be useful for EB to make a final decision in 81518, no matter what it will be.

 

The #81518 violation will remain in play until one of those on the receiving end can reproduce that violation, on demand, by running none cheat software

Does this statement mean I can try to play BF4 and launch misc. apps at the same time in order to trigger this violation? And once violation triggered, report the steps to reproduce it? If yes, can I send a PM with some technical questions about PB client configuration and some violation-related info?

 

@all

 

With either outcome, I have a strong feeling that I won't return to BF or any other MP FPS (nobody is gonna miss me, I know), this ban is very a good reason to stop wasting time.

[NaiduR]

Well, here's what I'm going to do. If that doesn't help, I don't see a single reason to continue this discussion since I'm out of ideas and will just shut up and sit tight.

I've asked my brother to give me his account for testing. Then joined streaming server, saved origin id and pbcl.log (with GUID) to a new text file, RARed it with password and uploaded here:
EDIT!: https://mega.co.nz/#!yFNFQYhS!WyPF9AxITifGAsd3rQYBRiHNjo9bgd48jqrIdIGWvg0

Feel free to download and keep it (although if I change this file, it's key, the part after # in URL above, will be changed too).

For the next couple of days (starting today 8pm UTC) I will be playing using this (clean) account, with CE running in background. CE 6.3 x64, BF4 x64. Streaming servers of course.

If 81518 violation will be raised, I will post RAR file password and updated pbcl.log here. You'll be able to unrar file and compare GUIDs. Ban on that GUID with violation 81518 will appear at MBi.

If 81518 won't be raised, then CE isn't the reason and either the problem lies somewhere else or I'm a bloody cheater.

P.S. Just noticed that PC patch is coming tomorrow, it might somehow affect my plan, will keep you informed.

pbcl.cfg:

pb_MsgPrefix "[skipnotify]PunkBuster Client"
pb_Sleep 500
pb_LogToFile 1
pb_SsLog 1
pb_SsSave 1

pbcl.log with screened info:

pb_LogToFile = 1 (0=No, 1=Yes)
pb_SsLog = 1 (0=No, 1=Yes)
pb_SsSave = 1 (0=No, 1=Yes)
Attempting to resolve master7.evenbalance.com
Resolved to [50.62.82.210] (18)
PunkBuster Client (v2.332 | A0 v) Enabled
Game Version [89510]
Connected to Server xx.xx.xx.xx:xxxx
WARNING: PB Kicks for Level 1 PB Restrictions on this Server
PB Server assigned guid = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Receiving from PB Server (v v1.880 | A1390 C2.332)
PB Services socket initialized
PnkBstrA successfully loaded PnkBstrB
PnkBstrB service installed and started successfully
Master Query Sent to (MASTER2.EVENBALANCE.COM) 50.62.76.68
Received Master Security Information

Edited December 2, 2013 by NaiduR

[XSGamers]

I see a fair few appeals including the EB troubleticket and I would say the opposite is more like it.

 The appeals I have read (including the EB troubleticket) have been full of outrageous indignation and nothing else.

The #81518 violation will remain in play until one of those on the receiving end can reproduce that violation, on demand, by running none cheat software.

Up to now no one has done that.

It is no skin off the Even Balance nose to declare a "false positive" because the default "punishment" for raising this cheat violation is a 2 minute kick.

It is the proactive server admin or third party streaming service that turns those 2 minute kicks into a ban.

 

Well seeing as we don't see that part of the process (how could we), we're only seeing half the story, but going by the forums (which is our only source), it seems that the people with "issues" are approaching it in a better manner than most times we've see.

[Pielroja]

Don't risk the account of you brother.

 

You can reproduce the violation much easier.

 

Start "Cheat Engine 6.3"

Attach CE to some process. e.g. the tutorial process of CE

Join a Battlefield 4 server with Punkbuster protection.

Play some rounds.

Result will be: Violation (GAMEHACK) #81518 in the punkbuster log.

 

Don't try this on a stream protected server. Then you will be banned.

[pipes1]

Don't risk the account of you brother.

 

You can reproduce the violation much easier.

 

Start "Cheat Engine 6.3"

Attach CE to some process. e.g. the tutorial process of CE

Join a Battlefield 4 server with Punkbuster protection.

Play some rounds.

Result will be: Violation (GAMEHACK) #81518 in the punkbuster log.

 

Don't try this on a stream protected server. Then you will be banned.

 

 

if its reproduced like that though he would be unbanned when EB declares a false ban.

[SuperTaz]

I thought Cheat Engine was only used to debug software and some small single player games? Can it be used on larger games like BF4? :wacko:

[Pisi-Deff]

I thought Cheat Engine was only used to debug software and some small single player games? Can it be used on larger games like BF4? :wacko:

If I recall correctly, CE's main charm is that you can edit any program's memory.

Usually not an issue in multiplayer games where the server barely trusts the client, anything you edit on the client remains on the client and/or is double-checked by the server, and does not affect other players.

Considering the kinds of hacks we've seen for BF3 though (teleporting other players, adjusting bullet damage)... the server seems to trust the client a whole bloody lot. Could be similar for BF4. CE could be used for quite a bit of havoc in that case.

[NaiduR]

Sorry guys, I felt asleep, so came to this a hour ago.

 

*P00F*

Edited December 3, 2013 by HSMagnet
thanks for admission and welcome to the RU section

[SOC_JO]

Hmmm CE can hook into any process and alter/edit memory functions I certainly feel better about these bans. None of this is required to play bf4 or any other game for that matter and would consider it a joke to let such activity continue. It seems clear EB has done the right thing... Next...

 

 

LOL yeah like mentioned above - If you have cheat engine loaded into memory hooked into any process while you try and play will get you banned LOL - genius idea

Edited December 3, 2013 by SOC_JO

[MudBar64]

Hi, I'm posting this text on behalf of NaiduR.

 

In short: I can confirm that having CE loaded in memory and attached to any process triggers this violation.

 

Steps to reproduce this violation:

1. Run Cheat Engine, attach it to any process. I've used calc.exe.

2. Join any PB-enabled server.

3. Play some rounds. I was kicked playing second TDM round, so it took 20..25 minutes approx. for PB to "detect" Cheat Engine.

4. Enjoy 81518 ban.

 

Here's the prove that it was me:

1. Download the file (if you didn't already) I've posted the link to in my previous post #81.

    To those "you could alter the file after your ban" I have only to say that if I did, file URL would change. It is the way Mega works these days.

    To those "you could edit the link in your post" -- this forum script doesn't allow you to edit your posts after some short time (1hr or so, I think).

2. Use WinRAR to unpack it using password "outersoul" without quotes, of course.

3. Open unpacked txt file, you will find origin account details and GUID inside

4. Now get here: pbbans.com

5. Find recent ban with violation #81518 and the player nick you found in txt file. Follow the details link, compare GUIDs.

6. Don't believe me? Try on non-streaming server (Pielroja, you are right here), you will be banned on that server only.

 

Some observations:

1. I've got ZERO messages in BattleLog that I've been banned or any kind of restriction kick occurred.

2. Some kind of message '... banned ...' flashed in BF4 chat and I think it's almost impossible to notice it if you don't know what are your looking/waiting for.

1. and 2. definitely explain why A. most players were unaware of any kind of ban B. not much appeals done

 

Here's pbcl.log with my violation (time is UTC+4):

[12.03.2013 05:33:49] pb_LogToFile = 1 (0=No, 1=Yes)
[12.03.2013 05:33:49] pb_SsLog = 1 (0=No, 1=Yes)
[12.03.2013 05:33:49] pb_SsSave = 1 (0=No, 1=Yes)
[12.03.2013 05:33:49] Attempting to resolve master3.evenbalance.com
[12.03.2013 05:33:49] Resolved to [50.23.100.138] (18)
[12.03.2013 05:33:49] PunkBuster Client (v2.332 | A0 v) Enabled
[12.03.2013 05:33:50] Game Version [89510]
[12.03.2013 05:33:50] Connected to Server 173.199.78.33:30000
[12.03.2013 05:33:50] WARNING: PB Kicks for Level 1 PB Restrictions on this Server
[12.03.2013 05:33:50] PB Server assigned guid = 4911cfeb8da96a2f5cbd79cfb97e2799
[12.03.2013 05:33:50] Receiving from PB Server (v v1.880 | A1390 C2.332)
[12.03.2013 05:33:53] PB Services socket initialized
[12.03.2013 05:33:55] PnkBstrA successfully loaded PnkBstrB
[12.03.2013 05:33:58] PnkBstrB service installed and started successfully
[12.03.2013 05:36:06] Receiving from PB Server (v v1.880 | A1390 C2.332)
[12.03.2013 05:37:50] Master Query Sent to (MASTER1.EVENBALANCE.COM) 192.155.198.210
[12.03.2013 05:37:52] Received Master Security Information
[12.03.2013 05:58:27] Violation (GAMEHACK) #81518
[12.03.2013 05:58:30] Not Connected to a Server

 

[Buff]

Can you explain a couple of things here.

 

IP of NaiduR on the forum are all Canadian.

The GUID 4911cfeb8da96a2f5cbd79cfb97e2799 from the pbcl.log shows Russian IP's, while he said the game was from his brother.

http://www.pbbans.com/mbi-viewban-b97e2799-vb327641.html

 

The Russian IP's belong to a player called JJamRR, so a proxy/vpn is involved for sure.

JJamRR or DaJJam was all ready banned on November 22, 2013.

http://www.pbbans.com/mbi-viewban-5e1029c2-vb326616.html

 

Your complaints about the ban on twitter

https://twitter.com/JJamRR

 

 

JJamRR ‏@JJamRR  28 november 
@OriginInsider #BF4 Is EA aware of second false PB banwave? Support doesn't help, EB denies appeals.

 

JJamRR ‏@JJamRR  28 november 
@OriginInsider @Freedomfromu @Battlefield They don't give a ****. I'm trying to resolve this issue since Nov, 22nd.

 

JJamRR ‏@JJamRR  28 november 
@Crimson1490 @PBBans They deny appeals, more and more 81518 bans rolling in. With recent false 89265 wave, another will ruin EB/PB.

 

JJamRR ‏@JJamRR  29 november 
@AskEASupport NB I've contacted most of banned, a lot of them don't even know they were since error box in battlelog doesn't work proprly.

 

JJamRR ‏@JJamRR  29 november 
@GregHanson7 Hi, can you please add me in Origin? My username is DaJJam. The problem is that you might be wrongfully banned by #punkbuster.

 

JJamRR ‏@JJamRR  30 november 
@OriginInsider Spent whole week trying to solve #BF4 #PB #81518 ban. Zero supp from @EA. Looks like false pos again: http://www.pbbans.com/forums/game-hack-81518-t178531.html

 

All sound like NaiduR, but he didn't tell you guys that he's been around a known hacksite since 2012.

Why all the smokescreens?

[Mayjay]

Can you explain a couple of things here.

[...]

 

I don't know NaiduR, and I don't want to sound stupid but does it really matter if his demonstration is valid ?

 

If using CE on anything but BF4 while playing the game results in a ban well I think that's a serious issue. The full ban is unjustified in my opinion.

Now you can argue that it's being stupid to have CE open and active while playing BF4 but I fail to see how it is a justification for a ban. Maybe some were using it to effectively hack, I don't know, but what about the others ?

 

I think the reasonable solution here would have been to give a warning to the players, telling them that having CE running while playing the game triggers PB and thus it should be disabled or uninstalled prior to the launch of the game to avoid a ban.

[pipes1]

why is it unjustified. a third party program was picked up that altered a memory process.

 

 

pb is clear in that anything that can alter the game may result in a ban.

[warpos]

 

Now you can argue that it's being stupid to have CE open and active while playing BF4 but I fail to see how it is a justification for a ban. Maybe some were using it to effectively hack, I don't know, but what about the others ?

 

FYI, you don't even need to run it, maybe once, but bf4 doesn't even need to be open because:

 

As proprieties of the "cheat engine.exe", I have:

 

Created: 08/21/2013

Modified: 06/28/2013

ACESSED: 08/21/2013

 

If i'm not wrong, not even beta was launched.

BTW, yes, it still installed, yes, not used since then.

 

From cheat engine website:

 

"Cheat Engine is an open source tool designed to help you with modifying single player games running under window so you can make them harder or easier depending on your preference(e.g: Find that 100hp is too easy, try playing a game with a max of 1 HP), but also contains other usefull tools to help debugging games and even normal applications."

 

Well, yes, I did use it for debugging my dads application, so what?(and flash games, because as you know bf4 wasn't out yet)

[Mayjay]

why is it unjustified. a third party program was picked up that altered a memory process.

 

 

pb is clear in that anything that can alter the game may result in a ban

And I thought the purpose of PB was to ban people who cheat on multiplayer games they protect. Did any responsible person at ppbans tried to reproduce the ban via cheat engine ? I'm ready to risk my own account and reproduce it on demand, tape the all operation if it can help.

 

It might be me but if you ban on the possibility of a hack that can happen but didn't, well you go way out of your purpose. Why not banning all windows users then ? By using it you can alter pretty much anything you want, including the game, if you apply the same logic then pretty much anybody could be subject of a ban.

[SuperTaz]

After reading about what Cheat Engine does, I can not see why anyone would use it at all. It alters the memory processes of programs. To be honest, no person should have it on any system with games protected by PB. If CE is raising this violation, then I am sure that there is a good reason for it as there may have been some people who used it to change something on the Battlefield games. If that is the case, then I support this violation. And no staff will test this out as it is up to Even Balance to do that.

[SOC_JO]

Same logic is when a server owner downloads a hack to use on non-punkbuster enabled servers to train their admins on cheats. Then goes to play on a punkbuster enabled server without cheats enabled but gets banned anyways. Claims never used the cheat officially only for training. Regardless of motive logic is defeated and the risk of such a program was getting banned.  Want to use a program that can be used to alter any games function places you on a short list of high risk to be banned.

 

Seems clear the pattern of what has been going on with 81518 and reaffirm support for EB in maintaining this violation.

[Buff]

From cheat engine website:

 

"Cheat Engine is an open source tool designed to help you with modifying single player games running under window so you can make them harder or easier depending on your preference(e.g: Find that 100hp is too easy, try playing a game with a max of 1 HP), but also contains other usefull tools to help debugging games and even normal applications."

 

If you look further:

 

Cheat Engine can view the disassembled memory of a process and make alterations to give the user advantages such as infinite health, time or ammunition. It also has some Direct3D manipulation tools, allowing you to see through walls, zoom in/out and with some advanced configuration allows Cheat Engine to move the mouse for you to get a certain texture into the center of the screen. This is commonly used to create aimbots.

 

Cheat Engine can inject code into other processes, but doing so can cause anti virus software to mistake it for a virus. There are versions that avoid this false identification at the cost of many features (those which rely upon code injection). The most common reason for these false identifications is that Cheat Engine makes use of some techniques also used in trojan rootkits to gain access to parts of the system, and therefore get flagged as suspicious. Newer versions of Cheat Engine are less likely to be blocked by anti virus programs so features like code injection can be used without problems.

[fozzer]

Seems some have missed what I posted so I will repost the relevant sentence again;

 

The #81518 violation will remain in play until one of those on the receiving end can reproduce that violation, on demand, by running none cheat software.

Up to now no one has done that.

 

[Mayjay]

Seems some have missed what I posted so I will repost the relevant sentence again;

 

What's the point of having a appeal function then ? Seems to me like it doesn't matter if you cheated or not on the game protected as long as you have a cheat for any other game you own.

How am I suppose to prove the innocence of my brother if the simple possession of Cheat Engine makes him guilty ?

[Benway]

#38