Hall of Shame - MyAion.eu How to counterfeit and kill reputations of players

Why i am writing this

I was in contact with the MyAion.eu Team.
They know that people can counterfeit their reports but still they think it is an good idea to publish the list of "Cheaters" to the public.
I am not ok with this, because if it is possible to put innocent people on the Hall of Shame list and kill their reputation as good pvp players this is very bad.

So i have decided to write a basic concept guide how to fake an report which is 100% impossible for Livo to identify as an modified log.
This should hopefully bring it to the attention of players that not all published reports are correct.
There are also other possible situations which could bring people on the list without cheating, but that would take too much time and indepth knowledge.

How does Livos Tool work

Basically his tool does an read only MITM Attack. (https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
As the game protocol has no protection against that it is possible to see the communication between client and server.
This communication gets analyzed by his tool.

So yes, from an technical point of view his tool is an hacker tool with more or less good intentions.

How would faking an report work

With the very same technology as Livo is using, but actively and not passively.
There are already tools out there which could do something like this called L2PHX.

L2PHX is an tool wich allows you to modify the data sent between your pc and the aion gameservers.
L2PHX would be running for example on an second pc and your local homerouter would then forward all data between the pc and gameforge servers to the L2PHX computer which actively alters the data between client and server.

There are really many ways to fake an report, but heres one simple and understandable version.

Hide attack speed buff and lower reported attack speed of victim player

So basically this works by modifying the reported base attack / motion speed from the server and also hiding the used buffs which increases the victims attack speed.
This information will be modified via L2PHX and then is forwarded to the pc of the client which is running MyAion.EU and the game client.
In the eyes of MyAion.eu Tool and the game client the player is hacking and there is no plausible way to counter this.

What i want from you?

Share this information with players, so people are aware of this fact.
I hope the Hall of Shame will be put down by Gameforge Staff, because at least they have the same rules in their forums.

NO NAME SHAMING

Thanks for reading and have a nice sunday.

Scared of beeing caught hacking?

Yes, fakes like this one with a obvious fake player ID and player name

[Only registered and activated users can see links. Click Here To Register...]

Actually working, this link you sent was faked. Very easy to fake nice try. I can just invent one with any numbers of 10 digits. Like this: [Only registered and activated users can see links. Click Here To Register...]
Btw any live programs as above said aren't working in this program and creator himself said there is way but very hard one and he will be able to identify it. Also they are working on ideas how to counter it whole anyway. People are just trying find the excuse and hacker developers try to calm them down so they keep keep paying their services. And this guy above is just scared of being caught pobably.
Nice one xd

Quote:

Originally Posted by dafet Actually working, this link you sent was faked. Very easy to fake nice try. I can just invent one with any numbers of 10 digits. Like this: [Only registered and activated users can see links. Click Here To Register...] Btw any live programs as above said aren't working in this program and creator himself said there is way but very hard one and he will be able to identify it. Also they are working on ideas how to counter it whole anyway. People are just trying find the excuse and hacker developers try to calm them down so they keep keep paying their services. And this guy above is just scared of being caught pobably. Nice one xd

the link I gave was a proper faked report not just a changed URL, the admins already removed it that's all.

And actually it was just a for fun try, took me 5 minutes to find the players IDs ingame that they use and then it was just a easy cheat engine task to change all player name and player ID data in the program. however this should be easy to detect by them, not really interested in investing more time in this tool, no one cared about aidps no one cares about myaion, animation modifications are just a small part of hacking anyways.

:thinking: that's interesting then

Quote:

Originally Posted by nucular1 Why i am writing this I was in contact with the MyAion.eu Team. They know that people can counterfeit their reports but still they think it is an good idea to publish the list of "Cheaters" to the public. I am not ok with this, because if it is possible to put innocent people on the Hall of Shame list and kill their reputation as good pvp players this is very bad. So i have decided to write a basic concept guide how to fake an report which is 100% impossible for Livo to identify as an modified log. This should hopefully bring it to the attention of players that not all published reports are correct. There are also other possible situations which could bring people on the list without cheating, but that would take too much time and indepth knowledge. How does Livos Tool work Basically his tool does an read only MITM Attack. (https://en.wikipedia.org/wiki/Man-in-the-middle_attack) As the game protocol has no protection against that it is possible to see the communication between client and server. This communication gets analyzed by his tool. So yes, from an technical point of view his tool is an hacker tool with more or less good intentions. How would faking an report work With the very same technology as Livo is using, but actively and not passively. There are already tools out there which could do something like this called L2PHX. L2PHX is an tool wich allows you to modify the data sent between your pc and the aion gameservers. L2PHX would be running for example on an second pc and your local homerouter would then forward all data between the pc and gameforge servers to the L2PHX computer which actively alters the data between client and server. There are really many ways to fake an report, but heres one simple and understandable version. Hide attack speed buff and lower reported attack speed of victim player So basically this works by modifying the reported base attack / motion speed from the server and also hiding the used buffs which increases the victims attack speed. This information will be modified via L2PHX and then is forwarded to the pc of the client which is running MyAion.EU and the game client. In the eyes of MyAion.eu Tool and the game client the player is hacking and there is no plausible way to counter this. What i want from you? Share this information with players, so people are aware of this fact. I hope the Hall of Shame will be put down by Gameforge Staff, because at least they have the same rules in their forums. NO NAME SHAMING Thanks for reading and have a nice sunday.

You have a Updated Version of L2PHX?

@[Only registered and activated users can see links. Click Here To Register...]

Thanks for an CheatEngine based PoC. (Proof of Concept)


This is my last reply to this topic.
In case Gameforge does nothing against name shaming and therefore they are ignoring their own Terms of Services let's see whats happening.

For all haters:

Quote:

Originally Posted by Lightings Scared of beeing caught hacking?

[Only registered and activated users can see links. Click Here To Register...]

;-)

Not like this feature already exists since ages.

Quote:

Originally Posted by badagliacca L2PHX as program is dead, and no one is able to use it, so this post is nosense , no fake / positive can be done

Quote:

Originally Posted by Shimizu20 You have a Updated Version of L2PHX?

[Only registered and activated users can see links. Click Here To Register...]

;-)

Yes, i started updating it today and tested it today and its working on Aion EU 7.0 servers.

Quote:

Originally Posted by badagliacca What's the first image of? No one has a cheat like this, only you maybe, developed by you, never seen such thing ( or probably could be even a fake screen ) , about l2phx , i don't know if it's true, could be a fake posted by you , and same as before, no one has it , and 1 person out of 500 in the aion community is able to use it, so show some videos or the source of those programs, because seems only blabla stuff.

First Image is AionScript.

Quote:

Originally Posted by nucular1 @[Only registered and activated users can see links. Click Here To Register...] Thanks for an CheatEngine based PoC. (Proof of Concept) This is my last reply to this topic. In case Gameforge does nothing against name shaming and therefore they are ignoring their own Terms of Services let's see whats happening. For all haters: [Only registered and activated users can see links. Click Here To Register...] ;-) Not like this feature already exists since ages. [Only registered and activated users can see links. Click Here To Register...] ;-) Yes, i started updating it today and tested it today and its working on Aion EU 7.0 servers.

Hi! You not update Aionscript more?

Quote:

Originally Posted by Agr3ss0r Hi! You not update Aionscript more?

Well i started playing again with 7.0, but no.
I won't release Aionscript to the public anymore.

Stick with Paras Vanilla Tool (64Bit) or Aionbot.NET (32 Bit) or AionSpot (32 Bit).
Rubot is also an option.

You have to pay for it but you will get also the support and updates.

Quote:

Originally Posted by nucular1 @[Only registered and activated users can see links. Click Here To Register...] Thanks for an CheatEngine based PoC. (Proof of Concept) This is my last reply to this topic. In case Gameforge does nothing against name shaming and therefore they are ignoring their own Terms of Services let's see whats happening. For all haters: [Only registered and activated users can see links. Click Here To Register...] ;-) Not like this feature already exists since ages. [Only registered and activated users can see links. Click Here To Register...] ;-) Yes, i started updating it today and tested it today and its working on Aion EU 7.0 servers.

Quote:

Originally Posted by nucular1 Well i started playing again with 7.0, but no. I won't release Aionscript to the public anymore. Stick with Paras Vanilla Tool (64Bit) or Aionbot.NET (32 Bit) or AionSpot (32 Bit). Rubot is also an option. You have to pay for it but you will get also the support and updates.

For me ActionScript is best soft for aion(

There is no public l2phx so this post doesn't make much sense.

Yes, someone with knowledge could in theory (not in practice) fake a report.

The knowledge required would be much higher than your average cheater, and the person may need to have hacking experience to code a functional l2phx client to begin with.

All that effort for a single report that would get removed anyway? Please.

People who use their personally coded l2phx programs don't bother faking reports, they're busy duping items and doing advanced packet hacking in the game.