Could TQ be using anti hooking and memory scanning

ramius_michael · 12/22/2006, 09:03

Ok now before anyone panicks and goes all crazy this is just a discussion on possible techniques that TQ maybe trying to implement to prevent cheating.

I have heard many folks on the conquer forums talking about conquer maybe using hooking and stealthing to thrawt cheaters.

2. I also have read where a mod mentioned that a new routine was introduced to passively scan most commonly used memory addresses and used by hackers,

If this is so that might explain why some of the more popular cheats where disabled. I do believe that the anti hooking was used to disable cotobo. As i recall 4312 though cotobo ore dropper was disabled but cotobo could still be iniatilized with the conquer window. This patch though I noticed that cotobo itself failed to hook into conquer.

Also if tq is using a subroutine to passively scan game memory addresses then this could be the beginning of a series of patches that will attempt to lock out certain game functions or even be used to ban players. They have definately went just from encrypting to anti hooking. They maybe attempting to implement something similiar to vac2 maybe not something as expensive as vac2 but something along the same lines developed by their own personel. If that is the case they will probably be patching as new hacks are discovered. Which means even if you get aimbot to work there is a likelyhood that successive patches will be used in later versions of co2 to introduce newer and bolder anti cheating measures.

Yes before the flaming starts. I know i have been accused of conspiracy theories in the past. Yet I have noticed that CO2 is behaving differantly than it did before this latest patch. My firewall detected a memory report being issued to co2.t.91z earlier today which caught my attention. I checked my firewall logs and noticed that other such memory reports had originated from co2 client after patch 4334. This latest memory report though originated after patch 4335 and it was more agressive. So I will say this i'm not the one coding the hacks or developing them but i would carefully look at the client and see what they have done.

my fire wall's application monitor has noticed a high threat status communication from the conquer exec reporting memory status to 216.93.170.133:http(80) now this could be totally harmless. but this was report had generated after i had already logged into the game and was playing. i sent this to my firewall provider to find out what they had to say about it. They concluded that it was a memory usage communication between client and provider. So I dont know maybe i'm just being paranoid but someone needs to check this out that has more experience with anti cheat methods than I. this could be innocent i dont know.

omega02 · 12/22/2006, 09:12

it should mean less botting and hacks -.-..ima quit soon

smoothjonny · 12/22/2006, 09:15

I've suspected them to be using process scanners since the patch. I believe it to be a well known theory. It also makes sense, as we know they are trying to crack down on us. However, they still can't scan us... only what interacts with their servers.

Looks like we are back to pixel based bots >.< lol.
(that's a joke btw, we will just be more active in our bot making)

ramius_michael · 12/22/2006, 09:16

Quote:

Originally posted by omega02@Dec 22 2006, 03:12
it should mean less botting and hacks -.-..ima quit soon

nah i didn't say that and i'm not trying to spread rumor i'm trying to find out if anybody else had that happen. if it hasn't maybe it's just my firewall acting up. i'm just trying to find out if anyone else had the same thing happen. i'm just making sure it aint a false positive.

ramius_michael · 12/22/2006, 09:19

Quote:

Originally posted by smoothjonny@Dec 22 2006, 03:15
I've suspected them to be using process scanners since the patch. I believe it to be a well known theory. It also makes sense, as we know they are trying to crack down on us. However, they still can't scan us... only what interacts with their servers.

Looks like we are back to pixel based bots >.< lol.
(that's a joke btw, we will just be more active in our bot making)

**** was afraid of that. well at least i know it aint like vac2 and *** forbid they ever use game guard. game gaurd can wreck a computer. i can't tell you how many pc's i've had to reformat for people game gaurd literally sticks it's nose in ever orifice of a pc and even restarts a computer if someone is cheating. I hate game gaurd. not because i cheat but because it's invasive and we all deserve privacy.

smoothjonny · 12/22/2006, 09:23

imma run netstat and see what's going on, as i'm currently free from my usual security

wtfworkallready · 12/22/2006, 09:32

Quote:

Originally posted by smoothjonny@Dec 22 2006, 09:15
I've suspected them to be using process scanners since the patch. I believe it to be a well known theory. It also makes sense, as we know they are trying to crack down on us. However, they still can't scan us... only what interacts with their servers.

Looks like we are back to pixel based bots >.< lol.
(that's a joke btw, we will just be more active in our bot making)

actuali ive got 5 spy ware files off of my test computer that came with conqeur atuo patches over last 2 years, fairly spaced out, only program that both caught and deleted them "AOL Safety and Security Center"

theysee it all, ur being alowed to cheat. conspiricle enough for u?

wut u gota ask ur self? wtf do they care really? Oo

dont believe it? LOOK IT UP. btw defantion files, thou claimed to only grow larger are actualy taken from some times in the way tey are over writen and some times new versions of spyware removeal tools virus removeal ect... wont detect things that older versions did. any ways i use old and new version on test pc and old one caught um. not new one.....pay offs? duno duno..........

ramius_michael · 12/22/2006, 09:43

Quote:

Originally posted by wtfworkallready+Dec 22 2006, 03:32--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (wtfworkallready @ Dec 22 2006, 03:32)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--smoothjonny@Dec 22 2006, 09:15
I've suspected them to be using process scanners since the patch. I believe it to be a well known theory. It also makes sense, as we know they are trying to crack down on us. However, they still can't scan us... only what interacts with their servers.

Looks like we are back to pixel based bots >.< lol.
(that's a joke btw, we will just be more active in our bot making)

actuali ive got 5 spy ware files off of my test computer that came with conqeur atuo patches over last 2 years, fairly spaced out, only program that both caught and deleted them "AOL Safety and Security Center"

theysee it all, ur being alowed to cheat. conspiricle enough for u?

wut u gota ask ur self? wtf do they care really? Oo

dont believe it? LOOK IT UP. btw defantion files, thou claimed to only grow larger are actualy taken from some times in the way tey are over writen and some times new versions of spyware removeal tools virus removeal ect... wont detect things that older versions did. any ways i use old and new version on test pc and old one caught um. not new one.....pay offs? duno duno.......... [/b][/quote]
well maybe if this informations is relevant perhaps the coders will figure out what they up to. but i think they are beyond the spyware stage. i think they are just getting mem and ram and virtual mem reports now. of course the likely hood of removing it may well prevent us from playing. which would suck.

.bmg · 12/22/2006, 09:50

as far as i know TQ cant do such thing. chill

smoothjonny · 12/22/2006, 10:16

Quote:

Originally posted by wtfworkallready@Dec 22 2006, 03:32
actuali ive got 5 spy ware files off of my test computer that came with conqeur atuo patches over last 2 years, fairly spaced out, only program that both caught and deleted them "AOL Safety and Security Center"

theysee it all, ur being alowed to cheat. conspiricle enough for u?

wut u gota ask ur self? wtf do they care really? Oo

dont believe it? LOOK IT UP. btw defantion files, thou claimed to only grow larger are actualy taken from some times in the way tey are over writen and some times new versions of spyware removeal tools virus removeal ect... wont detect things that older versions did. any ways i use old and new version on test pc and old one caught um. not new one.....pay offs? duno duno..........

wow... you let yourself get spyware

personally, i have scans clean everyday and a full check up once a week... and i've never had **** from them before... and after the last patch i cleaned up those trojan **** they gave me

so my advice would be for you to be more vigilant in your computing

Tw3ak · 12/22/2006, 10:30

personally i think it;s a load of bull..But even if it wasn't i would not be worried for 2 reasons

1) i would be overjoyed to get rid of 90% of all the noobs hacking co just like vac2 does to noob cs hackers lol.

and 2 ) i have made many hacks for cs that easily bypassed vac and vac2 without a sweat so i'm not worried about bypassing any antihooking/memory scanning that co could come up with.

Basically i wish they would do this then it would drive the good developers/cheaters into a underground enviornment where good cheats can be made without worry of them being detected again just we do with cs hacks and leave the noobs behind to get banned.

noelm · 12/22/2006, 11:57

Quote:

Originally posted by Tw3ak@Dec 22 2006, 10:30
personally i think it;s a load of bull..But even if it wasn't i would not be worried for 2 reasons

1) i would be overjoyed to get rid of 90% of all the noobs hacking co just like vac2 does to noob cs hackers lol.

and 2 ) i have made many hacks for cs that easily bypassed vac and vac2 without a sweat so i'm not worried about bypassing any antihooking/memory scanning that co could come up with.

Basically i wish they would do this then it would drive the good developers/cheaters into a underground enviornment where good cheats can be made without worry of them being detected again just we do with cs hacks and leave the noobs behind to get banned.

I hear that

Peach · 12/22/2006, 13:21

dont be lame, its not true

ramius_michael · 12/22/2006, 17:10

Quote:

Originally posted by Peach@Dec 22 2006, 07:21
dont be lame, its not true

well how do you explain last july. when all those folks got banned. and also when 4312 hit. basicly i think they have been testing anti hacking software. they are too cheap to get vac2 and game guard but they may well be trying to implement software of their own. remember the game developers are originally from china. knockoff capital of the world. and besides this is only a discussion of if and i do mean if they may be possibly trying to implement a antihacking system similar in behavior and operation as gameguard/vac2. besides you have to remember that they are trying to save money and if they have developed such a system it may well be automated.

vac2 behavior is very passive it will weight a month or so before taking action against a game cheater. i dont know why steam makes their system like that but they do it. maybe they trying to net the most cheaters as possible or they are making it very difficult to develop cheating methods that combat a anti cheat method. but if tq was to implement a automated defense against hacking i think they would go to a vac2 model type method. and besides for new coders this maybe some good experience for them. like basic training learn how to do work arounds on a anti cheat engine. maybe that would be a good thing. this isn't neccessarily a bad thing it could be a good thing. like the old marine creedo semperfi do or die adapt, anticipate, and overcome. hoorah

[QUOTE]"yea bury your head in the sand and they'll never find you"

unknownone · 12/22/2006, 20:45

We hold clientless connections that don't get botjailed. I think that is enough evidence to disprove your theory. A well managed firewall would also identify any tricks TQ try and pull, so far none.

The HTTP connection you appear to have seen is for the advertisements on the login screen. Nothing more.