Elsword's security system by Adrian

Adrian420 · 01/01/2014, 13:06

Good evening,
As some people may have heard by now on this game a secret logging system represents the most powerful weapon against hackers.
The main issue I hope to cover here is how logs look like and what's being logged.

What's being logged:

The level of your character as well as the dungeon you're playing in. For example: you can’t access x-2 secret dungeon at lv 6 unless you are a hacker.

Drops of all kind: ED and items acquired.

All dungeon results: for example how much ED/ Exp you have acquired, clear time, etc.

How many mobs you have killed during the respective run.

What stages you clear during the run.

How much damage you deal. By knowing this we can assume that they also know how much dmg you receive or if you receive anything at all.

Based on the value and particularities of the damage you have dealt or received they might be able to guess about how much: phy/mag attack/defence, add.dmg, crit, red.dmg and evasion, you have. What I can say for sure is that when you kill a mob they know exactly how much damage you have dealt and if it was a critical hit or not.

Since they know if mobs receive damage or not they also know by what means dies a mob.

They know how many accounts you have by tracking your IP. Every account you have ever accesed with your IP(even once) is counted as " one of your accounts". This is how many innocents get banned when a hacker gets banned on IP.

They log trades of all kind: mail, direct, board. They know what item you trade.

They know from which account to which account goes the item you have send. They recognize accounts not only by IP but also by name. As simple as: account "x" is trading with account "y".

They know the exact date of all logs. Year,month,week,day,hour,minute. Logs have a length in time of 5 or more months which makes me believe that logs never get deleted.

Logs are stored in your account's history. In other words your account is "the main villain" not your characters - deleting or renaming a character is pointles since logs remain on your account's history.

Mods are detectable and bannable.

They have a list of all items you have on your account and their effects/particularities. They know which items[gear, costumes, accessories] you have used during a run and their characteristics[enhancement, effects & sockets].

Secret KOMCheck algorithm:
Exactly as the name suggests the client runs a secret, hidden KOMCheck method/algorithm that checks KOM files.
This KOMCheck method/algorithm:
-Is incorporated in the game's client,
-Does not need files from the internet (non-bypassable),
-Only reports when the normal KOMCheck and this second method give different results (i.e. when the normal KOMCheck has been bypassed),
-Does not close the client but each time it detects a modified KOM file an entry in the login packet is sent to the server.

This is how admins can find out if you have a modded client and since the alteration of the client is strictly forbidden by T&C you can legitly get banned even if you don't have any abnormal logs.
Example: bans took for voice mods follow this system.

Solution:
Basically, you don't have to edit KOM files.
Programs like , ELX or Cheatengine can alterate the in-game experience without making modifications in the structure of the KOM.

Special thanks to Joni-St who analised the client binary and made this descovery.

Safe way to hack based on IP change:

Spoiler

The most easyest way of them all:
You need 2 PC's and two different IP's on each PC. What you want to do is to grind "one big load" on your hacking account(s). Like 4 absolute sets for example.
What you must do when you transfer these is to make everything look like a every day trade.
Go in the market and put the item(s) you want to trade at a ridiculously low price(1000 ED or so). With your safe account rapidly buy, using the board, 2/3 of the amount. The rest you let there to be taken by other players or by friends of yours. Repeat the process until everything you wanted is on your safe account.
Remember that you can only do this whole trick once or twice because even if they don't recognize you by IP they will surely recognize you if you're constantly buying items with only one account.

I'm a hacker and I'm in big trouble, what should I do?

Spoiler

You should make a new account, because you risk a ban, but NOT BEFORE asking your internet provider for a new IP. Why? Because if you get IP banned without changing the IP your new account will also get banned even though you did not used any hacks on it.

The safest way to do this while keeping your items:
Ask a friend who isn't a hacker to make you a new account. You trade your items to him via direct trade. After the transfer is complete you can change your IP and play on your new account.
This is a bit risky, but in the same time you "should" be safe because it only looks like you're giving things away.
If you have a dynamic IP things are a lot more easier since you can do the whole process by yourself via mail trade. Don't forget to change IP when you relog.

What I want to add:
These are only my ideas on how to evade security. Based on the presented info about logs you may come up with better solutions. Do whatever you decide to do and keep in mind that variety will save your ass.

Prints:
I had more but I've lost them when my old hard-disk broke. Some info here can be confirmed not only by me but also by any hacker who made a ticket after getting banned.

Spoiler

---------------------------------------------

---------------------------------------------

---------------------------------------------

---------------------------------------------

That's all, I hope this topic helps people understand how things work. Also feel free to update my list with anything useful that's not already been told.

Parampaa · 01/01/2014, 13:23

I can't understand that ticket

, could you translate it?

Adrian420 · 01/01/2014, 13:35

Quote:

Originally Posted by Parampaa

I can't understand that ticket , could you translate it?

Here

Spoiler

Use google translate, I don't know german.

Otes · 01/01/2014, 20:14

#Approuved

I also had an ip ban
4 accound, 3 with cheat and 1 without cheat.

JackSkywalker · 01/03/2014, 00:42

does anyone have a good ip changer?

Adrian420 · 01/03/2014, 01:10

Quote:

Note that we do not provide details about the investigation.

Absolutely hilarious.
Unfortunately now is too late for them to do that. I made a swear that if they ever send me to grave again I'm taking their security down with me.
They saw me guilty for hacking, I see them guilty for treating children and their feelings as a piece of wood, for throwing away people's work and friends, for abusing power.
Thank you for support Otes, I really appreciate your efforts.

Quote:

does anyone have a good ip changer?

Your internet provider is the best IP changer.

Parampaa · 01/03/2014, 05:24

Hmm, it's still impossible for GM to spend all his time to check all player logs then inspect one by one, right?

And, they have bunch support ticket, managing game, and etc, right?

Adrian420 · 01/03/2014, 07:07

There isn't only one person checking logs. They have a team for this.
And checking one by one? No, as you may see, they IP ban everything they find.

Though ...
There is something that makes me think they need fresh data to find you, mainly because normal logs are constantly replacing abnormal logs(like in a long long list). So if you stop now you might have a slight chance.
Keep in mind that this is only an assumption with a low chance of probability, I don't have enough information to confirm something like this.
Also what if they automatically "underline" abnormal logs? so they can easily find them afterwards. Everything is possible.
And you know ... many people have a hack account and safe account: the discovery of the hack account and a IP ban will most likely lead to the same result.
In other words: you have this high probability that stop hacking now won't make any difference.

Parampaa · 01/03/2014, 12:08

I think better not talking/asking about our ID (for cheating) or keep it secret so the GM won't see our logs. But, bug trap function still bothering me, it send screen shoot when the game crashes then automatically delete that file. The file name is ErrorLog.txt and Crash_ScreenShot.jpg in \data folder, do you have any idea how to deny it being sent except disconnecting internet?

Adrian420 · 01/03/2014, 23:50

Quote:

I think better not talking/asking about our ID (for cheating) or keep it secret so the GM won't see our logs. But, bug trap function still bothering me, it send screen shoot when the game crashes then automatically delete that file. The file name is ErrorLog.txt and Crash_ScreenShot.jpg in \data folder, do you have any idea how to deny it being sent except disconnecting internet?

What you're trying to do seems to be the job of a sniffer.

Quote:

Who have delete my reply ?

Maybe a forum moderator, because it was double post. But don't worry, you can now check my post for the 3rd img.

Otes · 01/15/2014, 17:33

Ok... :/ !

So for henir farmeur I suggest you to use a vpn and never connect your main account as your ip cheating account !
If you have 2 PC it would be nice too and don't forget to use vpn, A Good vpn.

Adrian420 · 01/17/2014, 21:41

Update.
I've been trying to make the list more intelligible for you guys, therefore, some points that were pretty messed up got a fresh and hopefully a more "friendly" aspect.
My english still needs a lot of practice

2nd Update
Further aspect improvements and some new hacking strategies.

3rd Update
The introduction was modified:
-Shorter.
-The term "records" was changed into "logs", highlighting that logs exist in text format not in video format.
Mild hacks updated:
-Elemental resistance

4th Update:
-New information added to the list.
-4th screenshot

BabyBeelz · 01/31/2014, 11:52

Bumping coz poster asked me to

Adrian420 · 02/07/2014, 17:56

Update.

oinah · 02/08/2014, 23:41

you posting these will make them think on how to deal with ELX files soon