PDA

View Full Version : Cheaters and Exploiters news post



Hidron
12-02-2011, 09:55 PM
http://forums.station.sony.com/eq/posts/list.m?topic_id=181668

Wondering how badly this will hurt us......

Razzle
12-03-2011, 09:33 AM
My first guess is they go after the mq2 users first. But they might scan processes too to look for myseq anywhere in process description. They could look to see if myseq shows up in installed programs. There are a variety of ways to catch the myseq user. Passive showeq is always safest.

Razzle

Asbestos
12-03-2011, 09:38 AM
I am sure users of ShowEQ/MySEQ is something they would like to catch people using. In my opinion though, the systems they will more than likely have put in place will be automated, rather than a GM running around watching for people cheating. Unless they start harvesting information from client computers, which they may have already been doing, then detection fo MySEQ will be hard. Now if you are an idiot when using it, like running to named as soon as they spawn, with no tracker in your group, then it wouldn't be hard for anyone to catch you :) MySEQ runs as a process and if they get a listing of processes periodically from your client, then they can detect it. Years ago, Sony tried this and the community outrage made them change their mind about gathering information from users computers, so unless they changed their stance again, I would think our exposure to being "caught" is no greater than it has always been. Just my thoughts on it. If anyone else has any ideas of a way the server side could catch MySEQ, I would like to hear about it.

Also, I remember a post from long ago about renaming the executable for MySEQ to a more non-obvious process name (in case they did pull client process listings), but when I recently tried this under Windows 7, the process is still called MySEQ.exe, even though the executable isn't named that any more.

Razzle
12-03-2011, 10:17 AM
The myseq.exe is best run on a separate computer. There are so many ways to find it. The myseqserver.exe is easier to hide but can still be found. It almost has me considering going back to seq. Almost.

Razzle

Oggre
12-03-2011, 01:59 PM
I do run the client and server on different computers 99.9% if the time. I looked just now and myshoweqserver.exe shows up on the EQ machine with that very name under Task Manager. I'm curious Razzle, are there plans by you or anyone else to find ways to hide or rename it, and maybe rename it to something customizable by the user so it shows up as a different name by everyone? That way it would seem that it impossible to find at all.

This change is unfortunate, although I see Sony's point and don't blame them a bit. I love Everquest and have played for ten years, and the ability to use Myshoweq actually has kept me around. The game has become a bit stale for me though, as my playtime has decreased and the end game now requires so much time. I'm beginning to miss the original game, when it was fresh and new and so much was unknown. I had actually considered starting over again on a new server and relive memories for a bit until the point was lost, and then leave game. Maybe this change by Sony with be the final straw.

I will however wait around and see what changes are made, if any, to Myshoweq; now that I think about it I feel blind in game if I don't have it active.

O

Asbestos
12-03-2011, 03:59 PM
I love Everquest and have played for ten years, and the ability to use Myshoweq actually has kept me around.


I agree with you Here O. One of the biggest problems I have personally in game is spending time to move to a camp, only to find players there, who didn't answer a camp check. I zone in, see where all the groups are and can plan my game time accordingly.


I will however wait around and see what changes are made, if any, to Myshoweq; now that I think about it I feel blind in game if I don't have it active.


I constantly look at the MySEQ client to see where I am in relation to other mobs when moving through a zone. It is something that makes the game more enjoyable for me and I too feel blind without it. I am debating on trying the game without it and will probably come to a decision: either I will abide by their new enforcement policy because being able to play means more to me than being able to "see," or I will decided that seeing is more important and I don't want to play the game without it and will use it until caught/banned.

Razzle
12-05-2011, 11:21 AM
I once considered adding to the client so u cant run it on the same computer as the eqgame. But that would be forcing some sort of responsible use. I am just against that. You run it at your own risk. You can hide it well with a bit of coding. But you have to compile your own. I am actually for the compile your own option altogether. But then you have jacked compiled copies stealing passwords all over. So i have no plans to change anything. I wont help hide the server or client. It is what it is. Use it responsibly.

Razzle

Hidron
12-05-2011, 08:24 PM
I'm not sure it is saying anything, but some of the bazaar bots that I have long suspected of using something to manage their sales seem to have vanished completely earlier today. I have not personally done anything but run a bazaar seller for the last 4-5 days, but have left MySEQ still running. Client runs on another box though.

Oggre
12-10-2011, 02:44 PM
Hello everyone,

We’ve all had a few days to think about this issue, and I’ve seen nothing dramatic reported about banings or people getting caught using showeq/myshoweq. I wonder if we can direct the discussion to what we do know and where do we go from here.

We know that Sony has announced that they are persuing cheaters with new ability. They did not list specifics, but it’s safe to assume that they actually have something in place and that it’s not all false bravado.

We also know that this forum is public, and if Sony is serious about catching people then they know about this forum and will view it. So, anything discussed here can be known to them.

Both Razzle and Asbestos have mentioned in passing how a myshoweq user could be caught. Outside of having a live GM in a zone to actively observe things (unlikely) they would have to have some passive ability to detect. It has been mentioned here that either:

1) EQ would scan the active processes to see what was running in the background, and look for myshoweq.exe or the server.exe

2) EQ would look to see what other programs are installed on the computer, and not necessarily active running. Simply look for a MySEQ folder should do the trick.

Could someone(s) elaborate on the above, and/or other ways it could be detected passively? And maybe even how their actions could be detected by us or some other third party so we could know what exactly they are doing.

It would seem to me that #1 would be the most likely, as having a program installed on your computer is no violation of the EQ user terms, although it may give them a heads up on who could be using. Asbestos pointed out that they tried this before and stopped because of protests, and I remember that from way back.

It would also seem to me that #2 would be less obvious on their part, but again simply having it installed shouldn’t be any reason to ban. They’d still have to catch the program actually running.

Razzle mentioned in another post that he is thinking about ways to hide the server (the ideas post under the Development forum). He also mentioned here that he wouldn’t make it completely cheat proof, and I respect his reason. But I wonder, couldn’t we simply rename the server exe file? I tried this and renamed it to something innocent, started it and it worked with the client running on another computer. It also showed up under ctrl/alt/del task manager as the renamed file. Asbestos said he tried this and it didn’t work, but he’s using Windows 7 and I use XP. Am I mistaken and could it be detected as MySEQ on my machine?

I’m just interested in thoughts from you all about what actually is happening here, and where do we go now. MySEQ is not Macroquest, and even though it breaks the rules it is not as manipulative a program. All we can do is see what is in a given zone. It would seem to me that they have bigger fish to fry and that taking too much energy to stop MySEQ is not worth their time, especially as it has been noted that they do not have the developer resources that they once had and they have more important things to do. But then I don’t work at Sony.

I apologize about the length of the post, but again I’m interested in moving forward and discussing facts, and not rampant speculation about what may be happening, so we all can at least decide what risks we are willing to take. I look forward to reading replies.

Cheers,

Oggre

Hidron
12-11-2011, 03:51 PM
For what its worth I am currently running Win7 on my main box (only for the last month or so though), and WinXP on my second box. The client always runs on the 2nd box, and occasionally a 2nd EQ account runs there, but I haven't since the original announcement. It doesn't commonly run an EQ account anyway, so its not due to the announcement.

My server.exe file is renamed something other than the default name, and being under Win7, I do not keep it under \Program Files either. The new name does show up under the processes tab, which shows the actual file name, but the real name of the program shows up under the Applications tab, and the title bar of the window the program runs in. Which name shows up depends on which tab you are looking at in the Task Manager.

Oggre
12-12-2011, 01:03 PM
My server.exe file is renamed something other than the default name, and being under Win7, I do not keep it under \Program Files either. The new name does show up under the processes tab, which shows the actual file name, but the real name of the program shows up under the Applications tab, and the title bar of the window the program runs in. Which name shows up depends on which tab you are looking at in the Task Manager.

I looked again at task manager, and you're right about it showing the folder under Applications. It shows up as the renamed "oggre.exe" (not actually what I named it, but you get the point) but shows the destination as ".../MySEQ/oggre.exe" which doesn't do any good as far as renaming and hiding the program. I wonder if you were to install elsewhere, and rename the folder to something innocent like "picturehelper", and have this be immune to any passive searchbot function that we suspect may be the case with Sony's new plan. I was hoping for someone with more computer code knowledge to weigh in and speculate if it is simple as I have spelled out or if something else is required. This of course assumes that the client is run on another computer that does not have an Everquest instance simultaneously running.

One ray of hope; anyone who uses MySEQ would have to come to these forums to get the offsets and new versions, etc. I assume if anyone was cought and banned/suspended the first thing they would do is come here to post. I know of no such post here or elsewhere. Hopefully if anyone hears anything, even if someone was using another program, they would come here to tell us about it.

Still looking forward to continued discussion on this topic.

Cheers to you all

O

Razzle
12-12-2011, 03:04 PM
Hint on running your renamed myseqserver.exe. Look at the shortcut.

For the client you have to compile as a different target and edit some of the default properties in the build configuration in visual studio.

Razzle

Fireblade
12-14-2011, 11:35 AM
Hint on running your renamed myseqserver.exe. Look at the shortcut.

For the client you have to compile as a different target and edit some of the default properties in the build configuration in visual studio.

Razzle

Razzle,

is there a place to actually get the non installer version so one would be able to do an own compile?


rgds
FireBlade

gawker
12-15-2011, 11:10 AM
Pretty sure the CVS site is still maintained. Just have to be careful you pull the right version since there was a retrograde in development at one point where the newer version was abandoned and development continued with the older version.

http://seq.cvs.sourceforge.net/viewvc/seq/myseq/client/?pathrev=MAIN

I think that is the correct branch... Might have to poke around witht he various tags to get he current code.

If you have a cvs client you can also point that to the sourceforge repository and pull down the files.

Razzle
12-15-2011, 03:46 PM
I use tortoise cvs. I really need to learn how to move it all over to svn. I like svn so much better compared to cvs.

Razzle

Blackfeather
12-15-2011, 09:38 PM
I will in no way modify my use of MySEQ. Sony if you are reading these threads know that when you ban me all you will do is hurt your revenue stream. Why don't you fix the things that are broken in the game so I dont need to use a third party program to make everquest enjoyable.

ozradar
12-16-2011, 05:02 AM
good discussion, I hope others will take a few minutes to add their thoughts.
I'm not going to be too specific, but I have renamed things as others have suggested and it's working. At least that is some form of safety.
Please if anyone gets warned or even banned (geez I hope not) please let us know so we can learn and protect ourselves?

For what it's worth. I do not believe I profit or gain a significant advantage running this tool. All it does is increase my enjoyment of the game and adds another dimension to the experience.
Thank you again to all those who have worked on providing the tool, it really is appreciated.

Oggre
12-20-2011, 11:23 AM
Well it has been awhile now and no one has posted here about anything dramatic, so I assume nothing dramatic has happened to viewers of this forum anyway.

No one has posted thoughts on what exactly Sony may do in order to be able to detect MySEQ. I haven't viewed the Sony forums much lately, other than to try and find out how to turn off Luclin models in a new install of the game. Anyway, while I was there I came across a thread that contained this post:

"This is a notification to let you know that we have released your EverQuest account from suspension. In an effort to better safeguard EverQuest from abuse from using 3rd party programs, we did a sweep against this type of activity and took action against accounts that have trigged our anti-cheating detection logs <emphasis mine> . In this effort, it seems the most recent wave of suspensions may have caught up some accounts un-intentionally that did not quite meet the threshold which we desired. It appears one (or more) of your accounts may have been affected. We apologize for any inconvenience. All affected accounts have been released from suspension and 7 days of game time have been added to the subscription(s). We thank you for your understanding as we continue to work towards making Norrath more fun and fair for all."

Now, this suggests two things. One, that the penalty is a simple suspension, perhaps designed to scare people to stop cheating and return to game. Secondly, it suggests that there are Sony serverside logs, and a GM or some other actual person reviews the logs for "suspicious" activity. Subsequent posts suggested that the activity was actually warping within a zone, and that the logs may reflect client/server lag and thus incorrectly suggest that an account was cheating. So, perhaps Sony is not scanning the client computer for anything, and that as long as MySEQ users use the renaming plan that we have discussed and are careful in not making a bee-line for a named mob, nothing will happen. Than some of us have said that they are continuing to use the program and no one has reported any contact from Sony backs this up.

I just wanted to share this. As before, followup comments are welcome.

Laters

Oggre

{sidetrack: I got my mom's desktop computer that she doesn't use much anymore, and downloaded the game by getting the everquest.exe file and letting it set up the folders and download the rest of the files. Three or so downloading hours later, heh, the game launched, but with a different login format than my other two computers. I can't for the life of me find out where in the Options tab the display choices are. I ultimately went in and edited the ini file, but still it bugged me. End sidetrack:}

purple
12-21-2011, 05:09 PM
If I had to guess, they just have a logger that logs stuff and a sweeper that watches the log output and attempts to detect abnormalities. It's probably 100% server side. Who knows what they log. Maybe they log when time in a zone is < 2 minutes and if someone seems to be running around to a zillion zones and spending 2 minutes in each one, they flag them for further analysis. Maybe they log who kills which special named based on how long the mob has been up and flag if you consistently kill certain special named mobs immediately when they spawn.

Other than those, I can't think of what they'd flag server side for myseq/showeq. And really, with those two there are going to be false positives and it's not gonna be worth it to do the legwork to actually prove anything.

Personally, I was (obviously) a heavy showeq user and moderate MQ2 user that used some bard/bot automation plugins and some lookup plugins. I don't think I would have changed my behavior based on their nastygram post personally. Maybe my bot would appear mechanical through logs, but writing a detector for that would be a lot of work. Really probably the most egregious thing to the server I used to do would be using /target which would actually consistently work with mq2. They could probably log my position and the position of the thing I'm /targetting when the server receives the target opcode. But I can't imagine that would really be worth it to them to do either.

Realistically, they are probably just watching for ghost/warpers. Of course I haven't played EQ in many years so I do not know what active hacks are out there these days. Maybe there is worse out there now.