EPTOn May 04 2010 16:23 dRaW wrote:
Where do you find this BWHF? The all @Useast is funny though...
Where do you find this BWHF? The all @Useast is funny though...
Can TL ban you for asking for hacks?
SCBW Bnet hacker: Watch out - Page 2
| Forum Index > BW General |
|
igotmyown
United States4291 Posts
Can TL ban you for asking for hacks? | ||
|
Deleted User 47542
1484 Posts
BWHF = brood war hack finder, not a hack. If you google that exactly you will get it, it's a 3rd party program that analyzes replays for hacks pretty much instantly, and can load up a black list of known hackers, etc. I used it when I used to play around on bnet but those days are long gone :x It catches multi/autogather 100% of the time, but map hack is pretty much undetectable.. [unless a newer version was released in the 1-2 years I've been off bnet] | ||
|
LunarDestiny
United States4177 Posts
http://code.google.com/p/bwhf/ | ||
|
LunarDestiny
United States4177 Posts
On May 04 2010 16:12 omfghi2u2 wrote: I think the funniest hacks are when you play the UMS game tittled, "Banning game." And when you trap them, they drophack you. But back on topic, I remember going into a game and someone came in the game and wrote in all caps, "BAN ME? I BAN YOU" and Bnet crashed. This allah/frost guy is all over bnet. Ironically, I think Allah made that Banning game and with extra hack speed. | ||
|
MaRiNe23
United States747 Posts
| ||
|
L_Master
United States8017 Posts
I dunno it was always strange for me that he would keep the same game name so that ppl can just skip over his games. Thing is, if you even gloss over them it will make SC crash, you don't even have to try and enter. But yeah, if he gave them random "real" names it would be far more annoying that it is now, where you just have to be careful where you place your cursor. | ||
|
EleanorRIgby
Canada3923 Posts
On May 04 2010 16:44 MaRiNe23 wrote: What I've always wondered is..why does he keep the same game names. Like he always makes it ALLAH@USEAST or FROST@USEAST "something@USEAST". If he really wanted to annoy people he would make the game name like "1v1 python play/obs" so that people will join or some other popular UMS. Either he's dumb or he can't adjust the game name for whatever reason and always has to add "@USEAST at the end of his game name" I dunno it was always strange for me that he would keep the same game name so that ppl can just skip over his games. Clearly he wants to make a name from himself as an e-villian | ||
|
anch
United States5457 Posts
On May 04 2010 14:15 krndandaman wrote: Agreed. R1CH would make him cry for his mommy. Show him who's the real wizard around starcraft. would be scary as hell if R1CH is Frost's alter ego. dum dum dum. | ||
|
lgd-haze
Sweden547 Posts
| ||
|
PobTheCad
Australia893 Posts
the past few weeks i noticed less of them but it may just be a time of day thing | ||
|
Oddysay
Canada597 Posts
seriously that kinda scary people can make hack like that , battle.net security was pretty bad if you think about that . | ||
GTR
51574 Posts
![[image loading]](http://i30.tinypic.com/359cv0y.jpg) | ||
|
infinity2k9
United Kingdom2397 Posts
On May 04 2010 16:12 omfghi2u2 wrote: I think the funniest hacks are when you play the UMS game tittled, "Banning game." And when you trap them, they drophack you. But back on topic, I remember going into a game and someone came in the game and wrote in all caps, "BAN ME? I BAN YOU" and Bnet crashed. This allah/frost guy is all over bnet. You know, there is a drophack protector. It works well and is really funny when they try it cause it warns you too or counter-drops them. One guy i had was spamming it loads of times trying to drop me and was getting really mad about it. I just use that along with BWHF and i don't tend to have much trouble with hackers thanks to it (this is on USWest). | ||
|
Excel Excel
142 Posts
On May 04 2010 16:34 superbabosheki wrote: BWHF = brood war hack finder, not a hack. If you google that exactly you will get it, it's a 3rd party program that analyzes replays for hacks pretty much instantly, and can load up a black list of known hackers, etc. I used it when I used to play around on bnet but those days are long gone :x It catches multi/autogather 100% of the time, but map hack is pretty much undetectable.. [unless a newer version was released in the 1-2 years I've been off bnet] The only undetectable hacks (map hack, resource hack) happen to be the most useful; autogather and multicommand do not really help the hacker that much in higher level games, so they can turn off the easily detectable features and still have a massive advantage. | ||
|
dhe95
United States1213 Posts
Sent a copy of this to hacks@blizzard, but if you catch anyone in person, direct them to this thread as this seems serious enough to warrant attention: --------------------- There appears to be a hack circulating in SC:BW where an oversized game name is passed to bnet upon game creation. Bnet does not perform input sanitization on this value before storing it. Bnet then sends this information back to the client when the client is at the join game screen, at which point the oversized game name is added to the join game list box. When the user clicks the entry, the list box text is copied into an unchecked 128 byte buffer and a stack-based buffer overflow occurs. On a quick glance, the return address looks possibly controllable, meaning with the right length and combination of characters, this could be exploited to execute arbitrary code on the StarCraft client. Vulnerable code resides in battle.snp @ base + 0x237D0: 190237D0 |. 8B1D BCA20319 mov ebx,dword ptr ds:[<&USER32.SendMessa>; USER32.SendMessageA 190237D6 |. 6A 00 push 0 ; /lParam = 0 190237D8 |. 6A 00 push 0 ; |wParam = 0 190237DA |. 68 88010000 push 188 ; |Message = LB_GETCURSEL 190237DF |. 56 push esi ; |hWnd 190237E0 |. FFD3 call ebx ; \SendMessageA 190237E2 |. 83F8 FF cmp eax,-1 190237E5 |. 0F84 7D000000 je battle.19023868 190237EB |. 8D95 70FFFFFF lea edx,dword ptr ss:[ebp-90] 190237F1 |. 52 push edx ; /lParam 190237F2 |. 50 push eax ; |wParam 190237F3 |. 68 89010000 push 189 ; |Message = LB_GETTEXT 190237F8 |. 56 push esi ; |hWnd 190237F9 |. FFD3 call ebx ; \SendMessageA As shown here, LB_GETTEXT is used to pull the string out of the listbox into edx. edx points to a stack buffer of 128 bytes. Since the string in the listbox is controlled by the attacker as no bounds checking is done on either the client or the server, a stack-based buffer overflow occurs. My suggested immediate fix would be to limit the maximum game name / mapname and other user-controlled parameters that the battle.net server will accept as this would not require a client patch. If the user submits to bnet values of greater length than the BW client would normally allow, they can be flagged as malicious and handled accordingly. An additional suggested client-side update in the next patch would validate the game name and other parameters received from battle.net before working with them, to protect the player from 3rd party servers. I would appreciate being informed of any updates to this issue, as if no action is taken I will make my own unofficial patch to address this bug. Thanks! seems like R1CH already found this ages ago. | ||
|
Nytefish
United Kingdom4282 Posts
| ||
|
TwilightStar
United States649 Posts
| ||
|
Kentucky
United States63 Posts
These people are only looking for attention and that's exactly what you give them by posting this pointless thread. They're not clever, they're pathetic untalented unemployed retards who downloaded 1 millionth of an ounce of power over an internet game and now they're spending their time trying to annoy people because they're that desperate to get attention from someone even if it's negative attention from a stranger. They have zero power over you, just avoid them and ignore them. Don't make their little game of annoying people fun for them by showing them how annoyed you are, just ignore it. | ||
|
gumbum8
United States721 Posts
On May 04 2010 22:44 Kentucky wrote: Who cares? These people are only looking for attention and that's exactly what you give them by posting this pointless thread. They're not clever, they're pathetic untalented unemployed retards who downloaded 1 millionth of an ounce of power over an internet game and now they're spending their time trying to annoy people because they're that desperate to get attention from someone even if it's negative attention from a stranger. They have zero power over you, just avoid them and ignore them. Don't make their little game of annoying people fun for them by showing them how annoyed you are, just ignore it. Uhm... So if he crashes everyone's computer on East, we should just ignore it and let East become a frost dessert? I'm kinda glad there was this warning, my friend only plays on East... (mac) | ||
Xeofreestyler
Belgium6775 Posts
| ||
| ||
