|
So you have all seen the "Allah/Frost/etc.@USEast>YOU" crashgames on Bnet at one point or another if you touched BW in the last few months. While they were relatively harmless if you avoid them, one of the hackers behind these games have unfortunately found a far more devastating hack that prevents you from hosting games on Bnet forever.
A few days ago, I decided to make a game titled "Frost@USEast GTFO BNET". The very same person (Frost) then joins my game, says "U mad kid?", then crashes my SC using the lobby hack. From that point on, I noticed something very interesting: whenever I decide to host a game, 15 seconds later I would lose connection to battle.net (and everything else) for a few seconds, and SC would quit. Joining games is unaffected, but the inability to host may prevent some people from playing SC altogether (there are some people whose computers cannot DL from other hosts and must host maps themselves in order to play).
How is this accomplished? Was a permanent modification to SC made?
After some testing, I realized that Frost most likely has a bot patrolling the games and checks the host names against a "blacklist" of people. If it matches, it performs some sort of network drop hack and cause you to lose network service (not just Bnet connection!) for a brief period. Creating a new Bnet account will get around this, and so will creating passworded games, but I fear that eventually Frost will begin to prevent ALL people from hosting through some manner. What is there to be done about this menace?
In any case, if you haven't been able to host and your network connection drops on game creation, that may be the reason.
|
On May 04 2010 12:52 Excel Excel wrote:
Creating a new Bnet account will get around this, and so will creating passworded games, but I fear that eventually Frost will begin to prevent ALL people from hosting through some manner.
that would be pretty epic tbh
|
|
|
Fucking USeast is like over 50% hackers by now, so as far as I'm concerned he's crashhacking hackers which doesn't bother me too much.
But honestly I didn't notice that, I did accidentally click one of those games after a while but I couldn't tell anything changed after rebooting from the crash since I couldn't make in the first place. If he's making a modification to your SC folder tho that sucks cause it means nastier stuff could be on the way (e.g. delete replays or something)
|
That shit of his is pretty annyoing, its like a landmine. You don't even have to join the game for it to crash starcraft, just pass over it on the game menu.
Since I'm neurotic when I'm waiting for a game to pop up I tend to scroll up and down, but now I have to be super careful less I pass over it and crash StarCraft.
On May 04 2010 12:52 Excel Excel wrote:
Creating a new Bnet account will get around this, and so will creating passworded games, but I fear that eventually Frost will begin to prevent ALL people from hosting through some manner.
While this would really suck; I also agree that it would be a pretty epic thing to own battle net.
|
This is pretty terrible. I've seen these games as well. While they're on USEast right now, who knows if they'll start appearing on iccup as well.
|
Well even more bad news.. its on US west as well, and the same sort of thing happens. Once i was in a 1v1@python play/ob game and someone came in the game and crashed everyones starcraft.
I then came online to check where host of the game was to see if he made another game by doing the /where "host name" command and it said he was in a game called something like "Frost@US WEST 324232525252525453534534534534534534534534534534534"
when he actually made a new game the host and everybody had no clue what had happened...in this case the host was able to make another game unlike the original poster description of how he is unable to create games now
|
Let's get R1CH to stomp his ass
|
This hack is really annoying my friends. A lot of the people I play with are beginning to be affected by this. (none of them are hackers though, not that I know of at least, I've played with them for years and I know some personally) They've never disconnected in a game before and then suddenly they're dropping every other game. I've been told it actually resets your Internet connection, not just b.net and it's pretty random too.
Has anyone reported it to Blizzard yet? I can't imagine the chaos if it gets out. I bet other hackers have noticed and are probably trying to duplicate it...
|
I just went on there to see what's all the fuss about. I made a game named "Frost @USEast is g@y" and someone named "BLIZZARD" joined and kicked me from Bnet. I was able to go back on after 5 minutes though, and I can still host games.
|
On May 04 2010 13:36 Ronald_McD wrote:
I just went on there to see what's all the fuss about. I made a game named "Frost @USEast is g@y" and someone named "BLIZZARD" joined and kicked me from Bnet. I was able to go back on after 5 minutes though, and I can still host games.
lol hahaah hero!!!!
|
i expected a one liner just accusing some newb of map hack but this is interesting to say the least, what some lengths people will go to..
|
On May 04 2010 13:36 Ronald_McD wrote:
I just went on there to see what's all the fuss about. I made a game named "Frost @USEast is g@y" and someone named "BLIZZARD" joined and kicked me from Bnet. I was able to go back on after 5 minutes though, and I can still host games.
rofl, good job!
edit:
On May 04 2010 13:45 EleanorRIgby wrote:
i expected a one liner just accusing some newb of map hack but this is interesting to say the least, what some lengths people will go to..
Ya I thought that too at first, maybe if a mod thinks this is worthy of discussion, the title could be changed to something more descriptive. (I don't mean to be backseat moderating, just a suggestion)
|
|
|
This is happening on USWest as well now ... wtf?
|
I just jumped on USWest to see what's there and tried to join a game "Frost@USEast > YOU" and immediately I get a Windows application error and game crashed. Nothing permanent seems to happen, though, loaded back up and can host a game, no problem.
edit:
Nevermind, OP already pointed out the guy had to jump in his game for the worse stuff, sorry
|
I play on USEast for the UMS maps. I want it funny how 40% of the people I play use multi unit control hack (BWHF detection). Why would people need multi unit control hack for UMS games???
For those Allah/Frost@USEAST games, I learned not to click on them after 8 tries.
|
How would he attack your network connection?
He could try to find your IP and attack your port, but if he doesn't do it from within starcraft a firewall should shut it down easily.
Is he injecting code at the end of really long game names?
Is he installing something on your computer using broodwar (how?)
This is interesting.
Edit: google found this
http://www.gamethreat.net/forums/starcraft-hacking-related/42699-ickarus-will-crash-you-2.html
This Allah guy seems pretty proud of himself
So these l33t hax0rs are using pack senders to spoof battle.net messages, which allows them to create/modify game names. If you make a game name too long, it will crash the host. If battle.net didn't change their code, it also allows for code injection.
There's been more than enough information posted over the past couple of weeks to figure out how to do it if you aren't a moron (uh oh). All you need is a packet sender that can send Battle.net messages.
Since this is on the battle.net level, a client running protective software won't be able to stop their game from crashing. I don't see how this affects your network connection.
Not sure what the next part is about
The hack can be done with a simple patch that points to your new custom data, that being the game name or game info/creator name/map name.
|
I think the funniest hacks are when you play the UMS game tittled, "Banning game." And when you trap them, they drophack you.
But back on topic, I remember going into a game and someone came in the game and wrote in all caps, "BAN ME? I BAN YOU" and Bnet crashed.
This allah/frost guy is all over bnet.
|
Where do you find this BWHF? The all @Useast is funny though...
|
On May 04 2010 16:23 dRaW wrote:
Where do you find this BWHF? The all @Useast is funny though...
Can TL ban you for asking for hacks?
|
On May 04 2010 16:30 igotmyown wrote:Show nested quote +On May 04 2010 16:23 dRaW wrote:
Where do you find this BWHF? The all @Useast is funny though... Can TL ban you for asking for hacks?
BWHF = brood war hack finder, not a hack.
If you google that exactly you will get it, it's a 3rd party program that analyzes replays for hacks pretty much instantly, and can load up a black list of known hackers, etc. I used it when I used to play around on bnet but those days are long gone :x It catches multi/autogather 100% of the time, but map hack is pretty much undetectable.. [unless a newer version was released in the 1-2 years I've been off bnet]
|
|
|
On May 04 2010 16:12 omfghi2u2 wrote:
I think the funniest hacks are when you play the UMS game tittled, "Banning game." And when you trap them, they drophack you.
But back on topic, I remember going into a game and someone came in the game and wrote in all caps, "BAN ME? I BAN YOU" and Bnet crashed.
This allah/frost guy is all over bnet.
Ironically, I think Allah made that Banning game and with extra hack speed.
|
What I've always wondered is..why does he keep the same game names. Like he always makes it ALLAH@USEAST or FROST@USEAST "something@USEAST". If he really wanted to annoy people he would make the game name like "1v1 python play/obs" so that people will join or some other popular UMS. Either he's dumb or he can't adjust the game name for whatever reason and always has to add "@USEAST at the end of his game name" I dunno it was always strange for me that he would keep the same game name so that ppl can just skip over his games.
|
I dunno it was always strange for me that he would keep the same game name so that ppl can just skip over his games.
Thing is, if you even gloss over them it will make SC crash, you don't even have to try and enter. But yeah, if he gave them random "real" names it would be far more annoying that it is now, where you just have to be careful where you place your cursor.
|
On May 04 2010 16:44 MaRiNe23 wrote:
What I've always wondered is..why does he keep the same game names. Like he always makes it ALLAH@USEAST or FROST@USEAST "something@USEAST". If he really wanted to annoy people he would make the game name like "1v1 python play/obs" so that people will join or some other popular UMS. Either he's dumb or he can't adjust the game name for whatever reason and always has to add "@USEAST at the end of his game name" I dunno it was always strange for me that he would keep the same game name so that ppl can just skip over his games.
Clearly he wants to make a name from himself as an e-villian
|
On May 04 2010 14:15 krndandaman wrote:Agreed. R1CH would make him cry for his mommy. Show him who's the real wizard around starcraft.
would be scary as hell if R1CH is Frost's alter ego.
dum dum dum.
|
Release the Krak.. R1CH!!
|
i first noticed those games on west about 1 1/2 - 2 months back
the past few weeks i noticed less of them but it may just be a time of day thing
|
blizzard are behind the hacker ! they want you to switch to sc2 !!
seriously that kinda scary people can make hack like that , battle.net security was pretty bad if you think about that .
|
51400 Posts
|
On May 04 2010 16:12 omfghi2u2 wrote:
I think the funniest hacks are when you play the UMS game tittled, "Banning game." And when you trap them, they drophack you.
But back on topic, I remember going into a game and someone came in the game and wrote in all caps, "BAN ME? I BAN YOU" and Bnet crashed.
This allah/frost guy is all over bnet.
You know, there is a drophack protector. It works well and is really funny when they try it cause it warns you too or counter-drops them. One guy i had was spamming it loads of times trying to drop me and was getting really mad about it. I just use that along with BWHF and i don't tend to have much trouble with hackers thanks to it (this is on USWest).
|
On May 04 2010 16:34 superbabosheki wrote:Show nested quote +On May 04 2010 16:30 igotmyown wrote:On May 04 2010 16:23 dRaW wrote:
Where do you find this BWHF? The all @Useast is funny though... Can TL ban you for asking for hacks? BWHF = brood war hack finder, not a hack. If you google that exactly you will get it, it's a 3rd party program that analyzes replays for hacks pretty much instantly, and can load up a black list of known hackers, etc. I used it when I used to play around on bnet but those days are long gone :x It catches multi/autogather 100% of the time, but map hack is pretty much undetectable.. [unless a newer version was released in the 1-2 years I've been off bnet]
The only undetectable hacks (map hack, resource hack) happen to be the most useful; autogather and multicommand do not really help the hacker that much in higher level games, so they can turn off the easily detectable features and still have a massive advantage.
|
From Hot_Bid's R1CH quotes thread:
Sent a copy of this to hacks@blizzard, but if you catch anyone in person, direct them to this thread as this seems serious enough to warrant attention:
---------------------
There appears to be a hack circulating in SC:BW where an oversized game name is passed to bnet upon game creation. Bnet does not perform input sanitization on this value before storing it. Bnet then sends this information back to the client when the client is at the join game screen, at which point the oversized game name is added to the join game list box. When the user clicks the entry, the list box text is copied into an unchecked 128 byte buffer and a stack-based buffer overflow occurs.
On a quick glance, the return address looks possibly controllable, meaning with the right length and combination of characters, this could be exploited to execute arbitrary code on the StarCraft client.
Vulnerable code resides in battle.snp @ base + 0x237D0:
190237D0 |. 8B1D BCA20319 mov ebx,dword ptr ds:[<&USER32.SendMessa>; USER32.SendMessageA
190237D6 |. 6A 00 push 0 ; /lParam = 0
190237D8 |. 6A 00 push 0 ; |wParam = 0
190237DA |. 68 88010000 push 188 ; |Message = LB_GETCURSEL
190237DF |. 56 push esi ; |hWnd
190237E0 |. FFD3 call ebx ; \SendMessageA
190237E2 |. 83F8 FF cmp eax,-1
190237E5 |. 0F84 7D000000 je battle.19023868
190237EB |. 8D95 70FFFFFF lea edx,dword ptr ss:[ebp-90]
190237F1 |. 52 push edx ; /lParam
190237F2 |. 50 push eax ; |wParam
190237F3 |. 68 89010000 push 189 ; |Message = LB_GETTEXT
190237F8 |. 56 push esi ; |hWnd
190237F9 |. FFD3 call ebx ; \SendMessageA
As shown here, LB_GETTEXT is used to pull the string out of the listbox into edx. edx points to a stack buffer of 128 bytes. Since the string in the listbox is controlled by the attacker as no bounds checking is done on either the client or the server, a stack-based buffer overflow occurs.
My suggested immediate fix would be to limit the maximum game name / mapname and other user-controlled parameters that the battle.net server will accept as this would not require a client patch. If the user submits to bnet values of greater length than the BW client would normally allow, they can be flagged as malicious and handled accordingly. An additional suggested client-side update in the next patch would validate the game name and other parameters received from battle.net before working with them, to protect the player from 3rd party servers.
I would appreciate being informed of any updates to this issue, as if no action is taken I will make my own unofficial patch to address this bug. Thanks!
seems like R1CH already found this ages ago.
|
^Also seems like Blizzard completely ignored him.
|
Holy crap, that's one of my old/good friends from east... wtf is he doing this for xD
|
Who cares?
These people are only looking for attention and that's exactly what you give them by posting this pointless thread.
They're not clever, they're pathetic untalented unemployed retards who downloaded 1 millionth of an ounce of power over an internet game and now they're spending their time trying to annoy people because they're that desperate to get attention from someone even if it's negative attention from a stranger.
They have zero power over you, just avoid them and ignore them. Don't make their little game of annoying people fun for them by showing them how annoyed you are, just ignore it.
|
On May 04 2010 22:44 Kentucky wrote:
Who cares?
These people are only looking for attention and that's exactly what you give them by posting this pointless thread.
They're not clever, they're pathetic untalented unemployed retards who downloaded 1 millionth of an ounce of power over an internet game and now they're spending their time trying to annoy people because they're that desperate to get attention from someone even if it's negative attention from a stranger.
They have zero power over you, just avoid them and ignore them. Don't make their little game of annoying people fun for them by showing them how annoyed you are, just ignore it.
Uhm... So if he crashes everyone's computer on East, we should just ignore it and let East become a frost dessert? I'm kinda glad there was this warning, my friend only plays on East... (mac)
|
Belgium6768 Posts
I would so love it if rich would e-rape that lil scriptpunk
|
haha R1CH is like TL's big brother. "you messing with me? wait til i get big brother R1CH on you." we can't really do anything ourselves but are secure in the fact that R1CH could probably rape this kid in 5 seconds.
with that said, i hope R1CH destroys this kid too. and i hope there's a way we could watch him do it. like livestream R1CH making a game R1CH>FROST@EAST or something haha.
|
I wonder why people do shit like this.. do they find it funny? Iono, they might feel justified when people rage at them but overall its just gonna make a lot of people suffer for what will most likely be minimal entertainment.
|
Being able to run arbitrary code is VERY SERIOUS. It is very possible to execute viruses from such an exploit. Pretty much the same security issue happened with warcraft 3 maps a while ago and it was a very serious threat, delaying the d2 patch developpement because Blizzard actually had to shift manpower around.
|
|
|
this is such an annoyance, i started creating my own games to avoid it
|
want a solution? iccup.com
|
Yah! Sick R1CH on 'em!
Wonder if he ever did come up with a patch himself?
Hope he comments :D
|
Omg this is on Europe also.This happened to me yesterday when i created huntz 3v3.Frost @Useast and some msg or smthn like that.But so far i didnt notice any changes in my bw.
|
If this guy can own Bnet, he will be a true hacker.
|
On a quick glance, the return address looks possibly controllable, meaning with the right length and combination of characters, this could be exploited to execute arbitrary code on the StarCraft client.
I'm surprised Blizzard hasn't patched this BNET bug if this is true.
Far worse things could be done.
|
BW Bnet is pretty lame--no LL, tons of hackers ranging from in-game multi-command/autotrain hacks to drop/game-crashing hacks, the vast majority of players being of D-/E level skill, the difficulty of finding games or waiting for people to join compared to ICCup, the majority of 1v1 players shying away from maps other than Python, etc.
It doesn't make sense for anyone who knows about ICCup and who has a non-sucky internet connection to even bother with Bnet. (I have to play on Bnet most of the time due to inconsistently laggy shared internet, hence the ranting. Sorry for slightly off-topic post).
|
On May 04 2010 12:52 Excel Excel wrote:
A few days ago, I decided to make a game titled "Frost@USEast GTFO BNET". The very same person (Frost) then joins my game, says "U mad kid?", then crashes my SC using the lobby hack.
Yeah it's douchey, but I lol'd at this. You can't say you didn't ask for it.
|
On May 05 2010 03:28 reincremate wrote:
BW Bnet is pretty lame--no LL, tons of hackers ranging from in-game multi-command/autotrain hacks to drop/game-crashing hacks, the vast majority of players being of D-/E level skill, the difficulty of finding games or waiting for people to join compared to ICCup, the majority of 1v1 players shying away from maps other than Python, etc.
It doesn't make sense for anyone who knows about ICCup and who has a non-sucky internet connection to even bother with Bnet. (I have to play on Bnet most of the time due to inconsistently laggy shared internet, hence the ranting. Sorry for slightly off-topic post).
Uhh nobody on iccup plays 2v2v2v2 or 3v3 or 4v4 or UMS
|
Just wondering, has anyone tried simply repatching SC to the current version?
|
On May 05 2010 03:54 Archaic wrote:
Just wondering, has anyone tried simply repatching SC to the current version?
What? It's an exploit in the way bnet works...
|
This hack is so old.
Also there is no such thing as anti-drophack unless the person using the drophack is using some exploited drophack with anti-package feature.
|
On May 04 2010 13:04 Pseudo_Utopia wrote:
Fucking USeast is like over 50% hackers by now, so as far as I'm concerned he's crashhacking hackers which doesn't bother me too much.
Yeah, and while we're at it, why don't we just stop policing neighborhoods with high crime rates? After all, residents are only committing crimes against other residents, right? It's just criminals attacking criminals, right?
Right?
...Right?
I wonder if there will ever, EVER be a thread with the word "hack" in it without a bunch of +1 posts saying things like "EVERYTIME I PLAY ON EAST PPL HACK LOL@"
I doubt it.
I'm waiting for someone with some technical knowledge to comment on this, since I don't know anything about this kind of thing. Hopefully R1CH can take a look, I'm sure he can figure anything out ;p
On May 05 2010 03:07 zealing wrote:
want a solution? iccup.com
I don't think this is a solution, only a way to run away. The guy could probably go on iccup and do it too, unless iccup uses a version of SC that can avoid this (don't think it does).
On May 05 2010 03:28 reincremate wrote:
It doesn't make sense for competitive players who don't play anything except 1v1 and 2v2 low moneywho knows about ICCup and who has a non-sucky internet connection to even bother with Bnet. (I have to play on Bnet most of the time due to inconsistently laggy shared internet, hence the ranting. Sorry for slightly off-topic post).
Fixed
|
yeahhhh!
go go R1CH BABYYY
U can make smth about this i am sure! 
|
On May 04 2010 12:57 Mindcrime wrote:Show nested quote +On May 04 2010 12:52 Excel Excel wrote:
Creating a new Bnet account will get around this, and so will creating passworded games, but I fear that eventually Frost will begin to prevent ALL people from hosting through some manner. that would be pretty epic tbh
Obviously it's not permanent if you can just make a new account and get back on, not sure what it is but he didn't hack your computer if that's what you're wondering.
|
On May 05 2010 04:18 GreEny K wrote:Show nested quote +On May 04 2010 12:57 Mindcrime wrote:On May 04 2010 12:52 Excel Excel wrote:
Creating a new Bnet account will get around this, and so will creating passworded games, but I fear that eventually Frost will begin to prevent ALL people from hosting through some manner. that would be pretty epic tbh Obviously it's not permanent if you can just make a new account and get back on, not sure what it is but he didn't hack your computer if that's what you're wondering.
Read the thread. It can be used to execute arbitrary code.
On May 05 2010 04:02 Boundz(DarKo) wrote:
This hack is so old.
Also there is no such thing as anti-drophack unless the person using the drophack is using some exploited drophack with anti-package feature.
Since you are clearly in the know with your "soooo old" comment, perhaps you would care to elaborate for us Plebs?
|
On May 04 2010 20:01 dhe95 wrote:From Hot_Bid's R1CH quotes thread: Show nested quote +Sent a copy of this to hacks@blizzard, but if you catch anyone in person, direct them to this thread as this seems serious enough to warrant attention:
---------------------
There appears to be a hack circulating in SC:BW where an oversized game name is passed to bnet upon game creation. Bnet does not perform input sanitization on this value before storing it. Bnet then sends this information back to the client when the client is at the join game screen, at which point the oversized game name is added to the join game list box. When the user clicks the entry, the list box text is copied into an unchecked 128 byte buffer and a stack-based buffer overflow occurs.
On a quick glance, the return address looks possibly controllable, meaning with the right length and combination of characters, this could be exploited to execute arbitrary code on the StarCraft client.
Vulnerable code resides in battle.snp @ base + 0x237D0:
190237D0 |. 8B1D BCA20319 mov ebx,dword ptr ds:[<&USER32.SendMessa>; USER32.SendMessageA
190237D6 |. 6A 00 push 0 ; /lParam = 0
190237D8 |. 6A 00 push 0 ; |wParam = 0
190237DA |. 68 88010000 push 188 ; |Message = LB_GETCURSEL
190237DF |. 56 push esi ; |hWnd
190237E0 |. FFD3 call ebx ; \SendMessageA
190237E2 |. 83F8 FF cmp eax,-1
190237E5 |. 0F84 7D000000 je battle.19023868
190237EB |. 8D95 70FFFFFF lea edx,dword ptr ss:[ebp-90]
190237F1 |. 52 push edx ; /lParam
190237F2 |. 50 push eax ; |wParam
190237F3 |. 68 89010000 push 189 ; |Message = LB_GETTEXT
190237F8 |. 56 push esi ; |hWnd
190237F9 |. FFD3 call ebx ; \SendMessageA
As shown here, LB_GETTEXT is used to pull the string out of the listbox into edx. edx points to a stack buffer of 128 bytes. Since the string in the listbox is controlled by the attacker as no bounds checking is done on either the client or the server, a stack-based buffer overflow occurs.
My suggested immediate fix would be to limit the maximum game name / mapname and other user-controlled parameters that the battle.net server will accept as this would not require a client patch. If the user submits to bnet values of greater length than the BW client would normally allow, they can be flagged as malicious and handled accordingly. An additional suggested client-side update in the next patch would validate the game name and other parameters received from battle.net before working with them, to protect the player from 3rd party servers.
I would appreciate being informed of any updates to this issue, as if no action is taken I will make my own unofficial patch to address this bug. Thanks! seems like R1CH already found this ages ago.
Thats not the same thing. This hack sends a certain amount of specific packets to a target person that results in their client crashing. It does not depend on them viewing the game in the lobby.
On May 05 2010 04:02 Boundz(DarKo) wrote:
Also there is no such thing as anti-drophack unless the person using the drophack is using some exploited drophack with anti-package feature.
There is indeed such a thing as an anti-drophack. Pretty much all drophacks rely on the fact that BW will crash or desync if sent certain malformed packets. Therefore, to develop an anti-drophack, one must simply block/handle those packets and make sure the client doesn't crash.
|
On May 04 2010 13:33 Amnesia wrote:
Let's get R1CH to stomp his ass
this :D
luckily i just use iccup and are prevented by such thing by the AH 
|
I tried joining one of those games awhile back, and strangely, whenever I start up BW since then, nothing happens, except it reset my resolution to 600x800. I then have to reopen the game, occasionally several times, before the game actually launches.
Does anyone else have this sort of problem?
|
Sounds like he has a bot to spot you then an irc bot network to flood your ip with bad packets in whats called a DOS or Denial of Service attack. I've seen this before on console games like halo I actually have met people who have done this recently and they confirmed my suspicions. This is actually a felony, it's pretty sad how far people go to cheat lmao. I recommend switching your router or modems ip# afterwards. You may be able to stop this kind of attack by using your nat properly or through a proxy server, it's been around for 20 years.. basically if i have a bot attach it to some torrents, as people d/l them they get infected with this trojan. It doesn't harm the host, what it does is "check in" whenever that computer has an active internet connection to an irc bot. Once you get hundreds or thousands of these bots on computers all over the world you can have them all bombard a target ip# with bad packets or ip packets that have spoofed return addresses. Each bot is only using a tiny fraction of the computers bandwidth theve infected sp they go unnoticed by the infected. The network of the target ip gets eaten up by all the bad packets and if your modem or router get backed up enough they will reset. Basically there is so much crap clogging your connection that the good stuff can't get through fast enough. I'm going to dig up the link to a much better explanation of this, I'll post it as soon as i find it. There have been large attacks used to blackmail websites such as gambling sites, when they get enough bots they can hold a site down for days with these kind of attacks. I believe there was a bot network brought down by the FBI that numbered in the millions, the guilty were caught when they attempted to collect their ransom. This is a bit of a generalization but this should give you the gist of it. This is what it sounds like to me. For the record I HAVE NEVER DONE ANYTHING LIKE THIS, I know about it because almost 15 years ago I was a little nerd and hung out with tons of brilliant nerds and it was pretty common back then because people were so naive when it came to computers. But then I discovered breasts and fell out of the nerd loop. Nowadays so many people have anti virus that it is a bit more difficult to get huge bot networks going.
The reason i suspect this is the culprit is because you said you loose all network service, that's a major tell tail sign of this type of attack. It probably subsides pretty quick because he's simply changing targets.
|
|
|
iccup wont let that happen!
|
|
|
man...some guys on bnet are jsut total jerks =_=
im gonna try this and see what happens...
edit: waited about 5 minutes, nothing happened =\
|
Hmm, just went there today and didn't see any of the FROST@USEAST>YOU games. Wonder why he stopped?
|
On May 05 2010 04:22 BalloonFight wrote:Show nested quote +On May 05 2010 04:18 GreEny K wrote:On May 04 2010 12:57 Mindcrime wrote:On May 04 2010 12:52 Excel Excel wrote:
Creating a new Bnet account will get around this, and so will creating passworded games, but I fear that eventually Frost will begin to prevent ALL people from hosting through some manner. that would be pretty epic tbh Obviously it's not permanent if you can just make a new account and get back on, not sure what it is but he didn't hack your computer if that's what you're wondering. Read the thread. It can be used to execute arbitrary code.
Code injection means arbitrary code using whatever SC/battle.net uses. If you use code injection into php, you get php code. I'm skeptical that you can use SC code to install arbitrary programs onto a computer.
The oh so cool hacker forum mentions something about a dlist, so they're probably adding names onto a continuously running list to either continually attack their bnet account or their internet connection. I'm going to assume the majority of their wannabe shenanigans is done by downloading this battle net packet sender and using their limited coding skills to achieve their narrow results.
|
Code injection means arbitrary code using whatever SC/battle.net uses. If you use code injection into php, you get php code. I'm skeptical that you can use SC code to install arbitrary programs onto a computer.
When shit gets executed from a stack/heap/etc. in overflows, bad things happen. It is literally "arbitrary" code, as in, EVERYTHING. Php and SQL injections are much more limited than overflow exploits.
Also, I thank Reborn8u for being one of the very few people who actually read the thread  .
|
I remember this happening before. the game name was Zynastor's New Drophack!
And, that Frost might not be Frost and some random bnet spoofer. that isnt a new hack. thats been out for about 5 months and it drops everyone in lobby by spamming "____ HAS JOINED THE GAME"
Its like you flooding cept its in the Lobby. wait network connection? well fuck..
not sure why you guys think USEast is funny. Frost@USWest might not be Frost@USEast. I use to call myself Grimmjow@World because i owned all Grimmjows (and still do) except the one on iccup..
|
I'm actually interested to see if this guy can take over all of bnet.
|
On May 05 2010 08:14 Pokebunny wrote:
I'm actually interested to see if this guy can take over all of bnet.
A guy tried and got jailed man not saying any names
just thinking about him makes my heart pump.
|
On May 05 2010 08:15 Kenpachi wrote:Show nested quote +On May 05 2010 08:14 Pokebunny wrote:
I'm actually interested to see if this guy can take over all of bnet. A guy tried and got jailed man not saying any names just thinking about him makes my heart pump.
lol what?
Also, talking about weird games. Today there's a DL ONLY: Crash RPG:Soulburn game being hosted on east. When you enter the game, all the slots are empty and you dl from nobody :o
|
Yeah I have had problems with him as well. It crossed my mind that it could be Blizzard just trying to get people switched to SC2, but that's highly unlikely.
|
Is this worth it? This guy could be looking at 10 years in prison if he gets caught? WTF is he thinking? I just laugh at them.... your risking 10 years of your life for what? It's sad when people think they are smart for doing something like this when they in fact are abysmally retarded! The kid in that link was also forced to pay 37k in restitution, how long do you think he'll be getting his paychecks docked after he gets out to pay that? I'm sure he's gonna find a good job after a 10 year prison stay.
If you want to taunt frost try getting on Bnet after setting your computer connection up through an anonymous proxy. If his attack no longer works it is because he can no longer detect your ip. Just your proxied Ip, which will probably be some huge server he can't possibly overload. So you will be free to tell him the penalties of his actions and make him feel very smart I'm sure.
|
Maybe Frost@USEast IS R1CH!
dun dun dunnnnnnnnn
probably not though, LoL
|
On May 04 2010 19:16 GTR wrote:![[image loading]](http://i30.tinypic.com/359cv0y.jpg)
Just gonna go out and say, that card would be fucking broke if it was real. Holy shit the imbalance of that card.
|
On May 05 2010 08:35 Chairman Ray wrote:
Yeah I have had problems with him as well. It crossed my mind that it could be Blizzard just trying to get people switched to SC2, but that's highly unlikely.
Well some people have said this has been going on for quite a while, so maybe it isn't blizzard trying to get people to sc2, although the thought reminds me of the mass mass mass starcraft / diablo 2 bans blizzard nailed people with for using programs that had been floating around b.net for years. This took place 1-2 weeks before a new WoW expansion was released.
So if it were blizzard trying to open up StarCraft 2 a bit, I think they'd just throw out mass bans again?
|
It could be because there was a software update for Bnet that detected 3rd party software that coincided with the wow release. If its not just a Bnet disconnect and as he said in the OP, he looses his internet connection all together it is a DOS attack(Denial of Service), which is a felony and I think it is absurd to even discuss blizzard doing that!
|
On May 05 2010 09:02 PhailSoBaller wrote:Just gonna go out and say, that card would be fucking broke if it was real. Holy shit the imbalance of that card.
"Sumonning[sic] Wizard".
LOL.
|
yea this hacker is gettin even worse now, basically if u host any public game on east or west now its gonna get fucked over by the hacker and mess the game up, basically can really only do private on west and east now... lameeeeeeeeeeeeeeee
|
What a bitch.. i want to see this for myself.
Hopefully this can get fixed by blizzard or SOMEONE, i'd hate to see the east and west gateways go down permanently 
|
yea this hacker is gettin even worse now, basically if u host any public game on east or west now its gonna get fucked over by the hacker and mess the game up, basically can really only do private on west and east now... lameeeeeeeeeeeeeeee
I just played a few games on East and definitely wasn't experiencing this problem. Thank God. I like my battlenet for times when I just wanna goof off and not ladder seriously and just relax.
|
Who really uses bnet except for shits and giggles anyways?
|
On May 05 2010 13:10 Lightwip wrote:
Who really uses bnet except for shits and giggles anyways?
Well i do
|
Can we get R1CH on this case already rofl
|
|
|
On May 05 2010 13:10 Lightwip wrote:
Who really uses bnet except for shits and giggles anyways?
No one on iCCup plays UMS (observer games), Melee, FFA, or anything besides Fighting Spirit/Andromeda/Python. You also cannot host 1v1/TvB games.
|
|
|
On May 05 2010 09:02 PhailSoBaller wrote:Just gonna go out and say, that card would be fucking broke if it was real. Holy shit the imbalance of that card.
It looks pretty trash to me. It requires a tribute and neither of it's effect generate advantage. The summon itself is a -1, or a +0 at best if revived through Call of the Haunted, and both of it's effects are +0. It seems like any deck that would consider running it has alternatives that can do the job better and be more consistent. I don't wanna turn this into a Yugioh thread so if you wanna discuss this further, I'll take it up in PM
Back on topic, I've noticed last night that US West was swarmed with SARAH @ BLIZZARD > U or some such. Seems like he changes the name every so often, but it's pretty obvious. It also disrupted a play/obs game I was joining. I guess it's OK as ICCUP has a pretty decent number of play/obs games, but it sucks because non ICCUP is where I fulfill my ums needs. And really, playing ums like "5v3 insane comp stomp x-peRtZ oNlY" is only fun with bnet pubs, and is kinda unfair in an environment where the likelihood of having better than D+ players is very very high
|
Dammit, this game name "moogle>all" does the same thing...
|
hrm I played a game on useast yesterday and nothing happened, I must just have been lucky I guess. I remember when I used to play Dota a bit some guy hosted games called 1v1 Dota @ Useast or something and then when you joined there was gay porn as the picture instead of the map. These people piss me off.
|
On May 06 2010 07:09 LunarDestiny wrote:
Dammit, this game name "moogle>all" does the same thing...
Lol I saw that just earlier today on battle.net(right before I saw this after months of skipping over it after thinking it was map hack or something but realized it hadn't been locked)but I didn't even join and the hack doesn't affect Macs at all ^^. Just another reason why I don't want a Windows computer.
|
On May 06 2010 02:22 Reborn8u wrote:![[image loading]](http://i130.photobucket.com/albums/p243/hedgehogguy/nerd.jpg)
6star for a 2700atk pretty good effect card. Nunchuck fuck right there.
|
there is a game name open called Frost@UsEast > YOU..
i clicked it and starcraft crashed completely. I could make games fine after.
|
On May 06 2010 09:32 larjarse wrote:
there is a game name open called Frost@UsEast > YOU..
i clicked it and starcraft crashed completely. I could make games fine after.
lol that just reminded of me of peter griffin and the "don't touch" button.
|
I should create a game called Frost vs Moggle vs Alalh or something and see how fast I get raped.
|
On May 06 2010 09:36 zealing wrote:Show nested quote +On May 06 2010 09:32 larjarse wrote:
there is a game name open called Frost@UsEast > YOU..
i clicked it and starcraft crashed completely. I could make games fine after. lol that just reminded of me of peter griffin and the "don't touch" button.
lol so did i
|
I'm still getting DoS'd. Looks like this is gonna last until his bot gets nuked.
|
As the words of the all wise Katt Williams... "You Shouldnt have been talking shit"
|
The fact is, as long as the hacker doesn't make it too obvious, maphack is 100% undetectable on bnet.
So BWHF and wDectector are completely useless in that regard.
Just play on iccup.
|
Lol this fucker is going down I am disconnecting my comp from the internet the moment I click on that game. Bitch it's a fucking show down.
Will post results, also will taunt him with my own games, let's see how this goes. Awwww he isn't on I guess I'll just wait in the room and dc my internet in case an internet thug comes in and does what he did to OP.
![[image loading]](http://i536.photobucket.com/albums/ff326/worldcup199/testing.jpg)
|
|
|
I should clear something up here:
-I acknowledged in the OP that my disconnections are not directly caused by the dropgames. In fact, I never mentioned the scenario as being caused by the dropgames.
The real problem here is that this Frost script kiddie somehow found a way to "blacklist" people from bnet. He DoS's anyone on his blacklist who makes a game. It looks for the game creator data and performs the attack if it matches a blacklist entry, presumably.
Sad to see that Allah was banned instantly, would be interesting to see if he claims affiliation with other droppers or not.
|
Sorry to bump but I found out which channel Frost Goes to if it matters at all.
Its op SCT/clan A14 a lot of people there know him.
|
Aha I think its better not knowing what channel he comes from regardleSs if you're gonna provoke him or not...run awayyy
|
Okay people, as I really don't like these so called "Battle.Net hackers". As for me, I have years of experience with computer networks as I work with company that has strict requirements about that sort of stuff.
Anyways, when I seen this post I did leave my SC2 for a bit to investigate this whole issue for a moment. But as I noticed that some people got nailed by this "hacker", I did prepare myself for this close encounter. Basically all I did was change my IP via proxy, firewalled my self in with Windows + another firewall (not Zone Alarm if anyone was curious ) and blocked all unnecessary ports (did leave ones for StarCraft Battle.Net, web browser and etc - all other things went close and would not open without my confirmation.
I made new account on US East SC1 server because I forgot my old one. I did search for games that had that name or similar but couldn't find any. After that I made game which said "Allah and discers FU". Waited for 15 minutes and noone showed up.
Called it a day and went next day into action but this time in different time as this "Frozen" maybe is not online or his bot is not active on certain times when most of USA people sleep. This time I got lucky, first after 5 minutes some guy pop's up but then he just went out like he was a spy or something or is just scared but anyways, 3-4 minutes after that guy named FFriends (maybe like Frost's Friends/friend or whatever). He asked me if I want to be droped, I responded by "Yeah man, pretty please". After that he just said: "wait a sec sucker", I waited for 5 more minutes with him in room waiting but nothing happened. After that he just went out of the game. I don't know if this was just someone pulling a prank or it was a real guy but I will try until I find that infamous "Frost" guy you were talking about.
|
it's not a ddos attack lol. its called astat attack and it forces you to do /stats on him until you are temp banned for flooding.
|
I Know This Guy.Hes The One That Stole My Friend`s SC2 Key.I Hope He Dies.
IM THE ANNOYINEST MAN(kid 9 year old)THATS GONNA USE ALL THE HACKS 1 BYE 1 INTILL I CAN DO SOMETHING ABOUT HIM!!!!WE NEED PEACE WHOS WITH ME!!!!!!(eVERYONE)YAAAAAAAA!!!!!!!!!!!!!!!!!!!!!!LET KILL THAT BITCH!!!!
User was banned for this post.
|
4 days ago my computer got hacked and I realized I hadn't had much anti-virus stuff so now I got norton and symantec on it. Maybe I really shouldn't have made like 20 games with the name "FROST@USEAST=GAY"
|
On August 10 2010 11:31 3FFA wrote:4 days ago my computer got hacked and I realized I hadn't had much anti-virus stuff so now I got norton and symantec on it. Maybe I really shouldn't have made like 20 games with the name "FROST@USEAST=GAY"
Yeah those two will protect you! Go use avast or kaspersky. I also doubt some kid that uses other peoples .dll's hacked you.
|
I saw this some weeks ago @ East.
I don't really remember if I joined of of those games, but I can remember that I would lose connection every 5 minutes after I rejoin B.net. It was around the same days I saw those hosts, I clicked on them but never joined though
Once I remember hack where a long game name was too longs and that would make the game crash to the main screen :S, even if you click it and don't join :/
|
On east right now and apparently he's still at it -_-
although my starcraft doesn't crash from his games, just if i try to join it says "unable to join selected game" and the map info is blank. Maybe cause i have a mac and his hack isn't compatible or some shit? haha
|
On August 02 2010 03:21 ReiKo wrote:Okay people, as I really don't like these so called "Battle.Net hackers". As for me, I have years of experience with computer networks as I work with company that has strict requirements about that sort of stuff. Anyways, when I seen this post I did leave my SC2 for a bit to investigate this whole issue for a moment. But as I noticed that some people got nailed by this "hacker", I did prepare myself for this close encounter. Basically all I did was change my IP via proxy, firewalled my self in with Windows + another firewall (not Zone Alarm if anyone was curious ) and blocked all unnecessary ports (did leave ones for StarCraft Battle.Net, web browser and etc - all other things went close and would not open without my confirmation.
AFAIK, it's a buffer overflow attack. The name is too long for its buffer, and it can :
- crash your Starcraft process
- let some arbitrary machine code run on your PC (= bad)
Changing your IP and blocking ports with firewall will do nothing... I think running SC in a sandbox is the only way to be safe.
I could be wrong though...
|
On August 02 2010 01:51 3FFA wrote:
Sorry to bump but I found out which channel Frost Goes to if it matters at all.
Its op SCT/clan A14 a lot of people there know him.
Fail bump is obviously fail. And this helps the OP (if he still even reads this) how?
User was temp banned for this post.
|
Just hosted a game named Frost/Allah SUCKS ASS
=)
|
Just saw a game named "Frost@USEast > You 2.0", caused the Blizzard opening scenario to start up and closes the games list if you highlight it on the list. It will then cause a fatal error when attempting to join another game, you must restart StarCraft to be able to join games. Don't know if it's been posted, thought I'd let it be known either way.
|
|
|
Where can i download this lobby hack? Just as proof of concept..
|
On September 01 2010 05:52 Sarcean wrote:
Just saw a game named "Frost@USEast > You 2.0", caused the Blizzard opening scenario to start up and closes the games list if you highlight it on the list. It will then cause a fatal error when attempting to join another game, you must restart StarCraft to be able to join games. Don't know if it's been posted, thought I'd let it be known either way.
i saw that either!!
it shows that blue blizzard screen and i have to exit sc
strange
|
Do you guys believe that this guy might secretly be employed by Blizzard to do their dirty work for them? Is it strange that this sort of hack hasn't been as common until Starcraft 2?
|
Hello all,
I am the founder of Clan A14. I have just recently come across this thread and noticed some talk about this Frost@useast nooB AKA- skeptic@useast being from my clan... Well I assure you he is not.. I have monitored him for quite some time and have found him to be nothing more than your standard ddos punk... Your connectiOns are safe... Unplug your router for 24 hrs and let your IP reset or do it through your ISP... and the ddos attack will end.. This poor lifeless child has nothing better to do I suppose.. But nevertheless , if he messes with you just load his channel for about 24 hours like I did and he will stop... Hope you read this Frost, I would love to see you again! 
Sorry to bump, just wanted to clear A14's name of such child play.
|
Croatia9489 Posts
ahhh Bnet... the number one source for entertainment!
|
that guy frost sounds to me like a 40 year old virgin
|
this is why everyone should play on iccup
|
I'd pound him to the ground and destory his computers if I found his location. Pussy.
|
|
|
*nuclear launch detected at frost home yes ?
|
I think forst is gone to be honest with you or he just stop making games but either way he was annoying with his hacks and i feel sorry for the opening poster losing the ability to host for a while but still forst is a person who just wants attention that's all :\
|
...Do people still play Bnet?
lol jk, watch out guys
|
On March 07 2011 01:17 Taekwon wrote:
...Do people still play Bnet?
lol jk, watch out guys
Im only on there to play 2v2v2v2 BGH + Asia is more active then iccup
|
Croatia9489 Posts
On March 07 2011 01:17 Taekwon wrote:
...Do people still play Bnet?
lol jk, watch out guys
BGH is where it's at... Holla!
|
I'm going to find him and then I'm going to eat him.
|
|
|
|
|
|
EPT
