http://teamfortress.tv/forum/thread/14006-meatshot-8-vol-5/11#post-229503
i told you so
From the CSGO thread: http://www.reddit.com/r/GlobalOffensive/comments/1y0kc1/vac_now_reads_all_the_domains_you_have_visited/cfgj8up
As someone who reverse engineers things for fun, and can read the C "pseudocode" generated via decompilation pretty easily, I am going to have to disagree with the assumptions made in this post.
First, there's no proof this is from Steam, I've poked around a few of the DLLs since I saw this and am unable to find anything even remotely close to what this does.
Second, this method does NOT send anything to Valve. This method grabs the DNS cache, yes. And it MD5s the entries, then it stores it. This method itself does nothing more with the hashes. For all we know VAC could be doing a LOCAL scan of the list, and comparing it to an internal list of "known" cheat subscription servers.
Until someone posts details of exactly where in Steam this is (What DLL is all that's required to verify), and the calling method that supposedly sends this information to Valve, I would take this with a very massive grain of salt.
Does that mean valve would actually ban based on internet history?
Because that's pretty funny
if you continue examining the code, you will notice that it will read the first 80 bytes of the .cfg file, hash it and send it to Valve along with other information.
in response to LKincheloe. vac clearly has had the ability to do it for a while now.
PapaSmurf323http://www.reddit.com/r/GlobalOffensive/comments/1y0kc1/vac_now_reads_all_the_domains_you_have_visited/
http://teamfortress.tv/forum/thread/14006-meatshot-8-vol-5/11#post-229503
i told you so
The difference I see between Valve and ESEA is chiefly that Valve isn't run by LPKane, and VAC has no history of mining bitcoins.
I honestly don't see why this is that big of a deal even if they can see what websites you go to.
How is this any different from google tailoring ads to your web history?
Not trying to be condescending, genuinely want to understand
See #3
If you're not comfortable with VAC checking wether you use cheats or not while playing on a VAC secure server, then you shouldn't play on VAC secure servers. I mean that's the point of AC, checking for cheats.
On the other hand an AC client that is able to access every file on your PC while mining bitcoins, when it shouldn't even be running is clearly doing a little bit more than just checking for cheats.
ReminixeI honestly don't see why this is that big of a deal even if they can see what websites you go to.
How is this any different from google tailoring ads to your web history?
Not trying to be condescending, genuinely want to understand
People don't like being tracked. Also people have things to hide. Even if they MD5 the websites, you can eventually figure out the sites by rainbow tabling a lot of sites.
Not saying it's likely for valve to do anything malicious, but they shouldn't need that data to do anti-cheat. It's like anal probing someone for a teeth cleaning, though less physically uncomfortable.
SetsulSee #3
If you're not comfortable with VAC checking wether you use cheats or not while playing on a VAC secure server, then you shouldn't play on VAC secure servers. I mean that's the point of AC, checking for cheats.
On the other hand an AC client that is able to access every file on your PC while mining bitcoins, when it shouldn't even be running is clearly doing a little bit more than just checking for cheats.
I'm just scared valve's gonna check my exhentai favs dude
eeeSetsulSee #3I'm just scared valve's gonna check my exhentai favs dude
If you're not comfortable with VAC checking wether you use cheats or not while playing on a VAC secure server, then you shouldn't play on VAC secure servers. I mean that's the point of AC, checking for cheats.
On the other hand an AC client that is able to access every file on your PC while mining bitcoins, when it shouldn't even be running is clearly doing a little bit more than just checking for cheats.
Don't worry, it's hashed, they will only recognize them if they already knew those sites.
brownymasterNot saying it's likely for valve to do anything malicious, but they shouldn't need that data to do anti-cheat. It's like anal probing someone for a teeth cleaning, though less physically uncomfortable.
The reddit post linked gives a pretty good idea of why they probably do it.
It's really hard for a program to figure out what other programs are running accurately, because it's really easy for programs to pretend to be something else. We had software on our laptops in high school that blocked access to most programs; we were able to get around it by just tricking it into thinking we were running internet explorer.
However, it's hard for a hack to mask its website; if people are looking for a cheat client, they can't be expected to find it on a different website every day, which is the only way checking the DNS wouldn't work. Otherwise, if someone goes to organner.pl, Valve now has a bit more reason to believe there's cheating software on the client's computer, and that can help them figure out how to detect it.
synchroHowever, it's hard for a hack to mask its website; if people are looking for a cheat client, they can't be expected to find it on a different website every day, which is the only way checking the DNS wouldn't work. Otherwise, if someone goes to organner.pl, Valve now has a bit more reason to believe there's cheating software on the client's computer, and that can help them figure out how to detect it.
Dammit, I really wanted to visit that site out of curiosity.
Then I remembered that might not be the greatest idea.
synchroThe reddit post linked gives a pretty good idea of why they probably do it.
It's really hard for a program to figure out what other programs are running accurately, because it's really easy for programs to pretend to be something else. We had software on our laptops in high school that blocked access to most programs; we were able to get around it by just tricking it into thinking we were running internet explorer.
However, it's hard for a hack to mask its website; if people are looking for a cheat client, they can't be expected to find it on a different website every day, which is the only way checking the DNS wouldn't work. Otherwise, if someone goes to organner.pl, Valve now has a bit more reason to believe there's cheating software on the client's computer, and that can help them figure out how to detect it.
http://www.tobys.dk/cs/img/design/logo.png
http://mpgh.net/forum/mpghv2/logo.gif
Grats, just got everyone viewing this page a hack site in their DNS cache.
That's a horrible way to do AC. Just link to an image on a hack site and it's on your DNS. Sure, they can be clues, but the evidence is NEVER conclusive looking at DNS, and really why it's just free data mining from players.
The "perfect" AC would only scan your current game and the OS, but of course there's almost always a way to circumvent detection. DNS isn't any strong evidence.
SetsulSee #3
If you're not comfortable with VAC checking wether you use cheats or not while playing on a VAC secure server, then you shouldn't play on VAC secure servers. I mean that's the point of AC, checking for cheats.
On the other hand an AC client that is able to access every file on your PC while mining bitcoins, when it shouldn't even be running is clearly doing a little bit more than just checking for cheats.
not how it worked
That's it I'm boycotting Valve and moving to Origin.
brownymasterThat's a horrible way to do AC. Just link to an image on a hack site and it's on your DNS.
acab
synchroI'm about to make a terrible analogy that I always call people out on buuut...
That's essentially the same as saying a description of a criminal is a terrible way to do police work. If you're looking for a white male, around 6' and 200 lbs, yeah, you're bound to get a ton of false positives.
However, it's still a starting point: it's fairly safe to say that of the 1000 people who have that site in their cache, there's probably at least one of them who actually uses the cheat. It's better than saying of the hundreds of thousands of people who have the game, at least one of them probably cheats.
But that's to find a specific suspect; if they're not going to investigate someone because they've never visited a hack site/have a hack site on their DNS, then it's pretty useless information. I just don't see it being very useful or necessary information for them to have.
Also, I don't think they very often do individual investigations (except when profiling and what not new cheats) and instead look at a statistical pool. The exceptions being people like Mr Kaori and Drunken Fool, which often isn't even related to in game cheating.
brownymasterI just don't see it being very useful or necessary information for them to have.
You could match the list of people who visited X cheat website with the list of people who run Y programs alongside their games. If the only people who run a program called TotallyNotACheat.exe are also all on a list of people who visited TotallyACheat.com, then that's pretty convincing evidence that TotallyNotACheat.exe is, in fact, a cheat.
browny, did you purposely turn that MPGH logo into a gif? lol
kirbybrowny, did you purposely turn that MPGH logo into a gif? lol
Nope, literally just googled counter strike hacks and took the first two link's logos.
Also, it's been so fucking long since I went on MPGH. I remember getting my first Maplestory VAC hacks and GGG bypasses there. And learning how to change CE's source code to obfuscate functions, learning assembly, god those days.
synchroYou could match the list of people who visited X cheat website with the list of people who run Y programs alongside their games. If the only people who run a program called TotallyNotACheat.exe are also all on a list of people who visited TotallyACheat.com, then that's pretty convincing evidence that TotallyNotACheat.exe is, in fact, a cheat.
So I could make a program that's called the same thing as a hack and visit the website, but not actually hack and still get banned? That's completely retarded and I'm pretty sure that's not how they do it.
AC should work on detecting injection or illegal memory reads, not reading your browser history and using circumstantial evidence. ACs should always catch a person in the act, not in any other way. Considering everybody is running VAC when they play on a VAC server, there shouldn't be any filtering between people who visited X website or not. It should be are you playing on a VAC server? If yes, run the VAC module and ban people who hack on these servers. Running a hack when you're not on a VAC server should not result in a VAC ban. You're "allowed" to do it (depends on the server owner obviously, but outside of valve's jurisdiction).
#19 VAC3 supports uploading executables and dlls to Valve directly for them to run them on VM, so that seems of little use to me in that case.
brownymasterwords?
I think you're have trouble reading what I'm typing.
I'm not saying they're going to ban people who go to these websites; I'm also not saying they're only going to go after people who have certain websites in their history.
What I'm saying is it's a research tool; it provides evidence as to what may or may not be a cheat. I've never once said it's a way for them to ban people, it's a way for them to discover cheats that might not be as easily found.