wc3edit.net

United Warcraft 3 map hacking!
It is currently March 28th, 2024, 10:43 am

All times are UTC




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: April 30th, 2009, 9:49 am 
Offline
Newcomer

Joined: December 25th, 2007, 7:01 pm
Posts: 12
Can someone explain to me how this is exactly done with an automated switch that goes off, when someone is manually kicked from the game?

This is my experience:

The only Windows program I use, because Battle.net is so fucking stupid, I have to make an executable file and reconvert it with binaries... so I can program my own Auto Refresher. I use Mono Frame working tools and X11 to execute commands, and not through Boot Camp or Virtual PC to perform my Mac OS X or Linux OS. I use the Auto Refresh program I made in binaries.

Anyway, I was hosting this game. Usual shit... spoofs think they can join my game.

I ask this guy, he calls himself THEBURNINATOR with his spoof, what his real profile is. If it checks out, I let them stay. Basically I do have a ban list, so I'm making sure it's not one of those people.

Well, he says: "If you kick me you will die," or whatever. Usual idle threats.

I don't have a screen shot of everything, but I managed to tag another one of his also known as. He's got a Diablo account I think, too.

Anyway, long story short: When I kick him, AS SOON AS I KICK HIM, my auto refresh is fucking up. Stops working. I quit it, quit terminal and X11, and reboot my auto refresher. STILL not working. So I force quit it. Not working again. Then I exit the game, and decide to remake. See if that works... I look at my map folder and every single map is "unavailable." I forget the actual message, but it was somewhere along the lines of "cannot locate file in map directory." And I was like, shit... fucking weird. So I reboot Warcraft 3, and I try to create again. THIS TIME My refresher is going fucking nuts: Every single man and his dog is joining my game and leaving like my refresher. Then my refresher comes up with:

BORZ-DA-GANGSTA has joined the game.
BORZ-DA-GANGSTA has left the game.

For all the slots. This guy, whoever he is, hacked my map directory for custom lobby, then fucks up my auto refresher... and not only that, when I quit the second game I make, I lost my connection to Battle.net, and somehow I cannot access any of the American Servers.

Look, I'm no idiot when it comes to security and protection. But it was the damn speed of the hacking that was damn impressive: it was automatic. There's got to be some permissions that are being exploited somewhere through script: this was no brute force.

Should I attempt to get help from Blizzard? I don't have any real information to give to point to the culprit, because everything was spoofed, and even my anti-spoof wasn't working.


Last edited by Pointsharp on May 1st, 2009, 6:59 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: April 30th, 2009, 10:51 am 
Offline
Forum Staff
User avatar

Joined: June 9th, 2008, 9:51 am
Posts: 685
Location: Finland
GG-pwnt by Warden.

_________________
Image


Top
 Profile  
 
PostPosted: April 30th, 2009, 8:28 pm 
Offline
Newcomer

Joined: December 25th, 2007, 7:01 pm
Posts: 12
Hillo wrote:
GG-pwnt by Warden.


This has nothing to do with Warden. Not exactly a helpful comment...


Top
 Profile  
 
PostPosted: May 1st, 2009, 6:57 am 
Offline
Newcomer

Joined: December 25th, 2007, 7:01 pm
Posts: 12
Update: it seems even when I shut down Mono Frameworks, Terminal and X11, it still does the hack.

I managed to close slots and try a game for play with the hack, and every 3 seconds, the game showed everyone in the game lagging, with the "Waiting for players..." box.

As soon as I quit the game got another lost connection, and cannot access the server I was using.

There were all sorts of different user names, but I recognized a few the second time around, from the first time. So it seems that either it's a bunch of bots, or it's one bot that's spoofing the names. It's in overdrive anyway, because as soon as they connect, they disconnect. It's essentially a variation of a DDoS attack.

What's interesting is that I don't really think there is a way to prevent a Denial of Service attack... unless I contact blizzard about it.

Has anyone got any tips how to trace whoever is doing it? All I've got to go on are spoofed names.

Oh, and it has to be Mac OS X compatible, please.


Top
 Profile  
 
PostPosted: May 1st, 2009, 7:31 pm 
Offline
Tyrannical Drama Queen
User avatar

Joined: November 19th, 2007, 5:05 am
Posts: 5014
I would suggest PMing Dekar, as I think he'd be the only one with experience in this sort of thing.

And Hillo...did you read what he said at all?


Top
 Profile  
 
PostPosted: May 1st, 2009, 9:21 pm 
Offline
Forum Staff
User avatar

Joined: June 2nd, 2007, 6:53 pm
Posts: 2732
Title: I Just Lost the Game
Try running a program to log all your connections, so you can see where they're coming from. If you get an IP, you can probably report them to Blizzard; they're using their game as a means of attacking people.

_________________
My Warcraft III Tool Collection
If you want to chat/game with me:
Blizzard: Senethior459#1962
Discord: Kyle#7409
Steam: Spacekidkyle


Top
 Profile  
 
PostPosted: May 2nd, 2009, 9:20 am 
Offline
Newcomer

Joined: December 25th, 2007, 7:01 pm
Posts: 12
Sorry for the double posts, guys. But I had to show an update to the situation by updating the last post sent, so I could bump the topic to get replies.

Bartimaeus wrote:
I would suggest PMing Dekar, as I think he'd be the only one with experience in this sort of thing.

And Hillo...did you read what he said at all?


OK, I will PM him.

Senethior459 wrote:
Try running a program to log all your connections, so you can see where they're coming from. If you get an IP, you can probably report them to Blizzard; they're using their game as a means of attacking people.


Can you give an example? I haven't had to do this on Mac OS X before.


Top
 Profile  
 
PostPosted: May 2nd, 2009, 12:30 pm 
Offline
Forum Drunk
User avatar

Joined: January 17th, 2007, 4:22 pm
Posts: 2903
Location: Darmstadt, Germany
Ohh right, WC3 uses udp which allows IP spoofing and might could do nasty stuff... But corrupting your map folder? In a way it works again later? Sounds more like a bug with wc3 or the refresher. But it really could be a ddos attack and since the game traffic is afaik udp only you can't trace him. Not even Blizzard could, I read an article about tracing ip-spoofed traffic about a year ago and it said you'd have no chance if you're a normal guy. Hows X11 on mac? I always read it'd be the hell XD Have you tried changing your IP (If you have dynamic IP) or log in with a different bnet account using a different port? If you have a static IP and this stuff goes on you should get a Linux machine with applied tarpit patches, that could surely stop him. But as a first measure you should change the port! good luck ;)

_________________
Don't pm me with Warcraft questions, this is a forum so just make a post!

In the world of thinking we are all immigrants. -Robert Nozick


Top
 Profile  
 
PostPosted: May 3rd, 2009, 7:34 am 
Offline
Newcomer

Joined: December 25th, 2007, 7:01 pm
Posts: 12
Dekar wrote:
Ohh right, WC3 uses udp which allows IP spoofing and might could do nasty stuff... But corrupting your map folder? In a way it works again later? Sounds more like a bug with wc3 or the refresher. But it really could be a ddos attack and since the game traffic is afaik udp only you can't trace him. Not even Blizzard could, I read an article about tracing ip-spoofed traffic about a year ago and it said you'd have no chance if you're a normal guy. Hows X11 on mac? I always read it'd be the hell XD Have you tried changing your IP (If you have dynamic IP) or log in with a different bnet account using a different port? If you have a static IP and this stuff goes on you should get a Linux machine with applied tarpit patches, that could surely stop him. But as a first measure you should change the port! good luck ;)


The point is, it doesn't even matter if you change ports, cancel the refresher, or force quit every single program: allowing Mono Frameworks to have a .exe file work with the
system is at the moment, allowing the hack on the refresher to never stop, even if you manually quit tasks (processes) in the Mac OS X equivalent of task manager, Activity Monitor.

The corruption on the map folder is file specific: any files in the directory are corrupted. I simply removed the corrupted files, and inputted copies of them back into the correct folders.

X11 is a damn pain... I usually manually boot the refresher through terminal when it starts to constantly crash. I had a static for the connection I had, no dynamic here.

Yeah, sure I could play Warcraft 3 on Linux and use Tarpit... but I want the damn status quo, and no one is going to change my personal preferences to how I play the game and what system I run it on. I am not compromising my system while I play the game to this... anti-social time-waster.

I have a port range, so if one is blocked, it goes on the other. 6112-6119. All are blocked during this process, because it's Warden that's doing the CD key or IP banning, not this guy. He's manipulating Warden using a DDoS attack. Warden reacts to the threat, and kills it. Unfortunately I'm the target, due to the laser pointer being homed in on me, due to this hacker.

I can spoof my own IP (I also have many different computers I can use, and I'm in many locations), and I have many CD keys... I'm no slouch on Battle.net.

Are there any Mac Experts on here? Maybe I could scrap the auto refresh I made, and find a more secure project for Mac OS X that's being worked on? I understand there's some Dutch project in the works, but Java script is failing to work for Mac OS X for the program: something about the drivers.

Again, the problem isn't accessing Battle.net. The problem is, this fucker finds me and hacks me, so I get banned, no matter what I do, so it's either an infection, or he's tracking me somehow.

So basically in a summary, the guy is forcing me to be unable to host without getting banned. I tried deleting all my auto refresh files the other day... I even re-installed and removed X11 and Mono Frameworks as well at alt.binaries (and any other tools I used to make it), etc. And the thing STILL was infiltrating my hosts.

Shall I run a motion capture of the hack? See if you can watch it, then whatever information you get, do something about it?


Top
 Profile  
 
PostPosted: September 18th, 2009, 6:50 pm 
Offline
Member

Joined: March 9th, 2008, 8:13 pm
Posts: 58
Location: Ask me personally.
Title: Demonoid Hacker
I know I'm no expert but a lot of times the answer is so simple that professionals dont even notice it. Something as simple as a typo in some cases. So why not treat this like any other infection? If you havn't already tried hijacker and or some anti viruses and also if hes using Warden then log the Ip, ps blizzard will help you.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC


Who is online

Users browsing this forum: Bing [Bot] and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO


Privacy Policy Statement
Impressum (German)