World of Warcraft hackers using Sony BMG rootkit

Phoenix86

Supreme [H]ardness
Joined
Mar 28, 2002
Messages
6,653
Article

Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD.

World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software--deemed a "rootkit" by many security experts--is shipped with tens of thousands of the record company's music titles.

Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG's content protection, which only requires that the hacker add the prefix "$sys$" to file names.

Despite making a patch available on Wednesday to consumers to amend its copy protection software's behavior, Sony BMG and First 4 Internet, the maker of the content protection technology, have both disputed claims that their system could harm the security of a Windows system. Yet, other software makers that rely on the integrity of the operating system are finding that hidden code makes security impossible.


Posted by: Robert Lemos
 
The effects on WoW won't be too bad imho. Characters can get red flagged ingame if they are doing impossible things. Now for the first person shooters.. its going to be up to server admins to curb cheating..

And we all have stories of "great" admins :(
 
Masume said:
The effects on WoW won't be too bad imho. Characters can get red flagged ingame if they are doing impossible things. Now for the first person shooters.. its going to be up to server admins to curb cheating..

And we all have stories of "great" admins :(

Will this apply to FPS's too? Forgive my cheating ignorance, but do FPS hacks usually also run as seperate apps in the background? Is that also how Punkbuster / etc detect cheats?

 
Wow, this makes me smile. It is things like this that make the world start to see how intrusive and damaging DRM is, and will start to step up against it.
 
NulloModo said:
Wow, this makes me smile. It is things like this that make the world start to see how intrusive and damaging DRM is, and will start to step up against it.

QFT (does a little dance)
 
Bah if you can make it you can break it, we always knew that... Nothing new. They can curb serious cheating fairly simply. If someone is walking faster then 200% or something they get flagged and recorded by the server... something like that would be fine. Just add "If greater than" statements to everything...

It'll be okay... don't worry.
 
there will always be hacking . get used to it. sucks when people ruin a good thing. But nothing ya can do about it.
 
I wonder if sony is doing this to purposely hurt Microsoft. This could be sony attacking microsoft on another front aside from the console world...
 
dagon11985 said:
I wonder if sony is doing this to purposely hurt Microsoft. This could be sony attacking microsoft on another front aside from the console world...

wouldn't that fall under corporate espionage and thus be highly illegal?
 
we need a strict type of totalitarianism established soley for gaming.

whos with me!
 
Must be nice to pay monthly charges and watch others hack their way to greatness.
 
HRslammR said:
wouldn't that fall under corporate espionage and thus be highly illegal?

Hell, Sony's DRM violates numerous laws in numerous countries just being what it is. I smell a class action suite before it's all over.

For any of you that haven't had the joy of your blood boiling over this yet need only to read this.
 
Ron1jed said:
there will always be hacking . get used to it. sucks when people ruin a good thing. But nothing ya can do about it.
True, however this method, and the fact it's exploiting Sony is new.
Bo_Bice said:
we need a strict type of totalitarianism established soley for gaming.

whos with me!
We take it in turns to be a sort of executive officer for the week...
...but all the decisions of that officer have to be ratified at a special bi-weekly meeting...
 
What I find absolutely humorous about this whole situation is how BMG defines copy protection. This very copy protection is the reason why I could not transfer, to my iPOD, any of the songs from the new Foo Fighters CD "In your honor" which I purchased. This in turn caused me to have to download the songs off of a P2P system so I could listen to the songs, I legally purchased, on my iPOD.

Now this very same copy protection is allowing others to bypass protection for other products such as World Of Warcraft, which I do play and ths pay a monthly fee for.

So in BMGs efforts to stem piracy, they have managed to increase it astronomically. GG Sony and BMG, it will now require a medical procedure to remove your collective heads from your collective asses.
 
cgrant26 said:
Hell, Sony's DRM violates numerous laws in numerous countries just being what it is. I smell a class action suite before it's all over.

For any of you that haven't had the joy of your blood boiling over this yet need only to read this.

Holy hell that did make my blood boil! I think you guys are probably right about class action suits once this shit wrecks enough people's computers.
 
A simple worm released on the net could theoretically destroy all computers that have ever run a Sony made DRM CD.

Hiding hacks for World of Warcraft is just the tip of the iceberg. This loophole can be used to mask keyloggers, or to complete hide your complete system by simply renaming all folders and files. Sony basically allowed an easy script for any hacker to affect a computer as he pleases. Since the files end up completly hidden, Anti-virus programs cannot detect them.

Oh, and for those wondering, these music CD's don't affect Macs:p.
 
Firebot said:
A simple worm released on the net could theoretically destroy all computers that have ever run a Sony made DRM CD.

Hiding hacks for World of Warcraft is just the tip of the iceberg. This loophole can be used to mask keyloggers, or to complete hide your complete system by simply renaming all folders and files. Sony basically allowed an easy script for any hacker to affect a computer as he pleases. Since the files end up completly hidden, Anti-virus programs cannot detect them.

Oh, and for those wondering, these music CD's don't affect Macs:p.
no, but your are still using a mac. you lose anyway.
 
Draax said:
So in BMGs efforts to stem piracy, they have managed to increase it astronomically.

That's the law of unintended consequences -- closely related to the 2nd Law of Thermodynamics (disorder in a system tends to increase over time) and chaos theory -- in action. Once things become sufficiently complex, it's difficult if not impossible to predict the final consequences of even the smallest actions one might take.

<begin_political_sidebar> It's akin to Iraq: a military campaign ostensibly intended to quell and prevent terrorism has resulted in increases in worldwide incidents of terrorism every single year of its existence. That particular consequence, though, was predicted by many, many people ... but those predictions were dismissed by those in charge. Thus we have the result we see today: 2000+ dead, hundreds of billions of dtax dollars spent and no end in sight. <end_political_sidebar>
 
busta_cap said:
That's the law of unintended consequences -- closely related to the 2nd Law of Thermodynamics (disorder in a system tends to increase over time) and chaos theory -- in action. Once things become sufficiently complex, it's difficult if not impossible to predict the final consequences of even the smallest actions one might take.

<begin_political_sidebar> It's akin to Iraq: a military campaign ostensibly intended to quell and prevent terrorism has resulted in increases in worldwide incidents of terrorism every single year of its existence. That particular consequence, though, was predicted by many, many people ... but those predictions were dismissed by those in charge. Thus we have the result we see today: 2000+ dead, hundreds of billions of dtax dollars spent and no end in sight. <end_political_sidebar>
and no republicans elected in 08. unless jebus comes back and gives them his blessing, i dont see much for that party in the near future.
 
Why couldn't hackers and the like just use/make their own rootkit to hide cheats?
 
Draax said:
What I find absolutely humorous about this whole situation is how BMG defines copy protection. This very copy protection is the reason why I could not transfer, to my iPOD, any of the songs from the new Foo Fighters CD "In your honor" which I purchased. This in turn caused me to have to download the songs off of a P2P system so I could listen to the songs, I legally purchased, on my iPOD.


Dude dude dude, you and me are brothers :D

bought the same CD and ended up having to download the songs... and when you use their 'ripping' thing in the IE that pops up, it only does 128kbps. It sucks having to steal something that you pay for. (i DON'T download music, this was the only thing I've DLed in over a year)
 
NulloModo said:
Wow, this makes me smile. It is things like this that make the world start to see how intrusive and damaging DRM is, and will start to step up against it.
I wouldn't hold your breath. The american public has proven itself a willing cash cow, and seems completely incapable of being outraged over, well, pretty much anything.

Apathetic is a good word for it. As long as companies like Sony keep pumping out Brittney's and Backstreet boys, they won't truly wake up from their haze.

Don't expect the average public to give two shits about this or the next intrusive thing a Big Label comes out with.
 
busta_cap said:
That's the law of unintended consequences -- closely related to the 2nd Law of Thermodynamics (disorder in a system tends to increase over time) and chaos theory -- in action. Once things become sufficiently complex, it's difficult if not impossible to predict the final consequences of even the smallest actions one might take.

<begin_political_sidebar> It's akin to Iraq: a military campaign ostensibly intended to quell and prevent terrorism has resulted in increases in worldwide incidents of terrorism every single year of its existence. That particular consequence, though, was predicted by many, many people ... but those predictions were dismissed by those in charge. Thus we have the result we see today: 2000+ dead, hundreds of billions of dtax dollars spent and no end in sight. <end_political_sidebar>
I enjoyed reading that. No idea why. *takes another sip of vodka* Perhaps it is because it was so well written, yet had very little to do with the actual rootkit thing. lol. Whatever. Great post :D.
 
banGerprawN said:
I enjoyed reading that. No idea why. *takes another sip of vodka* Perhaps it is because it was so well written, yet had very little to do with the actual rootkit thing. lol. Whatever. Great post :D.

Thanx, and enjoy your potato juice. ;)

It wasn't really intended as a comment on the rootkit imbroglio, rather it was in response to Draax's post about BMG's efforts to stem piracy resulting in an increase in piracy.

It's off-topic, but I've always been fascinated by the perverse irony of the world. Examples:

  • The use of antibiotics meant to curtail disease leads to antibiotic-resistant strains of the disease more virulent and dangerous than the original. Would we have been better off not using the antibiotics in the first place?
  • The US funded and backed Osama bin Laden in his fight against the Afghanistan invasion by our enemy the Soviet Union. Once the Soviets left Afghanistan, bin Laden's organization slowly morphed into al Qaeda. We all know how that's turned out.
  • Prohibition of alcohol in the United States in the 20s led inexorably to the rise of the mafia as an underworld power. They were willing to defy the law to provide people with intoxicants, and made enormous profits doing it. With that money and power, the mafia bribed police and politicians to "look the other way" and allow them to distribute their booze. Thus, the banning of alcohol led to widespread corruption among law enforcement and government. See also: the War on Drugs.
  • The US's quotas on low cost imported steel were designed to protect the US steel industry. But the quotas make less cheap steel available to US car companies, so they have to pay more for steel than their foreign competitors do. The policy that protects one industry from foreign competition makes it harder for another industry to compete with imports, leading to a decline in the US auto industry.

As the saying goes, you're damned if you do and damned if you don't.
 
busta_cap said:

Sorry junior. The second law of thermodynamics, and chaos theory in general, only work when applied to the universe as a whole and have no relevance at all to this discussion. That's your psuedo-science. Of course, since wikipedia didn't tell you that, you wouldn't know.

You do now, and I'd like to suggest that you do some REAL reading on the subject. These books explain thermodynamics, and a number of other theories, very well and in plain english.

The Fabric of the Cosmos: Space, Time, and the Texture of Reality
The Elegant Universe: Superstrings, Hidden Dimensions, and the Quest for the Ultimate Theory
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
GhostDog said:
Sorry junior. The second law of thermodynamics, and chaos theory in general, only work when applied to the universe as a whole and have no relevance at all to this discussion. That's your psuedo-science. Of course, since wikipedia didn't tell you that, you wouldn't know.

For one thing, I've had a basic understanding of the principles of entropy and chaos theory long before the wikis (or the internet as a major system) even existed ... and probably since before you recieved your high school diploma. And for another, the 2nd law and chaos theory are absolutely not applicable solely to the universe as a whole. Whomever taught you that is either woefully misinformed on the subject or is saddled with obsolete and willfully exclusionary definitions. We can and do see their effects every single day of our lives.

<pedantry> Whether we are talking about the movement of energy (the traditional application of the second law) or the tendency of complex systems toward disorder, insights from thermodynamics can help us understand how these basic principles apply to almost all situations we encounter.

The hidebound are often overly literal-minded and only see the "small" picture of of the 2nd law of thermodynamics, applying to physics and physics alone. It is less disturbing to pure theoreticians to talk about hypothetical situations when discussing entropy; it's much more comforting to be able to describe the necessarily theoretical "closed system" in which the values of energy transfer and entropy increase can be precisely known. In thier adherence to the traditional, they ignore the closed system in which we all exist ... the universe. Any action we take has a measurable effect on the universe as a whole, and we could measure it if we just knew all the variables.

Subsets of a system can and often do behave in the same fashion as the larger system. All the events we can observe take place in that closed system (the universe), so the tendency toward disorder in the larger system is reflected in the subsets as well. An openminded look at the processes and results of any real-life situation you could possibly describe can be explained by application of the 2nd law.

A classic metaphor used to describe increasing entropy is the tidy room which, if energy is not expended in maintaining its order (cleanliness and organization), will become progressively more untidy and disordered (entropic). The process is irreversible and inexorable: regardless of how much energy you expend in maintaining the room, it will never be as clean and tidy as when it was brand new. Plus, the energy you use to do the housework has to come from somewhere (nutrition for your body, which requires an energy source external to the room). Since the total amount of available energy in the universe is necessarily finite, any energy you expend in cleaning the room has the result of reducing the available energy in the universe (in other words, increasing its entropy).

So despite all your most diligent efforts, the disorder in the subsystem (the room) will always increase, thus increasing the total disorder in the larger system (the universe).

What physics literalists often fail to understand is that this room analogy is not just an abstract metaphor, it's an actual reflection of the 2nd law made concrete. If we knew all the data that enters into any real-life situation (which isn't possible), we could calculate the decrease of available energy and increase of entropy in the universe as a whole. But the number of data points is too vastly enormous to ever be known, the fractal branches of interdependent permutations increases even as you observe them (altered and multiplied, in fact, by the very act of observation itself).

The less imaginative among us blithely ignore the obvious effects of entropy growth on everyday existence. With a bit of imagination, it's possible to see how the underlying principle can be relevant (and applied with amazing consistency, in fact) to other realms as well: economics, ecology, sociology, information theory, etc. The principle is very basic and intuitive, if you understand how to look at the problems before you.

If you knew all the variables of any given situation, you could describe their inevitable results with an equation. But you can't know all the variables of the closed system (the universe), and even if you could, the storage and processing of all that data would require an energy expenditure, adding yet another variable to the equation (i.e. where did the energy come from that's required to calculate the total amount of available energy in the universe?).

It doesn't take a great intuitive leap to tie that fact (we cannot know all the possible effects of changes to a complex system) to chaos theory (we cannot precisely calculate the effects of even small changes to a sufficiently complex system). And where the hell did you come up with the idea that chaos theory applies only to ultra-complex systems (the universe) without its effects cascading into less complicated ones (the weather, the stock market, your own body's health)? That's a very narrow and obtuse way of looking at things. </pedantry>

Before you condescend to someone, you'd be well served to actually know what you're talking about. :rolleyes:
 
Ya I am too, however this discussion is vearing off topic. Take your fancy talk over to genmay, and start talking about WoW rootkits or I'm gonna lock it up. :)
 
Earlier someone asked if this rootkit can hide cheats from punkbuster and the like.
Is this true? :(
 
D3v01D said:
Earlier someone asked if this rootkit can hide cheats from punkbuster and the like.
Is this true? :(

I would imagine that it can. If it can successfully hide itself from the operating system, I imagine that punkbuster would have to come up with some pretty sophisticated detection techniques to catch it without having to scan all files referenced in the registry.
 
You know, I built this comp with the intention of getting back into online play, having left because of the cheating problem. Now Sony drops a bomb that, theoretically, can defeat all current anti-cheating measures.
Needless to say I'm a little upset...
The level of irresponsibility demonstrated by Sony in letting this thing out into the wild is, in my mind, staggering (to say the least).
Perhaps game developers can sue Sony to re-coup the expense of developing a way to defeat this thing.
:mad:

[/rant]
 
The sad part is SWG is still going to suck, ever after the next combat upgrade :rolleyes: , and Sony managing to increase hacking in competitive products like WoW.
 
Back
Top