Warez Keys

[ShadowLord]

I have an idea, nothing real imaginative and probably not workable. Maybe good for a discussion though.

I like to look through the ban appeals on a regular basis, mostly for that comic relief we experienced in NeoAnder. I noticed that every time there is a ban for a warez key there is a list of a hundred different IP addresses. Has anyone else thought about slapping the whole list with an IP ban for a week or so? Couldn’t do it permanently with most people having dynamic IPs, but a week would probably be ok. Probably wouldn’t be possible without some form of optional UTAN ban list, even then it probably isn’t a good idea. Any thoughts?

[|KOA|The_Dave]

I have a better thought about warez keys: has anyone ever stopped to think that it's harsh to penalyze rightful owners of a game for having their key stolen by pirate servers and other malwares?

Or even beyond that... has anyone ever stopped to think that maybe there's a key generator out there that's capable of creating CD Keys which statistically every so often will overlap with legitimate ones that are out there?

If you search google, I guarantee you can find a UT 2004 key generator. Those stories about people buying new UT2004 copies from Amazon shrinkwrapped to discover their keys are already UTAN banned... yeah. It's proof that CD keys are ineffective as a means to combat piracy and cheating, honestly -- or at the very least proof that Epic didn't do enough to make sure their key system was secure.

[Shambler]

What other option do they have except for banning the stolen keys? (leave them unbanned and let the cheaters keep a working key?)
Sure it's bad for the owner of the key but right now there is no alternative. (hopefully UTAN 2.0 is not far off, then I believe the key can be 'locked down' to some degree)

Also, the chances of a key generator creating a key that has been validated on the master server is just tiny...it would probably take years, if not decades to get just a single working key.


Epic made a decent effort with the CD Key system in UT2k4 (despite a major flaw...and despite not taking the time to support some victims) and when UT2k7 comes around I'm sure they will have learned from their mistakes and will have measures to stop all of the existing problems.


For the time being tho, people just have to be extra careful about which servers they join/what programs they download etc. so that they don't have their key/key hash stolen. (for one...I recommend only joining servers that are in your favourites and which have a reputable community...*cough* Titan )

[|KOA|The_Dave]

Quote:

Originally Posted by Shambler

Also, the chances of a key generator creating a key that has been validated on the master server is just tiny...it would probably take years to get just a single working key.

Well, that's assuming that the master servers work using a white list rather than a black list. Do they? I'd think that the CD keys are simply algorithmic and that Epic bans keys from the master server on a black list rather than maintaining a known good key list as part of the master server. I could be wrong though. If I am, good for Epic going the whitelist route, much better than blacklisting after the fact.

Quote:

For the time being tho, people just have to be extra careful about which servers they join/what programs they download etc. so that they don't have their key/key hash stolen.

Social engineering is a b***h. Those that read this forum and who are tech-savvy in general may heed the warning... but some 12 year old kid looking to play sniper rifles who's never even thought of admining a server isn't going to give a second thought to double clicking some unknown sniper server listed in their master browser. And even with a warning, if you're a new player to the game, it'd be near impossible to know which servers are "reputable" versus non.

I do agree with what UTAN tries to do, honestly -- keep cheaters out of UT2K4. But as has been brought up many times in many other threads ... is anti-cheat worth it when it starts penalyzing those who do nothing wrong except acts of ignorance or stupidity (i.e. connecting to "bad" servers, downloading malware, et cetera)?

[cowbar]

Ignorantia juris non excusat

[Shambler]

Quote:

Originally Posted by |KOA|The_Dave

I do agree with what UTAN tries to do, honestly -- keep cheaters out of UT2K4. But as has been brought up many times in many other threads ... is anti-cheat worth it when it starts penalyzing those who do nothing wrong except acts of ignorance or stupidity (i.e. connecting to "bad" servers, downloading malware, et cetera)?

Well I've always assumed it was from a whitelist, hard to tell

As for joining bad servers...I don't think your key hash is going to be used for a LONG time (if at all) even if it is logged on a bad server, not unless a cheater doesn't like you

Also, don't think of UTAN as an anti-cheat thing...it's simply a ban manager and IMO: when a player loses the use of his key because of a cheater, it's 100% the fault of the cheater (and I would encourage victims to take 5 minutes writing a complaint to the cheaters ISP) UTAN is just enforcing the zero-tolerance policy towards cheating.
And as I mentioned earlier, UTAN 2.0 'should' have a way to lock-down keys too...so the UTAN guys are activly working on a soloution for some of those victims


Everyone can agree tho, the handling of these bans is certainly not ideal...Epic 'could' take the time to hand out new key's to the victims (but I think people should appreciate that this might be a lot of work for them, and they are busy with UT2k7).
UTAN can't do anything about it right now tho, people should just wait and see what UTAN 2.0 has to offer I guess.

[Azura]

Quote:

Originally Posted by Shambler

What other option do they have except for banning the stolen keys? (leave them unbanned and let the cheaters keep a working key?)

Limit use of a key to a geographical region or ISP.

Quote:

Originally Posted by Shambler

Epic made a decent effort with the CD Key system in UT2k4 (despite a major flaw...and despite not taking the time to support some victims) and when UT2k7 comes around I'm sure they will have learned from their mistakes and will have measures to stop all of the existing problems.

One thing that they hadn't imagined is using a server to obtain cd key hashes.

[Azura]

Quote:

Originally Posted by cowbar

Ignorantia juris non excusat

That's a famous quote that underlines something absurd : everyone is supposed to know the law but it's impossible for even the most informed lawyer to know every single law that exists or their various aspects.

[Shambler]

Quote:

Originally Posted by Azura

Limit use of a key to a geographical region or ISP.

As I hinted when I mentioned 'locking-down' keys in UTAN 2.0

Quote:

Originally Posted by Azura

One thing that they hadn't imagined is using a server to obtain cd key hashes.

That's what I meant when I mentioned 'a major flaw' in UT2k4's CD Key system (it's fixable too but it's a lot of work...I heard rumour of something along these lines in UTAN 2.0)

I'll point out that I don't directly know anything about UTAN 2.0, I've just heard about some of that.

[BonezFirner]

whats really happening with most cheats and how keys are being stolen is this.. most keys that have been stolen have been by cheaters.. i have taken a few good known cheats apart and have noticed that most of them actually have a type of spyware that actaully targets the system registery just for the ut2k4 cd key. i my self had one in my registery cause i wanted to know what the heck most of the things did.. i'm not going to say i never used it online cause everyone knows thats strait up BS. but i will say i used it on my own server with anti tcc running.. most pll say i used a cheat but it was never online with is fine if its true but with the aim bot going strait after the cd key anyways as long as that pc is online it will transmit that key to where ever its told 2.. i'm waiting one day that my key will end up banned cause it was used by a cheater.. one thing i did notice in comon with the 4 cheats i took apart is that they were all sending information to BT2.net which is some internet hosting comapny in japan.

anotehr thing i notice is when someone complains that there key was stolen and they just bought it from amazon.com, i've traced a few that have been used for almost a year if not longer. and most of them were banned cause of a cheat used by someone else or they traveled to a forien server and found out it was a fake server. i'm not saying that its not impossiable to create a cdkey generator that actually works but look at the user at fault. find out what and how.. for all we know it could be one of the botters just posting saying wtf why did i fianlly get cought of using someone elses key? i dunno if this made any since but thats my opinion on the matter of stolen keys

[cowbar]

Quote:

Originally Posted by Azura

That's a famous quote that underlines something absurd : everyone is supposed to know the law but it's impossible for even the most informed lawyer to know every single law that exists or their various aspects.

What is also part of it is that even though you are right saying no one can know every single law, assuming everyone is aware of the law is the only way to make it the system "waterproof". Otherwise everyone would just claim that they did not know the specific law they violated (=ignorance).

In my opinion the same goes for UTAN. The system cannot be effective if just claiming that you didn't know "something" (e.g.: aimbot installed, evil server, it was my bro, etc) was wrong.

If you can prove that even though you were in error (e.g. to join an evil server, install evil cd keystealing software) but did not know that it was a bad idea you (usually?) get a new CD key from Epic if only you are persistent enough. Also, since the price of a new copy of ut is not very high, one can consider it a relatively cheap fine, somewhat like a speeding ticket in Germany.

[LizardKing]

Is there not a way we can 'protect' our keys - make them inaccessible to simple bots? Encryption, move them to a different place, rename them, anything (in the registry that is).

Also, key generators mainly use logirithms to create keys - they work out how keys are generated. The chances of it generating a legitimate one that's registered at Epic is unlikely, and more so having multiple people generate that same key.And for the people who say they bought the game to find the key's stolen and has been in use for over a year I think is unlikely... The chances of that key being generated repeatedly are slim, plus I doubt Epic would activate keys that they haven't generated & shipped yet... Common sense, no?

A slightly better system would be that when a key is first picked up on the master server, it is locked to that geographic location. Then should it be stolen, it can only be used by a small area, making it more of a pain to find a key that you can use. And even if they did find it, they should watch out for the owner coming knocking on their door

[Shambler]

To 'protect' my key I just use two registry files, for adding and removing my key from the registry.

It's a lot more likely I would be caught out by playing on an unknown server however, with which the only protection is to be careful about the servers you join.

[ShadowLord]

What about locking it down by MAC address instead of geographic location? If I travel somewhere (for a LAN or buisness trip for instance) it would be nice to be able to use my copy of UT. They would of course have to provide some method of changing to a new MAC address in the instance of hardware failure or upgrade.

[Shambler]

IDK what they will do for UTAN 2.0/UT2k7...but IMO being able to combine a password and maybe your email address with your GUID (ala Steam, but not with all the extra crap) is the best way to go.

[omghax]

Quote:

Originally Posted by Shambler

IDK what they will do for UTAN 2.0/UT2k7...but IMO being able to combine a password and maybe your email address with your GUID (ala Steam, but not with all the extra crap) is the best way to go.

I support this idea 100%.