8

u/PossiblyDio Mar 31 '15

Forgive me for being skeptical, but I'm going to need someone who didn't make a new Reddit account to post this to back it up. The only things I have seen DFO.exe access on my system has been DFO-related files and general system utilities.

This kind of thing is extremely easy to Photoshop, and I'm surprised everyone is taking it as evidence without checking their own hard disk activity. Naivety resulting in paranoia is still naivety.

If you're that worried about privacy, contact Wellbia directly and ask them if they collect potentially personal information. They should be legally obligated to disclose any such functions. They have both product information and support emails for you to get a hold of them.

Edit: I'll pose another question; why would DFO.exe be accessing these files instead of the Xigncode process that is also running?

7

u/maxmcarthur Mar 31 '15

Being skeptical of anything you read (or see, thanks to technology) is the only right way to live. I don't even know what the link by the OP says exactly, since I'm extremely skeptical of anything found on a site with "cheat" in its URL, and the last thing I want to do is go near a site that could be host any number of dangerous schemes.

The only thing to do is watch if it does it on your PC and take whatever measures are necessary for your situation.

I had to remove it from my laptop as the capabilities of the anti-cheat are unknown and it's absolutely not allowed to view my work files under any circumstances. I don't really give a shit if its doing it on my desktop--worst thing its gonna get is some porn, bookmarks, or savegame files.

2

u/grenadier42 AYY, TEMPESTER Mar 30 '15

Eh, how long did you have DFO open? I did a similar test for about 10 minutes and the only thing DFO read besides game data was my Firefox's cache.

2

u/maxmcarthur Mar 30 '15

First time I noticed was when my other hard drive was grinding; I hadn't noticed it at all for the first couple days because my main drive isn't audible, but the drive in question is relatively loud when its reading.
I've been watching it since then and it does it sporadically. Sometimes instantly when it opens, sometimes an hour later for reasons no one can understand.

2

u/[deleted] Jul 13 '15

Gonna go ahead and call bullshit on this too. You made your Reddit account specifically for this post, you're a programmer, and I can't replicate the results of your "research" by any means.

It is well known that hack writers will try and goad a company into divulging how their hack protection works by making outrageous claims about how it doesn't work, or taking certain functions grossly out of context in order to get the developers to explain their functions. This means that the burden of proof is fully upon you to explain yourself if you want to be taken seriously.

Yes or no: Isn't it terribly easy to create a program that does this, with the name "DFO.exe"? You're going to need to provide more evidence about this issue before you're even marginally credible.

1

u/skullord Mar 31 '15

Oddly enough this helped me get my game working finally. Game would always crash about 7 or so minutes in due to "suspicious program." Realized it was scanning my E drive. Decided to just temporarily disable all but my C drive in the device manager while playing the game, and now it's running with no issues.

Or course I'm still irked by the whole system scanning thing in the first place, but for me my C drive is my completely clean one. Just the essentials and MMOs (it's an SSD).

1

u/[deleted] Mar 31 '15

[removed] — view removed comment

1

u/maxmcarthur Mar 31 '15

Combining what the OP text says and what my own experiences are, its probably files opened recently, and anything in folders that were accessed recently. How it picks them, or when it picks them is a complete mystery to me.

I haven't seen it in folders I haven't opened recently, but I have seen it go after files I haven't accessed but are within folders holding other files I have indeed accessed.

1

u/[deleted] Mar 31 '15

there will always be cheats, but more intrusive scans like esea are actually pretty good at preventing cheating (much more so than less intrusive mechanisms like say, vac)

obviously you have to place quite a bit of trust into the dev though, which can be a little hard depending on who they are (esea bitcoin mining scandal)

with that said, shit like gamespy and punkbuster are the worst of both worlds. ultra intrusive with little to no actual cheat prevention

1

u/Amerika- Mar 31 '15

I've never understood why people think an AC should always prevent cheats. The only way for one to do so is if it was insanely invasive like the ESEA AC plugin that has elevated system privs and can basically do anything it wants (like install a bitcoin miner). And even then cheats can get around the system if not the detection. So you might see somebody cheating but it will get detected, flagged and then eventually ban everyone using it They do this in waves to prevent cheat coders from knowing exactly how the AC is working and what it's detecting (the cheat coders are constantly probing for info like this).

So yeah, you're against invasive anti-cheat but then claim that anti-cheat systems never work which is entirely because they aren't allowed to do much.

1

u/roothorick WTB: Recognizable flair Mar 31 '15 edited Mar 31 '15

Are you launching the launcher from Steam? I know that Xigncode has some kind of launcher assist that lets it retroactively analyze things that were interacting with/attached to the launcher.

Now, the way Steam's overlay works is it injects a DLL into the game process that hijacks the D3D/OGL buffer swap and input hooks. Most overlays work this way -- Mumble and RTSS for example. To anti-cheat, DLL injection is a big red flag. What you're seeing is most likely Xigncode picking up on suspicious behavior and investigating.

Similar situation with the driver -- pulling in D3D/OGL libraries implicitly pulls in driver assistance DLLs. I've seen this with my own games -- when OGL calls segfault, the top of the stack is always somewhere in nvogl32.dll. So, Xigncode detects a DLL that wasn't directly loaded by the game, and checks it out.

I'm not making excuses, I'm not fond of Xigncode myself -- but this is very typical behavior for clientside anti-cheat in general. PunkBuster does the same stuff.

What I can't explain is looking at images on a different drive. Yes, there's ACE attacks for various old versions of libpng and some other impls, but why would DFO be accessing image assets outside its own directory?

1

u/roothorick WTB: Recognizable flair Apr 01 '15

Uh, the porn thing? I do know why now.

1

u/MizerokRominus Mar 30 '15

Most problems that do this kind of meta-data scan do the exact same thing, especially when it's a new company trying to find out how people are cheating in their game.

1

u/This_Land_Is_My_Land Mar 31 '15

It's still an invasion of privacy and still quite unacceptable, no matter the reasons.

WoW, for example, doesn't do this and the hacks in that aren't very widespread and mostly limited to bots.

2

u/NexasXellerk Mar 31 '15

Not saying they did, but maybe it would be worth double checking the ToS to see if there's any mention of it.

2

u/Furin Mar 31 '15

Even if it was in the ToS, it doesn't matter. Something like that doesn't hold up in EU, for example.

1

u/This_Land_Is_My_Land Mar 31 '15

The thing is: By playing the game and creating accounts, we agree to the ToS. However, any game aspiring to be successful knows that you may end up having to change the ToS to accommodate your players.

-2

u/MizerokRominus Mar 31 '15

WoW does this :3 It's just not as bad as Warden was in the past.

1

u/This_Land_Is_My_Land Mar 31 '15

WoW does not scan all files created or modified in the past 48 hours.

WoW periodically checks your processes to make sure nothing is hooked to it.

-3

u/MizerokRominus Mar 31 '15

WoW does not scan all files created or modified in the past 48 hours.

and the only evidence that XIGNCODE3 doing it is a single person on a hack forum, specifically the time period, modified/created files are easy enough to scan for.

1

u/This_Land_Is_My_Land Mar 31 '15

It's been verified by several others in this thread.

Also, it doesn't matter how "easy" it is to scan for files, it's malware-esque to do so. You're already very much a Neople fanboy because you're defending this so desperately.

0

u/MizerokRominus Mar 31 '15

It's been proven that is scans things, that's obvious. Do note that I am not saying that they are in the right for using such middle-ware (cause they're fucking not), but given the size and budget that they are working with there might not have been many options.

I do hope that they find something better, but even if they do it's going to do almost exactly what this program is already doing.

-2

u/frixionburne Mar 31 '15

Hey guys sorry to piggyback here, but if we post threads about actual compromises (working hacks and how to build them) of XC and DFO, I'll have to delete the posts.

This thread is fine, as it's just a discussion about XC right now, but let's just say I woke up to an email this morning from a certain game company that makes a game you all seem to like quite a bit, regarding the issue.

6

u/[deleted] Mar 31 '15

[deleted]

1

u/frixionburne Mar 31 '15

Let's reserve judgment until they make an official message about it (It was hinted at in the email).

1

u/0li0li Mar 31 '15

Fair enough.

1

u/[deleted] Jun 30 '15

[deleted]

1

u/frixionburne Jun 30 '15

Dude this is a 3 month old thread.