I'm certain they need to know your account name. If you can conceal your account name, you win.
Or change your account. Probably the best way to deal with this is to ALWAYS spoof. That way if you were encounter one of the "key stealers" for the FIRST time, it would be impossible for them to figure out the true name. If you meet them then spoof, it doesn't work at all, since your name will still be recognized and the spoof is useless. For example: If A spoofed as B, and C did /whois A, it would still show up.
Better yet, it's more effective to act more civilized and not hack like those power-hungry noobs who simply inject dll. and call themselves pro hackers. In all sincerity, though this act of pseudo warden act is wrong, a slight upside would be ridding one less basement dweller from battle.net. For the last time: Spoofing will not help you. There's a bot that runs 24/7 collecting information about users (including evidence of the hacks that person is using), and the information collected by the bot can help to identify users for bannage from the channel. The only way to protect yourself is to not use hacks like SPECIFICALLY Oblivion.
None.
I have a custom bot made by me. It logs some things that ping gnome doesn't, namely what hacks you use.
Post has been edited 1 time(s), last time on Sep 29 2010, 6:16 pm by Frost.
None.
That's not utterly terrifying.
"If a topic that clearly interest noone needs to be closed to underline the "we don't want this here" message, is up to debate."
-NudeRaider
SDE, BWAPI owner, hacker.
For the last time: Spoofing will not help you. There's a bot that runs 24/7 collecting information about users (including evidence of the hacks that person is using), and the information collected by the bot can help to identify users for bannage from the channel. The only way to protect yourself is to not use hacks like SPECIFICALLY Oblivion.
Ok, enough with the lame threats. They've been bothering me for quite a while now.
Using a digital install (just getting the digital key isn't enough, you'll have to re-install using the digital download) will completely prevent an attempt. Getting a new account and IP address is fine as long as you don't reveal who you are at all, however it does not prevent anything. Additionally, such information can't be retrieved from channels, only games.
Some basic protection, considering the exploit just went public.
I'm not going onto bnet anymore until I am assured that I can protect myself from teh haxorz.
None.
Basically the actual "key-stealing hack" wasn't released, just the details of how to perform it. It works in which whenever you join a game your Starcraft client send a few packets. One of said packets, (0x40) the same one that makes other players /astat you, actually contains your cd-key hash (+0x0E if I recall correctly.) All the hackers have to do is brute it and you'll have their key in a couple minutes or so.
It's a serious blunder on Blizzards part. I assume they originally had put it in so when hosts ban people it would ban their cd-key from the game (and not name), but they dropped it and just forgot to remove the part that sends your cd-key hash. Just a guess though, I'm not 100% sure. *Edit: It's validation for spawns.
Anywho, the protection I posted is simple in that it just changes your hash to 0. It will ABSOLUTELY prevent anyone from stealing your cd-key. Though a mod removed it because it's still technically considered a hack. I guess exceptions can't be made.
Post has been edited 2 time(s), last time on Oct 1 2010, 12:12 am by Monstrous.
None.
SDE, BWAPI owner, hacker.
Exceptions can be made. Staredit.net already supports several hacks including ChaosLauncher and Firegraft.
Does digital install COMPLETELY shut down any attempt? Like it's impossible?
Not impossible but extremely unlikely. The length of the key is increased dramatically. Even if someone does manage to write a digital brute force, the time needed to actually do it would be exponentially greater(I estimated at least 9 years on my 2.4 Ghz dual core, this doesn't include the far more intensive code required to handle such a key) as well as return hundreds, maybe thousands of "possible matches".
Starcraft keys themselves were insecure. Even if the 9-year time for generating digital keys were skipped, they would still need to test thousands of keys(and get IPBanned from battle.net thousands of times, each ban lasting a week or longer) before finding the one that works.
In short, digital keys are far more secure and are recommended.
Frost, I understand you're doing this with good intentions, but you have to understand that people are afraid not that you'll specificially hack them, but that people who discover your methods will.
If a person uses cdkey stealing for good, what stops others from using it for bad?
None.
I order you to forgive yourself!
This way of taking the keys is not new (AFAIK), they may have found it out not long ago, but I'm pretty sure it's always been doable. Battle.net was always insecure.
Correct me if I'm wrong.
Post has been edited 1 time(s), last time on Oct 2 2010, 4:44 am by Apos. Reason: I messed up 2 words together...
SDE, BWAPI owner, hacker.
It was a scare tactic afaik.
How do I get the digital download? Do I need to buy the game again?
None.
We can't explain the universe, just describe it; and we don't know whether our theories are true, we just know they're not wrong. >Harald Lesch
Go to battle.net, make an account, register your old sc1 key, download digital version.
It doesn't matter anymore. I'm pretty sure Frost is gone. I haven't seen one of his games for a couple of weeks now.
Ok... it turns out I don't have my CD key with me (I'm at "home" for thanksgiving), so I'll have to wait for a few days I guess...
None.
Frost is in jail, blizzard apparently either said "Pay 500k fine or jail lulz". Of course, no verification, that is just what I heard.
"If a topic that clearly interest noone needs to be closed to underline the "we don't want this here" message, is up to debate."
-NudeRaider