Staredit Network > Forums > General StarCraft > Topic: A way to prevent having your game renamed
A way to prevent having your game renamed
Dec 6 2013, 11:07 pm
By: Zhuinden  

Dec 6 2013, 11:07 pm Zhuinden Post #1



As much as it seems hypocritical from me, I love StarCraft, and I hate all the hacking that destroys every game for extended periods of time. That is why I've managed to tinker enough to figure out how to prevent getting hacked by all the losers.

You need either Windows Firewall and add some Inbound Rules to it, or a slightly more sophisticated and more verbose solution called Peerblock.
Using PeerBlock, you can specify IP addresses in a list and assign them an alias, and completely block all packets incoming from that specific IP address.

Currently I'm running Peerblock with the following entries:

IPREAP:205.204.82.68-205.204.82.68
GENOCIDER1:174.95.231.153-174.95.231.153
GENOCIDER2:72.89.93.126-72.89.93.126
GAMECRAWLER:158.255.213.147-158.255.213.147


So you could ask, but Genocider doesn't actually join your game (same for IPREAP and GameCrawler - they don't send aStat packets, as in they don't let you know about the fact that they joined your game), so how will you learn these IP addresses?

There is no more bruteforcier method than using Wireshark to determine the IPs that connect to you through StarCraft just before having your game renamed, but that is exactly what I did.
I opened up Wireshark, captured a few packets when I started hosting up to the point where my game name changed, added all of the IPs to the peerblock list, and the ones that periodically punch at you every time you host for 10-15 minutes, those are the automated hack systems and the genociders.
It might be slightly tedious, but it works!

I hope I somewhat helped against all the "FRUX REUNITED" and "CLAN SJ OWNS ALL" and other nonsensical game renames that are there just to troll everyone.



None.

Dec 6 2013, 11:29 pm jjf28 Post #2

Cartography Artisan

temping to take those ip addresses, make a program to flood them, and install the program on several computers around the university =D



TheNitesWhoSay - Clan Aura - github

Reached the top of StarCraft theory crafting 2:12 AM CST, August 2nd, 2014.

Dec 7 2013, 1:07 am trgk Post #3



// from wdetector dev's homepage
SC room name < 23byte (by default)
+ Super incredible long room name (180byte packet instead of 8byte ping?)
-> Buffer overflow. "Frux > You" everywhere.
(Everyone who seen the Fruxed room in game lobby/room list( maybe both? ) will have their room Fruxed;)

Solution : block room name containing Frux / Fix SC code yourself.
(He insisted he fixed it in wDetector 3.17.)



EUD

Dec 7 2013, 5:53 am Zhuinden Post #4



Quote from jjf28
temping to take those ip addresses, make a program to flood them, and install the program on several computers around the university =D

Please note that the 205.204 one is a VPN provider.

The one I named "genocider2" is perfectly fine.... :D


Buffer overflow seems likely. However, I don't think it is necessary to look at the game list to be detected, as even the public game-destroyer hack sweeps through all games automatically.
Blocking the malicious packet with Peerblock works for sure, though. Knowing that I should have looked at the packet sizes to determine the hacker will make it much much easier with Wireshark now.

Post has been edited 1 time(s), last time on Dec 7 2013, 5:58 am by Zhuinden.



None.

Dec 8 2013, 8:43 pm NekoKyd Post #5



I haven't seen Frux in a long time, did he come back or something? Haven't played SC in a few weeks.



None.

Dec 12 2013, 8:41 am Zhuinden Post #6



He did for like 5 hours, although it's not Frux, it's Zeratul, according to someone who can't be trusted in a legitimate manner, so who knows.


Anyways, the problem is the gamecrawlers. They're changing their IP each day.
158.255.213.147 Clinger-maliciousBot
174.95.231.153 GameCrawler-maliciousbot
174.95.112.127 GameCrawler-maliciousbot2
70.55.68.4 GameCrawler-maliciousbot3
174.95.233.82 GameCrawler-maliciousbot4

and it's the same type of bot, but the IPs are different.

Post has been edited 1 time(s), last time on Dec 12 2013, 5:45 pm by Zhuinden.



None.

Dec 13 2013, 11:40 am NudeRaider Post #7

We can't explain the universe, just describe it; and we don't know whether our theories are true, we just know they're not wrong. >Harald Lesch

Quote from Zhuinden
it's the same type of bot, but the IPs are different.
IP-Range ban?
Yes, you could ban some legit users if they are using the same ISP / proxy, but I find it fairly unlikely that "normal" users coincide to use the same ISP / proxy hackers use.
And even if they are the IPs of a major ISP the chances are still relatively low that whoever's trying to connect to you has the same ISP.
Worth not getting crashed any day in my book.




Dec 13 2013, 12:47 pm Zhuinden Post #8



It's interesting, because the 205.204.82.68 (also called IPREAP) has not changed in 3 months, but the Gamecrawler does - that 70.etc IP is particularly interesting, because that is definitely a proxy. I still am eager to see the complete range of it, although according to my IP logs, there were other people from that area, so the 174.xyz is not actually a proxy, it's just someone with a dynamic IP.

Fun fact, sometimes when you join a game, the IP-based blacklist hack detects their IP, which means you can peerblock them like that. On a sidenote, if you manually blacklist them in your banlist.txt and use /reloadlist, then if you turn /autoban off then on, then it can be kicked. In the other thread, I posted wDetector 3.24 bundled in Mca64Launcher, which can see every joiner of your game even if they did not send an astat packet.

Post has been edited 1 time(s), last time on Dec 13 2013, 1:05 pm by Zhuinden.



None.

Feb 21 2014, 9:55 am Stranger Post #9



Umm, sorry to ask that, but what's this renamed game stuff ?



None.

Options
  Back to forum
Please log in to reply to this topic or to report it.
Members in this topic: None.
[08:33 pm]
No-Name-Needed-II -- Excalibur I think I'd have to just upload the whole map or have you meet me in game to dl it
[05:20 pm]
Zoan -- Ultraviolet
Ultraviolet shouted: Zoan I found 64-bit SC broke all sorts of stuff, I never liked it
I wonder if it has been enabled by default in the launcher since remastered came out, or if it was in some later patch :O
[04:26 pm]
Zoan -- But ya, I can/do (sometimes) make maps, and I like RPG maps. I'd like to see your terrain work too!
[04:25 pm]
Zoan -- No-Name-Needed-II
No-Name-Needed-II shouted: Zoan you mentioned making kotk maps.. I've got a 110% fully polished up terrain I've been sitting on since 2019.. I'm more a painter than a poet, I've got no storyline to do it justice so if you or anyone else want to check it out MSG me.. If no takers than I'll probably just upload it to terrain genre in a few days.. SCBW is running outa lifespan so i'm at that point where little gems I've got will never see the light of day otherwise ;(
Oh, I meant "KOTK maps that I have in a folder," not "KOTK I made" since I've never made any of those maps lol
[04:24 pm]
Zoan -- No-Name-Needed-II
No-Name-Needed-II shouted: Zoan Could it have something to do with the turn rate? I found recently the hard way that when I have too many unit orders triggered at once with hyper triggers on "I think it was Dynamic" It caused a crash similar to an EUD crash on non-eud maps.. -Also when does the map crash?? does it crash after briefing at start of game??? or does it crash when you use a spell???
right after mission briefings
[02:41 pm]
Excalibur -- NNN, would love to see your terrain work. Maybe post in terrain forum?
[01:13 pm]
No-Name-Needed-II -- Zoan you mentioned making kotk maps.. I've got a 110% fully polished up terrain I've been sitting on since 2019.. I'm more a painter than a poet, I've got no storyline to do it justice so if you or anyone else want to check it out MSG me.. If no takers than I'll probably just upload it to terrain genre in a few days.. SCBW is running outa lifespan so i'm at that point where little gems I've got will never see the light of day otherwise ;(
[12:24 pm]
Ultraviolet -- Zoan
Zoan shouted: TheHappy115 Oh, I mentioned in a thread but not the shoutbox, but it does work if you run SC in 32bit as suggested by Butch.
I found 64-bit SC broke all sorts of stuff, I never liked it
[12:21 pm]
No-Name-Needed-II -- Zoan Could it have something to do with the turn rate? I found recently the hard way that when I have too many unit orders triggered at once with hyper triggers on "I think it was Dynamic" It caused a crash similar to an EUD crash on non-eud maps.. -Also when does the map crash?? does it crash after briefing at start of game??? or does it crash when you use a spell???
[07:35 am]
MINT_H -- Map Upload
Please log in to shout.


Members Online: Roy, jun3hong, jjf28