Warden and 'The Governor'

[BoogieManTM]

Quote:

Originally Posted by Cypher

I have not looked in a long time but from my very vague memory there is a small version there that is mainly to raise the bar for people attempting clientless bots (so you can't fudge your way out of warden requests/responses by faking yourself as a mac).

The last version I saw (was a while ago too) - was just a shell, it didn't do any scans. all it did was handle the very bare minimum of the protocol. Could've been to prevent clientless, but I doubt it.


Or they were just too damn lazy to write an exception for mac :P - They could do some basic memory scans on the Mac, and maybe an API call or two - maybe they intend to even more now (with pocketgnome gaining in popularity)

[jjaa]

I do not have enough reverse engineering/Mac programming experience to check for myself (or confirm) the existence of warden, but the general consensus is that warden does not exist on a Mac (in a form that deserves recognition). The reasoning behind this is that in order to perform any of the required tasks. Warden would need to call functions that require root privileges, E.g. task_for_pid. To get root privileges WoW would need to request an admin login. WoW does not do this so people believe that warden does not exist.

As I said but, I do not have enough experience to confirm these assumptions. So don’t take my word! :P

[Cypher]

Quote:

Originally Posted by jjaa

I do not have enough reverse engineering/Mac programming experience to check for myself (or confirm) the existence of warden, but the general consensus is that warden does not exist on a Mac (in a form that deserves recognition). The reasoning behind this is that in order to perform any of the required tasks. Warden would need to call functions that require root privileges, E.g. task_for_pid. To get root privileges WoW would need to request an admin login. WoW does not do this so people believe that warden does not exist.

As I said but, I do not have enough experience to confirm these assumptions. So don’t take my word! :P

Surely though it could look for modifications to its own process with a simple use of the address-of operator and a pointer dereference. Just because scanning outside its own process requires root doesn't mean the warden client isn't there.

[jjaa]

Quote:

Originally Posted by Cypher

Surely though it could look for modifications to its own process with a simple use of the address-of operator and a pointer dereference. Just because scanning outside its own process requires root doesn't mean the warden client isn't there.

Yes that is true. I think warden is not aggressive on a mac because the user base is not large enough, and the warden guy is lazy. :P.

Although I must point out that if some form of warden (or an improved version) was implemented on mac, the main reason would be to catch bots, like pocketgnome. Those more aggressive scans would require functions that need root privileges (I think). Simple scans like checking the names of processes could be done, but they would be easy to bypass and hence pointless for blizzard to implement.

[Cypher]

Quote:

Originally Posted by jjaa

Yes that is true. I think warden is not aggressive on a mac because the user base is not large enough, and the warden guy is lazy. :P.

Although I must point out that if some form of warden (or an improved version) was implemented on mac, the main reason would be to catch bots, like pocketgnome. Those more aggressive scans would require functions that need root privileges (I think). Simple scans like checking the names of processes could be done, but they would be easy to bypass and hence pointless for blizzard to implement.

It seems crazy to me that you'd need root privileges just to enumerate windows and pull out their or something basic like that.

Frankly, that makes Macs sound LESS secure to me because any software that needs to do ANY work outside its own address space will need root, at which point it can piss all over your system.

At least on Windows I can run WoW as a standard user, so Warden can still do its job, but it doesn't have the opportunity for example to piss all over my PC and touch critical system stuff that it shouldn'e be.

EDIT: Also, there's nothing stopping Blizzard from saying "run WoW as root or you don't get to play".

[jakeftw]

is it true that there is an 'underground' version of isxwarden? :>

[Cypher]

Quote:

Originally Posted by jakeftw

is it true that there is an 'underground' version of isxwarden? :>

Yes. Multiple versions.

[Dragonshadow]

And ITS NOT FOR JOOOOOOOOOOOOOOOOOOOOOOOOOOO

[amadmonk]

Quote:

Originally Posted by Cypher

You might wanna look into the Bragg vs Linen Labs case.

Interesting, Googling ("Did you mean "Linden Labs"?") brought me to:

[Only registered and activated users can see links. ]

Dunno if that's the present state of the art, but it had this comment:

Quote:

Along the way Robreno declares the Second Life Terms of Service invalid, and indirectly, it would appear, the Terms of Service of most or all other Virtual Worlds and MMO's by precedent.

Robreno's decision to consider the Second Life Terms of Service as an unenforceable contract of adhesion seems to largely invalidate similar Terms of Service/End User License Agreements, like those of Blizzard, NCsoft, Microsoft and others. Most of these use essentially the same boilerplate terms with individualistic flourishes.

Most of them contain all the points of determination that Robreno uses to determine adhesion, and consequent unenforceability, and on the surface of them you could make a case that they fail to meet each of the tests Robreno applies.

Robreno holds the position that even if the Terms of Service comprises a contract of adhesion, they would still be valid and enforceable if there were any competitors.

Still parsing that competition bit, but I'm glad that TOS'es are being directly challenged in court; this whole "you must agree to a ten-page legal document that no non-lawyer can possibly hope to understand before you get to use the software that you 'bought'" thing is frikkin ridiculous.

[Cypher]

Indeed. That was what I was referring to.

[navywarrior]

Lol I haven't heard of governor in a long time, wow flash form the past. On the up/Down side I found that they have buffed the...well I suppose addon scanning database for all of our lovely exploits and bots. After 4 years of home free exploiting and program/bot total freedom warden has caught up to me and all 3 of my accounts got the lovely 72 hour boot. Beware all speed programs are actively being scanned for.

Now how in fact they are doing the speed hack targeting I can only guess...though the extreme reduction in your games frame rate/latency response to server can trigger a alarm for them to visually check you out. Oh well just thought I would send a little warning since I have 72 hours to figure out how to re-configure my strategies..**cheers**

[navywarrior]

Oh BTW has anyone else noticed a big crack down since yesterday?

[kynox]

Speedhack scans have been known for ages. I'm not going to reveal the process of how they detect you, but its very neat. Think low level.

[Harko]

Quote:

Originally Posted by navywarrior

Lol I haven't heard of governor in a long time, wow flash form the past. On the up/Down side I found that they have buffed the...well I suppose addon scanning database for all of our lovely exploits and bots. After 4 years of home free exploiting and program/bot total freedom warden has caught up to me and all 3 of my accounts got the lovely 72 hour boot. Beware all speed programs are actively being scanned for.

Now how in fact they are doing the speed hack targeting I can only guess...though the extreme reduction in your games frame rate/latency response to server can trigger a alarm for them to visually check you out. Oh well just thought I would send a little warning since I have 72 hours to figure out how to re-configure my strategies..**cheers**

Did you used Spiros MHS speedhack?

This one was added yesterday.

[foops]

Well, its different