• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Hackers are seemingly getting innocent players banned from BF3 due to a PB exploit

C

crimsonheadGCN

Banned
The Battlelog forums and reddit each feature threads with posts from a surprising number of users claiming they've been banned from playing Battlefield 3 online due to PunkBuster violations in spite of no wrongdoing. Kotaku points the way to an apparent explanation on a site that sells and supports cheats for the game where posts describe a systematic campaign that's currently underway to get innocent users banned to demonstrate the fallibility of the PunkBuster methodology. A recent post to Battlelog from a moderator says: "PB is having an issue at the moment.. DICE and EA are working with Even balance to find cause and fix it asap!" Thanks The Grifter.
Click to expand...

http://www.bluesnews.com/s/129377/battlefield-3-bans-gone-wrong

Here's the Reddit article:

http://www.reddit.com/r/battlefield3/comments/oua1j/warning_hackers_seem_to_be_banning_innocent/
 
E

erpg

GAF parliamentarian
Welcome to Punkbuster. Couldn't tell you the number if times I've been booted and banned over the years due to memory errors or updates.
 
E

erpg

GAF parliamentarian
At least they're trying to inform people and get it fixed in a timely manner, Battlelog has a new notice header:

NOTICE: The "Game disconnected: you were kicked by Punkbuster errors" are being looked into right now.
Click to expand...
 
iNvid02

iNvid02

Member
punkbuster is a piece of a shit, the first time i played cod4 on pc it kept kicking me out for no reason

i was new to pc gaming and thought i was doing something wrong, i didnt want my account banned so i stopped playing cod4 for months

KuGsj.gif
 
1

1-D_FTW

Member
Punkbuster: Where the punks run free and legit users get busted. Such a POS.

crimsonheadGCN said:
Yeah, it's still around. It's mainly being kept alive by EA and Tripwire Interactive right now.
Click to expand...

Kept me from buying RO2. Saved me money in hindsight. Only wish it would have stopped me from buying BF3.
 
C

Cosmo Clock 21

Banned
So is it Punkbuster bans or kicks that are happening? There's an issue with R17 where the server will kick everybody playing in the server. That one isn't hacking-related.
 
C

crimsonheadGCN

Banned
Cosmo Clock 21 said:
So is it Punkbuster bans or kicks that are happening? There's an issue with R17 where the server will kick everybody playing in the server. That one isn't hacking-related.
Click to expand...

It looks like people are recieving notices that they have been banned from playing the games.

We are bringing back the unerring of punkbuster back for a 3rd season. We have selected ggc-stream as the target since they have the most streaming bf3 servers and makes it very easy to add fake bans.

In 2011 we hit them with a mass ban wave and now were are banning real players from battlelog while ggc-stream is totally unaware. We have framed 150+ bf3 players alone.


We made it possible for ggc-stream to find 5 of them recently to expose how flawed their system is.
http://s18.postimage.org/tq4r2zmif/framedplayer5.png
http://s18.postimage.org/gflhn7lbr/framedplayer4.png
http://s18.postimage.org/5eqci6t2v/framedplayer3.png
http://s18.postimage.org/u6pypfa9j/framedplayer2.png
http://s18.postimage.org/wmrs39sc7/framedplayer1.png

We even hit them a few days ago with another mass wave of bans.




They even denied appeals of players we framed saying the bans were legit. They posted on battlelog http://battlelog.battlefield.com/bf3...4347841952673/

We even banned a few esl admins for bf3 which ggc quickly removed.



Thx to the ggc-stream team for the lulz.

Save all the above pics as ggc is reporting any images that show them how bad they got owned as tos violations.

More Lulz!
http://img7.imagebanana.com/img/w7gkmx09/pic.png
http://s7.postimage.org/ygehkjydn/ggc_statement.jpg
http://s7.postimage.org/67ctaci4r/appeals_denied.png
Click to expand...
 
E

Emitan

Member
I couldn't play CoD4 for years until I finally figured out that PB doesn't work with the Steam overlay... then I uninstalled CoD4 because fuck any game that doesn't work ON THE SYSTEM YOU BOUGHT IT ON
 
O

Omikaru

Member
Wow, Punkbuster is really shit. But fuck these guys for getting innocents banned just so they can prove a point. Assholes.
 
E

epmode

Member
I've already avoided games because of Punkbuster and I think I'm at the point where it's an automatic no-sale. Everything would have been fine with VAC but hay, EA.
 
F

Forsaken82

Member
This has been happening since Quake 3... I remember returning to that game a few years after i stopped playing only to find myself banned from every server because of punkbuster and it had nothing to do with me doing shit to get myself banned.
 
C

crimsonheadGCN

Banned
I'm wondering if the exploit was just a variant of the one from 2008:

PunkBuster usually searches for known cheat program signatures as opposed to relying on a heuristic approach.[6] On March 23, 2008, hackers published and implemented a proof of concept exploit of PunkBuster's indiscriminate memory scanning. Because PunkBuster scans all of a machine's virtual memory, malicious users were able to cause mass false positives by transmitting text fragments from known cheat programs onto a high population IRC channel. When PunkBuster detected the text within user's IRC client text buffers, the users were banned.[7] On March 25, 2008, Even Balance confirmed the existence of this exploit, and advised users not to run any other programs at the same time as PunkBuster protected games.[7]
Click to expand...

Sounds like it.
 
Revolutionary

Revolutionary

Member
I've never played a game that uses Punkbuster where it works as advertised. There's always at least a few cheaters.

America's Army cheats were hilarious though so I didn't mind them. It was actually pretty fun trying to get together to kill the flying Jesus-pose 203 launching dude.
 
A

Amagon

Member
So this is why I was getting kicked from a couple servers tonight. Pretty lame and do hope the fix comes in soon.
 
J

JaseC

gave away the keys to the kingdom.
SteveWinwood said:
lol

But it is true...
Click to expand...

VAC is fine, really, the only arguable issue is that it bans periodically in order to catch a wide variety of hacks, leaving the onus of dealing with cheaters in a timely manner on server admins.
 
W

wiggleb0t

Banned
Punkbusters site looks like it was made in the 90s and hasn't changed since.
You can email them with sites selling hacks and they do.....nothing.

Total joke, it's like there is not many other anti-cheat options for game devs so they stick with these guys which proves incompetence pays in this case.
 
W

Wthermans

Banned
wiggleb0t said:
Punkbusters site looks like it was made in the 90s and hasn't changed since.
You can email them with sites selling hacks and they do.....nothing.

Total joke, it's like there is not many other anti-cheat options for game devs so they stick with these guys which proves incompetence pays in this case.
Click to expand...

I know the site has remained unchanged since 2002 when I first started playing Battlefield.

Also, the only reason DICE continues to use PB is because they don't want to devote internal resources to an AC system and EA doesn't want to use VAC. PB (used in conjunction with voluntary streaming MBL) is really the only other option for them.

Also, this does appear related to the 2008 Bans and it doesn't appear that it will ever be fixed as long as Streaming MBL is used with PB.

http://www.pbbans.com/forums/streaming-security-t155655.html

After the recent fake ban events at GGC-Stream this week it's no secret that streaming is not completely secure. It has never been completely secure and the events of 2008 brought that to light. At which time we informed our streaming admins about the situation and possible solutions. The solution was to either close down for good or continue and tighten our security. Streaming admins wanted to continue so that was our decision.

The known fake bans exploit involves using an application to hook into a server and edit its memory to falsify PB logs streamed to a 3rd party. In order for that to happen the person must have full access to the server. In the case of Battlefield 3 the leaked server files could be used to achieve that goal.

The mass fake ban attack in 2008 was a wakeup call for us and we took it very seriously. That is the reason we have the high streaming requirements of requiring teams to have a working website, roster, forums showing activity to name a few. The rest of those requirements can be found here.

It's why we:
- manually approve all newly added servers to stream
- manually approve all newly added users to existing streaming accounts
- don't allow free online email accounts for streaming applicants.
- don't allow home servers to stream
- don't allow teams with cheaters to stream
- don't allow any server whose IP is found in the MPi (used by a player) to stream
- don't allow cracked servers to stream
- don't show the full 32 character GUID for clean players.

We also provide many details for all our bans to aid players in the appeal process should they wish to do so. That includes the server log entry of the violation raised, the server ip and group it belongs to, the guid, alias and IP address of the player.

Should any player end up on our banlist they always have the option to appeal. We treat ban appeals very seriously at PBBans. For example if a ban was the result of a PB raised violation from Even Balance (Violation #50000+) then we have the user submit a ticket to Even Balance. If they say it's a false positive or there is no record of a person with that violation (can be caused by network errors) then we lift the ban. For MD5 tool bans if we do not have the exact cheat file (using MD5 checksum) in our database we lift the ban. Better to let a cheater go free than to keep an innocent player banned.

Streaming was never a 100% secure system and technically any system where logs are sent to a remote location could also suffer the same problem. We knew the problem existed in 2008 and took the above steps (plus others) to help protect server admins and players from being exploited.
Click to expand...

So basically we have to wait until the hackers get bored.
 
You must log in or register to reply here.
Top Bottom