Thought this interesting.. for the WoW people (1 Viewer)

[Rayray1488]

Thought this was pretty interesting.. taken from http://www.rootkit.com/blog.php?newsid=358


I recently performed a rather long reversing session on a piece of software written by Blizzard Entertainment, yes - the ones who made Warcraft, and World of Warcraft (which has 4.5 million+ players now, apparently). This software is known as the 'warden client' - its written like shellcode in that it's position independant. It is downloaded on the fly from Blizzard's servers, and it runs about every 15 seconds. It is one of the most interesting pieces of spyware to date, because it is designed only to verify compliance with a EULA/TOS. Here is what it does, about every 15 seconds, to about 4.5 million people (500,000 of which are logged on at any given time):

The warden dumps all the DLL's using a ToolHelp API call. It reads information from every DLL loaded in the 'world of warcraft' executable process space. No big deal.

The warden then uses the GetWindowTextA function to read the window text in the titlebar of every window. These are windows that are not in the WoW process, but any program running on your computer. Now a Big Deal.

I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time.

Once these strings are obtained, they are passed through a hashing function and compared against a list of 'banning hashes' - if you match something in their list, I suspect you will get banned. For example, if you have a window titled 'WoW!Inmate' - regardless of what that window really does, it could result in a ban. If you can't believe it, make a dummy window that does nothing at all and name it this, then start WoW. It certainly will result in warden reporting you as a cheater. I really believe that reading these window titles violates privacy, considering window titles contain alot of personal data. But, we already know Blizzard Entertainment is fierce from a legal perspective. Look at what they have done to people who tried to make BNetD, freecraft, or third party WoW servers.

Next, warden opens every process running on your computer. When each program is opened, warden then calls ReadProcessMemory and reads a series of addresses - usually in the 0x0040xxxx or 0x0041xxxx range - this is the range that most executable programs on windows will place their code. Warden reads about 10-20 bytes for each test, and again hashes this and compares against a list of banning hashes. These tests are clearly designed to detect known 3rd party programs, such as wowglider and friends. Every process is read from in this way. I watched warden open my email program, and even my PGP key manager. Again, I feel this is a fairly severe violation of privacy, but what can you do? It would be very easy to devise a test where the warden clearly reads confidential or personal information without regard.

This behavior places the warden client squarely in the category of spyware. What is interesting about this is that it might be the first use of spyware to verify compliance with a EULA. I cannot imagine that such practices will be legal in the future, but right now in terms of law, this is the wild wild west. You can't blame Blizz for trying, as well as any other company, but this practice will have to stop if we have any hope of privacy. Agree w/ botting or game cheaters or not, this is a much larger issue called 'privacy' and Blizz has no right to be opening my excel or PGP programs, for whatever reason

 

[Creed]

i will have to look into this sometime...

i'm in the air force and i work in the personnel career field...for those of you who don't know...that means i am the 'information guru' when it comes to things involving military service contracts/important paperwork/and documents.

the DoD (Department of Defense) released a document called the Privacy of Information Act in 1974...i'm not gonna get into the whole thing here...but the main gist of it is you can't give personal information without getting the permission of the person.

yes blizzard says they have this program and they will scan stuff in the EULA...but they don't go into what exactly they are going to be scanning. I believe this is where blizzard is breaking the terms of this act...(not entirely sure if they are required to abide by this act...since they are not part of DoD...but i know a lot of software companies in some way are affiliated with DoD...so like i said...i'm gonna check in with legal over this one.....it has deff sparked my curiosity.

 

[Boswell]

All we need now is a rich, gaming legal eagle who will take on Blizzard on a principle.

I have no problem with Blizzard trying to prevent hacking and cheats, (aka Punkbuster of FPS fame) but to have them scan potentially sensitive and personal information is more than worrying.

 

[Creed]

lol...i was thinking the same thing Bos...i actually already called my cousin (lawyer in new york)...but he said he doesn't know enough about gaming EULAs/TOSs/Privacy law stuff to make a strong enough case

 

[Erol-Tob]

Hmm.. I'm looking into starting a lawsuit against them, just recently, after the release of the Warden, I found a few things missing, first, (I work on Private Servers, or rather, Emulated servers) and one of my source files was missing, Vanished into thin air, also... Actually, I'm not going to say anything else, but the Privacy of Information Act, Is being violated on many gamers, I'm not saying they are criminals, but, to make a program that checks every process running, that is criminal!

I am going to provide information to a friend, who happens to be a lawyer, and ask him to check things out, problem is, Blizzard is a big ass corporation, and some fifteen year old like me, with barely any money, will have a hard time paying off the judge or whatnot, and Blizz has enough money to pay off the president!! The problem with assholes like Blizzard, is they think the rules don't apply to them, thats utter bullshit, if my godfather's corporation has to abide by them, they better goddamn well abide by them too.

I'm not fighting for myself, but all the other games, who are getting their privacy taken from them.

I despise corporations like Blizzard, problem is.. They make such GOOD GAMES!!

Ill try guys.

 

[Slyther]

dude this would make a Killer Counter suit against the "Games make Violent Kids" Idea.
IF it goes through and your not swatted out of the air.

here ya go, I can see it almost like this.

"Hello all Im President So&so and im here to sign the Violent Games Act. Cause we all know that these violent games are corrupting our youth."

* News reporter stands up *

"but Mr. President, what about that 15 year old that discovered the WardenClient of World of Warcraft is sniffing through personal information? Which is blatantly violating the Personal Rights Act"

Good luck man.

 

[smiggle]

Hmm, what would blizz want with with a little money here and there? When i bet they are making about $100 million a month....

 

[Redsquirrel]

Gah, I was just about to post this link =P

I think Sony got into some trouble about this with EQ back in the day, I can't remember if that was a myth or not though.

 

[darkeros]

Privacy issues are not something you can pay off a judge for. If this program does what they say it does, you would have to check the EULA to see if you're giving them permission to run such a program. My guess would be that it's in there.

If it isn't, then you'd have to check the EULA for any kind of arbitration rights to check to see if you have to go through arbitration before civil action.

Even if they don't have a clause for arbitration, you would take them to court and most likely what would happen is the judge would say "Stop it." and they will.

That ending may not seem like a big deal, but every ending in the battle for privacy is huge. It sets precedents and I can't wait to see how this one will end.

 

[MAV8]

You have it all wrong! blizz is help in the government under the patriot act. This new software is sniffing possible terrorists.....but seriously i do think this is a violation of our right to privacy. with more and more people spending more and time doing more and more everyday day tasks on thier PCs the line of privacy is blured. it was simple 100 years ago...a mans house was his castle. Now there is a huge net connecting our castles.
darkeros has some good points about the legal side of all this. i have no legal experience and wont pretend to know even the first thing about a lawsuit (although i do enjoy a good law and order...the original not the new C.I.) i do know however that we do need to let our government officials know if we feel that we are having our privacy invaded. even if blizz puts a clause in the EULA or whatever it is, that does ot make it right. there have been many things corporations have done in the past that the government has put an end to. hopefully this will be the next.

 

[Willy]

While your at it make them nerf shammans to.... while youve got a law suit with em... win win for all of us.

 

[JohnTMcGuire]

I agree...the original Law & Order is way better than Criminal Intent...whoa wait that would be a GREAT guild name: Criminal Intent!

 

[Erol-Tob]

Whoa whoa whoa, The Patriot Act has absolutely nothing to do with this!
The Patriot Act is Titled, and I quote. "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism"

Explain what part of going faster than normal in a game, or perhaps, teleporting around in a game is 'terrorism'?

---------------------------

ter·ror·ism
n.

The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.

Source: The American Heritage® Dictionary of the English Language, Fourth Edition
Copyright © 2000 by Houghton Mifflin Company.
Published by Houghton Mifflin Company. All rights reserved.
----------------------------



...Now, Tell me again, that Blizzard is "helping the government under the patriot act".

-Erol

 

[Rayray1488]

This new software is sniffing possible terrorists.....but seriously

I think he was just being facetious lol

 

[MAV8]

I think he was just being facetious lol

/clap

Sorry for the confussion but i was joking. I follow US news as well as WoW columes and have noticed that uncle sam has grown fawnd of leaning the Patriot Act. I did not mean to mix politics with pleasure.

 

[Gildon]

You guys are jousting at windmills. Blizzard tells you in their EULA that they will scan your processes looking for hacking programs. What a shocker! Some guy checked it out and they actually do what they say they are going to do! oh nos!

You accept the EULA and allow them to scan your processes. Exactly what are you going to sue them over?

 

[Creed]

You accept the EULA where they say they will scan for processes that hack their software. Scanning your ENTIRE computer is not scanning for processes that hack their software.

If they made their sniffer program search for particular names of programs that would be fine as long as they gave you a list of what programs they were hunting for.

The fact that they do not search for individual programs, nor give you a list of known hacking programs...they search EVERYTHING open on your computer...that is where the illegal part comes into play...they are not precise (they are actually deceptive) in the EULA/TOS...

 

[Gildon]

You accept the EULA where they say they will scan for processes that hack their software. Scanning your ENTIRE computer is not scanning for processes that hack their software.

They don't scan your entire computer. Read the original message again. They only scan the current open processes.

The fact that they do not search for individual programs

They are searching for individual programs, that's what the process scan is doing looking at the window title bars and the first bits of the executable in memory.

nor give you a list of known hacking programs...

They're not going to update the EULA and say which hacking programs they look for every time a new one comes out. That would encourage people to google those hacking program names to play around with them.

they search EVERYTHING open on your computer...

Yea, that's what you agreed to. They search every program that you currently have open at the same time when you launch WoW. They don't search your entire harddrive looking at non-opened programs. They're verifying that the current memory space at time of game play is clean.

that is where the illegal part comes into play...they are not precise (they are actually deceptive) in the EULA/TOS...

They're very explicit. They will scan every program you have open at time of game play. Reread the original message, I think you misunderstood it.

 

[LordDrakiss]

Erm... your support of these privacy violations is disturbing Gildon, god knows
I'm not a conspiracy theorist, but how about crawling out of Blizz's anus ?

they have enough cheerleaders, Warden scans far more than open programs,
and the need to scan the text of my IM's is pretty obscure, don't bother me
with a post that "He never said that !!!" pull the Prog yourself, a 30min rev
will show you what all it does... it not only looks through your open windows
but also your Quicklaunch utilities, scans your IM's and checks not only the
running procs, but also the "stopped" procs. Now I can see how this would be
a major help in stopping 3rd Party programs... however I also CLEARLY see
where it is a violation of my constitutional right to reasonable expectation of
privacy. As for the UA, all the posters except you admitted their ignorance of
the applicable laws... YOU CAN NOT MAKE A LEGAL BINDING AGREEMENT THAT
VIOLATES STATE, CIVIL, or CITY LAWS nor VIOLATES ANY RIGHT PROTECTED
UNDER THE UNITED STATES CONSTITUTION.

If I sign a contract saying I will sleep with you for money and I'm not under
Arizona law... (or I'm under 18) VOID contract (here in the US )

Enough Yapping, the program is illegal HERE, the question is... Where is Blizz
Based ? and can they be tried HERE ?

and of course you would need to prove the violation and go up against a BIG
company with lots of lawyers and a practically unlimitted bankroll.

LordDrakiss - Reminding you : thinking is good, try it.

They don't scan your entire computer. Read the original message again. They only scan the current open processes.



They are searching for individual programs, that's what the process scan is doing looking at the window title bars and the first bits of the executable in memory.



They're not going to update the EULA and say which hacking programs they look for every time a new one comes out. That would encourage people to google those hacking program names to play around with them.



Yea, that's what you agreed to. They search every program that you currently have open at the same time when you launch WoW. They don't search your entire harddrive looking at non-opened programs. They're verifying that the current memory space at time of game play is clean.




They're very explicit. They will scan every program you have open at time of game play. Reread the original message, I think you misunderstood it.

 

[Gildon]

That post was made back in October. Why are you digging up an 8 month old post?

I don't even play WoW or Warcraft/Diablo. I have no love or hate for Blizzard, they are a non-entity to me. I just can't stand stupid people who cry for a lawsuit and don't know what they're talking about.

I'm not going to re-hash an 8 month old arguement with you.

 

[Greenyoda]

A. WHEN RUNNING, THE WORLD OF WARCRAFT CLIENT MAY MONITOR YOUR COMPUTERS RANDOM ACCESS MEMORY (RAM) AND/OR CPU PROCESSES FOR UNAUTHORIZED THIRD PARTY PROGRAMS RUNNING CONCURRENTLY WITH WORLD OF WARCRAFT. AN "UNAUTHORIZED THIRD PARTY PROGRAM" AS USED HEREIN SHALL BE DEFINED AS ANY THIRD PARTY SOFTWARE, INCLUDING WITHOUT LIMITATION ANY "ADDON" OR "MOD," THAT IN BLIZZARD ENTERTAINMENTS SOLE DETERMINATION: (i) ENABLES OR FACILITATES CHEATING OF ANY TYPE; (ii) ALLOWS USERS TO MODIFY OR HACK THE WORLD OF WARCRAFT INTERFACE, ENVIRONMENT, AND/OR EXPERIENCE IN ANY WAY NOT EXPRESSLY AUTHORIZED BY BLIZZARD ENTERTAINMENT; OR (iii) INTERCEPTS, "MINES," OR OTHERWISE COLLECTS INFORMATION FROM OR THROUGH WORLD OF WARCRAFT. IN THE EVENT THAT WORLD OF WARCRAFT DETECTS AN UNAUTHORIZED THIRD PARTY PROGRAM, BLIZZARD MAY (a) COMMUNICATE INFORMATION BACK TO BLIZZARD ENTERTAINMENT, INCLUDING WITHOUT LIMITATION YOUR ACCOUNT NAME, DETAILS ABOUT THE UNAUTHORIZED THIRD PARTY PROGRAM DETECTED, AND THE TIME AND DATE THE UNAUTHORIZED THIRD PARTY PROGRAM WAS DETECTED; AND/OR (b) EXERCISE ANY OR ALL OF ITS RIGHTS UNDER SECTION 6 OF THIS AGREEMENT, WITH OR WITHOUT PRIOR NOTICE TO THE USER

 

[TeachersPet]

Blizzard can legally do this. It's actually no different than when you crash in EQ and it asks you if you want to send in a report to "help" SoE fix their bugs. You aren't just sending debug info from your client, but a process dump and a bunch of other information as well. Not to mention, spyware is technically legal. It's a pain in the ass, yes, but it's technically legal.