Thursday 03.17.2005 [4:45PM]

Version 1.160 of the PB Client for AA has been released to our PB Master Servers for auto-update and to our website download page. This version addresses a bug that was causing v1.159 (released earlier today) to kick some players for "Unknown Kernel Offset" with codes 69 and 6a.

This should fix the problems (http://www.mpcforum.com/showthread.php?t=81653) serveral users were getting before.

This should fix the problems (http://www.mpcforum.com/showthread.php?t=81653) serveral users were getting before.

yep fixed it for me. thanx for the info

This version addresses a bug that was causing v1.159 (released earlier
today) to kick some players for "Unknown Kernel Offset" with codes 69 and
6a.

That's the deal when you mess around with device drivers. Spoofing is
still possible, if you know how. So much trouble, so few effect.

Even with the new pb I still get this:
ScriptLog: TeamMessage received: KICK NOTIFICATION: blablabla has been kicked for an undefined reason: YOU HAVE BEEN KICKED VIA PUNKBUSTER (FOR 0 MINUTES) ... RESTRICTION: UNKNOWN KERNEL OFFSET : 68
Log: PunkBuster Client: Removing "blablabla" #### (0 minutes) RESTRICTION: Unknown Kernel Offset : 68

I notice it said the pb update resolved the offset 69 and 6a, but said nothing about offset 68. I am hw banned and using v1.2 hdspoofer.exe, so maybe its caused by the spoofer. If I dont use a spoofer I get kicked for hwban so I guess for now im screwed.

Guest... I am guessing that is because the HW spoofer is detected......

It makes sense as EVERY single cheat released here in the past couple of weeks (since 2.3) has been detected by PBwithin a number of hours...

From a public cheat point of view I believe it will be some very rough going....

It's not new.
soon they will fall asleep again, dont worry.

They also spy your sound card! Remove it and have a try. When spoofing
the HDD info, I'm still banned. Spoofing my SBLive! I'm undetected again.
EvilBalance, you're lame bastards!

I'm working on some kinda HAL wrapper which will make any attempt to spy
hardware obsolete. You will havto patch your OS (similar to taurine) just once
and there is no chance for punky to ban your ass. Of course, they may detect
halwrap v0.1, but another built will continue the cat & mouse game.

It is a fact that the GAO (Government Accounting Office) looked into the Army's contract with Evenbalance. That is where all this is coming from boys and girls. They were told to shit or get off the pot! I have many friends within the Government and most of them within the military structure. There are many companies that are awarded contracts but never follow through. The Government will give them some time to get their act together, but will eventually drop the contract if they (the contractors) do not live up to their side of the deal. EB was about a week away from the chopping block. So be prepared for tons and tons of bans and what-not, for they are trying to avoid their walking papers.

Typically, when a company is being looked at by the GAO, it is a two year process. You get the picture?

That could explain where all the heat comes from. Stupid ultra-conservatives,
damn Army. They don't consider AA a game, it's a recruiting-software. But most
of us aren't that dumb to take the bait. It's just a game afterall. But abusing a
FPS to gather young meat for their crusades all over the world against terror is
just wrong. There are similarities to the 3rd Reich in thinking and acting, that's
sure.

Anyways.. concerning the HW bans and the quick detection of any spoofer lately:
EvilBalance has an eye on this. They take any action concerning HW bans very
serious. Due their lack of skill, it's not that hard to unban yourself. I won't go into
detail as it has been discussed at GD lately: PBrother is watching us!

In theory its impossible to make HW banning hackproof. The bottleneck are the
controller itself which can be layered easily. There is no way for PB to determine
whether the information is valid (and came from the controller) or if its spoofed.
The battle (the cat and mouse game) goes on in kernel mode, PB was asking for
it. This will cause unstable systems, various bugs and many false positives.

I've made a tool that simulates any hard disk drive to be installed at your system.
My virtual disk drive behaves just like a "real" drive to fool PB. I never tried
packet editing, but from talking to several other coders working on the HW
ban I know that there're plenty of ways around. Have a look yourself, call
me if needed. I will help you with coding.

so

<ring0, unbeatable>
halwrap - fake hardware abstaction layer (winXP SP2 only) - works
servicehook (taurine) - modified - works

<ring3, beatable>
unbanme - spoofes drive information - works
pbcl patch - works

<corrupt PB in general>
packetfaking/guid faking - don't know, but has reported to be working

I hope this clears it up. The "bug" they fixed in v1.160 was related to detected
HW spoofers (in kernel mode by checking unknown/suspicous offsets). It worked,
but not as expected (hehe...). I'm sure taurine updated his spoofer aswell so
whatever you try Tony R/Gay, you'll lose.

It is a fact that the GAO (Government Accounting Office) looked into the Army's contract with Evenbalance.

Very, very interesting! Do you have any references on the web for more info about this?

In theory its impossible to make HW banning hackproof. The bottleneck are thecontroller itself which can be layered easily. There is no way for PB to determinewhether the information is valid (and came from the controller) or if its spoofed.The battle (the cat and mouse game) goes on in kernel mode, PB was asking forit. This will cause unstable systems, various bugs and many false positives.
Question is: The spoofer will probably be the thing to make this instable... so people may have data loss when using such things.

I bet PB plays this game on purpose: Don't use hacks that violate the EULA, or you'll get a HW ban. If you do have a HW ban, we'll make things bad for you. Even if you get around it, you may end up having an unstable system or getting data loss...


I've made a tool that simulates any hard disk drive to be installed at your system. My virtual disk drive behaves just like a "real" drive to fool PB. I never tried packet editing, but from talking to several other coders working on the HW ban I know that there're plenty of ways around. Have a look yourself, call me if needed. I will help you with coding.
so you won't release this tool publically? So only the l33t coders will be able to get around it?


I'm sure taurine updated his spoofer aswell so whatever you try Tony R/Gay, you'll lose.
I guess we'll see. I know my system rebooted when I ran taurine's spoofer and PB updated. So I don't see the end of this coming at all...

As usual, we need to find new ways around everything PB comes up with. The good coders release something, PB detects it at some point. So our only time to play "hw unbanned" would be the time difference between the hack and pb update - as usual.

I don't like all this at all. I don't like my PC rebooting etc. I guess that is why I for one will never run any hack that violates the EULA...

I guess we'll see. I know my system rebooted when I ran taurine's spoofer and PB updated. So I don't see the end of this coming at all...

1 fault in kernel mode = reboot. Alot of hacks crash, even many applications do.
Software is never perfect. But since PB decided to switch to kernel mode, the
battle has and will be fought in kernel mode. If you can bypass a ring0 anti-cheat,
you obviously found one of many holes.

But you point of view may sound logical, but there is one obstacle:
What will you do if PB moves more & more stuff into ring0? Let's assume
they're that stupid, changeing compability for enhanced detection (which
can still be beaten...), what are you going to do now? Stop cheating?
Then you gave up. And real cheaters don't give up because of some crappy
anti cheat software, especially when it's called Punkbuster.

My spoofer works just perfect on WinXP SP2. But I don't know about
other OS. Im almost sure it will cause any other system to crash. But that's
not the problem. It can be fixed, but it takes some time and beta testing.
I know that independant cheat coders all over the place have more brain
power than some cash-hungry AC developers.

I know that independant cheat coders all over the place have more brain power than some cash-hungry AC developers.
Right - but then again they may indeed use the cash to maybe hire external people to write stuff for them which they can't, you never know... they prolly have thousands of dollars a month which they could use if needed...

I just wonder - what would the problem be to "go back" and just make cheats that do NOT violate the PB EULA? We would be caught, banned on a few servers due to punksbusted and other crap, but no worries, no system reboots etc... Wouldn't that be the better way to go?

Right - but then again they may indeed use the cash to maybe hire external people to write stuff for them which they can't, you never know... they prolly have thousands of dollars a month which they could use if needed...

I just wonder - what would the problem be to "go back" and just make cheats that do NOT violate the PB EULA? We would be caught, banned on a few servers due to punksbusted and other crap, but no worries, no system reboots etc... Wouldn't that be the better way to go?

Neither spoofer nor my hacks interfere with PB. At least the current ones.
Patching PB itself is always the last step. Bypassing is the key.

Neither spoofer nor my hacks interfere with PB. At least the current ones.
Patching PB itself is always the last step. Bypassing is the key.
No no no, you didn't understand me :)

I mean why make hacks that violate EULA, cause hw bans and then require spoofers.

Why not hacks which don't violate EULA, don't cause hw bans and don't require spoofers. More stable and safer systes I think?

No no no, you didn't understand me :)

I mean why make hacks that violate EULA, cause hw bans and then require spoofers.

Why not hacks which don't violate EULA, don't cause hw bans and don't require spoofers. More stable and safer systes I think?
Every hack violate the EULA.
Those who interfere with pb files cause HW bans.

Evilhacks didnt, but they did break the EULA lol
cheatings isnt allowed man ;)

taurine has released a new spoofer version 1.3 for PB 1.160...

it's been realeased at UC... go there to get it or see this MPC thread... (http://www.mpcforum.com/showthread.php?p=754884#post754884)