PDA

View Full Version : Sicheats (h4x0r) trainers now contain DRM but why?


darkedone02
21-06-2011, 21:01
Message from Joe Forster/STA: In case you don't want to read through this thread completely, let me sum it up: there's still no actual proof that genuine Sicheats trainers contain malware. Whichever "Sicheats" trainers do contain malware are fakes - most probably by Cheathappens or their friends - so make sure you always download trainers directly from Sicheats or from GameCopyWorld, to which h4x0r himself uploads trainers!

Recently, h4xor, one of the most people that make awesome trainers just banned me after an arguement over his new DRM shit he just added to his trainers which I have to go to his website, though my profile to get a key to use his trainer, if I modify the key in any way, my profile will be automatically banned and there will be no redemption on unbanning your account due to your fuck-up. Not only that, but you got to do this everytime you start the trainer.

Now after getting banned multiple times over the most stupidest reason, I'm now declaring h4xor to be worse then Pwizard, too assholes in the god damn world that need to be removed from the face of this world, for their ignorance and for their own stupidity of what's going on.

I hate Pwizard due to his rudeness, his greedy ways, and his attacks on those over rediclous reasons.

now I hate H4Xor due to the fact that he contently ban people for the most stupendous reasons of them all, and now he added DRM towards his trainers, and what I hate the most is that he don't speak proper English, making me feel like bashing him violently with a god damn English dictionary and English Grammar books.

If I ever own a website that deals with supporting trainers for the people to use, I make sure to ban both of these assholes from the site, preventing them from uploading new trainers here... IP ban them to prevent them from making another account again. As I am tired of these stupid war between the two, and tired of dealing with two assholes. Now all I need to find now is a respectable trainer maker to follow that make awesome trainers probably WAY better then both of these low-minded ignorance-loving dumbasses.

/rant

Joe Forster/STA
22-06-2011, 08:30
1. Who are you? I find it quite suspicious that I got an E-mail from - an address, not filtered in my mailbox yet, of - Cheathappens...
2. Did you know that discussion of Cheathappens vs. h4xor topics is supposed to get you an instant ban on sight? We've had enough of this in the past and don't want more in the future.

However, to be constructive (?!), if h4x0r is digging his own grave then so be it. We have no contact to him at this moment and his membership has been... khm... suspended for a few months because we've had enough of his abusive behavior. But even if we had contact then, at best, I'd only send him a friendly PM, suggesting that he's on the wrong way, fucking up his own business. But, hey, that's his life...

(The thread has NOT been closed, constructive comments are allowed.)

darkedone02
22-06-2011, 12:30
1. Who are you? I find it quite suspicious that I got an E-mail from - an address, not filtered in my mailbox yet, of - Cheathappens...
2. Did you know that discussion of Cheathappens vs. h4xor topics is supposed to get you an instant ban on sight? We've had enough of this in the past and don't want more in the future.

However, to be constructive (?!), if h4x0r is digging his own grave then so be it. We have no contact to him at this moment and his membership has been... khm... suspended for a few months because we've had enough of his abusive behavior. But even if we had contact then, at best, I'd only send him a friendly PM, suggesting that he's on the wrong way, fucking up his own business. But, hey, that's his life...

(The thread has NOT been closed, constructive comments are allowed.)

I don't visit this site alot but when I used to be with h4x0r, i've noticed about these threads, and read most of the thread, but didn't read the part where any other threads about this will be an instant ban.

So you suspended him for his abusive behavior? yeah, he is an asshole just like Pwizard from cheathappens, might as well call Cheathappens the boyfriend of Activision just cause they both act alike, but anyways. When I used to hang out with H4x0r, I go by the name of Bloodwolfe, darkedone02, and wiccanlord08, all these account got banned by h4x0r due to the most stupid reasons while we was arguing or even make an off-topic post. Which in my opinion, an asshole move.

Joe Forster/STA
22-06-2011, 15:16
Yeah, as we heard, there were mass post/thread deletions and user bans on Cheathappens, too, during the "Cheathappens banned Romania" scandal (?). Moderation/censorship to protect useful discussion from bullshit, to raise the signal/noise ratio, is fine but must be done with great care. Mindless censorship only shows the weakness of being unable to stand criticism, killing the carrier of bad news instead of acting upon it which may also include recognizing and getting rid of your bad habits. (To make sure there's no misunderstanding: if someone is searching for our standing against criticism, you can read our very detailed announcements and answers to accusations and understand our reasons.)

That's what's happenning at Cheathappens and, it seems, at h4x0r, too. Another glance at the stirred up shit that comes out of the human psyche under pressure, showing that we're, after all, still animals. :(

darkedone02
23-06-2011, 03:16
It makes me wonder sometimes why the most 2 professional people who can make the best trainers end up to become idiots and assholes, I mean... why? I rather have a trainer maker who make professional trainers like H4X0r's and PWizards trainer that does not act like an asshole and not only that, help the people out as well. I always come to this site to look up a trainer in cause H4x0r's trainer become buggy and I need an alternative one if there is available, however it seems that from I seen on most of the inventory in this, it seems we have very few trainer makers in this website, and some make it into a foriegn language instead of making one for english.

Joe Forster/STA
23-06-2011, 04:12
Beause of h4x0r's (lack of proper) English knowledge, I don't know much about him but people at Cheathappens are definitely above the average level of intelligence. However, that comes with a great price: an also above-average level of first self-assuredness and later arrogance, considering oneself as the "father of all knowledge", to quote from Dexter's Laboratory. This reveals especially when meeting someone else thought to be the usual kind of "normal" person but actually one with a similar level of intelligence. Because such people are rare, such encounters often causes a great surprise and, when not dealt with properly, a heated quarrel and name-calling: a flame war.

This is not without reason: someone with an above-average intelligence sees much depeer into the world and better understands its structure and way of functioning. When he or she realizes this capability, he or she will continue to think that this is true for all problems he or she runs into. But that's not true in general, only for problems that are similar to ones he or she already ran into in the past. In particular, being able to code (and disect) trainers - or, in general, software - does not mean that you are also able to understand people's motives and deal with them in a proper manner. Just the opposite: people with high intelligence inherently have problems with blending into a surrounding society of "normal" people.

I think this knowledge, that I described above, can only come with age and experience - this is exactly what we were referring to when we called the behavior of opponents in this war "childish" - and sometimes even learnt the hard way. (Been there, done that.) Now seeing such flame wars makes me sad because it means a significant loss of resources of people who would otherwise be able to create great stuff, if they spent their time constructively.

[...] Oh, and to answer the following from the Cheathappens forum: We have warned and warned people about this guy from the beginning but some people just refuse to learn. This is especially true of the idiots at GCW (hi Joe!) that continue to support this guy like he was their own love-child. Cheathappens still hasn't recognized the old saying: The enemy of my enemy is my friend. We did not want to choose between either party but, when Cheathappens started their suspicious methods of, khm, "persuasion" and then a propaganda campaign against us and a fake proof made up by them, they became our enemies, which, by the definition of the saying, made h4x0r our friend. Kind of. More precisely, the favored "persona grata" from the two. I have to admit that the saying is not true because there aren't always only two choices in life but Cheathappens' behavior made us so mad that we decided there could be no way we should support them. This is also a bit childish but, hey, let us have our revenge! ;)

tazzoun
23-06-2011, 09:22
First of all, I have been downloading trainers from here for a long time. I am not some kind of cheathappens lover so please don't dismiss me as such like you do everyone else that says a negative word about h4x0r.

I just downloaded the FEAR 3 trainer by h4x0r from the GCW website. Apparently to use this FREE trainer I have to go to sicheats.com, create an account there, create a FACEBOOK account, download some kind of key and then always leave my internet connection on so the FREE trainer can authenticate itself. Say what? How exactly is this different than cheathappens again? The only reason a FREE trainer would need all this type of crap is so that the creator can harvest the information being collected and sell it off to advertisers, etc.

After looking further at this "authentication" process of h4x0r's trainer, I then learned that it also carries with it a malicious payload that stays resident in memory even after the trainer is done. It actively scans memory and HD for anything with the word "cheathappens" and then attaches a viral signature to it so those files no longer function. This can easily be reproduced and examined by anyone with a debugger or memory scanner using the files from GCW or h4x0rs website.

So, I must ask the obvious question -- why does GCW continue to entertain this stuff from h4x0r? Seriously, is he paying you guys to host this crap?

So now I have to jump through about 10 hoops plus give h4x0r my personal information just to use a FREE trainer that I downloaded from GCW. What's next you guys? Selling trainers like cheathappens?

Joe Forster/STA
23-06-2011, 10:33
Why the hell do people think anyone is paying GCW to "support" their stuff?! GCW is user-supported: whatever is out there and gets uploaded by someone appears on the site. I asked Empire many times to remove Cheathappens' (free promo) trainers, as a kind of revenge, but he didn't do that because, in his opinion, visitors should be able to get whatever they need and it's not our task or responsibility to filter out whatever we don't like. I don't agree with him - see what I wrote about "useful censorship" in the other thread -, nevertheless this sounds acceptable to me.

GCW doesn't make money out of anything other than advertisements and that's barely enough for the maintenance but I've never seen Empire even only considering to make visitors pay for anything. (See cd-2-dvd.com: it's coming back online soon although no user pays for it and it went down a couple of months ago due to lack of funds and motivation.) People should be grateful for whatever they get, and especially when it's free!

Now to the h4x0r-specific part... Please, point me to a specific download on GCW and describe your suspicion and debugging results a bit more, to help me with my own inspection. (Hoping that I also have the necessary tools. Skills I can learn, thank you.) No links to h4x0r's site, please, because I can't login: I have no Facebook account and don't plan to create one for any reason. Also, are you sure that what you've tried is a trainer really by h4x0r? You know, Cheathappens is spreading fake trainers in his name, some got uploaded to GCW, too!

If you want to use a (non-promo) Cheathappens trainer then you have to have not only an active but also a paid account on their site. Explain to me in what way this is different from using Facebook as a kind of "authentication gateway" and how authenticationg via Facebook can be used to steal anyone's personal data on Facebook or somewhere else. (Why would third-party authentication reveal information about the user other than, yeah, it's a genuine user registered on the authenticating site?! Authentication returning personal information would be a paradise for phishing so Facebook obviously cannot do that!)

Sorry but, with all the bullshit floating around, I don't believe anything that I haven't seen myself anymore so simply reciting rumors has no weight at all to me.

[...] death89: Sorry, this is not h4x0r's support forum.

tazzoun
23-06-2011, 11:54
Thanks for the reply Joe. I'll have to do more testing with more of h4x0r's trainers to give you a definitive answer regarding the cheathappens search that his trainers are doing. I'm not really concerned that much about that part anyways as I dont use CH trainers. What I am concerned about is the fact that I literally cannot use a trainer I downloaded from THIS SITE without first going to h4x0r's site and signing up with an account PLUS a facebook account and then downloading some personalized trainer key before I can even use it.

You are welcome to see for yourself. Just go to GCW, FEAR 3 and download the latest trainer by h4x0r (the ones that says KEY PLUS INTERNET CONNECTION REQUIRED next to it). I guess Empire supports this stuff too. Very sad.

Joe Forster/STA
23-06-2011, 13:20
Jesus, man, you still don't get it! Empire doesn't even know about this. How could you expect anyone to check everything that gets uploaded to GCW, especially a task not as trivial as automated virus scanning but running programs through a debugger and analyzing their behavior manually?! And add to this the fact that, to my knowledge, Empire is not a hacker, unlike TippeX and I. What is uploaded by users, and is not obvious malware, is published on the site, nobody is white- or blacklisted (yet?!), nobody is specifically supported or suppressed, period. (This also resulted in fake h4x0r trainers, created by Cheathappens or fans, being uploaded and later published on GCW, until they were reported to us.)

By the way, I was able to login to Sicheats with my old login and download the F.E.A.R. 3 trainer mentioned. No Facebook account or login was required.

darkedone02
23-06-2011, 15:01
So yall suffering the same thing just like what cheathappens been doing to h4x0r's. H4x0r's is also doing the same thing as they doing as well after few invasions from cheathappens, fake proofing and propaganda. Is anyone else affected into this flame war like Kelset? HoG? LinGon?

darkedone02
23-06-2011, 15:08
I've recently made a thread about this at the chit-chat section, I've also mention this "DRM" is what I called it because of online authentications and required keys to use the trainer, which in my opinion is stupid.

Joe Forster/STA
23-06-2011, 15:52
FileForums "only" got in the way and later became a battleground. We have no information other than what's already explained in our announcements as we published everything we learned. And I'm happy to be able to forget all of that...

Maxgrilo
23-06-2011, 16:16
Personally I dont care what h4x0r does with his trainers but it's pretty stupid for gcw to keep posting them if you cant even use them without some stupid login and key from his website.

darkedone02
23-06-2011, 17:44
All we need right now is professional trainer makers that can make big and huge trainer besides them two people, and one that don't act like an idiot and respects the people.

darkedone02
23-06-2011, 17:45
I agree, why upload them if they don't work?

comdisco
23-06-2011, 23:07
It isn't even possible to register on their site. I've tried w/ several email addresses and it just says "Your email address has been banned".

Also, I tried the "promo" version of the FEAR 3 trainer that only has 2 cheats, and it just crashes the game (Steam version) when I attempt to jump or open a door.

It would be great to find a FEAR 3 trainer that actually works, since I've been stuck in the courtyard w/ the mech for 2 days and would really like to get past it.

darkedone02
23-06-2011, 23:31
yeah, h4x0r added DRM in his trainers....

otheruser
24-06-2011, 01:16
First of all, I have been downloading trainers from here for a long time. I am not some kind of cheathappens lover so please don't dismiss me as such like you do everyone else that says a negative word about h4x0r.

I just downloaded the FEAR 3 trainer by h4x0r from the GCW website. Apparently to use this FREE trainer I have to go to sicheats.com, create an account there, create a FACEBOOK account, download some kind of key and then always leave my internet connection on so the FREE trainer can authenticate itself. Say what? How exactly is this different than cheathappens again? The only reason a FREE trainer would need all this type of crap is so that the creator can harvest the information being collected and sell it off to advertisers, etc.

After looking further at this "authentication" process of h4x0r's trainer, I then learned that it also carries with it a malicious payload that stays resident in memory even after the trainer is done. It actively scans memory and HD for anything with the word "cheathappens" and then attaches a viral signature to it so those files no longer function. This can easily be reproduced and examined by anyone with a debugger or memory scanner using the files from GCW or h4x0rs website.

So, I must ask the obvious question -- why does GCW continue to entertain this stuff from h4x0r? Seriously, is he paying you guys to host this crap?

So now I have to jump through about 10 hoops plus give h4x0r my personal information just to use a FREE trainer that I downloaded from GCW. What's next you guys? Selling trainers like cheathappens?

ok first: Join Date: Jun 2011 ( coincidence? ), sure...

Second: read here I can only envy h4x0r #, fans...

third: yes, you need learn: http://www.sicheats.com/index.php?categoryid=7&topic_id=979

fourth: before reister in sicheats you can read
*Facebook validation is required in this site for login ( User Validation )
*Proxys no allowed in this site.
*Internet connection and a free key is need for validate trainer.
--------------------------------------
Website visualzation problems?
Try opening (cmd console ) and type ipconfig /flushdns or in to site using the www.sicheats.com
If you do not agree with the security of the site, click HERE (www.google.com)

not to mention useless to PWIZARD continue to believe that published data, you expect to get something:), painful.

to see if they learn to respect one time, the thing is easy, if you do not like DO NOT GO, by all means try to fuck someone and they're not going to get.

these security measures are necessary when there both assholes loose network.

the only ones who steal information are CH, you can read here:

http://fileforums.com/showthread.php?t=89266
http://fileforums.com/showthread.php?t=89685
http://fileforums.com/showthread.php?t=88964

CH = Criminals

Sneaky Guy
24-06-2011, 02:33
Personally I dont care what h4x0r does with his trainers but it's pretty stupid for gcw to keep posting them if you cant even use them without some stupid login and key from his website.
Agreed.
This petty war with whoever is just stupid, and now, if the Trainers ARE indeed his,
why bring that war to the user forcing the user to take unecessary steps?
That make you think the programmer is also childish.

I agree, why upload them if they don't work?
It probably does work, if you could get a key, which obviously some people can (see below).

It isn't even possible to register on their site. I've tried w/ several email addresses and it just says "Your email address has been banned".
...
Same here, wasted 3 perfectly good legit e-mail addresses trying to register.
Now I will have to monitor those 3 addresses to see how much Spam arrives.

As far as needing a Facebook account to register, why?
Besides the fact that I neither have, nor ever want an account with that hype site, why does one NEED a Facebook account?

In my opinion that lends weight to tazzoun's (the original poster) suspicion, that this haxor's "Trainer" is acting like a Trojan.

And also in my opinion, to which I am indeed entitled, the FEAR 3 Trainer,
and any other Trainers by Haxor using this method, should be removed from the site until such time as he removes this "Activation".

If people protest by NOT using his Trainers with "Activation",
my guess is his ego will then produce the Trainers without the "Activation", in order to stay in the stagelight.

Sneaky Guy
24-06-2011, 02:37
All we need right now is professional trainer makers that can make big and huge trainer besides them two people, and one that don't act like an idiot and respects the people.
Well said that man!



....well, except for the "professional" part, you don't need to be a professional to make a good Trainer.

Maxgrilo
24-06-2011, 03:50
Wow, "otheruser" has the exact same vocabulary as h4x0r. I thought he was suspended or something?

Also, Joe, the facebook validation is being turned on and off randomly on h4x0rs website. You are still required to allow SiCheats access to your facebook account before you can login or register there, depending on the time of day.

@comdisco -- the problem you are facing is that most new games have steam anti-cheat protection built in and most trainer makers like h4x0r, lingon, hog, etc do not know how to defeat them so their trainers randomly crash the game when the protections kick in. So far I only know of a couple of people capable of defeating the protections (cheathappens, sheep, etc). The only way to sometimes make those other trainers work is by using the steam cracked exe's (can I talk about that here?) which removes some of the anticheat protection but usually also goofs up steam, the steam cloud, etc which is also becoming more and more necessary to sync your savegames, etc.

Sneaky Guy
24-06-2011, 04:20
Wow, "otheruser" has the exact same vocabulary as h4x0r. I thought he was suspended or something?
...
Suspendiing an account CANNOT stop the person being suspended from taking part in the Forum.
All that person needs to do is get a new IP address, usually by rebooting the Router, and register under another name.
The only way to ban a particular user effectivly, is IF that user is forced to use a static IP,
then the IP rather than the user would be banned, effectivly banning the user through his IP.

But I am sure there are also ways around that.
...
Also, Joe, the facebook validation was turned off for a short bit on h4x0rs website but is now back on. You sre still required to allow SiCheats access to your facebook account before you can login or register there.
The question remains, WHY does this haxor need access to your Facebook account?
Doing so is giving him free access to all your information.
The last time I looked, this was known as Phishing or a Trojan.

As I said before, in my book, due to the above, ALL his Trainers using this method should be deleted,
and no new Trainers should be accepted until this method is taken out of his Trainers.

If done that way, this haxors ego will not allow him to simply stop making Trainers,
probably resulting in him taking that method out of his Trainers.

otheruser
24-06-2011, 04:25
only trolls here.

BLA BLA BLA

Maxgrilo
24-06-2011, 04:29
So, Joe is a troll at his own website? Face it h4x0r, people have finally grown tired of your bullshit and are speaking up about it.

otheruser
24-06-2011, 04:29
So, Joe is a troll at his own website? Face it h4x0r, people have finally grown tired of your bullshit and are speaking up about it.

joe no, you and rest :) speaking without knowing:), but it is fun to watch people freak astronomic drawing conclusions.

and if, something is right, I'm glad to know that people like YOU, not return to sicheats

http://2.bp.blogspot.com/_Qu-KxwZh9G4/TSHxT3Qst3I/AAAAAAAAcHc/ghT81BEkuuM/s1600/troll.jpg

Ronburi
24-06-2011, 04:42
I'm afraid I have to chime in here as well. This new DRM by h4x0r is both stupid and useless and has no place at GCW. I'm NOT giving h4x0r any of my personal info and especially not access to my facebook account just so I can download some stupid key to use a trainer that is supposed to be free. I'll just have to find truly free trainers elsewhere.

Maxgrilo
24-06-2011, 04:49
I think that the silliest thing is that wasn't GCW supposed to be a place for files that REMOVE DRM or are DRM FREE? I mean, people come here to find no-cd fixes and such that remove this kind of stuff and now they are posting stuff that is the exact opposite.

otheruser
24-06-2011, 04:51
but someone forces you to go to the site?, pathetic!

only trolls here!

AFKGun
24-06-2011, 05:30
I was recently looking for FEAR3 trainer and i got h4x0r's since it support v16. Found out it has this 'DRM' crap i thought he's starting to "gather" our personal info for money or stuff. Tbh -rep to him doing it this way.

And to respond to those who in difficulty getting a working v16 trainer, here's the one i use. Rep+ for KelSat. I hope this trainer get post to gamecopyworld DB too.
http://www.sendspace.com/file/12y61l

Joe Forster/STA
24-06-2011, 06:08
I BEG YOU, someone, please, explain to me why cross-authentication via Facebook allows access to personal data on Facebook (or anyone else)?!

@otheruser: h4x0r, you've been banned for a few months. Spend your time wisely and especially don't come back to abuse people, about which I already warned you many, many times! Also, if you listen to me, you remove this "DRM" as soon as possible. If you implemented it for some kind of safety (whose safety: yours or your users'?!) then, rest assured, people will find a way to crack it or circumvent it in some way. (If noone else, then, perhaps, Cheathappens will, just to mess with you.) Don't descend to Cheathappens' level, continue releasing completely free trainers and ignore everything you hear from and/or about them! This "escalating vendetta" won't lead either you or them anywhere so be smarter than them and be the one to stop it. There's a Hungarian saying: "the smart one gives in, the ass [the animal or a stupid person] suffers."

I think that the silliest thing is that wasn't GCW supposed to be a place for files that REMOVE DRM or are DRM FREE? I mean, people come here to find no-cd fixes and such that remove this kind of stuff and now they are posting stuff that is the exact opposite.

Noone is "posting" stuff other than users/visitors; read my post above about not checking incoming files more than automated virus scanning!

And to respond to those who in difficulty getting a working v16 trainer, here's the one i use. Rep+ for KelSat. I hope this trainer get post to gamecopyworld DB too.

Noone will "post" it unless you do, now that you found it.

Maxgrilo
24-06-2011, 06:10
I think you are missing the whole point Joe. The fact is that GCW is now hosting trainers that feature DRM which is against all this site stands for.

Also, someone at GCW obviously "posted" it on the main website as they even included a note next to the trainer stating that it requires a key and internet connection. I don't think that was automated, if it was then you guys have some Terminator style web coding.

AFKGun
24-06-2011, 06:17
Noone will "post" it unless you do, now that you found it.

Like post it to the download section? I don't know how! There's no even a submit page i think?!

vitu
24-06-2011, 06:21
I'm ususally more of a listener/reader rather than talker/writer and thus didn't need to use an acount here, possibly never again will and thus it will most likely sound quite ironic since i just made an acount here but hey... ;)

Awfull lot of june joiners here. Especially another guy with supossedly KelSat tr. Guess i'll wait and see. ;)

Anyway, right to the point, followed the entire ch/haxor "war" for quite a while, never was a ch fan (well, atleast ever since they pushed for paid services) more so when they started to delete or censor my comments about their soft and policy, not to mention the effort to discredit all the "scene" workers. Didn't care for new "security" mesures much - considered them another childish step in this disagreement so i made me a new, empty acc on FB (didn't have one to begin with) figuring FB being so "big" and all would have enough security measures so that it wouldn't backfire to me personally. Did all the rest of sicheats registration and validation process only to find that the trainer doesn't work with the nocd ver. Well... Ok guess it wasn't designed for that. Enough said i went on to try few of my own tricks (i know a bit of cpp and stuff but i'm more of an average Joe so i didn't do much) and i forgot. But... if what original poster said is true i'd be very concerned about the future of haxors' trainers.

So, if one of you, oh great hackers could confirm (or deny ;) ) that before i figure how to check it myself i'd be much obliged.

@ H4x0r: Great work until now. Thanks. However you messed up big time this time. Hope you stop screwing around and keep up the good work.

One of your fans. :)

Joe Forster/STA
24-06-2011, 06:39
(sigh) I'm getting tired...

There's a sticky in the GameCopyWorld Support forum about how to upload stuff and it is mentioned in the PC Games forum FAQ, too; see http://ul.gamecopyworld.com. Also, if you had read this: Sending Game Patches/Fixes by E-Mail (http://m0001.gamecopyworld.com/games/gcw_info.shtml#Sending Game Patches/Fixes by E-Mail) then you'd also know that, at least, basic information about the submitted package should be added.

I don't know how exactly Empire processes this kind of information but if someone (preferably the author himself or herself) uploads a trainer then he or she should mention everything that is important to know about it. Apparently, the uploader of h4x0r's F.E.A.R. 3 trainer added to the upload message that a key and Internet connection is required, which is pretty much an important thing to know. It is also possible that Empire already knows about h4x0r's "DRM" and added it himself. Because there are some standard texts in GCW's download entries, I assume Empire has templates for often used instructions.

AFKGun
24-06-2011, 07:12
Thx Joe, sorry being noob as i'm just couple hrs new here, was raged by h4x0r's v16 trainer and found something thought worth the sharing.

G4m3 0n 4eva!
bye

EDIT: Forgot to add, this FEAR3 h4x0r's v16 trainer doesn't shutdown correctly, it remain as hidden process in RAM. Make sure Task Manager shut it down, i FEAR the trainer opens connections to somewhere else as it required active internet connection for login & "maybe" h4x.

cocodrilo
24-06-2011, 09:28
Para los que acusan de robo de informacion, simplemente poner una denuncia y nos veremos en los tribunales. pero aviso, pagaran las costas mas la indemnizacion por difamacion/injurias. es una opcion legal, no tenemos miedo y presentaremos todas las fuentes de las validaciones tanto del cliente como del servidor implementadas por mi.

ahora bien, solo por respeto a este sitio, si joe quiere le paso las fuentes de la validacion online y que el vea con sus propios ojos que lo unico que se envia es el contenido de la key y ninguna informacion mas. el podra compilar y ver que realmente valida.

Veo mucho experto en "analisis de ejecutables", pero ninguno da un analisis serio, con pruebas y detallado. algo simple, un sniffer y observar que informacion envia, tan sencillo como eso. lo mas prudente sin tener pruebas es tener la boca cerrada, ya que en caso contrario solo se hace el ridiculo.

y una ultima aclaracion, gratis no quiere decir que se pierdan los derechos sobre el trabajo y que se pueda regalar para que otros obtengan beneficios.

nadie roba datos de nadie, nadie vende datos de nadie, si usaramos facebook para eso ¿crees que nos dejarian hacerlo en su nombre? es bastante ridiculo. eso se llama FACEBOOK CONNECT que esta implementado en miles de paginas web y ningun usuario se queja.

¿no te gusta la medida? simplemente no la uses.

Joe si tienes alguna duda sobre algun proceso de los trainers puedes hablar conmigo en privado y te aclarare todo sin ningun problema.

Si la estupidez volara, hay gente que necesitaria una pista de aterrizaje en su jardin.

Joe Forster/STA
24-06-2011, 09:51
@cocodrilo: If I'm not mistaken, you're a Sicheats trainer maker, along with h4x0r. This is an English-only forum and I delete non-English posts on sight. I'm making an exception with you but translate your post to English (preferably NOT with a translator software), otherwise it will be deleted.

TippeX
24-06-2011, 10:09
i FEAR the trainer opens connections to somewhere else as it required active internet connection for login & "maybe" h4x.

That shit is EXACTLY what we dont want..at best its a guess..if you have no proof then dont say it..

TippeX
24-06-2011, 10:35
Fired crocodrilos post through the translator on my phone..result wasnt too bad..

translation begin...
For those who accuse him of stealing information, simply make a complaint and we will be in court. but notice, pay the cost plus compensation for defamation / libel. is a legal option, we are not afraid and we will present all sources of validation both client and server implemented by me.

now, only out of respect for this site, if joe wants you step online validation sources and that they see with their own eyes that the only thing that is sent is the key content of the information and no more. can compile and see the really valid.

I see a lot expert "analysis of executables," but no one gives a serious analysis, with tests and detailed. something simple, a sniffer and see what information it sends, as simple as that. the most prudent without proof is keep your mouth shut, because otherwise one is a fool.

and a final point, free does not mean losing the rights to the work and can give for others to obtain benefits.

nobody steals data from nobody, nobody sells data to anyone, if you use Facebook for that do you think they would let us do so on their behalf? is quite ridiculous. that's called FACEBOOK CONNECT is implemented in thousands of web pages and any user complains.

Do not you like so far? just do not use it.

Joe if you have any questions about any process of the trainers can talk to me privately and I will clarify everything without any problem.

If stupidity fly, some people would need a runway in your garden.


translation end


my comments
Threatening court for people making accusations is FUCKING IDIOTIC.. You lost any credibility you possibly had with me when you said that..

As for executable analysis..what makes you think your code is not being analysed?

I also heard some old school retired sceners think this 'drm' bullshit is getting out of hand, and i suspect a tool is made already that breaks ch's phone home and h4x0r's one(s)...

Simple point : there are people more skilled than you..usually they are silent...piss them off and expect your ass to be handed to you in a gift basket...

Joe Forster/STA
24-06-2011, 11:27
TippeX, I can also use Google Translate, thank you very much, but that was not the point. ;) On an English-only forum, people are supposed to write in English and not resort to others translating their posts in whatever language.

I think the threatening with court is kind of an answer to how Cheathappens (allegedly?!) hired a private detective to find out personal data about h4x0r, create a file on him and prepare for legal action. (Not that I'd agree with this at all, it's pathetic...)

The "DRM" bullshit never got out of hand: it was out of hand the very moment it was created. (Thank you for mentioning it because I wanted to add this paragraph.) And I'm not talking about this particular implementation but the very idea. A sane person would think that "Data Rights Management" is about protecting the rights of the users. Fucking wrong! It's not even protecting the rights of authors/developers, rather those of publishers: publishers who are the ones in power but who add nothing substantial to the value of the product, just pass it on from author A to user B, ripping off both, and significantly at that! Therefore, in a sane world, anything that is even remotely similar to DRM should be banned right at its inception. Now this applies to h4x0r's implementation but let's not forget: Cheathappens', too. The notion of DRM is a filthy lie so don't go even near it because it dirties you!

While I was shopping today, something came to my mind that is similar to what TippeX says above. This Cheathappens vs. h4x0r war is similar to the Cold War between the USA and the Soviet Union, with respect to the following: neither side can actually win it, only escalate it to the point where one side will financially collapse and, inherently, give up and kind of "lose". In case it wasn't apparent: I'm referring to Cheathappens as the USA and h4x0r as the Soviet Union in the example.

h4x0r, you don't have as much resources, followers, fans, agents, spies as Cheathappens does so, from a given moment of time, you'll start "losing" and never be able to overtake your opponent anymore. I believe that this moment has already passed so there's no point in competing with them. Don't follow them and don't do anything they do only because they do it, instead show that you can pioneer your own way that has nothing to do with them. I have no idea how respected you are in the trainer scene but getting rid of any kind of connection to Cheathappens would definitely help you.

I hope you'll take advice from someone who is about a decade older and more experienced in the same field as you are and who already saw - and even took part in! - such pointless flame wars. It's a complete waste of resources, nothing more!

By the way, yes, one of the first things I did with the F.E.A.R. 3 trainer was that I launched HTTP Analyzer in the background and also made my firewall alert all kinds of network activity: nothing suspicious happenned.

tazzoun
24-06-2011, 11:31
AFKGun: that hidden process you see running after the trainer is closed is what I was talking about in my first post. It scans for "cheathappens" and then does nice things to anything it finds. Tippex or Joe or anyone else could easily see this if they attach a debugger/scanner to it.

Like Joe said, obviously h4x0r's vendetta against cheathappens has caused him to do some things that the admins of this site should probably take a hard look at, especially if they are hosting and helping to spread these trainers. People like me can only throw up the warning signs but you guys must see it for yourself and take the necessary measures to protect your visitors.

Joe Forster/STA
24-06-2011, 11:58
that hidden process you see running after the trainer is closed is what I was talking about in my first post. It scans for "cheathappens" and then does nice things to anything it finds.

A whole day is gone since you've opened this thread but you still haven't described anything concrete just keep reciting vague suggestions again and again. You're really trying my patience! Don't make me think that you're just another Cheathappens agent!

TippeX
24-06-2011, 12:04
Ok...'hidden process', how do you see it then? (i will investigate, but not without more info, my time and joes have been wasted before on similar "persuits"... ) rest assured that if this i found and proven to be malicious code against ch then i will be more than happy to provide analysis to ch to assist them in any prosecution as this activity IS viral and illegal in a lot of places and h4x0r will have sealed his own fate (if it is true)..

@Joe. .. Didnt realise the translate was via google..doh

tazzoun
24-06-2011, 12:07
I apologize Joe, I don't mean to piss you off in any way. Like I said previously, analyzing h4x0rs trainers is not a priority of mine (or my responsibility?). I was only stating an observation that I had made. You can believe it or dismiss it and it will be fine by me.

The intention of this thread was to determine what GCW plans to do about this new DRM and see what other users thought about it. I simply added the malware note as it was just something odd that I noticed while looking at the authorization process.

Joe Forster/STA
24-06-2011, 12:10
(On a side note, Empire - unlike us, hackers - has a real life, so don't expect him to drop in and reply every hour... well, not even every day...)

cocodrilo
24-06-2011, 12:39
understand English but do not write to express myself properly, the only reason to write in Spanish.

Fear is a trainer of 3 with a Trojan, is the same but down from another page. I myself have fallen. that's the big problem down other sites with junk and then say we are.

say that there are no resources, I remember that they have not done anything with the law in their hands. cheathappens encourage you to take legal action, that we laugh all day long.

I am the first that this situation is sickening.

legally you can clarify things in these directions:

http://www.delitosinformaticos.com/10/2007/denuncias/denuncias

everything else is said in forums, they are just guesses. clarify legally vote and the game ends quickly.

with the law in their hands, in Spanish:


Por último, también está el artículo 12 de la Declaración Universal de Derechos
Humanos: “Nadie será objeto de injerencias arbitrarias en su vida privada, su familia, su domicilio o su correspondencia, ni de ataque a su honra o a su reputación.”

La doctrina del Tribunal Constitucional distingue respecto al derecho a la intimidad los siguientes puntos:
• El derecho fundamental a la intimidad reconocido por el art. 18.1 CE tiene por objeto garantizar al individuo un ámbito reservado de su vida, vinculado con el respeto de su dignidad como persona (art. 10.1 CE), frente a la acción y el conocimiento de los demás, sean éstos poderes públicos o simples particulares.
• El derecho a la intimidad atribuye a su titular el poder de resguardar ese ámbito reservado, no sólo personal sino también familiar (SSTC 231/1988, de 2 de diciembre, y 197/1991, de 17 de octubre), frente a la divulgación del mismo por terceros y una publicidad no deseada.



the only one who has committed and continues to commit criminal acts are the people of cheathappens publishing information (in your site) STOLEN AND STAFF. Come on guys, make a complaint because I have really wanted to meet you.


thanks.


I simply added the malware note as it was just something odd that I noticed while looking at the authorization process.


the authorization process is only a HTTP PROTOCOL POST, user and password + key. key is information in your profile, encripted with Rijndael and base64 to prevent lost data. ¿more?

TippeX
24-06-2011, 12:58
So if i downloaded the fear 3 trainer from sicheats (as joe did), it would not contain the trojan... Correct?

Joe Forster/STA
24-06-2011, 13:00
@cocodrilo: I sent an E-mail to the address that you used to register on FileForums. (And, no, I don't read or write Spanish.)

I think cocodrilo is suggesting that there's a fake version of the trainer, that can be downloaded from fake sites acting as Sicheats, and this trainer does contain a trojan. Actually, I think I have two versions of the trainer, one downloaded from Sicheats, the other from GCW, and, no, they're not identical. Could the one on GCW be the fake with a trojan inside?! If so, Empire should check (even more) whether Sicheats' trainers have been really uploaded by Sicheats people or by someone else (possibly malicious fakes).

I was only stating an observation that I had made.

You continue to amaze me. What observation? This: It actively scans memory and HD for anything with the word "cheathappens" and then attaches a viral signature to it so those files no longer function.? So what does it search for: executables or files in general or directory names or what? What is this "cheathappens": general text anywhere in the file, copyright block in executables or what? What happens: a stub added to executables and the entry point redirected, "cheathappens" replaced with "fuck you" or what? Can you send me actual example files?! Or is this something that you've read somewhere - probably, a Cheathappens-friendly site - and fell for it without any suspicion?

I feel as if taking part in the following conversation:
Citizen: (panting) Constable, sir, John killed Fred!
Constable: Now cool down. Have you seen Fred?
- Yes. He was lying on the sofa.
- And was he breathing?
- I don't know.
- Then he could've been just sleeping. Have you seen the weapon?
- Yes, it was a knife.
- And where was it?
- In the kitchen.
- Well, obviously, there are knives in the kitchen. Have you seen John?
- No.
- Now, seriously, have you actually seen John kill Fred?!
- Errr, no.
- Then what the fuck are you talking about?! Let me take your hand, I'll escort you to a mental asylum.

So what the hell am I supposed to think about what you wrote?!

AFKGun
24-06-2011, 13:12
If anyone want to find out the h4x0r trainer's purpose would scan the program for outbound data, destination IP can be detected by 3rd party firewall like ZoneAlarm, and type of data can be capture by WireShark etc.

Seriously how much that i don't get what is going on? So far i only understand h4x0r and CH, one is accusing for code stealing. Seriously, a real hacker wouldn't give a fk for just one code. Unless one is fighting for their life's work.

TippeX
24-06-2011, 13:15
You getting a feeling of deja-vu joe?

tazzoun
24-06-2011, 13:15
Tippex and Joe: I downloaded the trainer from GCW, not from h4x0r's website. My guess is that after reading these posts, h4x0r removed the malware from the trainers posted on his own site. After the whole fake trainer thing, shouldn't Empire ALREADY only be accepting h4x0r trainers from h4xor himself? You can clearly see why it's pointless to waste time on this as h4x0r can easily control the files on his own website and files from anywhere else (even this site) could POSSIBLY be fake or tampered with.

This whole thing could probably easily be cleared up by a simple post by Empire. He can tell you where the trainer came from (if it DID come from h4x0r, then why does it no longer match the one on his website?) and if he knew about the DRM and if he supports it, etc.

Joe Forster/STA
24-06-2011, 13:15
destination IP can be detected by 3rd party firewall like ZoneAlarm

Just on a completely off-topic side note, using the free version of ZoneAlarm is one of the best ways to NOT defend your computer against attacks coming from the network. See http://www.matousec.com/projects/proactive-security-challenge/results.php for suggestions on which firewall to use.

After the whole fake trainer thing, shouldn't Empire ALREADY only be accepting h4x0r trainers from h4xor himself?

He is but there could still be "security holes" in him acting as a "human firewall". Although let me add: none of us - other than Empire and h4x0r themselves - knows how Empire checks this and it's just how it should be.

h4x0r can easily control the files on his own website and files from anywhere else (even this site) could POSSIBLY be fake or tampered with.

After how we defended him against Cheathappens, I can hardly believe that he personally would upload intentionally infected versions of his trainers to GCW. And, even if he did, it would become obvious within days, if not hours, that (almost) all Sicheats trainers on GCW are different from the originals and those on GCW (almost) all contain some kind of malware. I find this completely unrealistic!

This whole thing could probably easily be cleared up by a simple post by Empire.

Sure. And I already answered this, look above.

cocodrilo
24-06-2011, 13:24
Could the one on GCW be the fake with a trojan inside?

No no, not in this site. one contains a valid key (already banned) user and password for direct use. in others sites.

this dll is a trainer published in sicheats, for the first templar game:

http://www.sendspace.com/file/w1e1vn

please search for stealt code, malicious code etc. is the only published online trainer with one hit kill option, which I can explain how it works and how to get to separate the player from enemies.

Maxgrilo
24-06-2011, 13:24
I think people are starting to lose focus on the real issue here. Malware or not, should GCW be hosting files that REQUIRE you to register at a third party site (which may or may not be harvesting your info or might at any time in the future) in order to simply use the file? It's my opinon that files hosted on this site should run independently of any outside program or authentication process. Just because these trainers may not collect or send any data now, that could easily be changed at any point down the road by h4x0r's team once the trainers were being readily accepted and posted on this site.

AFKGun
24-06-2011, 13:27
Off-topic Reply to Joe: Yes I see how it is not recommended but I tried it ZA like 5 years ago and it tracks every program's incoming/outgoing connections in detail, so is useful on that part. I don't really use 3rd party firewall for protection, Windows Firewall somewhat good enough for me. ;)

EDIT: And to addon, h4x0r's trainer need NFO to boot, so modded tr with hex edit? Not quite possible with UPX compressing i think

EDIT2: BOOM! 4 more F3AR v16 trainers added to GCW DL page.

Joe Forster/STA
24-06-2011, 13:31
Just because these trainers may not collect or send any data now, that could easily be changed at any point down the road by h4x0r's team once the trainers were being readily accepted and posted on this site.

I already wrote that everything that is not caught by the virus scanner as obvious malware is "readily" accepted; it's always been so. If h4x0r - or anyone else, for that matter - wanted to distribute trainers - or any stuff that is on-topic on GCW, for that matter - infected with a trojan via GCW then he or she could've done that years ago. (Although Empire might have some aces up his sleeve for such tricks, I don't know.)

The situation is new and can't really decide whether I should support this kind of trainers. The final word is obviously Empire's but, if we start a discussion about it, then it may take a week or more: we, moderators, have no special "0-second" communication channel to him either!

You getting a feeling of deja-vu joe?

I have to say, even if a bit reluctantly: yes. But, you see, I'm always open to constructive suggestions so it would be a stupid idea - also see "mindless censorship" - to reject certain ideas right away, I'm rather trying to understand what people are trying to say.

Off-topic Reply to Joe: Yes I see how it is not recommended but I tried it ZA like 5 years ago and it tracks every program's incoming/outgoing connections in detail, so is useful on that part.

Ohhh, don't worry, I myself have been using ZoneAlarm for years... until I found that page. ;)

cocodrilo
24-06-2011, 14:38
Someone uploaded a trainer infected, this trainer IS NOT FROM SICHEATS. This creates a file in system32/adobe/update.exe with image icon, steals passwords from firefox etc.

please check the md5 file with the original from sicheats.

Lerianis
24-06-2011, 19:27
First of all, I have been downloading trainers from here for a long time. I am not some kind of cheathappens lover so please don't dismiss me as such like you do everyone else that says a negative word about h4x0r.

I just downloaded the FEAR 3 trainer by h4x0r from the GCW website. Apparently to use this FREE trainer I have to go to sicheats.com, create an account there, create a FACEBOOK account, download some kind of key and then always leave my internet connection on so the FREE trainer can authenticate itself. Say what? How exactly is this different than cheathappens again? The only reason a FREE trainer would need all this type of crap is so that the creator can harvest the information being collected and sell it off to advertisers, etc.

After looking further at this "authentication" process of h4x0r's trainer, I then learned that it also carries with it a malicious payload that stays resident in memory even after the trainer is done. It actively scans memory and HD for anything with the word "cheathappens" and then attaches a viral signature to it so those files no longer function. This can easily be reproduced and examined by anyone with a debugger or memory scanner using the files from GCW or h4x0rs website.

So, I must ask the obvious question -- why does GCW continue to entertain this stuff from h4x0r? Seriously, is he paying you guys to host this crap?

So now I have to jump through about 10 hoops plus give h4x0r my personal information just to use a FREE trainer that I downloaded from GCW. What's next you guys? Selling trainers like cheathappens?

Agreed.... I love the trainers from Sicheats.com, but this kind of stuff is getting on my bad side.... I had the gall (in his mind) to post about it and how it was very suspicious that he called for this (not to mention that some people don't have always on internet connections), and the bastard banned me for doing that!

I am beginning to think that Sicheats isn't the 'white knight' in this and that he might have just as black an armor as Cheathappens.

Log-ins are a dealbreaker for me in my opinion..... free or not, there is no reason to require that and it IS just another form of DRM.

I think people are starting to lose focus on the real issue here. Malware or not, should GCW be hosting files that REQUIRE you to register at a third party site (which may or may not be harvesting your info or might at any time in the future) in order to simply use the file? It's my opinon that files hosted on this site should run independently of any outside program or authentication process. Just because these trainers may not collect or send any data now, that could easily be changed at any point down the road by h4x0r's team once the trainers were being readily accepted and posted on this site.

THAT is what I am worried about as well..... I don't want something on my damned computer that needs a connection to the internet just to use the thing. I simply don't..... if there is a PURPOSE behind the internet connection like with a browser that REQUIRES it, that is fine..... trainers? Don't require it in the slightest.

darkedone02
24-06-2011, 19:50
Agreed.... I love the trainers from Sicheats.com, but this kind of stuff is getting on my bad side.... I had the gall (in his mind) to post about it and how it was very suspicious that he called for this (not to mention that some people don't have always on internet connections), and the bastard banned me for doing that!

I am beginning to think that Sicheats isn't the 'white knight' in this and that he might have just as black an armor as Cheathappens.

Log-ins are a dealbreaker for me in my opinion..... free or not, there is no reason to require that and it IS just another form of DRM.



THAT is what I am worried about as well..... I don't want something on my damned computer that needs a connection to the internet just to use the thing. I simply don't..... if there is a PURPOSE behind the internet connection like with a browser that REQUIRES it, that is fine..... trainers? Don't require it in the slightest.

I did that as well, i spoke up about it but h4x0r's banned me for it, which is stupid. This is DRM, I stand up against it because it's stupid, and h4x0r's have doomed himself.

AFKGun
24-06-2011, 22:27
I suggest to leave both CH and h4x0r's war to rot. Is not that we can help in any way and involving just being busybody and to cause flamewar. As for the GCW authorities, i'm sure they will decide what's best for the site.

Joe Forster/STA
25-06-2011, 05:12
(The two threads have been merged, turned into a sticky and a a short conclusion added to the first post for the usual lazy reader. If you feel that, after the merge, your post doesn't make much sense anymore then, please, edit it so that readers understand what you're replying to.)

Maxgrilo
26-06-2011, 05:06
Well, another couple days and still no word from GCW admins regarding this new DRM bullshit. I see they posted another trainer with the DRM on GCW homepage so I assume they will be supporting this crap. Sorry, but I'll be getting my trainers and files elsewhere from here on out, prob game burn world. I would recommend others follow me as long as GCW continues to go against everything the site was built on.

CubanTanker
26-06-2011, 06:17
yes agree. can anyone recommend another site to get drm free trainers?

Joe Forster/STA
26-06-2011, 06:32
See the appropriate forum sticky for a list of recommended trainer sites.

TwwIX
26-06-2011, 07:59
h4xor is nothing more than a belligerent child. His broken English makes him look like an ever bigger buffoon. He regularly bans users on his site for simply mentioning that they are having issues with a feature on one of his trainers. The other day he banned a guy for asking why he was implementing the DRM and threatened everybody else with a ban if they brought it up again. He's been on a power trip ever since the Cheathappens fiasco. He has basically stooped to their level. I used to defend him but he's turned into a gigantic prick now. This DRM bullshit confirms that.

TippeX
26-06-2011, 08:08
Yup seems h4x0r is on a self destruct...power corrupts i guess (or the perception of having power)... he seems to be fond of the ban stick on his site too

TwwIX
26-06-2011, 08:29
Here's some proof before somebody starts accusing me of being a Cheathappens cohort or some other nonsense.
http://www.sicheats.com/index.php?categoryid=1&p2_articleid=290#comments Scroll down.

Talk about despicable.

Joe Forster/STA
26-06-2011, 12:43
Please, note that, on 2011-06-25, Facebook authentication has been removed on Sicheats.

cocodrilo
26-06-2011, 14:23
infected trainer is upload in this page (ALERT IS A TRAINER PLUS 2 VIRUS, DOWNLOAD ONLY FOR ANALISIS NOT EXECUTE):

http://www.softsclub.com/games/978116-f-e-r-3-v1-6-00-20-1035-10-trainer.html

sicheats trainer is binded to this file, this file is NET with haxor uses delphi 7. this file contains data from author/s to be desencripted soon.

repeat: THIS FILE CONTAINS A VIRUS, NOT DOWNLOAD FOR EXECUTION. joe analyze this and comment please, published 06-23-2011, 11:24 AM.

sicheats publish a clean trainers, with people reupload to other hosts binded..... PLEASE DOWNLOAD TRAINERS FROM SECURE SITES, LIKE SICHEATS OR GCW.

the link of this file is: http://www.multiupload.com/ID3HMZBEXK at te bottom in webpage post.

Desu[Shield]
26-06-2011, 14:31
There have also been generic GUI trainers posted onto YouTube that take users to a site that make you do surveys so they get money and you get nothing in return. YouTube generally takes those down if you flag the video but it goes to show that you only need basic GUI buidling skill to hide malware in them and disguse them as trainers by CHU, h4x0r, or some other 3rd party member.

cocodrilo
26-06-2011, 14:43
yeah, I just want to show is that these "trainers" are not from sicheats.

take much time already and no one gives solid evidence, I want a link to a file uploaded by haxor containing strange data or malware. THIS IS A EVIDENCE, sicheats is clean.

Traziz
26-06-2011, 15:54
Found this in the file xpsupport.dll from the Alice trainer from sicheats

http://img220.imageshack.us/img220/9656/llsassinit.jpg

From what I understand, by backtracing etc, is if the trainer fails authentication, it checks for a process named llsass and if it doesn't exist it creates a file llsass.exe and executes it. And I was a bit bemused as when I search for this file name on google, it came across as a non legit lsass.exe file which is the Windows logon control file, but the counterpart listed in the xpsupport.dll (llsass.exe) is a well known virus/trojan alias. I am not sure if this is what it is, as I am now wary of running any of these trainers now, perhaps Joe_Forster can check?

Traziz
26-06-2011, 16:03
It is also included in the xpsupport.dll for the "clean" fear 3 trainer provided by cocodrilo

Infact it is in all of their trainers with this xpsupport.dll file.

The trainer also opens up a referral page at uploading.com on the sly..

http://img803.imageshack.us/img803/8364/referralhidden.jpg

Also as you see on the image, there is a link to paypal for a donation, why people would want to donate to him only to be banned for saying the trainer doesn't work or asking for help I am not sure.

I also noticed a vcl3test.dll file being created, this isn't a genuine visual c library file, but my visual c is not amazing so cannot say what it does.

cocodrilo
26-06-2011, 16:22
ok, analyzing and talking with haxor.



It is also included in the xpsupport.dll for the "clean" fear 3 trainer provided by cocodrilo


my only 2 trainers published is for civilization 5 and the first templar. fear 3 is not my trainer.

Traziz
26-06-2011, 16:26
I was talking about the link you provided, a few posts back.

If you could ask h4x0r what the llsass.exe and vcltest3.dll (sorry I said vcl3test.dll before) are for. I think it will ease peoples minds if they also knew what they were for. And why does the trainers access the registry, I have noticed on a couple I have looked at they use registry API's to do so. And also what are the other files created when the trainer runs.

cocodrilo
26-06-2011, 16:37
Traziz this dissasemble is not from xpsupport.dll, men check form image base.... like a simple exe..... read a darkbyte text in yor image ;). please provide a xpsupport.dll real from sicheats.

xpsupport.dll is the original dbghelp.dll from windows ;). please make a link to this dll.

maybe ida and ollydbg is wrong.... please download link for debugging please.

it clearly has some interest in lying:). Please update your disassembler WOW.

Traziz
26-06-2011, 16:42
I used the xpsupport.dll from the Alice trainer from your site, also the xpsupport.dll from the fear 3 trainer from the link you provided which you said was clean.

Also used the fable 3 trainer from GCW which uses the same xpsupport.dll

cocodrilo
26-06-2011, 16:46
ok downloading alice trainer from sicheats. wait a moment.

please look :):



A505-E0FC/archivos$ ls | grep "xp"
xpsupport.dll-alice
xpsupport.dll-fear3



A505-E0FC/archivos$ md5sum xpsupport.dll-*
4003e34416ebd25e4c115d49dc15e1a7 xpsupport.dll-alice
4003e34416ebd25e4c115d49dc15e1a7 xpsupport.dll-fear3


is the same file, yor image shows darkbyte string in autoassembler engine.... strange very strange :). please only REAL data and binaries from debugging :p.

please provide a link to binary file with strange code, strings refs or any data to damage you. please a real copy from sicheats servers.

you are lying for some reason.

Traziz
26-06-2011, 17:03
Goto GCW and get the fable 3 trainer and use that file.

Why you wish to call me a liar when I have tested with 3 independent files from "trusted" distributions points, and they all clearly show the same string references etc.

Is this the normal for people on sicheats to call people liars when it doesn't suit you?

I am sure Joe_Forster will check also, and I am sure he will find the same string reference and coding in all xpsupport.dll files from legitimate safe sites.


Oh wait... are you comparing the coding from the 2nd picture with the xpsupport.dll? The 2nd picture is from the actual Alice trainer and not the library (dll).

cocodrilo
26-06-2011, 17:07
GCW has a public upload :). ok, downloading fable 3 from sicheats, please wait a moment.



Oh wait... are you comparing the coding from the 2nd picture with the xpsupport.dll? The 2nd picture is from the actual Alice trainer and not the library (dll).


not im comparing all your images, you are talking from this file. please give a public link o wait downloading trainer.

Traziz
26-06-2011, 17:13
The 1st image is from xpsupport.dll

The 2nd image is from the alice trainer binary.

the llsass references is from the xpsupport.dll and the uploading.com is from the trainer. I did point this out.

cocodrilo
26-06-2011, 17:18
A505-E0FC/archivos$ md5sum xpsupport.dll-*
4003e34416ebd25e4c115d49dc15e1a7 xpsupport.dll-alice
4003e34416ebd25e4c115d49dc15e1a7 xpsupport.dll-fable3
4003e34416ebd25e4c115d49dc15e1a7 xpsupport.dll-fear3



The 1st image is from xpsupport.dll


lying continuous.


wait till I go to debug the trainer and whether there are such strings will explain what the code. dll in the continuous and sustained by lies without giving me a link to the binary:)

1: in trainer no string llsass ;). wait for open string (parameter of shellexecute to open a default browser, open a haxor paypal link if you like make a voluntari donation.... lies and lies). wait a moment, please.

Traziz
26-06-2011, 17:24
Full file listing of trainer contents

http://img28.imageshack.us/img28/1997/filelistproperties.jpg

Here is W32Dasm with the correct path to the file and the string reference window open to llsass reference.

http://img824.imageshack.us/img824/5859/fulldisasswindow.jpg

Traziz
26-06-2011, 17:30
lying continuous.


wait till I go to debug the trainer and whether there are such strings will explain what the code. dll in the continuous and sustained by lies without giving me a link to the binary:)

1: in trainer no string llsass ;). wait for open string (parameter of shellexecute to open a default browser, open a haxor paypal link if you like make a voluntari donation.... lies and lies). wait a moment, please.

You call me a liar because your understanding of English is poor?

I never said the llsass was in the trainer I said it was contained in the xpsupport.dll.

I never said it forces the paypal link on anyone, NOT ONCE. I said it forces the uploading.com url on the sly. And that url is contained in the trainer.

Get your facts correct first before accusing people of things.

cocodrilo
26-06-2011, 17:31
no images, please binaries. wait for my explanation from paypal string :).

now expected to explain the disassembly you afraid you and takes away the worry in 2 seconds.

I never said the llsass was in the trainer I said it was contained in the xpsupport.dll.

the xpsupport.dll is te same in the 3 trainers.


I never said it forces the paypal link on anyone, NOT ONCE. I said it forces the uploading.com url on the sly. And that url is contained in the trainer.

forced? please wait a moment jejeje ¿forced? hope you understand assembler to technical debate ;). no more words, only evidences (files to analyze, etc etc or technical analisis)

Traziz
26-06-2011, 17:34
I won't bother trying to talk to you as it is evident your lack of English and misreading what is said is causing you to call me a liar, when it is you who can't understand what is being said.

I shall wait for Joe_Forster or some other moderator or administrator here to check files from sicheats and on GCW.

Traziz
26-06-2011, 17:37
forced? please wait a moment jejeje ¿forced? hope you understand assembler to technical debate ;). no more words, only evidences (files to analyze, etc etc or technical analisis)

Oh I understand ASM, oh yes I understand it indeed.

Anyway this conversation is over... I would rather talk to someone with a modicum of understanding in English and isn't in the habit of calling people liars because they can't understand English.

As said I am sure Joe_Forster has the know how, or maybe TippeX to check the xpsupport.dll and find the same llsass references I did. Then there will be explaining to do why it is there.

cocodrilo
26-06-2011, 17:41
I shall wait for Joe_Forster or some other moderator or administrator here to check files from sicheats and on GCW.


files from sicheats servers, no public upload.

I fully understand what you're saying, which I do not understand is you. please tell me the address of the event table associated with that component and continue talking. now I upload some pictures.


As said I am sure Joe_Forster has the know how, or maybe TippeX to check the xpsupport.dll and find the same llsass references I did. Then there will be explaining to do why it is there.


Please upload this file or give the md5.


Ok, the event table look donation_click and lookd address.
http://img543.imageshack.us/img543/7106/tablaa.jpg

event_click- disasm look for address:

http://img708.imageshack.us/img708/8677/funcionapuntadaenlatabl.jpg

¿is on click event to "forces you"? juaz. a picture is worth a thousand words do you need me to explain some part of the code?. if you do not understand that, you can search around for the dede.

REPEAT, NO MORE WORDS ONLY BINARIES but same md5 from sicheats trainers. NO MORE LIES.


you is not much to speak, many posts but have not given any evidence and for today I have said enough. Joe discuss things in private and quiet will the results.

Traziz
26-06-2011, 18:00
Again I will repeat not at any time did I say it forces you to donate.. I said why would people want to donate when he (h4x0r) bans people for asking why a trainer isn't working for them or why an option is not doing what it is supposed to be doing.

What I did say was it forces people to goto the uploading.com url on the sly.

AGAIN, read what is being written, your English is not good enough to understand simple English. Anyone who has a basic understand can easily see what I have been saying. You are choosing to either ignore what is being said or not able to comprehend what is being said.

cocodrilo
26-06-2011, 18:06
What I did say was it forces people to goto the uploading.com url on the sly.


EVIDENCES PLEASE.

I write is the translator, I understand but do not express myself in English, am Spanish. but we will if the files and a debugger few words are needed.


xpsuport.dll have begun saying the 3 trainers were the same files, neither the things you teach in the pictures. the trainer there is nothing strange, does that leave us?

initially seemed to understand me when I begin to provide evidence that you no longer seems interested.

no more post, please wait for Joe.

Traziz
26-06-2011, 18:09
Here is something you can easily do in olly.

Open up xpsupport.dll

Goto offset 0006A462

Scroll down a bit, with strings showing, why is llsass there?

cocodrilo
26-06-2011, 18:12
no, xpsupport is the same, look at md5sum results is THE SAME FILE. xpsupport.dll is te dbghelp.dll from original windows.... please wait for joe or empire verification ;).

No result in olly, no results in IDA. ¿is the same md5? please upload the binary :). no more posts.

Look in your uploaded image:

http://img28.imageshack.us/img28/1997/filelistproperties.jpg

repeat: xpsuport.dll is the original dbghelp.dll... from windows.


Open up xpsupport.dll

Goto offset 0006A462

Scroll down a bit, with strings showing, why is llsass there?


in the offset the string is lsass and lsass.exe ORIGINAL PROCESS. LEARN yor "EXTRA L" http://www.flipcode.com/archives/Advanced_String_Techniques_in_C-Part_I_Unicode.shtml

or in this page:

http://docs.wxwidgets.org/2.8/wx_unicode.html

L evil jajajaja, I do not express myself in English because I am Spanish. But your level of programming, do not get into more conversations.

Desu[Shield]
26-06-2011, 18:59
You see the problem with you providing counter evidence cocodrilo is that you cannot be trusted to give unbiased results. That is why a 3rd person is needed to examine the code such as Joe with the source given in secret (and I know that the source comes from a clean file and Joe is smart enough to know if such a source is invalid).

This way, the evidence is 100% unbiased and conclusive. Afterall, if you have nothing to hide, you shouldn't have any objections. Any defense you put up is simply coming from pride (which isn't worth a whole lot).

cocodrilo
26-06-2011, 19:20
I've tried it with files form sicheats and GCW, all clean. If you do not understand the evil "L" jajajajaj please read the previous post.

You can test it, there are files. download and analyze it.

to understand the "evil L" lol:

http://photo.goodreads.com/books/1179634272l/939194.jpg

Desu[Shield]
26-06-2011, 19:37
From what I'm understanding is that the source being analyzed now is post #54 (made by you) in this thread [on page 4] which you claim to be clean. The guy says it contains malicious content while you doesn't.
Consider it a best 2 of 3 where the 3rd analysis is being performed by someone other than you. Don't worry, the results will come in.

BTW don't try the "engrish" defense with me. I come from Japan. I've heard almost every dialect of broken English known to man so I know when someone is using it to play dumb.

cocodrilo
26-06-2011, 19:48
my English is the translator of google. I want more than anyone an analysis, I have no hurry. but I want to take away the reason with evidence, so far everything I've said I hope someone with experience can verify.

the files are not mine, I do not usually do trainers. But I can provide analysis of files without problems. who can not express myself in English does not mean it does not turn on a computer, here are computers, colleges, universities etc, there are not only bulls.

I do not want to learn English, never a subject. I understand it, but I do not write because I need it :).

are you well neo7?

Desu[Shield]
26-06-2011, 20:00
The T1 logo (which is a professional StarCraft team) should've told you who I am from the start actually (if you played Brood War then you might know this is one of the handles I use in games). I'm quite well thank you. How about you?

cocodrilo
26-06-2011, 20:04
I do not usually play a lot :). I well trying to clarify things with words as it should be. thank you very much for your interest.

Desu[Shield]
26-06-2011, 20:35
I'm actually more neutral than you think. I tend to focus on online gaming rather than use trainers (plus the communities are less violent like the ones between CHU and SICheats). I chose web administration and development over assembly and C++ though.

So as someone sitting form the sidelines it looks like this:
We both know that both sides are pointing at each other making claims that don't match. I can't tell who's telling the truth and who's lying due to lack of a real technical explanation. That is why we need some 3rd party person who's never heard of this "trainer site war" to analyze and post a complete analysis. That's the only way to get to the truth.

The main reason for the topic on my personal website was not to take sides but how shocked and appalled I was at the way you manage your site. The main problem with the administration there is the language barrier. You only speak Spanish fluently but your targetting an English audience. It's why it's recommended that you learn English at a more fluent level (or completely switch your site to Spanish only - This option may even give you the advantage of keeping forum invasions out). I blow things out of proportion in hopes that you can see how you're being viewed by someone who speaks English natively (yes it is how you're viewed by a large chunk of users that are not CHU members at all).

I'll tell you what. If I'm wrong about you then I'll take that one topic down and replace it with a public appology and show you which account is mine on sicheats and you can do whatever you want with it.

TwwIX
26-06-2011, 21:26
Whether the trainers contain harmful files or not is irrelevant. People do not want to play games with DRM, let alone use trainers that enforce it. Why is that so fucking hard to comprehend?

cocodrilo
26-06-2011, 22:12
Desu[Shield]:


I am also very neutral, I see what they do and why to publish personal data among other things I dislike. when we can talk and show things and reach a solution without further discussion.

it is clear that we need a neutral person, but I know that in 5 minutes you can verify everything is exposed here and though you put here will know it's true.

I understand what you say and you're right. when I get sicheats was in Spanish, but later changed and is now in English, that is up to the owner of the site.

I say the same. if I prove with evidence that is true what they say I rectify this forum and never again to speak on the subject. joe will be able to fix my apology if I show that everything they say is true.

You share many points of view, the language issue for example. as I said to Joe, I'm not here to build more mess on the "war" absurd, just to prove that they are confused.

Nice talking to you.

TwwIX:


Whether the trainers contain harmful files or not is irrelevant.


No, this is not irrelevant, at least for me.


People do not want to play games with DRM, let alone use trainers that enforce it. Why is that so fucking hard to comprehend?


know and understand you, if you can give us a better solution to verify that the trainers are downloaded from secure sites I am willing to listen.

There are more options, no one forces you to use the trainers. if you do not like the option, not downloaded.

Joe Forster/STA
27-06-2011, 04:52
I downloaded h4x0r's Alice: Madness Returns, Fable 3 and F.E.A.R. 3 trainers, both from Sicheats and GCW. The files in the packages for the same game are identical, except an extra promo video in one of them. Conclusion: There is no difference whether you download h4x0r's trainers from Sicheats or GCW. (Apparently, Empire's manual upload filtering works fine.)

I've checked xpsupport.dll, too, which is the same in all packages. It is, actually, identical to dbghelp.dll version 6.12, which can be downloaded along with the latest Windows SDK 7.1. Note that it contains digital signatures so it cannot be faked or tampered without anyone noticing. Conclusion: The xpsupport.dll's analyzed above are fakes.

Final conclusion: Traziz, you get one, I repeat, one more chance to prove that you're not a Cheathappens agent. A few questions for you to answer:
1. Where are the trainer packages that you (allegedly) downloaded from Sicheats and GCW? Give us the original download URL's (probably, a file sharing site that Sicheats supposedly links to) and attach them to your post.
2. How is it possible that we not only cannot find in xpsupport.dll any of the suspicious strings you reported but it turned out be (a copy of a given version of) a Windows system DLL?
3. Which trainer is supposed to create the "vcl3test.dll" file and where? The Alice: Madness Returns trainer doesn't create one.
4. Which trainers access what registry entries and how (read/write)?
5. Which trainers create what files and what do those files contain? Attach them.
(If you can use a disassembler, I'm sure you can also use Sysinternals' ProcMon to create a trace.)

As I already mentioned to Empire and TippeX, I think we're experiencing the latest - and more elaborate than ever before - attack against Sicheats on/via our forum.

Maxgrilo
27-06-2011, 05:11
So, let me get this straight, now it's CHEATHAPPENS that secretly went to h4x0r's house and made him add the DRM to his trainers, is that correct Joe?

Forget all this malware back and forth for a minute and look at the REAL ISSUE HERE -- the DRM.

Apparently by the lack of any comment from GCW admins, this is perfectly fine behavior for files being uploaded to GAME COPY WORLD. Maybe soon we'll start seeing UNCRACKED exe's being added to the site as well.

TippeX
27-06-2011, 05:15
no , what joe is saying is that he suspects that the trainers are being modified and malicious content added... the drm and this are two totally different issues...

Joe Forster/STA
27-06-2011, 05:18
REAL ISSUE HERE -- the DRM. Apparently by the lack of any comment from GCW admins, this is perfectly fine behavior for files being uploaded to GAME COPY WORLD.

Which word of "Empire has a real life" don't you understand?! (He hasn't replied even to my posts in the private moderator forum!)

The DRM has everything to do with Cheathappens as it's supposed to be some kind of protection, although we still don't know for sure whether h4x0r's or his users' protection.

TippeX, how the hell do I "goto" in OllyDbg? I can't find anything other than code at offset 0006A462 in xpsupport.dll. Perhaps, a plain file offset would be preferred. I found "lsass" in ANSI at file offset 0000686A and in Unicode at 00007854 and 00007868, nothing else...

Traziz
27-06-2011, 07:34
Use W32Dasm if it makes it easier for you. Since it seems you can't fully use Olly correctly to show Data/String references.

And no I didn't use any amended xpsupport files, I used files from 3 seperate sources, one from sicheats (alice trainer), one from a link here given by cocodrila (fear 3) and one on GCW (fable 3).

I opened up in W32Dasm (xpsupport.dll) and was looking through the strings since people have been talking about the new DRM, just to check and I came across the 2 llsass instances (not lsass which is a legit Windows Logon binary). Then I also checked more into the trainers themselves, I had to unwrap them first, but then noticed the string references to vcltest3.dll, the uploading.com link. As provided by the screenshots.

Are you telling me you can't use Olly to find a simple string reference at all? Did you even try to look? From what I have seen from your responses is that you are more prepared to defend someone than be neutral and look.

Bad enough to be called a liar by Mr no understand the English, and then by you by saying I used modified files...

As far as I am concerned you are more an agent for Sicheats to try to veil the truth or something and keep things hidden or obscured.

I came here to ask why these things were in the trainer and the xpsupport.dll and to get some piece of mind so I can use them if they proved to be nothing, and all I have met is hostility and accusations, fine I will set up a virtual environment and run it there and perhaps I will post the results to show what files are created, what processes are accessed and created also.

Joe Forster/STA
27-06-2011, 07:39
Read my lips: WHERE ARE THE FILES YOU ANALYZED? ATTACH THEM AND GIVE US THEIR ORIGINAL DOWNLOAD URL'S!

(I never used OllyDbg but can use W32Dasm and Hacker's View fine, thank you, no need for taunting.)

Traziz
27-06-2011, 07:46
Read my lips: WHERE ARE THE FILES YOU ANALYZED? ATTACH THEM AND GIVE US THEIR ORIGINAL DOWNLOAD URL'S!

Perhaps you should have read what I said, I downloaded the fear 3 trainer from this thread, which cocodrila posted a link to a "Clean" trainer.

And Fable 3 trainer from GCW, doesn't matter what server I use there as they all contain the same archive.

As for the trainer, I shall include the unwrapped trainer, since it seems to be minor worries from it from the vcltest3.dll and the uploading.com url use.

The xpsupport.dll is the main worry with the llsass reference and coding to produce it locally.

http://www.megaupload.com/?d=DQ9AGV1Z - alice trainer with unwrapped binary, incase you are not sure how to unwrap binaries.

That was originally got from sicheats themselves.

cocodrilo
27-06-2011, 08:05
Traziz please download IDA and look. is this your evil L?

http://img692.imageshack.us/img692/5353/evillw.jpg

in your file offset. in ida jump -> jump to file offset and COMPARE :).

Traziz
27-06-2011, 08:10
That is close to what it is, but its not referenced as L"lsass" but llsass without quotes.

Besides I cannot "Download" IDA as it is expensive software and I don't steal software.

EDIT: I see a v5 for freeware on their site I shall check it out.

cocodrilo
27-06-2011, 08:19
can you understand that W32Dasm is outdated and can misinterpret the chains. As can display strings that are not. win32dasm Windows98 I used it at puberty. please download the version that indicated dbghelp.dll joe microsoft servers and compare them.

or simply tell me that part of code that does that harms you, you're doing because they do not understand.

this screen is from pseudocode interpreter from ida, please read this:

http://msdn.microsoft.com/en-us/library/k59z8dwe(v=vs.80).aspx

and search for wchar_t PLEASE, LEARN.



Besides I cannot "Download" IDA as it is expensive software and I don't steal software.


Ok, but download ollydbg and learn how to use it.

Joe Forster/STA
27-06-2011, 08:20
1. Perhaps, you should have read what I said: ATTACH THE FILES YOU ANALYZED! Did you attach them? No. Screenshots and lots of blabla and you think anyone will believe you? You're out of your mind!

2. Perhaps, you should have read what cocodrilo said: the download at hxxp://www.multiupload.com/ID3HMZBEXK is of unknown origin and may contain malware. It is a .NET executable with the vast majority of it encoded in a base64-encoded stream. It can be determined at a glance that it has nothing to do with Sicheats whose executables are not even similar to it. So, even if you're (allegedly) good at using OllyDbg, you cannot make even the simplest observations.

3. The Alice: Madness Returns trainer you uploaded to hxxp://www.megaupload.com/?d=DQ9AGV1Z is exactly the same package as the one on GCW, only reRAR'ed without compression (wtf!). You didn't uncompress any binary at all. (Or you mix up executables with compressed archives?!)

4. Both versions of F.E.A.R. 3 trainers on GCW use the original v6.12 dbghelp.dll renamed as xpsupport.dll. So do the two Alice: Madness Returns trainers (the one on GCW and the one you linked to). Actually, even the suspicious third F.E.A.R. 3 trainer (see 2.) does, too. This dbghelp.dll obviously never contained the string "llsass".

(If anyone doesn't believe something above, please, download the files and see it for yourselves.)

Traziz, I'm fucking mad but I give you yet another chance. In case you reply, do it very, very wisely!

Traziz
27-06-2011, 08:34
1. Perhaps, you should have read what I said: ATTACH THE FILES YOU ANALYZED! Did you attach them? No. Screenshots and lots of blabla and you think anyone will believe you? You're out of your mind!

2. Perhaps, you should have read what cocodrilo said: the download at hxxp://www.multiupload.com/ID3HMZBEXK is of unknown origin and may contain malware. It is a .NET executable with the vast majority of it encoded in a base64-encoded stream. It can be determined at a glance that it has nothing to do with Sicheats whose executables are not even similar to it. So, even if you're (allegedly) good at using OllyDbg, you cannot make even the simplest observations.

3. The Alice: Madness Returns trainer you uploaded to hxxp://www.megaupload.com/?d=DQ9AGV1Z is exactly the same package as the one on GCW, only reRAR'ed without compression (wtf!). You didn't uncompress any binary at all. (Or you mix up executables with compressed archives?!)

4. Both versions of F.E.A.R. 3 trainers on GCW use the original v6.12 dbghelp.dll renamed as xpsupport.dll. So do the two Alice: Madness Returns trainers (the one on GCW and the one you linked to). Actually, even the suspicious third F.E.A.R. 3 trainer (see 2.) does, too.

(If anyone doesn't believe something above, please, download the files and see it for yourselves.)

Traziz, I'm fucking mad but I give you yet another chance. In case you reply, do it very, very wisely!

1. I did in the megaupload link.

2. "sicheats publish a clean trainers, with people reupload to other hosts binded..... PLEASE DOWNLOAD TRAINERS FROM SECURE SITES, LIKE SICHEATS OR GCW.

the link of this file is: http://www.multiupload.com/ID3HMZBEXK at te bottom in webpage post."

Are you telling me that says it is infected? He linked to the forum which was supplying the infected file then he said that (which I put in quotes above), looks like he was giving a clean file to me.

3. The alice trainer I got from SICHEATS was wrapped, never said I got from GCW. I got the fable 3 trainer from GCW.

4. That is what I was trying to say all along that it was not an amended xpsupport.dll at all and was trying to show from 3 sources that the files all contained the same coding.

Angry at me for trying to ask questions to ease myself and perhaps other peoples' minds on the trainers? Please remember Joe_Forster you attacked me and called me a liar just like cocodrila did, is this what sort of staff man these forums here? Moderators that attack users for trying to find peace of mind..

Damn sorry I came here, what a disgrace. Pffff Some help you give.

Come here and if you post anything negative about h4x0r's trainers you must be a cheathappens consort and a liar. Amazing. No wonder for the couple of days I have been here there has been little happening on the forum, just a couple of posts. Perhaps Joe_Forster has banned them all for asking wrong questions.

Go ahead ban me, I'd rather be somewhere with people who know how to treat people fairly and offer help.

Joe Forster/STA
27-06-2011, 08:51
Traziz, you are an idiot, so away with you!

1. The Megaupload link is a package that contains, to the byte level, the same files as the GCW download of the same trainer. You didn't attach anything, although I asked you many times. We're still yet to see an "infected" xpsupport.dll with the (alleged) "llsass" string.

2. Epic fail. You think it's cocodrilo's bad English that you don't understand him. Actually, you cannot read plain English either. Had you gone to the linked webpage (http://www.softsclub.com/games/978116-f-e-r-3-v1-6-00-20-1035-10-trainer.html, in case you cannot find it in the original post), which is in pretty simple English, you would've found out that the hxxp://www.multiupload.com/ID3HMZBEXK link, the one to the suspicious F.E.A.R. 3 trainer, is at its bottom. cocodrilo's reference to the Multipload link was not that this link is a genuine Sicheats trainer, it was some help with finding out the Multiupload download link at the bottom of the Softsclub webpage.

3. Again, no files attached. Yeah, this file is compressed, that file isn't; this file is encrypted, that file isn't; this file is .NET, that file is Delphi; this file is infected, that file isn't; this file contains suspicious strings, that file doesn't. But no actual files that would prove your points just plain bullshit.

4. [...] Oh, fucking great Lord in the heavens above, I finally understood what you meant. In xpsupport.dll/dbghelp.dll, at file offset 0006A487, there's a PUSH 03008468 which points to "lsass" in Unicode; at 0006A49F, PUSH 03008454 which points to "lsass.exe" also in Unicode. There are no extra L's anywhere around these strings. (And, even if there were any, this is an original Windows DLL from Micro$oft, protected by a digital signature, so how could it be infected?!) Another epic fail: you're completely unable to read code either, not even with the help of a disassembler.

From this above, it should be obvious that Traziz has absolutely no idea what he's talking about, while trying to look like an expert in assembly programming. Expert my ass! Permbanned.

Maxgrilo
27-06-2011, 08:55
Tippex: According to Joe, "The DRM has everything to do with Cheathappens" along with the current state of the global economy and the problems in the middle-east no doubt. This site's lack of caring by the admins and absense of any objectivity is truly amazing.

Go ahead and ban me too. I'll get my DRM-free files elsewhere. I'm done here. I invite others to do the same.

Joe Forster/STA
27-06-2011, 09:16
You know, the days when I reacted to name-calling have been over for years. Yes, the thread went astray but, if you take the time to read what I wrote then you'd know that, unlike people with opposite opinion, I make arguments and can show actual counterproofs to their assumptions and anyone else can check the truthfulness of what I wrote, by downloading the same files (they're still there!) and having a look at what I saw.

So the "This site's lack of caring by the admins and absense of any objectivity is truly amazing" sentence is completely false. You're making a fool out of yourself with it which is worse than becoming a martyr by getting banned so you can stay for a while...

[...] Actually, it is exactly objectivity that makes me ban people who have no idea what they're shouting around and are unable to stop their bullshit, even after several warnings. It seems, some people come here with a preconception, and they cannot be convinced otherwise, that Sicheats is nothing else than a bunch of liars distributing malware. This is their own conscience problem... but until they start spreading such rumors, without any actual proofs, in the public. Now, that is not and will never be tolerated here and the same zero tolerance should be (read: should've been) introduced in other forums, too, long, long ago. Then unfounded rumors wouldn't get farther than a few people around those interested in spreading bullshit. (In case someone didn't understand, I'm referring to Cheathappens, with their usual sly propaganda campaigns.)

tazzoun
27-06-2011, 10:50
Actually Joe, what I have witnessed in this thread is the opposite. h4x0r and his team come here stating that cheathappens has been uploading malware versions of their trainers to sites including GCW and this is the reason for the DRM, yet no one has asked them for proof of this, their word is taken at face value. However, when someone states that h4x0r might have done something himself to attack cheathappens trainers then that it when proof is demanded, and lots of it.

That's just my observation. Again, I could care less about all of this malware bullshit and really just want to know about the DRM issue, which still is not being addressed, it's just being blamed on cheathappens and dismissed.

cocodrilo
27-06-2011, 11:09
the issue of charges is more than demonstrated that the user in question was lying for some unknown reason.

no one accused anyone of raising false trainers, only gave a link to a page where they do.

as already a fact, if anyone has any proof of anything illegal in some haxor trainer you upload files and together come to a conclusion.

on the subject of DRM, if it sucks ... but right now there is the solution. There is an easy solution, if you do not like please not download trainers of sicheats. easy solution to easy problem.

Note that you can not force to release the trainers as you want, if you do not like the measure does not download them. make your own trainers.

Joe Forster/STA
27-06-2011, 16:00
During the whole Cheathappens vs. h4x0r war, we kept requesting proofs. Cheathappens stated that h4x0r is ripping off their trainers but were unable to present actual proofs, just kept smearing the "facts". We requested files for inspection, none were given. We requested download URL's for files for inspection, none were given. After one year, we received from Cheathappens a trainer, supposedly by h4x0r, as "proof" that turned out to be fake - by whom could it have been other than Cheathappens themselves? That was the final point where we decided we're not going to help Cheathappens in any way, whether or not their initial claim was true.

Some months later a third party called our attention to a document that turned out to be Cheathappens' file on h4x0r, with listings of code fragments from trainers of both parties, showing more than similarities. (Please, note that we still had no actual files for our own inspection!) Cheathappens' claimed they sent this document to us at the beginning of the war, which is not true. Whether they simply forgot to share it with us or this was intentional, we have no idea but it was too late anyway because our decision to not support Cheathappens for any reason was already made.

At the end, we're still here with a document that we didn't receive in time, an intentionally faked "proof" and megatons of quasi-facts and assumptions, supported by nothing else than just a document. I can write a document about anything, I repeat, anything. As the document is quite comprehensive and well-written, we assume, I repeat, assume that Cheathappens was right: h4x0r did rip off several trainers of theirs. However, there are still no actual proofs because the trainers that were analyzed to create the document weren't attached. (And, even if they were attached, the question could arise: okay, but couldn't some of them have been modified or faked, just like the fake proof sent to us before?!) The same happens here. Rumors, assumptions, accusations, and all without any kind of substantial proof. What "proof" is there is bullshit - if you don't believe me, go download the files, read what I wrote and check it out yourself.

Several trainers in h4x0r's name were uploaded to GCW, some even published before we were told about them. This has never happenned before so who could it have been if not Cheathappens or their friends? It is my assumption that this DRM was also an answer to Cheathappens' constant attacks. I have no proofs for this but, had you read our detailed announcements, you'd know that Cheathappens is capable of doing anything, I repeat, anything. I don't quite understand how you make conclusions so easily and so fast, without as deep background knowledge as e.g. I have. (And, no, you don't have to be me, you "only" should read our announcements.)

As for the DRM in itself, I don't like it and I strongly suggested h4x0r to remove it as soon as possible. However, it's his life, I cannot force him to make up his mind. As for whether GCW will or won't host Sicheats trainers, beause of the DRM, is solely up to Empire, I repeat, solely up to Empire, who has a real life and doesn't visit this forum every minute but is away sometimes even for days. That you people are so impatient and keep demanding answers makes me impatient, too. I won't let injustice remain unpunished but if you want us to punish Sicheats in whatever way we can then, by this, you also accept that you'll be punished if your accusations turn out be false. (Does the word "perjury" ring a bell?) I think this is the only fair way: whoever lies will not get away with it - at least, not here.

Now, since this thread, within a few days and pages, still hasn't managed to show a single proof about (genuine!) Sicheats trainers spreading malware, I'm more and more certain that this whole shit is nothing else than yet another propaganda campaign, started by whom else than Cheathappens, and lots of people fall for it because they are either unable (newbies like Traziz) or unwilling (Cheathappens' friends and their friends and their friends and... etc.) to verify the "facts" the rumors are about. Therefore, from now on, people making assumptions without actual proofs that can be verified by anyone (attach files, include download URL's, describe a guide on how to find the malware), I repeat, anyone, will be banned on sight because I've had enough of unfounded accusations! (I now understand that my greatest mistake here was letting this thread to continue farther than the first few posts at which I was already suspicious.)

tazzoun, if you claim something and want me to accept it and act accordingly, it's fine, but then you should've already started your request with presenting the proofs. You want something from me? Good, tell me why I should do anything for you. Got that? Have you given me any proof that could be verified by us and, thus, supports your claims? No. You wrote that the F.E.A.R. 3 trainer of h4x0r:
1. Needs authentication. Verifiable and true. Consequently, noone questioned this statement.
2. Contains malware, scans memory and hard disk, searches for "cheathappens", infects/damages whatever it finds. Verifiable but all samples so far support false and we received neither (other) samples nor more detailed descriptions of the malicious behavior from you.
3. You cannot use h4x0r's newest trainers from GCW until you get a personalized key for it. Verifiable and true. However, let me add that, interestingly, you cannot use no-CD patches from GCW either without actually having the game that you're supposed to buy - preferably beforehands. Also, you cannot play games - or can only play in demo mode - you downloaded from Steam or whatever "digital download" service before registering and buying a license. Now, should GCW and Steam etc. remove all downloads because they can't be used as such?!

Not only I requested actual files for my own inspection from you, and several times at that, in vain, I answered all your claims, still you can't or don't want to accept them. Have you heeded my requests? Nope, none of them. Have you uploaded the (allegedly) infected trainer? No, just keep talking about it. Have you explained how and where the trainer is supposed to search for what and does what upon finding it? No, just "memory" and "hard disk" and "cheathappens" and "attaches viral signature" and "hidden process" and "does nice things", nothing concrete. Then what the fuck do you expect from me/us?! Have you made at all observations or haven't you? I have to say you haven't because you were unable to say anything other than just vague assumptions. If you can't make observations because you don't savvy this particular field then let me ask: how dare you question the inspection results of someone who does savvy?!

Traziz also kept pouring the general bullshit but was unable to show actual files. And this went on for like a dozen post. When he managed to present something, it was an obvious fake as its major difference from the usual outlook of Sicheats trainers was determined at a glance so either he tried to fool me or he was helping someone who tried to fool me. Either way, when I got fed up with his blabla, he got permbanned. Why was I trying to find out what he's trying to say when we wouldn't utter it? And the question remains: A) was he this dumb or B) was this just an orchestrated show, trying to fool us as well as the public? With most probably Cheathappens in the background, I'd vote for B).

During the whole Cheathappens vs. h4x0r war on our forum, 1) Cheathappens was unable to show proofs and 2) started a campaign against us because we wouldn't comply with their requests, sent us a fake proof and even (allegedly) hacked our site. (You can read about all this.) From this, you can conclude, that 1) h4x0r may or may not be a code thief (no proof) but 2) Cheathappens is definitely a bunch of arrogant, unscrupulous guys who won't hesitate to resort to immoral and, sometimes, even illegal measures to "persuade" others into believing what they say or to discredit their opponents and make the public turn away from them (lots of proofs).

Their "only" bad luck is that, in us, they finally met an opponent that is much harder to break (let's not use "persuade" as that would be a major euphemism) than others so far. I'm not surprised that people didn't understand if and how this is possible and thought that Cheathappens, "as always", was right this time, too, and the opponent, "as always", wasn't, even after 1) actually disproving some of what Cheathappens stated, 2) showing that some proofs do not prove the claims that they were supposed to prove (an overdone example: "Earth is round" does not prove that "today is a rainy day") and 3) listing all the rest as unverifiable, due to lack of more detailed information and/or actual, genuine, 100% original, unmodified files. But that's their problem, not ours. We still go to bed every night without conscience problems because did not let ourselves be fooled by ever bolder lies.

So, tazzoun, do you have anything concrete for me? (Don't you know what I'd like to get? Then go read back my previous replies to you: they are in plain, simple English.) If you do, now is the time to present them. If you don't, you're just blabbering around and questioning the findings of someone who did delve into the code. But let me remind you, the latter I won't tolerate because it's remarkably close to one of Cheathappens' weapons of mass destruction: discrediting the opponent. And, if you don't agree with something I said, fine, argue then, explain why (you think) I am wrong, and I'll answer but saying "you don't want to do anything about it" etc. is very far from enough, it only shows your ignorance, not mine.

darkedone02
27-06-2011, 17:58
What a "guild" war we have here in one "hub", battling each other like a cold war, showing both "fakes" and "real" "Products" to see which one is better then the other, perhaps? Deception is always on the shadows, but some are caught by the "hub polices", penalizing both the "Agent" and the "Trader". The End is still yet undetermined, will one win "support" or will the "hub" barred the "Traders" from the "hub"?

dabhandisback
27-06-2011, 18:02
i didnt plan a comeback but i cant stand the major stupidity here anymore. joe, you wanted an actual, verifiable proof? here is one for you. http://www.megaupload.com/?d=S1SQP6BC.

this is the fear3 trainer i downloaded from sicheats an hour ago. when it exits it leaves a background process called "chsuxx.exe" behind which searches for executables on c: containing "cheathappens" and changes their "This program cannot be run in DOS mode." stub to "Cheathappens sucks!!!". you can clearly see the code responsible for this starting at offset 000782be in the main executable. btw both the exe and the dll already have the stub replaced. how pathetic.

i also found the "llsass" string Traziz referred to in the dll. how you joe managed to miss it i have no idea. well, on a second though i actually do. :)

i havent found the other references _yet_ but its only a matter of time and my mates here at ch are also working on it. you can ban me and you can delete this post if you like but the truth is already out there. bad luck for you i guess... ;)

Joe Forster/STA
27-06-2011, 18:11
DABhand, you've been banned for a reason back then so don't bother to come back. I won't waste my time with checking out anything that you provide, because I know for sure it's just some kind of fake shit, so whatever you uploaded, I don't care about it. Now, away with you but the post stays as a memento for your stupidity!

cocodrilo.
27-06-2011, 18:33
dabhand you are liar. this is not real sicheats trainer, you modified it. nothing more to say.

Geri
27-06-2011, 23:02
i didnt plan a comeback but i cant stand the major stupidity here anymore. joe, you wanted an actual, verifiable proof? here is one for you. http://www.megaupload.com/?d=S1SQP6BC.

this is the fear3 trainer i downloaded from sicheats an hour ago. when it exits it leaves a background process called "chsuxx.exe" behind which searches for executables on c: containing "cheathappens" and changes their "This program cannot be run in DOS mode." stub to "Cheathappens sucks!!!". you can clearly see the code responsible for this starting at offset 000782be in the main executable. btw both the exe and the dll already have the stub replaced. how pathetic.

i also found the "llsass" string Traziz referred to in the dll. how you joe managed to miss it i have no idea. well, on a second though i actually do. :)

i havent found the other references _yet_ but its only a matter of time and my mates here at ch are also working on it. you can ban me and you can delete this post if you like but the truth is already out there. bad luck for you i guess... ;)

I rarely visit this forum at all but today I have checked on this and this topic is the most epic conspiracy ever.

1. Traziz is an idiot, there is no LLSASS reference at all and on the address that he said, there is an LSASS reference. Nothing is wrong with that. The dbghelp.dll file is needed because the old file in XP is not working with some games and it would shut down the trainer immediately.

2. There is nothing running in the background, doing anything with CH trainers. Complete bullshit.

And then, when you would think ok, it is done, it is a lie and end of the story, here is this post from dabhandisback which is full of fake info, not to mention that the uploaded file is not even the trainer. Haha. Is he related to CH at all or just a random troll? Why would CH post obviously fake info about something when this just makes them even more suspicious?

Like a professional drama, full of twists, lies, evil mischiefs everywhere. I hope this is the kind of drama where everyone dies at the end (go Hamlet go!).

Ronburi
28-06-2011, 05:03
whats funny is that there is a nice big notice on h4x0r's website that says:

"Hi SiCheats Members!

We Recommend downloading Trainers only on our Site.If you Download Our Trainer on other Sites and you have Problems with one of our Trainer we not Support this.

Download our Trainer on other Sites can be not good.

Downloading our Trainer on other Sites can be have a contain troyans, virus, keyloggers or others."

So h4x0r is basically telling people not to download his trainers from GCW or anywhere else, yet GCW continues to post them despite this AND the new DRM. That's some major h4x0r love right there.

Joe Forster/STA
28-06-2011, 05:18
So h4x0r is basically telling people not to download his trainers from GCW or anywhere else

That he personally uploads his trainers to GCW is probably something he forgot (to add).

yet GCW continues to post them despite this AND the new DRM. That's some major h4x0r love right there.

Which word of "Empire has a real life and is away from the forum for sometimes even days" don't you understand? He'll make his choice and announce it whenever he has time to. We, moderators, have no access to the machinery behind either GCW or this forum so we can only make guesses and give him suggestions, nothing more.

And then, when you would think ok, it is done, it is a lie and end of the story, here is this post from dabhandisback which is full of fake info, not to mention that the uploaded file is not even the trainer.

I'm sorry but I'm not willing to even download that shit he uploaded. Would you care to give some more explanation about why the info is fake and how come the upload is not the trainer? Thanks!

[...] I just found out that there's a moderator on Cheathappens' forum called Neo7 who has the very same signature ("A Limited-area amalgamated alternate timespace with non-corrosive tendencies is independently occurring in restricted mode within this room.") as Desu[Shield] in this thread. This cannot be a coincidence so the two persons must be the same, which makes Desu[Shield]'s neutrality in this matter questionable, to put it very mildly. You can check out this thread at the Cheathappens forum: http://www.cheathappens.com/show_board2.asp?headID=107232&titleID=14183 . And, by the way, can you notice the complete lack of concrete information about how h4x0r's trainers are supposed to execute this or that malicious operation, if there's any at all?

Desu[Shield]
28-06-2011, 06:53
I never suggested that I was going to analyze such a file. I'm a web developer, not a trainer developer. Though thanks for the accusation like tone, really appreciate it. Though if you were actually paying attention to posts as you should as a moderator, you would've seen crocodrilo addressed me by my name and I never denied it in this thread (and even offered an explaination for this name which I'll do in full detail in the paragraph below).

Desu[Shield] is one of the handles I use in the game StarCraft Brood War. It came after I used to hang out in the Korean semi-pro clan Shield where I was given a test game after which I was allowed to be part of Shield.

Attention to detail is fine-tuned in all the wrong places eh? BTW the quote comes from the Haruhi anime and is a rather popular one.

Geri
28-06-2011, 06:53
Would you care to give some more explanation about why the info is fake and how come the upload is not the trainer?

The uploaded file is:
NVIDIA Control Panel Application, 3.6.750.0

It really is. It is just renamed to F.E.A.R. 3 v15.20.0992 + 10 Trainer.exe
Since I didn't notice that h4x0r is disguising his trainers as NVIDIA control panels and changing the brightness or gamma cannot be considered as a real cheat, I assume this has nothing to do with a trainer. :)
From that point, it is not hard to assume that the whole post is random trolling. Of course I didn't bother to see if this fake file is really doing anything with anything as it is not relevant anymore.

Besides, the h4x0r trainers did not contain the LLSASS reference (as it was to be expected) and they do nothing with CH files. I copied some older free CH trainer files to C:\, copied them next to the h4x0r trainer, I was also running the h4x0r trainer and the CH trainer at the same time, but nothing happened at all. And obviously, there is no "chsuxx.exe" and the "This program cannot be run in DOS mode." stub in the trainers are unchanged (as the whole file is also unchanged).

So dabhandisback is trolling with you, haha. His file is obviously not containing any evidence and the original trainer is not doing anything at all. And when I say nothing at all, I mean including that the v16 trainer is not running without authentication and if I close the program, I get an error message... (Division by zero) and I have to shut down the shit from the task manager. It is not malicious, but wtf? You can consider this as a bugreport.

I myself came to the conclusion that this whole topic is just plain trolling and whoever started these accusation are h4x0r haters. I don't have a clue about who is dabhandisback (I don't even know the real DABHand) but I remember that Caliber has mentioned this FEAR3 thing too, so I assume the trolls are CH agents.

I wouldn't trust any of these guys as the war has raged for so long, I am surprised that "weapons of mass destruction" were not included so far. I would say give them 1 nuke per faction and see which faction is firing it first.

Unless someone can point out where are these malicious codes in the ORIGINAL trainer that I have, I say this is +1 for h4x0r in the scoring. No. Sorry. It is not +1 for h4x0r because he has done nothing to gain that point. It is better to say h4x0r unchanged, -1 for CH for the lies. As for what are the current scores, I don't have a fuckin clue because this is the first time that I have ever bothered to look into such shit at all. I believe they have all lost any credit that they had in the past with their actions.

War... war never changes.

Joe Forster/STA
28-06-2011, 08:01
Geri, thanks for your analyzation report, I'll, perhaps, download and check out that file myself later. In hte meantime, Maxgrilo, tazzoun, cocodrilo, any comments on Geri's results? Is dabhandisback's upload anything similar to what you reported? (Well, it's too late to ask Traziz, I guess. :))

;394920']Though thanks for the accusation like tone, really appreciate it.

For me, the timing and this weird signature, that I've never seen before, makes it very unlikely that you're a person different than Neo7, a moderator on Cheathappens forum. On the other hand, I also find it strange that someone who wants to remain incognito would be stupid enough to use his signature on this forum, too, but, you see, if you've lived through the Cheathappens vs. h4x0r war like we, FileForums staff, did then you'd know that no level of paranoia is insane in this case. That you fell prey to this accusation is unfortunate but people need to know about everything so that they can make their own deductions/decisions with the greatest amount of verifiable (!) information possible.

Apparently, those people who have registered on our forum a few days/weeks ago can be anyone, I repeat, anyone: Cheathappens staff and agents, Sicheats staff and agents who do speak English properly, even the president of BSA (http://en.wikipedia.org/wiki/Business_Software_Alliance) one of whose favorite passtimes is stirring shit on forums he doesn't like. Do you understand this? Haven't you seen forums without any kind of moderation where there's less and less discussion that is more than plain flame wars, which contain not much more than name-calling and quasi-arguments from the whole family of "argumentum ad [...] (http://en.wikipedia.org/wiki/Logical_fallacy)" (ad verecundiam, ad hominem, you name it), and not only you have no idea who these people, flaming each other, really are but there are rumors around that some forum members are, actually, staff who stir shit intentionally to keep the "discussion" alive, attract visitors and make money via advertisements?

Without a background on this forum that would've shown a deeper insight into their personality, beliefs, expertise etc., there's absolutely no way of telling whether or not people really are who they say they are. (At least, I know that I am who I say I am and there surely are people who know that I usually think before I speak because I have a decade of history on this forum as a verifiable (!) proof.) Is that insane paranoia? Oh, yeah, in most cases but not related to this topic! I understand that people don't understand this paranoia, because they never experienced such a situation, but, then again, it's their problem, not ours.

I admit, the worst part in all this is that you can hardly show anything that would undeniably (!) prove that you're not the same person as Neo7 on the Cheathappens forum. Well, this is an inherent major problem with new forum members and whatever you achieved on some other forum does not have much weight, if any at all, as that person on that other forum may or may not also be you. And, sorry, I have no software that would analyze posts and show how likely it is that the two persons are the same, according to their style, wording, grammar, punctuation etc.

You know, some of the greatest differences between Cheathappens and us is that 1) we don't troll on their forum and 2) we don't ban on sight people who have different ideas or who complain about what we do (if they have sensible arguments, that is!!!). They do both. Along these lines, I'm willing to believe that you are who you say you are (and are not). Any comments on this above?

TwwIX
28-06-2011, 08:48
know and understand you, if you can give us a better solution to verify that the trainers are downloaded from secure sites I am willing to listen.

I download your trainers directly from your site. Are you telling me that those uploads aren't secure?

If you are referring to websites like this, then it's simple. The people who are running this site need to stop allowing everybody and their grandmother to upload stuff to this site. If you are not an actual content provider, you should not be allowed to upload anything at all.

Joe Forster/STA
28-06-2011, 08:54
The people who are running this site need to stop allowing everybody and their grandmother to upload stuff to this site.

Which word of "Empire personally checks h4x0r's trainers, accepting them only from him" don't you understand?

If you are not an actual content provider, you should not be allowed to upload anything at all.

I see. And how exactly do you suggest to solve in general the task of checking whether the uploader is also the author of whatever he uploads? What is your suggestion about handling in the future the current situation when (supposedly) benevolent people upload all kinds of good trainers they found on their favorite trainer sites? Furthermore, should this be generalized to all kinds of uploads? If so, how are we supposed to ask all cracker groups to, please, upload their own cracks themselves?

Or you're just blabbering without any prior consideration of further details...?

Geri
28-06-2011, 09:02
Geri, thanks for your analyzation report, I'll, perhaps, download and check out that file myself later.

There is no need to say thanks because I have looked into it only to form my own opinion, not to help out any factions in their battle. I still say people should form their own opinion and take a look for it themselves. It wasn't an analyzation report, just sharing what do I think about the whole mess. I will trust no one in this matter just my own observations.

cocodrilo
28-06-2011, 11:44
So h4x0r is basically telling people not to download his trainers from GCW or anywhere else, yet GCW continues to post them despite this AND the new DRM. That's some major h4x0r love right there.

GCW is a secure site, read entire thread GCW uploads te same file of sicheats :).

Phucker
28-06-2011, 23:19
This is DAB, I can tell you right now I don't know who that is up there or why they used my name.

But I will find out.

I must admit that other guy made some interesting points, what is with that www.uploading.com addy? And why is there registry API's being called from the trainer?

I dunno why Jose has gone to lengths to have a DRM, seems strange, he isn't selling anything, he isn't going to pre anything (wouldn't get pre'd with DRM involved anyway), not much to protect from, just going to annoy people with having to do multiple steps to run a free trainer.

But anyways, again dunno who that was trying to be me, hopefully it aint you Joe as that would be kinda childish to do so.

As for coming back here to kick up a fuss, wouldn't waste my time to be honest, I talked to TippeX when he PM'd me (well I think it was TippeX) and he knows what I said to him. And I am sure he can assure you that I was in a "Can't be arsed" mood.

Like I said to him I am sure Jose isn't stealing code anymore since he seems to have a following I think that may possibly do it for him now, you can only go so far with pointers you know, but he is digging his own grave with those over bloated all over the crap built trainers. But that is his decision.

Also as for your "attack" Joe when you thought whoever that was who used my name was me, just remember your nothing special either, just because your on a warez "email list from last century" and did a few apps does not make you any better than anyone else. Remember that.

cocodrilo
29-06-2011, 02:19
I must admit that other guy made some interesting points, what is with that www.uploading.com addy? And why is there registry API's being called from the trainer?


please compile any program (two lines) with borland delphi, and compare it :).

Like I said to him I am sure Jose isn't stealing code anymore since he seems to have a following I think that may possibly do it for him now, you can only go so far with pointers you know, but he is digging his own grave with those over bloated all over the crap built trainers. But that is his decision.


please show proof to demonstrate that jose stolen code. No one has published any to verify it in public. logically need a reliable test to know which software was published before.

if the file you submit is not hosted on jose servers, I guess we will have some verifiable document as the file that you offer was compiled by jose and hosted on their servers. with any documents I mean something like a TSA signature or similar.

thanks.

Joe Forster/STA
29-06-2011, 06:09
I see the people with vague accusations are now gone so time for a conclusion...

The careful reader may notice that there are only five people in this thread who either A) made concrete and verifiable claims, with links to the actual files to be verified or B) showed concrete and verifiable counterproofs to them:
- Traziz's had a few claims with screenshots.
- crocodilo had a few explanations against the claims of others.
- dabhandisback repeated some of the observations by other people in the thread, but in a concrete form.
- Geri made an analysis of dabhandisback's report.
- And I counterproved everything else.

Everything else were just foggy, vague rumors, assumptions, accusations, claims that cannot be either proven or counterproven. For someone who knows, at least, the slightest about formal logic, such claims have no meaning as their truth value cannot be determined so they must be thrown away and ignored, belonging rather to the "bullshit" category. This is what we suggest the readers, too, to do.

As you can see, Geri's report is the deepest of all. The funny part is that, when he wrote it, he did not know the following: dabhandisback and cocodrilo. (notice the dot at the end of the user name) are two fake accounts of mine. I wanted to cause some confusion and see how people react to it. I'm a bit surprised that people didn't react to it at all - except for Geri who took the challenge seriously. (And no, Geri is not me; yes, we're both Hungarians; yes, I know him; no, I didn't ask him to come here and do the analysis.)

As for choosing DABhand, I think the reason should be obvious: although he's an undeniably intelligent person and helped a lot of people on this forum for years, his values are warped from the bottom up. Note that there's a pretty simple reason for this: he's working in a shop that sells games so he behaves like a game publisher would do: whenever there was the slightest suspicion that someone on this forum was trying to discuss a warezed game, he jumped on it and either started to abuse that person right away or started a cat-and-mouse chase to make that person admit by accident that, yes, he or she is using an illegal copy. (By the way, can you see a similarity between this and Cheathappens' paranoia that every single person on this planet is ripping off their work?!) For several years, he couldn't behave himself, abused a lot of people in this or some other way, acting as a moderator when he wasn't one - and, as the then active staff discussed, he would never be one either - and the only reason why he wasn't banned was because, apart from this, we found him to be a useful member of our forum. However, when he chose Cheathappens' side and went away without saying a single word, we understood that he made the choice for us. And, as you can see, after two years, the forum is still functioning fine without him, thank you very much, but a lot of forum members surely remember him. This major controversion about his person - that cannot be said about any other forum member! - was the reason for choosing him as a cover.

Now that the real DABhand knows it, he can go back to his cave along with his mates at Cheathappens... But, please, one more reaction to this: Also as for your "attack" Joe [...], just remember your nothing special either, just because you [...] did a few apps does not make you any better than anyone else. Remember that. This "my dick is bigger than yours" game is pretty childish but let me tell you that one of my works, a major application software that I've been coding for a decade and a half, is worth magnitudes more than all the trainers Cheathappens ever created so, please, don't make a fool out of yourself with this pathetic attempt for a taunt.

I have to admit, I'm a bit surprised that noone jumped on dabhandisback's band wagon without a second thought, though. Was it, perhaps, because most people in this thread really are Cheathappens agents and they knew right away that continuing to spread the bullshit wouldn't help anymore because their own weapon - causing a confusion, without actually telling any concrete facts that people can check - was turned back against them? Yes, the "proof" that dabhandisback uploaded is a bold lie, complete bullshit, a fake with the main executable replaced with a file of a similar size from my own PC and xpsupport.dll modified a bit to really contain the reported references to those fucking "llsass" strings (with double L at the beginning).

The major problem with most people on this thread - assuming that they are not malicious Cheathappens agents, only people fooled by them - is that they fall for all kinds of bullshit without a second thought. I'm sure they will become happy citizens of today's society full of consumer idiots - "blessed are the poor in intellect, for the kingdom of worldly properties belongs to them" - but let this forum remain a small haven without them. This Cheathappens vs. h4x0r war has gone way, way too far for anyone to believe anyone so if you don't check out facts yourself then you'll be deceived in no time. With this final conclusion put so nicely and compactly by Geri:

I will trust no one in this matter just my own observations.

... this thread as well as this discussion is hereby finished.

[...] A few more things which should surprise noone anymore...

If you wan to read more of Cheathappens' bullshit, visit Cheathappens banned Romania - DEViATED Gamehacking (http://deviatedhacking.com/index.php?/topic/866-cheathappens-banned-romania/). In this thread, you can also read Geri's story about how Psych, an affiliate of Cheathappens, stole (the core of) his trainer and sold it on Cheathappens' site and Cheathappens, on this very day, still doesn't feel like saying sorry about this, pushing all responsibility back to Psych.

Also, in a separate thread, which I deleted since, Traziz asked TippeX to contact him. Also, above the real (?) DABhand, with the username Phucker, states that he was contacted by TippeX. Not only these two can hardly be a coincidence but TippeX also tells me that, according to their short correspondence, Traziz is possibly the same person as DABhand. If this is true, this means that DABhand calls my impersonation of dabhandisback childish after he has been trolling on our forum in incognito, trying to help Cheathappens by spreading their usual bullshit. Wow, now that's bold!