And now some correspondence with CheatHappens... (Will be updated continuously, if needed.)
2010-03-15 ~04-05 PM UTC
Quote:
|
Originally Posted by Joe Forster/STA
Hi Caliber,
I think you had ample time and definitely have the intelligence to have read our announcement thoroughly and understood it completely. It case you didn't, let me sum it up for you: after almost one year, you finally came up with actual proof that you let someone other than yourself (= us) check but this proof was fake in many details. (I still can't belive how much of a fool you took me for, with so bold and transparent modifications. Or I'm such a good actor, wow...!  ) I understand that you may have been right about some other accusations but this foolish step turned the tide completely against you - at least, in our eyes.
As we believe in the power of publicity, no, your trainer will not be removed from our forum so that everyone can follow our investigations and understand all the lies you were trying to spread around and also to base your (false) accusations about our forum on.
By the way, in case you want to threaten us with your fucking lawyers (which may only be a bluff, after all!), first make sure that all of you understand the legal consequences of intentionally falsifying evidence.
Our discussion is finished. For us, you have zero credibility, therefore, there's no point in a response from you. However, if you do want to continue the discussion, that's fine with me but 1) expect all of your messages to be published immediately but 2) don't expect us to reply to all or any of them (even in public).
On the other hand, as we're trying to still be as impartial as possible, you and your colleagues at CheatHappens should feel free to continue to help people with your trainers on our forum but no accusations, no abuse, no advertisement, and no discussion of this war as any of those will results in a ban - and, unfortunately, in your case, a permanent one at that.
Joe
Quote:
|
Originally Posted by Caliber
please remove the Cheathappens trainer I sent to you via PM that was code injected specifically for you. it wasn't intended to be posted for FREE on any site. ALL of our trainers have the same code in it, including the promos from that time. they don't need a compiled trainer that has our protections in it and we don't need it floating around FREE on the net.
let me know if you want my response to your posting.
|
|
2010-03-15 ~09 PM UTC Short answers to the one below:
1. There's no need to decompress or decrypt the CheatHappens trainer, only look at what it does with e.g. Process Monitor and/or look at its behavior. (Caliber hasn't read our announcement fully?!)
[...]
Ahhh, found it... Launch bio2-Joe_FileForums.exe. When it comes to the online authentication - which will now fail; what a surprise! -, run WinHex, open the entire memory of the process and search for the ASCII string "h4x0r". Wow, what's there at memory address 0x00A24818? Let's try to find a reference to it, by searching for "18 48 a2 00" in hex; there's one at address 0x004927F0. Now exit WinHex and the trainer, open bio2-Joe_FileForums.exe in Hacker's View, search for "f0 27 49 00" in hex and you'll find the first reference at .00407372. Look two instructions above and you'll see a reference to a string "fC*a:a\ahfa*4afxa0ara.adfa*lfal" at .004250E1. Can you see "C:\h4x0r.dll" hidden inside that string? (I haven't tried it but feel free to play around by changing the file name in parallel in both trainers and see what happens...) Caliber, next question, please! (Damn, I'm getting resentful that you're still taking me for such a fool...!
)
2. Some of h4x0r's trainers do drop h4x0r.dll, even into C:\ and even use it but not the fake one you "supplied" in the fake "h4x0r" trainer you sent to me.
3. Blablabla. With your lies, you were putting (the reputation of) our site at risk. Now you're surprised that, as we say in Hungarian, "the ice cream licked back"?
4. All of your messages are done with you representing CheatHappens. As such, they are no personal communication and should not be expected to stay private.
Again, no need to respond, we've already explained everything that needed to.
Quote:
|
Originally Posted by Caliber
i am asking again that you remove the CH trainer, joe. i didn't send those files to you or ask you to look at them, YOU ASKED FOR THEM FROM ME and they were sent to you in good faith. I could care less if you leave anything else up there, but the CH trainer link should be taken down. also,
1. you might want to point to the code in our CH trainer that is 'searching for the hax0r.dll' and then 'killing' our trainer.
2. you admit in another thread that hax0r's trainers drop .dll's, specifically this hax0r.dll. is this true or not?
3. those files were not 'falsified', they were sent as-is. if you are contacted about lawyers it will be for posting work that is ripped or placing libelous statements on your site, specifically upon the outcome of hax0r (and his ISP's) upcoming legal proceedings. however, your leaving that CH trainer there is putting our site at risk.
4. placing our PM's online is childish. grow up-
again, do you want me to respond to your posting or not?
|
2010-03-15 ~09 PM UTC h4x0r just reported that
www.sicheats.com is currently under a DDoS attack. I can't log in either; it says the server is busy. (And he's been accused of preparing a botnet attack against CheatHappens, right?) [...] Correction: I can log in but not even the list of forums appears because "the server is too busy".
2010-03-16 ~01 PM UTC Another PM... CheatHappens is sinking more and more into their spiral of lies - not understanding that the only way is down - and are obviously trying to hold onto the only detail they can possibly hold into: that a copyrighted work of theirs has been published on our site. (Sure, it was: it's part of the "backfired" proof for everyone to see.)
They do not give an acceptable answer for our results because they cannot: our results clearly show that they intentionally falsified the first and last and one and only evidence, that was asked from them for almost a year, in multiple places and tried to hide the falsifications but in completely ridiculous ways if a non-überhacker could easily find them. The rest is plain bullshit.
The most ridiculous part is that "they sent proofs to us because we requested them". What the fuck else did they expect? They made accusations on our forum. We didn't accept the accusations blindly and requested proofs. They supplied the proofs, after an incredible amount of time (preparations?!). The proofs were fake. End of the story.
I'm not
completely against removing that piece of copyrighted work but 1) only if Empire instructs me to (or he does it himself) and, 2) preferably, not within a month or two so that enough people can check it out and understand what you've been trying to do. (The word "ethic" sounds like a swear word from your mouth...)
[...] Oh, and I don't sell my own software, create in my free time, and make its source free so people cannot steal from me. (Open source software, cannot steal by definition, remember?) At work, I code (parts of) software that is given away for free as it's not our clients who pay for it but the state is. Tough luck for you, eh?
[...] Two more explanations to CheatHappens as they seem to have not grasped them yet.
I have explicitly requested (multiple times?) that download URL's be sent to us, not actual trainer packages. Why? Because a trainer package can be modifed (= falsified) between downloading the genuine one and sending the modified one to me. Four possibilities exist, concerning h4x0r's trainer in question:
1. The one on h4x0r's site ("real") is genuine as well as the one sent to us by CheatHappens ("received"). Out of question, as the two are different.
2. "Real" is genuine and "received" is fake (= falsified by CheatHappens) (our opinion). Better luck next time to CheatHappens!
3. "Real" is fake (= modified retroactively by h4x0r) and "received" is genuine. CheatHappens should've checked their source right before sending the trainer to me, searched for another trainer on h4x0r's site that is (still) malicious and sent that one to me or, if found none, accepted with pleasure that h4x0r "ceased and desisted".
4. "Real" as well as "received" are both fake. What do you really except from
us then?!
I think CheatHappens mixes up intelligence (that you're either born with or not) with skills (that can be learned; of course, faster if you're intelligent) and, therefore, thought that if I cannot understand complicated disassembly lists and explanations then I'm definitely dumb and won't be able to make simple tests with simple tools and do simple deductions for simple results.
i had no idea what you would find or if you knew your a$$ from a mem-searcher; yup, this is exactly what I'm talking about... Again, tough luck for them!
Quote:
|
Originally Posted by Caliber
since you won't tell me if you want me to respond to your big post (and you are being childish with the PM's, bragging about your 'findings, etc.), then i will make the decision for you.
after ZERO help from GCW over the last year and actual INCREASED action against us, we decided to try and thwart the ripping of our trainers by people such as hax0r and kelsat. kelsat, for the most part, cut back on his trainer releases and ripping of our work. hax0r, on the other hand, became more than just a ripper of our work, and opened up FUCK CHEATHAPPENS website, posting our trainers and the code areas that the trainers used, as well as ramping up his releases, often copying our trainer options exactly. as has been stated many times, there is NO WAY to prevent people from logging WHERE YOUR OPTIONS AFFECT THE .EXE of the game. you cannot 'hide' your redirects to code caves and etc. We had many suggestions on how to thwart hax0r, some even from FileForums members and mods. however, there is nothing to stop a person from using a debugger to log changes to the .exe and note the code areas and work back from there, tracing into the code caves or our CH .dll for exact information, etc. one of the suggestions was to try and determine if hax0r was the user of the trainer and make the trainer inoperable. after looking at his executables and several of his MP and SP trainers, we could see that 'for whatever reason' some of his trainers looked for certain .dll's and folders, likely upon creation of the trainers. so we made small function in the trainers to detect these files and then kill the trainer. this worked well for about a month or more, as his releases became mainly junk trainers for mostly sh*t titles. at some point, however, users of his trainers AND our trainers became a critical point. we were able to log the users who this was occurring with and ban certain accounts that matched patterns and etc. however, it became apparent 'what was going on' to hax0r after being banned and Hax0r began to drop these .dll's into the C: drive to purposely cause our trainers to stop functioning on machines where people had both our trainers and his. many of our paid members began to report problems after using his trainers for games, etc. when trying to use OUR trainers. If you d/l EVEN PROMOS that are still posted on GCW since probably last november or longer ago you will see that this same code is in effect. we removed this anti hax0r code most recently in our Assassin's Creed 2 trainer and trainers since then, because the aggravation to our members was outweighing the possible benefit of blocking hax0r or detecting him. at any rate, the outcome of this was that hax0r was creating .dll's into the C: drive wheras in the past his trainers did not do this. later he began to drop files into places that made absolutely NO SENSE, and after we began accusing him of dropping .dll's he began to name them other things and then ultimately he chose to use sicheats.dll and make it NOT HIDDEN and PART OF THE RELEASE, in some cases going back and re-updating his trainers to remove the other method of dropping the .dll's. so basically here was the progression:
hax0r rips trainers... we complain... we posted info.. many other trainer makers agree... gcw does nothing... postings regarding his comments at gamehacking irc channel where he admits stealing options are ignored....people send ideas on how to thwart him.. we decide to try and deactivate our trainer based on known files/dirs in hax0r's computer... this works for good while, bannings occur.. hax0r's releases drop.... hax0r begins to drop .dlls into C: drive after discovering what is going on, something he had NOT done in his trainers until that point... his releases pick back up, many mirroring our trainer options.... many of our members begin to report non-functioning trainers... we decide to use it against him and report that his .dll's are causing our trainers to not function (technically NOT a lie, and Hax0r KNEW this was going on).... some of his .dll's are placed in very suspicious places, and i have NO idea what they are doing there and what they are for...eventually the bad outweighs the good on this and we remove our hax0r checks from our trainers, starting with Assassin's Creed 2.
everything we have done up to this point (and will do in the future) has been to PROTECT OUR WORK and to FIGHT RIPPING OF OUR WORK. GCW has done nothing to help us, and in fact seems to relish in the fact that we are so angered by this. at any rate, kudos to your 'examination' of our trainers (and whomever else was 'used' to help with this). now you know the progression of this and why things were done and what for. last couple comments:
1) you and GCW are on the wrong side of this joe. when you lay your head down at night and really think about it, stealing is stealing. we have never stolen anything from hax0r, and all of our actions have been responses to HIS actions and the inaction of GCW to stop posting his work.
2) you post trainers from many people, some of whom i respect greatly. you don't see me/us bashing those people or accusing them of stealing our work, etc. think about it-
3) i didn't send a request to you regarding examining these files, you asked ME for them. you freely admit that hax0r's trainers drop these .dll's. it shouldn't matter if you use the trainers we provided or you download a promo we posted 2 months ago and use one of hax0r's trainers that drops the .dll into the c: drive, the same outcome will happen. i wasn't sitting around with files waiting to send them to you if you asked for them. we killed the trainer because you refuse to pull it down. it would have been nice to have seen you and tippex put 1.5 months of time and effort (to the point of needing recuperation!) into our complaints and the voices of others just as you did to 'uncover the truth' about .dll's being dropped (which they WERE being dropped) and them killing our trianers (which they WERE killing our trainers). i have NO IDEA what these .dll's do (and neither do you) nor any idea why he decided to start dropping them, and then not and then changing the names of them ,etc., and neither do you.
4) i have not 'hacked' accounts at file forums, DDoS attacked hax0r nor GCW, i have not posted broken trainers, nor any of the above. i don't even know how to do that stuff. i/we have, however, been the victims of alot of malfesience over the last 2-3 years. some of it has been helped along by GCW refusal to act fairly. being bashed by GCW and countless others is nothing new. quit insinuating that we are these maniac hacker kids, tampering with forum accounts and sending out DDoS attacks on websites.
5) regarding your 'skills' and your 'acting'... based on your previous inept efforts to look into things that WE brought to you, i had no idea what you would find or if you knew your a$$ from a mem-searcher. frankly i don't care. i am/was willing to try anything to get GCW to help us thwart this guy. we just killed another CH account yesterday after one of our trainers was posted on his website 'cracked'. you asked for the trainer(s) (via PM) so i sent them (trusting YOU the same). now you have a little 'history' to go along with your 'uber reversing skills'. if our effort 'backfired' then we are back to hax0r still getting his trainers released on GCW, no help from GCW to do anything about it, and alot of the members of FileForums already hate CH because our trainers aren't 'free' for 2-3 weeks. if you sided with us, then it was a win for us and all others who were getting their work ripped. our trainers and work ethic (and our tireless fight against people who steal from the site or try to harm it) is appreciated by our members and they deserve it, since they paid for it.
6) we won't stop going after him and trying to protect our work and our site. think about the whole history and progression of this, joe. you are on the wrong side of this. as you said before, people can make up their own minds who they think is the 'bad guy' here. i don't know what you do for a 'real' job but people stealing your work or claiming something theirs that is yours would not be tolerated (take it into your own occupation).
|
2010-03-17 Abusive posts are again appearing here and there, in the names of random users; the "unknown hacker" returned. Please, don't mind him as he's obviously having major mental, moral and sexual problems; his posts will be removed continuously. Hopefully, we won't have to deal with them for long, in case authors of vBulletin find a solution for closing the security hole still being exploited.