Sicheats (h4x0r) trainers now contain DRM but why?

[cocodrilo]

Quote:

What I did say was it forces people to goto the uploading.com url on the sly.

EVIDENCES PLEASE.

I write is the translator, I understand but do not express myself in English, am Spanish. but we will if the files and a debugger few words are needed.


xpsuport.dll have begun saying the 3 trainers were the same files, neither the things you teach in the pictures. the trainer there is nothing strange, does that leave us?

initially seemed to understand me when I begin to provide evidence that you no longer seems interested.

no more post, please wait for Joe.

[Traziz]

Here is something you can easily do in olly.

Open up xpsupport.dll

Goto offset 0006A462

Scroll down a bit, with strings showing, why is llsass there?

[cocodrilo]

no, xpsupport is the same, look at md5sum results is THE SAME FILE. xpsupport.dll is te dbghelp.dll from original windows.... please wait for joe or empire verification .

No result in olly, no results in IDA. ¿is the same md5? please upload the binary . no more posts.

Look in your uploaded image:



repeat: xpsuport.dll is the original dbghelp.dll... from windows.

Quote:

Open up xpsupport.dll

Goto offset 0006A462

Scroll down a bit, with strings showing, why is llsass there?

in the offset the string is lsass and lsass.exe ORIGINAL PROCESS. LEARN yor "EXTRA L" http://www.flipcode.com/archives/Adv..._Unicode.shtml

or in this page:

http://docs.wxwidgets.org/2.8/wx_unicode.html

L evil jajajaja, I do not express myself in English because I am Spanish. But your level of programming, do not get into more conversations.

[Desu[Shield]]

You see the problem with you providing counter evidence cocodrilo is that you cannot be trusted to give unbiased results. That is why a 3rd person is needed to examine the code such as Joe with the source given in secret (and I know that the source comes from a clean file and Joe is smart enough to know if such a source is invalid).

This way, the evidence is 100% unbiased and conclusive. Afterall, if you have nothing to hide, you shouldn't have any objections. Any defense you put up is simply coming from pride (which isn't worth a whole lot).

[cocodrilo]

I've tried it with files form sicheats and GCW, all clean. If you do not understand the evil "L" jajajajaj please read the previous post.

You can test it, there are files. download and analyze it.

to understand the "evil L" lol:

[Desu[Shield]]

From what I'm understanding is that the source being analyzed now is post #54 (made by you) in this thread [on page 4] which you claim to be clean. The guy says it contains malicious content while you doesn't.
Consider it a best 2 of 3 where the 3rd analysis is being performed by someone other than you. Don't worry, the results will come in.

BTW don't try the "engrish" defense with me. I come from Japan. I've heard almost every dialect of broken English known to man so I know when someone is using it to play dumb.

[cocodrilo]

my English is the translator of google. I want more than anyone an analysis, I have no hurry. but I want to take away the reason with evidence, so far everything I've said I hope someone with experience can verify.

the files are not mine, I do not usually do trainers. But I can provide analysis of files without problems. who can not express myself in English does not mean it does not turn on a computer, here are computers, colleges, universities etc, there are not only bulls.

I do not want to learn English, never a subject. I understand it, but I do not write because I need it .

are you well neo7?

[Desu[Shield]]

The T1 logo (which is a professional StarCraft team) should've told you who I am from the start actually (if you played Brood War then you might know this is one of the handles I use in games). I'm quite well thank you. How about you?

[cocodrilo]

I do not usually play a lot . I well trying to clarify things with words as it should be. thank you very much for your interest.

[Desu[Shield]]

I'm actually more neutral than you think. I tend to focus on online gaming rather than use trainers (plus the communities are less violent like the ones between CHU and SICheats). I chose web administration and development over assembly and C++ though.

So as someone sitting form the sidelines it looks like this:
We both know that both sides are pointing at each other making claims that don't match. I can't tell who's telling the truth and who's lying due to lack of a real technical explanation. That is why we need some 3rd party person who's never heard of this "trainer site war" to analyze and post a complete analysis. That's the only way to get to the truth.

The main reason for the topic on my personal website was not to take sides but how shocked and appalled I was at the way you manage your site. The main problem with the administration there is the language barrier. You only speak Spanish fluently but your targetting an English audience. It's why it's recommended that you learn English at a more fluent level (or completely switch your site to Spanish only - This option may even give you the advantage of keeping forum invasions out). I blow things out of proportion in hopes that you can see how you're being viewed by someone who speaks English natively (yes it is how you're viewed by a large chunk of users that are not CHU members at all).

I'll tell you what. If I'm wrong about you then I'll take that one topic down and replace it with a public appology and show you which account is mine on sicheats and you can do whatever you want with it.

[TwwIX]

Whether the trainers contain harmful files or not is irrelevant. People do not want to play games with DRM, let alone use trainers that enforce it. Why is that so fucking hard to comprehend?

[cocodrilo]

Desu[Shield]:


I am also very neutral, I see what they do and why to publish personal data among other things I dislike. when we can talk and show things and reach a solution without further discussion.

it is clear that we need a neutral person, but I know that in 5 minutes you can verify everything is exposed here and though you put here will know it's true.

I understand what you say and you're right. when I get sicheats was in Spanish, but later changed and is now in English, that is up to the owner of the site.

I say the same. if I prove with evidence that is true what they say I rectify this forum and never again to speak on the subject. joe will be able to fix my apology if I show that everything they say is true.

You share many points of view, the language issue for example. as I said to Joe, I'm not here to build more mess on the "war" absurd, just to prove that they are confused.

Nice talking to you.

TwwIX:

Quote:

Whether the trainers contain harmful files or not is irrelevant.

No, this is not irrelevant, at least for me.

Quote:

People do not want to play games with DRM, let alone use trainers that enforce it. Why is that so fucking hard to comprehend?

know and understand you, if you can give us a better solution to verify that the trainers are downloaded from secure sites I am willing to listen.

There are more options, no one forces you to use the trainers. if you do not like the option, not downloaded.

[Joe Forster/STA]

I downloaded h4x0r's Alice: Madness Returns, Fable 3 and F.E.A.R. 3 trainers, both from Sicheats and GCW. The files in the packages for the same game are identical, except an extra promo video in one of them. Conclusion: There is no difference whether you download h4x0r's trainers from Sicheats or GCW. (Apparently, Empire's manual upload filtering works fine.)

I've checked xpsupport.dll, too, which is the same in all packages. It is, actually, identical to dbghelp.dll version 6.12, which can be downloaded along with the latest Windows SDK 7.1. Note that it contains digital signatures so it cannot be faked or tampered without anyone noticing. Conclusion: The xpsupport.dll's analyzed above are fakes.

Final conclusion: Traziz, you get one, I repeat, one more chance to prove that you're not a Cheathappens agent. A few questions for you to answer:
1. Where are the trainer packages that you (allegedly) downloaded from Sicheats and GCW? Give us the original download URL's (probably, a file sharing site that Sicheats supposedly links to) and attach them to your post.
2. How is it possible that we not only cannot find in xpsupport.dll any of the suspicious strings you reported but it turned out be (a copy of a given version of) a Windows system DLL?
3. Which trainer is supposed to create the "vcl3test.dll" file and where? The Alice: Madness Returns trainer doesn't create one.
4. Which trainers access what registry entries and how (read/write)?
5. Which trainers create what files and what do those files contain? Attach them.
(If you can use a disassembler, I'm sure you can also use Sysinternals' ProcMon to create a trace.)

As I already mentioned to Empire and TippeX, I think we're experiencing the latest - and more elaborate than ever before - attack against Sicheats on/via our forum.

[Maxgrilo]

So, let me get this straight, now it's CHEATHAPPENS that secretly went to h4x0r's house and made him add the DRM to his trainers, is that correct Joe?

Forget all this malware back and forth for a minute and look at the REAL ISSUE HERE -- the DRM.

Apparently by the lack of any comment from GCW admins, this is perfectly fine behavior for files being uploaded to GAME COPY WORLD. Maybe soon we'll start seeing UNCRACKED exe's being added to the site as well.

[TippeX]

no , what joe is saying is that he suspects that the trainers are being modified and malicious content added... the drm and this are two totally different issues...