Possible BLHack.dll fix

[RarwMuffinz]

Blhack.dll has been spreading at fast rates and unless badspot does something about it blhack.dll will be just as easy to obtain as a normal radon. My idea is that when blockland boots up it downloads a list of all the used dll files from the master server. After obtaining that list blockland would cross reference that list with executed dll files under blockland.exe (Yes this is possible). If blockland detects any unauthorized dll files it would return an error and close kill itself.

Yes It would be possible to redirect traffic from the master server to a local file by editing HOSTS. However if this is done then the player would not be able to play multiplayer.

Yes I know this would take a hell of alot of effort but it doesn't stop just blhack.dll it would stop all future dll injection hacks.

Please point out any issues to this workaround as they might lead to the ultimate downfall of blhack.dll

Current known checksums (SHA1)

f76dc6559533be6ffcc1cd47ada0a bbcd3d74e9c   BLhack.dll

c9bdf5aacf63d5c5615a67ad4e68a 314ed889834  Inject Hack.exe

Data rundown of BLHack.dll

Dump of file C:\Users\Rarw\Desktop\BLHack.dll

File Type: DLL

  Summary

        4000 .data
        B000 .rdata
        9000 .reloc
        1000 .rsrc
       1E000 .text

[Ad Bot]

[jonnyman5656]

nice idea there
i haven't seen anyone in game use it though, but one guy was invicnable once.

[Ipquarx]

It's not possible to check directly through the launcher, as the DLL is only injected after the main game window pops up.

There are DLL injection prevention techniques, however; most of them are easily bypassed.

[Renderman]

good idea
after seeing cca's drama this sounds like a great idea

[RarwMuffinz]

It's not possible to check directly through the launcher, as the DLL is only injected after the main game window pops up.

There are DLL injection prevention techniques, however; most of them are easily bypassed.

Bind the checking with GameConnection::OnConnect so that it checks the DLL files whenever you join a server

[Ipquarx]

Bind the checking with GameConnection::OnConnect so that it checks the DLL files whenever you join a server

Where will it check, exactly? In the blockland folder? So trivial to work around, just move the dll elsewhere.
In your documents? Well then blockland will technically qualify as malware.
Check for actual code injected into the exe? Fair enough I suppose, but I doubt baddy will spend the time to be able to write code that will get past even the most basic code injection techniques.

[RarwMuffinz]

[/quote]

Where will it check, exactly? In the blockland folder? So trivial to work around, just move the dll elsewhere.
In your documents? Well then blockland will technically qualify as malware.
Check for actual code injected into the exe? Fair enough I suppose, but I doubt baddy will spend the time to be able to write code that will get past even the most basic code injection techniques.

Read before you post please

My idea is that when blockland boots up it downloads a list of all the used dll files from the master server. After obtaining that list blockland would cross reference that list with executed dll files under blockland.exe (Yes this is possible). If blockland detects any unauthorized dll files it would return an error and close kill itself.

[Valcle]

ever heard of manual mapping?

[Lugnut]

Read before you post please

My idea is that when blockland boots up it downloads a list of all the used dll files from the master server. After obtaining that list blockland would cross reference that list with executed dll files under blockland.exe (Yes this is possible). If blockland detects any unauthorized dll files it would return an error and close kill itself.

intercept the downloaded list via a MITM attack handled by Inject Hack.exe utilizing DNS lookups and the hosts.txt file to redirect connections to auth.blockland.us to localhost, which are then handled by Inject Hack.exe, which throws "BLHack.dll" into the list

nasty anti-malware problem solved
your solution will not work.

[Valcle]

oh gosh this is like valve discussing how to improve vac all over again. It's like an arms race, somebody will always find a way to get around a block, and when the other side makes a new method for anti-cheat, the whole thing just repeats and it never ends.

[Ipquarx]

Read before you post please

I have.

The injector I just linked supports Manual Mapping; which Windows itself won't even be able to detect.

[RarwMuffinz]

I have.

The injector I just linked supports Manual Mapping; which Windows itself won't even be able to detect.

Well forget...

oh gosh this is like valve discussing how to improve vac all over again. It's like an arms race, somebody will always find a way to get around a block, and when the other side makes a new method for anti-cheat, the whole thing just repeats and it never ends.

Port and I had an argument about digital security. We concluded that there is really no completely safe digital data

[Xalos]

If your plan involves everyone in the world doing something exactly right, your plan will fail. 

Anti-malware is a tiny bandaid on a hemorrhaging wound.  The entire method by which we run computer programs is fundamentally flawed and cannot be fixed with updates, patches or security software.  The entire system needs to be torn down and rebuilt.

Relevant quote.

[RarwMuffinz]

Relevant quote.

Should we let the world hemorrhage or start putting a forgetton of those tiny band-aids on. The point is that tiny bandaid helps a bit.

[Advanced Bot]

Should we let the world hemorrhage or start putting a forgetton of those tiny band-aids on. The point is that tiny bandaid helps a bit.

It will not help at all, even if badspot tries to fix it, it will not work. You can't really make everything fully secured on both sides.