[PC] Maintenance is now complete! Thank you!
[PS4/XB1] We have identified an issue that is preventing players from obtaining achievements. We are aware of this issue, and are working to solve this as soon as possible. Being that this issue will likely require an additional maintenance, we will inform players as soon as we have scheduled this fix. Thank you for your patience and understanding!

XIGNCODE DISCUSSION!

1111214161738

Comments

  • KillerPenguinsKillerPenguins ✭✭✭✭
    Meningitis wrote: »
    RandomElin wrote: »
    Never said that xigncode3 was meant to cause blue screens. That is likely a mishap that it isn't supposed to do. Since it is a rootkit, I'm guessing its messing with the underlying OS and causing problems in some cases as a result. If it was perfect, the player base may very well have been getting their systems owned and not even noticing. Instead, it sounds like it typically at least causes performance issues. Like I said before, I don't know everything that xigncode is actually doing. Xigncode isn't the kind of program that I consider ethical.
    That raises an interesting point- are there any anti cheat programs out there that actually work that most people would consider ethical? At this point, almost every online game I play uses Xigncode3 or one of it's competitors that seem to operate in a similar manner. Even if xigncode3 functioned well, did it's job, and was secure (lol)- would you consider it necessary to give up some of your privacy to ensure a fair game for everybody? Or is there a much better way to ensure a cheat-free game that isn't so skin-crawlingly intrusive? Or do you think a game's administration should just try to catch cheaters on a case by case basis? I'd like to hear people's thoughts on that.

    I wrote a long post on this but then I edited it and it got deleted, so I'll try to be more concise.

    Even if xigncode was perfect, TERA's current cheats would still work, just in a different way - the same way they're used on consoles currently.
    En masse should approach this problem from (at least) two ways:
    1) find a way to identify cheats server-side, for instance very obvious ones like auto-loot should be easy to detect even with current tools. picking up 20 items in half a second can *rarely* happen because of packet loss, but doing it after every boss is a very clear indication that they're cheating.
    2) actually ban people, even temp bans, who are cheating. currently, there are very very few people being banned compared to the number who are obviously cheating. even a one-day ban for using an obvious hack would deter people from them. I'd suggest going fairly light on ban length (while punishing as many obvious cheaters as possible) at first, mostly because a huge amount of players are cheating right now and i'd hate to see the game actually die over something that should never have been a problem in the first place. If 1000 cheaters get banned for a day, suddenly less people will want to cheat. I know, crazy.
  • Found while browsing the steam forums
    http://wellbia.com/faq/index_en.html

    0xE019100B error occurrences
    This error code occurs from detection of program usage irrelevant to the game. If the problem consists, please contact [email protected] with your xigncode.log file attachment. We will get back to you as soon as possible.

    In your black desert folder there is a file called xigncode.log
    For me it's located: "Black Desert Online\bin64\xc\na\2\xigncode.log"

    If you send an email to them with the attached log, they will send you an email back telling you what is triggering the suspicious program alert.


    You will get an email back from them telling you what triggered it in the format:

    Hello there!
    This is an automated response from the Support team of Wellbia Co., Ltd.
    Hmm, seems like you have some troubleshooting issues with your game!
    We’re sorry for your inconvenience.
    Your xigncode.log sent to us has detected a third party program as the following;

    d:\downloads\AdwCleaner.exe (In my instance, AdwCleaner, an anti-malware tool, triggered their anti-cheat system)

    Please turn off the program mentioned for smooth gameplay, or uninstall it unless it is a must-have program.
    In addition, please scan your PC using an anti-virus program prior to game start for further check-up.
    For those who are using Windows 10 TP (Technical Preview), Microsoft is constantly making updates to improve functions and eliminate bugs. XIGNCODE3 accordingly needs updates following the frequent Windows 10 TP changes. Although your game may have XIGNCODE3 error issues during game launch, please note that we are trying our best to keep in date regarding compatibility functions for Windows 10 TP.
    If you continue to have issues, please send us an additional email with a title of your game and publisher attached with your xigncode.log for personal assistance.

    Thanks!
    Remember, we’re always here to protect you from hacks and malware!

    So it detects one of the main anti-malware programs as a problem WTF, would love to see if AdwCleaner triggers and sees xigncode as malware.
  • MeningitisMeningitis ✭✭✭✭
    snip for space
    Thanks for responding with your input! In that regard then, EME just seems horribly understaffed to deal with actually looking over things to actively ban cheaters. Either that or they just don't care about putting in the work to make sure their game runs smoothly for legitimate players.
  • Meningitis wrote: »
    RandomElin wrote: »
    Glad you asked.

    I've heard that anti-cheat software does not need to be rootkit by design. The whole rootkit issue is probably my biggest issue with xigncode. Second biggest issue is that it isn't compatible with wine, so its not like I can launch the game currently anyway. I don't know much about xigncode's competitors, but I heard that Korean anti-cheat software packages tend to be rather rootkity. Maybe there are some western anti-cheat software packages that aren't rootkits.

    My favorite anti-cheat scheme that I've heard of, though, would be the "cheat" server and "no cheat" server approach. Since cheats are allowed on the "cheat" servers they act as honeypots, attracting the cheaters to help keep the "no cheat" server low on actual cheaters. Due to the path of least resistance, cheaters should have a greater chance of being on one of the "cheat" servers since they would not need to worry about getting banned if they are playing on those servers.
    I guess where conversation comes to a standstill concerning Tera and Xigncode3 is that everyone hates it for good reasons, but no one seems to have an actual alternative to suggest. A lot of us guess that there's better ones out there but can't seem to come up with an example just yet. Maybe we should all look for alternatives, since removing xigncode3 from tera with nothing to replace it is obviously off the table for EME/BHS.

    That cheat/no cheat sever separation kinda leaves a bad taste in my mouth- especially since Tera by design pulls in players from across all servers to do group content (ims dg/battlegrounds). So to implement something like that you'd have to completely segregate the noncheat servers from the cheat ones which would probably cause Tera's small community to become more dysfunctional. Plus, a lot of people who really cheat do so to gain an edge over legitimate players. Having a blatantly labeled no cheat versus cheat server choice would lead me to think that the actual cheaters would pick the noncheat servers and try to cheat anyway since gaining an unfair advantage over legitimate players gives them their jollys. (And by "people who really cheat" I mean people who did trash like memeslashing, not people using stuff like meters. Even though it's all banned by EME since it's their game).

    Most of the problematic cheats are due to deficiencies in the server design. If Bluehole would fix the servers, this would be a non-issue. Instead, it looks like they'd rather have us install rootkits. *face palm*

    The IMS issue may or may not be relevant. It could turn out that the player base wouldn't mind about having all the servers lumped together for it. Wouldn't be any worse than what we had before the xigncode debacle. I hear the harder dungeons are typically not run via IMS, so that would also lessen the relevance of the IMS issue.

    In regard to the "cheat" servers, I wouldn't expect everyone on it to necessarily be running cheats. Its not like players on it would be required to cheat. I for one don't think I'd mind running with cheaters. Also the people who are just using cheats like DPS meters would be there. Point is, in theory, the "cheat" servers should have players for the players who cheat to gain an edge to feel superior to.

    Overall, I'm not really convinced that they even need an anti-cheat system, though. Just doesn't seem like that big of a problem to me. Definitely not a big enough problem to warrant installing a rootkit.
  • Equitas wrote: »
    It's like you people don't listen. I know it isn't likely it'll do any good for me to explain this for what feels like the hundredth time, but I'll try anyway. Literally zero people have needed to reinstall their operating system. The most likely scenario is they rendered their computer inoperable by messing around with settings and files, attempting to remove this program after succumbing to paranoia, whilst having absolutely zero clue what they're doing. Either that, or they just wiped the slate clean because they believe that's the only way to remove XIGNCODE.

    The software is reportedly causing BSOD's which can break RAIDs or cause data corruption. The increased resource requirement is causing some systems to basically [filtered] themselves. The idea that is "infecting" the OS is highly unlikely, but you can't guarantee "Literally zero people have needed to reinstall their operating system" because there is at least one reasonably probable path that could lead to this.
    Equitas wrote: »
    "infected"
    "corrupts private files"
    "malware rootkit"
    "malware"
    "data ... mining"

    the first 3 do not appear to be correct.

    Spyware is a form of Malware according to Wikipedia https://en.wikipedia.org/wiki/Malware
    Poorly designed software which causes harm does not fall under the definition of Malware.
    So describing it as Malware because of false positives or impacts to performance is inaccurate.
    Perhaps the terms Bugware, Nuisanceware or Uselessware would be more appropriate.

    You can't guarantee that absolutely no data mining is occurring, I would strongly suspect that it probably is. Not so they can steal your personal information, just so they can better identify a cheaters. If they are seeing something consistent with cheating (for example, perfectly repeating the exact same moves over and over like a bot) then they can start hunting for the programs which might be responsible. Comparing hash codes from people who appear to be botting with people who do not allows them search for statistically significant patterns. Although it should be noted that xigncode has had no impact on botting whatsoever because anyone wishing to bot would just use the bypass.
    Equitas wrote: »
    Why there is ppl in favor of Xingcode here? I dont understand.
    Would *facepalm* be an out of line response to this? Because that's how I feel.

    No reasonable thinking person with a brain in their skull could possibly be in favour xigncode, it's the stupidest thing I've ever heard of. It causes a bunch of FUD for legitimate players and doesn't do the 1 thing it's supposed to do. If people want to attack this nuisance software (which is all it is) then why don't you just let them? You're going out of your way to defend this crap, what the hell is wrong with you? If you don't want people to think you're in favour of it, then stop behaving like you're in favour of it.
  • KillerPenguinsKillerPenguins ✭✭✭✭
    Meningitis wrote: »
    snip for space
    Thanks for responding with your input! In that regard then, EME just seems horribly understaffed to deal with actually looking over things to actively ban cheaters. Either that or they just don't care about putting in the work to make sure their game runs smoothly for legitimate players.

    The sad thing is that a competent person with access to eme's current logs and knowledge of TERA would be able to spend about a few hours writing code to identify cheaters en masse (see what i did there?) which would be a fairly comprehensive solution - a few people would still cheat and a few false positives would slip through the cracks, but the cheats which are obvious and easy to identify, which are generally the more game-breaking breaking ones, would be stopped.. Currently they're mainly banning cheaters on a case by case basis requiring the input of players and a GM manually checking logs and such, which is just ridiculous. It would be a much better use of resources to have a server-sided auto-ban system (perhaps a 3-strikes style thing, one day ban, 3 day ban, 1 week ban, goodbye) with humans only getting involved for false positives and people who contest the ban.
  • To clarify, rootkits are a type of malware. Plenty of sources say xigncode is a rootkit. Based on the system stability issues and out right blue screens that some people are getting, it sounds like it may be mucking with the host OS. Hence why I consider it a rootkit at this point.
  • KillerPenguinsKillerPenguins ✭✭✭✭
    RandomElin wrote: »
    To clarify, rootkits are a type of malware. Plenty of sources say xigncode is a rootkit. Based on the system stability issues and out right blue screens that some people are getting, it sounds like it may be mucking with the host OS. Hence why I consider it a rootkit at this point.

    I'm not sure TERA's implementation qualifies as a rootkit, at least not in every case. It seems it's only installing itself in the system in some cases. It also seems to not really be the best-behaved program in the world, frequently straying into parts of memory it's not meant to be in - which is what's causing the blue screens. I'm not really sure it qualifies as malware, either, but it's a pretty close description - a program behaving in unintended ways, harming system performance, and not performing it's stated function is pretty bad no matter what you call it.
  • RandomElin wrote: »
    To clarify, rootkits are a type of malware. Plenty of sources say xigncode is a rootkit. Based on the system stability issues and out right blue screens that some people are getting, it sounds like it may be mucking with the host OS. Hence why I consider it a rootkit at this point.

    I'm not sure TERA's implementation qualifies as a rootkit, at least not in every case. It seems it's only installing itself in the system in some cases. It also seems to not really be the best-behaved program in the world, frequently straying into parts of memory it's not meant to be in - which is what's causing the blue screens. I'm not really sure it qualifies as malware, either, but it's a pretty close description - a program behaving in unintended ways, harming system performance, and not performing it's stated function is pretty bad no matter what you call it.

    The thing is should it even be able to get into those parts of memory it's not meant to be in? Operating Systems tend to have protections built in. Sounds like it may have usurped the OS to some degree at least. This to me sounds like rootkit behavior. I guess one can argue about rather or not it is really malware, though.
  • RandomElin wrote: »
    RandomElin wrote: »
    To clarify, rootkits are a type of malware. Plenty of sources say xigncode is a rootkit. Based on the system stability issues and out right blue screens that some people are getting, it sounds like it may be mucking with the host OS. Hence why I consider it a rootkit at this point.

    I'm not sure TERA's implementation qualifies as a rootkit, at least not in every case. It seems it's only installing itself in the system in some cases. It also seems to not really be the best-behaved program in the world, frequently straying into parts of memory it's not meant to be in - which is what's causing the blue screens. I'm not really sure it qualifies as malware, either, but it's a pretty close description - a program behaving in unintended ways, harming system performance, and not performing it's stated function is pretty bad no matter what you call it.

    The thing is should it even be able to get into those parts of memory it's not meant to be in? Operating Systems tend to have protections built in. Sounds like it may have usurped the OS to some degree at least. This to me sounds like rootkit behavior. I guess one can argue about rather or not it is really malware, though.

    Also keep in mind if it truly is a rootkit it may be hiding files even from the host OS.
  • KillerPenguinsKillerPenguins ✭✭✭✭
    RandomElin wrote: »
    RandomElin wrote: »
    To clarify, rootkits are a type of malware. Plenty of sources say xigncode is a rootkit. Based on the system stability issues and out right blue screens that some people are getting, it sounds like it may be mucking with the host OS. Hence why I consider it a rootkit at this point.

    I'm not sure TERA's implementation qualifies as a rootkit, at least not in every case. It seems it's only installing itself in the system in some cases. It also seems to not really be the best-behaved program in the world, frequently straying into parts of memory it's not meant to be in - which is what's causing the blue screens. I'm not really sure it qualifies as malware, either, but it's a pretty close description - a program behaving in unintended ways, harming system performance, and not performing it's stated function is pretty bad no matter what you call it.

    The thing is should it even be able to get into those parts of memory it's not meant to be in? Operating Systems tend to have protections built in. Sounds like it may have usurped the OS to some degree at least. This to me sounds like rootkit behavior. I guess one can argue about rather or not it is really malware, though.

    Blue screens are (very basically) the OS's last attempt to prevent (further) damage in the case of a misbehaving program or piece of hardware. If it didn't have admin permissions, it probably wouldn't be able to cause as many bluescreens... sadly since it runs from the tera process and most people need to run tera as admin....
  • RandomElin wrote: »
    RandomElin wrote: »
    To clarify, rootkits are a type of malware. Plenty of sources say xigncode is a rootkit. Based on the system stability issues and out right blue screens that some people are getting, it sounds like it may be mucking with the host OS. Hence why I consider it a rootkit at this point.

    I'm not sure TERA's implementation qualifies as a rootkit, at least not in every case. It seems it's only installing itself in the system in some cases. It also seems to not really be the best-behaved program in the world, frequently straying into parts of memory it's not meant to be in - which is what's causing the blue screens. I'm not really sure it qualifies as malware, either, but it's a pretty close description - a program behaving in unintended ways, harming system performance, and not performing it's stated function is pretty bad no matter what you call it.

    The thing is should it even be able to get into those parts of memory it's not meant to be in? Operating Systems tend to have protections built in. Sounds like it may have usurped the OS to some degree at least. This to me sounds like rootkit behavior. I guess one can argue about rather or not it is really malware, though.

    Blue screens are (very basically) the OS's last attempt to prevent (further) damage in the case of a misbehaving program or piece of hardware. If it didn't have admin permissions, it probably wouldn't be able to cause as many bluescreens... sadly since it runs from the tera process and most people need to run tera as admin....

    I wonder if xigncode could even function without admin. Also, I wonder if it would magically have admin even if TERA was run as non-admin. So many questions.

    As for running TERA as admin, that sounds insane to me. Did not know that about TERA. I'm guessing there are ways to get it to run under sane permissions pre-xigncode. Didn't have to deal with that myself since I'm running linux.
  • RandomElin wrote: »
    RandomElin wrote: »
    RandomElin wrote: »
    To clarify, rootkits are a type of malware. Plenty of sources say xigncode is a rootkit. Based on the system stability issues and out right blue screens that some people are getting, it sounds like it may be mucking with the host OS. Hence why I consider it a rootkit at this point.

    I'm not sure TERA's implementation qualifies as a rootkit, at least not in every case. It seems it's only installing itself in the system in some cases. It also seems to not really be the best-behaved program in the world, frequently straying into parts of memory it's not meant to be in - which is what's causing the blue screens. I'm not really sure it qualifies as malware, either, but it's a pretty close description - a program behaving in unintended ways, harming system performance, and not performing it's stated function is pretty bad no matter what you call it.

    The thing is should it even be able to get into those parts of memory it's not meant to be in? Operating Systems tend to have protections built in. Sounds like it may have usurped the OS to some degree at least. This to me sounds like rootkit behavior. I guess one can argue about rather or not it is really malware, though.

    Blue screens are (very basically) the OS's last attempt to prevent (further) damage in the case of a misbehaving program or piece of hardware. If it didn't have admin permissions, it probably wouldn't be able to cause as many bluescreens... sadly since it runs from the tera process and most people need to run tera as admin....

    I wonder if xigncode could even function without admin. Also, I wonder if it would magically have admin even if TERA was run as non-admin. So many questions.

    As for running TERA as admin, that sounds insane to me. Did not know that about TERA. I'm guessing there are ways to get it to run under sane permissions pre-xigncode. Didn't have to deal with that myself since I'm running linux.

    If xigncode could be relegated to normal non-admin permissions instead of admin, that would be a step in the right direction. Still sounds like it would be nasty performance wise. Also, potentially nasty privacy wise, but under normal non-admin permissions it could potentially be boxed off to only be able to look at the TERA stuff. There's also the problem of no support for non-windows operating systems.
  • RandomElin wrote: »
    RandomElin wrote: »
    RandomElin wrote: »
    RandomElin wrote: »
    To clarify, rootkits are a type of malware. Plenty of sources say xigncode is a rootkit. Based on the system stability issues and out right blue screens that some people are getting, it sounds like it may be mucking with the host OS. Hence why I consider it a rootkit at this point.

    I'm not sure TERA's implementation qualifies as a rootkit, at least not in every case. It seems it's only installing itself in the system in some cases. It also seems to not really be the best-behaved program in the world, frequently straying into parts of memory it's not meant to be in - which is what's causing the blue screens. I'm not really sure it qualifies as malware, either, but it's a pretty close description - a program behaving in unintended ways, harming system performance, and not performing it's stated function is pretty bad no matter what you call it.

    The thing is should it even be able to get into those parts of memory it's not meant to be in? Operating Systems tend to have protections built in. Sounds like it may have usurped the OS to some degree at least. This to me sounds like rootkit behavior. I guess one can argue about rather or not it is really malware, though.

    Blue screens are (very basically) the OS's last attempt to prevent (further) damage in the case of a misbehaving program or piece of hardware. If it didn't have admin permissions, it probably wouldn't be able to cause as many bluescreens... sadly since it runs from the tera process and most people need to run tera as admin....

    I wonder if xigncode could even function without admin. Also, I wonder if it would magically have admin even if TERA was run as non-admin. So many questions.

    As for running TERA as admin, that sounds insane to me. Did not know that about TERA. I'm guessing there are ways to get it to run under sane permissions pre-xigncode. Didn't have to deal with that myself since I'm running linux.

    If xigncode could be relegated to normal non-admin permissions instead of admin, that would be a step in the right direction. Still sounds like it would be nasty performance wise. Also, potentially nasty privacy wise, but under normal non-admin permissions it could potentially be boxed off to only be able to look at the TERA stuff. There's also the problem of no support for non-windows operating systems.

    Updating my opinion of EME's xigncode to "probably not a rootkit". Still want it gone, though, so that I can launch the client. I suspect xigncode needs to run as admin to function, though. If true, that is not good. That kind of thing really shouldn't be running as admin. Same goes for TERA, but I fear xigncode needing admin will also require TERA to be run as admin. In general, one should be trying to minimize what they are running as admin to limit risk to the overall system.
  • KiciukKiciuk ✭✭
    sadly since it runs from the tera process and most people need to run tera as admin....
    False.
    You are starting Launcher as admin as it needs it to be fully sure that it can patch files.
    If you install client somewhere like program files and you run on non admin acc you can't copy in that directory.
    Game itself start with Basic user privileges(probably not sure if laucher spawn process with its own privileges).

    About XignCode:
    -Cheapo korean trash
    -Easily bypassable since years.
    -Unknown reason to even use it(what it can block? Cheatengine? UI mods? thats hillarious)
    -It only prevent from injecting dlls into client(Shinra overlay,Discord overlay(?))
    -Slows down game loading and increase time of loading files in game.

    What to do but what cannot be done:
    -Fix your [filtered] from scratch.
    Sadly BHS is too poor, milking from tera and pubg isnt enought to get [filtered] done after few years.
    Hopefully there will be counter sue from Epic and they will loose ground.

    https://www.reddit.com/r/PUBATTLEGROUNDS/comments/72w8xf/bluehole_is_worth_46_billion_bloomberg/
This discussion has been closed.