Please take this poll

i was unsubbed for 2 years when i got hacked like 3 times in a row and was still unsubbed after. I spoke to blizzard, they sent me a free authenticator free of charge :)

Have authenticator haven't been hacked except by myself testing blizzard security (or lack there of).

Please just take the poll and try to keep it on topic. spread the word please

Originally posted by dubyahite
@midmagic

So you are going to submit proof of this exploit to blizzard so that they can fix it right? You know, the responsible thing to do.

No. I have alteriave motives but that is not it. Just stick to the topic please.

I play hardcore. Havent been hacked yet (no authenticator).

I changed my password through an email link from blizzzard.ch strange they needed my SS# and CC# too.....this is completely blizzards fault!

Nah never been hacked in any game since 2001 

This poll is turing out great... most are just here to view the poll.

You know that the majority of people hacked are ether using illegal software (pirated OS /hacks/ bots/ 3rd party tools) or account share...with a small minority voulentarily giving their account info in phishing scams ect...however....100% will admit to doing nothing wrong/stupid.

I have an authenticator, change password regularly, and still got hacked.  Did not do any of the above. 

I love the witch hunting around here...

"If you got hacked, you downloaded a program / used a phishing site."

"If you had an authenticator, you're lying!"

OK. That's useful...

Originally posted by miagisan

i was unsubbed for 2 years when i got hacked like 3 times in a row and was still unsubbed after. I spoke to blizzard, they sent me a free authenticator free of charge :)

While I haven't been hacked in a couple of years, my WoW account was also hacked after a long time unsubbed to their product. I said this in another thread but I will say it again.

I was deployed to Iraq when the account theft happened so i hadn't even been on my PC or had visited any websites other than the very limited time I had to check my emails from family back home. I had no time to browse the web. I only heard about my account being hacked by a buddy welcoming me back via a text message to my phone back in GA. My wife shot me an email asking what he was talking about and I had no clue. Blizzard repaired the account right away and I went through all of thier steps to try to figure out what happened once I got back home and everything they said could have been the cause was really not possible since my PC was turned off the entire time and I didn't fall victim to keyloggers or bait mail. They didn't give me a free authenticator although they did try to make me buy one. I had no interested in WoW or any other Blizz product at the time so I never bit on the sale. Never did get an answer but apparently I was somehow at fault on the other side of the planet with no access to my PC or accounts for over a year.

Originally posted by Chrisbox

I have an authenticator, change password regularly, and still got hacked.  Did not do any of the above. 

there's really no way this many people can get hacked without a server vulnerability.  the people posting on the forums are a small % of the victims.  People brave or stupid enough to admit it happened to them given the hostile environment.

I'm personally scared, but I'm between smartphones right now and I just don't feel it's right to HAVE to pay extra to have a secure account.  I'm a noscript/adblock/hijackthis type of guy.  I've only had an account compromised once, and that was a WoW account that hadn't been played in 6 months.  And technically it was my gf's. 

I just don't see how people can look at the constant barrage of new hacked topics and think that everything is okay.  WoW itself never had anything near to this level of account hacking during it's explosive growth.

Originally posted by adam_nox

there's really no way this many people can get hacked without a server vulnerability.  the people posting on the forums are a small % of the victims.  People brave or stupid enough to admit it happened to them given the hostile environment.

 

I'm personally scared, but I'm between smartphones right now and I just don't feel it's right to HAVE to pay extra to have a secure account.  I'm a noscript/adblock/hijackthis type of guy.  I've only had an account compromised once, and that was a WoW account that hadn't been played in 6 months.  And technically it was my gf's. 

 

I just don't see how people can look at the constant barrage of new hacked topics and think that everything is okay.  WoW itself never had anything near to this level of account hacking during it's explosive growth.

Don't underestimate the stupidity of people.

The overwhelming vast majority of the people who are "hacked" fall victim to blind nets cast out by these "hackers" to collect account data and gain access to accounts.

A data breach with Blizzard servers would not be able to be hidden. Not without massive and severe legal response due to how much personal and confidential information Blizzard has. Thats not a risk a company would make. They will come out, say they are hacked, pass the blame and cover themselves legally.

The reality is that people fall victim to simple traps. Maybe some as simple as the wrong ad on a website giving them a virus. But I am willing to bet that no case of true hacking can be presented. They will all be from bad habits or mistakes.

You can test it too. Disable the authenticator you have and do nothing but register to this and other gaming websites you visit with the same email and password as your WoW account. I bet within weeks your account will be compromised.

I don't play D3 or WOW at the moment but the whole thing has got me thinking.  I'm sorry but I cannot believe that the level of account hacks going on can be simply put down to "stupid users".  Activision/Blizzard are not infallable there has to be something else going on.

If a game published by EA had this many accounts getting hacked I am sure "stupid users" would not wash with very many of us.

Originally posted by ArChWind

Originally posted by Chrisbox

I have an authenticator, change password regularly, and still got hacked.  Did not do any of the above. 

 

This is kind of what I did not want to hear.

 

It kind of brings me to believe that maybe just maybe it is not anyone's fault. But it also debunk my theory so that kind of levees me wondering exactly what is going on.

 

The reasons for my interest here is I got HACKED in open beta weekend and I though it was a bug. I have a ‘toolbox’ That is a bit different than average Joe so it got me to asking ‘how did this happen?’

 

I am a programmer with 30+ years of experience in assembly. I am not as well versed in other languages but I can make programs do just about anything they were designed for and sometimes not designed for.

 

Keep in mind that back in the early 90’s they made claims that a dongle (hardware lock) was not breakable and yet I passed out a lot of programs that were ‘fixed’

 

After digging into the old beta client I discovered some interesting stuff.

 

The first thing I do when working on ‘fixing’ a program is look at the output. Debug files tell me a lot of the internal functionality of the executable.

 

First lines I read when opening the debug file for D3 tells me I can HACK.

 

User defined symbols path: C:\Program Files\Diablo III Beta

 

2012.04.23 16:09:51.303366300 Diablo III Release (No Assertions) running under Windows 7 SP1 (Version 6.1.7601)

 

2012.04.23 16:09:51.304492000 0.11.0.9359.BETA (43003-666166)

 

2012.04.23 16:09:51.305644600 Cheats: DISABLED <- look here! Was this CPU cheats or was this client cheats? notice right after this that CPU is well.. CPU related.

This is a beta client. The developers would have access to "cheats" they could use during develpment and testing. If you honestly think there are "cheat codes" in the release client of the game, then I should just stop listening to what you have to say right now.

 

This is my first clue that you are just blindly fishing around for anything that you can post that looks even remotely like hacking the software. 

 

I can tell there may be a method to use Cheats. Armed with this information I can now start my debugger and trace the code until I find the variable. However I am still unsure if the client alone is the only reason so

 

I start loading other information I can decrypt and understand.

 

2012.04.23 16:09:51.306850600 CPU Vendor: AuthenticAMD

2012.04.23 16:09:51.308173600 CPU Details: AMD Athlon(tm) II X4 640 Processor

2012.04.23 16:09:51.309503000 CPU Processors: 1

2012.04.23 16:09:51.310741600 CPU Cores: 4

2012.04.23 16:09:51.311992300 CPU Threads: 4

2012.04.23 16:09:51.313627000 3326.18 MB of total physical memory

2012.04.23 16:09:51.315042300 OS Language: English

2012.04.23 16:09:51.316336000 Application Path: C:\Program Files\Diablo III Beta\

 

2012.04.23 16:09:51.604231300 WinSock started successfully! <- cool beans I got a socket to play with. Winsock is not very secure if one can MODIFY their own winsock

 

Hey good for you! Every program that uses TCP/IP uses WinSock. So explain how this would help you compromise someones account? It won't? Ah excellent. Moving along. 

 

I'll just leave this here. You are a programmer so I'm sure you understand this:

 

http://msdn.microsoft.com/en-us/library/ms740621.aspx 

 

I don't think you understand TCP/IP protocols very well. 

 

 

2012.04.23 16:09:51.606723600 Adjusted initial working directory: C:\Program Files\Diablo III Beta

2012.04.23 16:09:51.608241300 Detecting first installed locale.

2012.04.23 16:09:51.609879600 Detected: enUS

2012.04.23 16:09:51.665977600 AgentManagerImpl::GetStatus - bResult: 1, StatusCode: 404

 

2012.04.23 16:09:51.683722000 Agent selected locale: enUS < what is the agente Looks like a basic configuration file to me. Don't see anything remotely close to a security threat in agent.db.  This particular line is simply setting the region of the client. Not a huge deal and I doubt that it can be manually changed here. I know there are server side checks for region because it is tied to the region in your battle.net account. This is why people in EU have to buy a US version of WoW to play on the US servers.

 

In the directory there is a file called .agent.db. It is a text file and in this text file is some interesting information. mostly

 

"config" : {

"expansion_level" : 0.000000 Boring, useless. Show's if you have the expansion installed.

"last_played" : 0.000000, Boring, useless. Obvious.

"update_progress" : 0.000000,Boring, useless. The game saves your download progress when updating, if interrupted you can resume

"ptr" : false,Boring, useless. Determines if this is a PTR install. 

"beta" : true,useless. This just shows that you did this during beta, which is actually telling of your methods. You have not touched the release client. This is set to false on the release client

"supports_multibox" : false,  Could possibly be changed to allow multiple clients to run? May not be manually changeable. Either way, will not help you compromise accounts. 

"fullpath_hash" : false, Boring, useless. 

"archive_override_subpath" : "",Boring, useless. 

"data_dir" : "Data_D3/PC/MPQs/",MPQs are Blizzards update and data files. Boring and useless.

"switcher" : false, Not sure what this is. It's not going to compromise someone else's account though.

"use_sparse" : false, Useless

"patch_url" : "http://public-test.patch.battle.net:1119/patch", Yep. This is where the patches come from

"priority_file_layout" : "Retail", Again, boring and useless.

"product" : "D3B",  OMG the product is D3!!! My accounts! they are haxed!

"updater_product" : "d3_patch", Boring, useless. 

"update_identifier" : "d3-update-", Boring, useless.

"update_method" : "patch on demand",Boring, useless. 

"update_regex" : "(?Pd3-update-(?P\\w+))-(?P\\d+)\\.mpq$",

 

"torrent_file_path" : "Diablo III.tfil", < WTF is this?! Again, displaying your lack of knowledge about Blizzard products. Blizzard uses bittorrent to download patches. Commonly well known publicly available knowledge. .tfil probably stands for Torrent File. BOOOOOOOOORING. 

 

"manifest_file_path" : "Diablo III.mfil",This is all file structure stuff. You could have discovered this info by browsing the folders. Again, boring and useless. 

"priority_file_path" : "Diablo III.pfil",

"binary_version_path" : "Diablo III.exe",

"binary_launch_path" : "Diablo III.exe",

"uninstall_path" : "C:\\Program Files\\Common Files\\Blizzard Entertainment\\Diablo III Beta\\Uninstall.exe",

"installed_locales" : [

"enUS"

 

],

 

This is all just determining the region of the install for region locking. Useless. 

 

2012.04.23 16:09:51.685309000 FileSystemGetLocale, AgentSettings: 1

2012.04.23 16:09:51.686843600 Detecting installed locales:

2012.04.23 16:09:51.688421600 Found: enUS

2012.04.23 16:09:51.690466000 FileSystemGetLocale, returned locale: enUS

2012.04.23 16:09:51.692904000 SNOFilesInitialize('Data_D3', enUS)

2012.04.23 16:09:51.695050300 Initializing Streaming

 

Further in the debug file is this line.

 

2012.04.23 16:09:57.455768600 Protocol Hash = 0x33CABB38  

 

Plain text hash codes?  Um...a hash is not code. A hash is also by definition not in plain text. It's a Hash. By looking at this it is painfully obvious to anyone with ANY security knowledge that this hash is not being used for anything secure AT ALL. It is a very simple hash. 

 

This is not your password. Sorry

 

I was pretty sure I had seen this line before, so I googled it. Sure enough it is posted all over the official forums from people having errors. It shows up EXACTLY the same way in peoples log files and error messages. It is not a unique value to you or anyone's account. It is not secure, and does not need to be. 

 

You sure did get excited to see some hex though!

 

Holy shit this is a hackers heaven but I will not proceed (I love my freedom) to the old days of 'fixing' things. Some of my old buddies are better than me.

 

No. No it's not. In fact, nothing you posted here goes anywhere near compromising another players account. Period. There is not one shred of evidence that this is possible through in game means.  Show me proof, until then stop claiming that you have some.

 

I'm sure this all looks very technical and important to a person who has little understanding of the subject matter, but the fact is this is all useless. None of the information here could be used to compromise an account.  

Originally posted by adam_nox

there's really no way this many people can get hacked without a server vulnerability. 

 How many.

Originally posted by dubyahite

Originally posted by ArChWind

Originally posted by Chrisbox

I have an authenticator, change password regularly, and still got hacked.  Did not do any of the above. 

 

This is kind of what I did not want to hear.

 

It kind of brings me to believe that maybe just maybe it is not anyone's fault. But it also debunk my theory so that kind of levees me wondering exactly what is going on.

 

The reasons for my interest here is I got HACKED in open beta weekend and I though it was a bug. I have a ‘toolbox’ That is a bit different than average Joe so it got me to asking ‘how did this happen?’

 

I am a programmer with 30+ years of experience in assembly. I am not as well versed in other languages but I can make programs do just about anything they were designed for and sometimes not designed for.

 

Keep in mind that back in the early 90’s they made claims that a dongle (hardware lock) was not breakable and yet I passed out a lot of programs that were ‘fixed’

 

After digging into the old beta client I discovered some interesting stuff.

 

The first thing I do when working on ‘fixing’ a program is look at the output. Debug files tell me a lot of the internal functionality of the executable.

 

First lines I read when opening the debug file for D3 tells me I can HACK.

 

User defined symbols path: C:\Program Files\Diablo III Beta

 

2012.04.23 16:09:51.303366300 Diablo III Release (No Assertions) running under Windows 7 SP1 (Version 6.1.7601)

 

2012.04.23 16:09:51.304492000 0.11.0.9359.BETA (43003-666166)

 

2012.04.23 16:09:51.305644600 Cheats: DISABLED <- look here! Was this CPU cheats or was this client cheats? notice right after this that CPU is well.. CPU related.

This is a beta client. The developers would have access to "cheats" they could use during develpment and testing. If you honestly think there are "cheat codes" in the release client of the game, then I should just stop listening to what you have to say right now.

 

This is my first clue that you are just blindly fishing around for anything that you can post that looks even remotely like hacking the software. 

 

I can tell there may be a method to use Cheats. Armed with this information I can now start my debugger and trace the code until I find the variable. However I am still unsure if the client alone is the only reason so

 

I start loading other information I can decrypt and understand.

 

2012.04.23 16:09:51.306850600 CPU Vendor: AuthenticAMD

2012.04.23 16:09:51.308173600 CPU Details: AMD Athlon(tm) II X4 640 Processor

2012.04.23 16:09:51.309503000 CPU Processors: 1

2012.04.23 16:09:51.310741600 CPU Cores: 4

2012.04.23 16:09:51.311992300 CPU Threads: 4

2012.04.23 16:09:51.313627000 3326.18 MB of total physical memory

2012.04.23 16:09:51.315042300 OS Language: English

2012.04.23 16:09:51.316336000 Application Path: C:\Program Files\Diablo III Beta\

 

2012.04.23 16:09:51.604231300 WinSock started successfully! <- cool beans I got a socket to play with. Winsock is not very secure if one can MODIFY their own winsock

 

Hey good for you! Every program that uses TCP/IP uses WinSock. So explain how this would help you compromise someones account? It won't? Ah excellent. Moving along. 

 

I'll just leave this here. You are a programmer so I'm sure you understand this:

 

http://msdn.microsoft.com/en-us/library/ms740621.aspx 

 

I don't think you understand TCP/IP protocols very well. 

 

 

2012.04.23 16:09:51.606723600 Adjusted initial working directory: C:\Program Files\Diablo III Beta

2012.04.23 16:09:51.608241300 Detecting first installed locale.

2012.04.23 16:09:51.609879600 Detected: enUS

2012.04.23 16:09:51.665977600 AgentManagerImpl::GetStatus - bResult: 1, StatusCode: 404

 

2012.04.23 16:09:51.683722000 Agent selected locale: enUS < what is the agente Looks like a basic configuration file to me. Don't see anything remotely close to a security threat in agent.db.  This particular line is simply setting the region of the client. Not a huge deal and I doubt that it can be manually changed here. I know there are server side checks for region because it is tied to the region in your battle.net account. This is why people in EU have to buy a US version of WoW to play on the US servers.

 

In the directory there is a file called .agent.db. It is a text file and in this text file is some interesting information. mostly

 

"config" : {

"expansion_level" : 0.000000 Boring, useless. Show's if you have the expansion installed.

"last_played" : 0.000000, Boring, useless. Obvious.

"update_progress" : 0.000000,Boring, useless. The game saves your download progress when updating, if interrupted you can resume

"ptr" : false,Boring, useless. Determines if this is a PTR install. 

"beta" : true,useless. This just shows that you did this during beta, which is actually telling of your methods. You have not touched the release client. This is set to false on the release client

"supports_multibox" : false,  Could possibly be changed to allow multiple clients to run? May not be manually changeable. Either way, will not help you compromise accounts. 

"fullpath_hash" : false, Boring, useless. 

"archive_override_subpath" : "",Boring, useless. 

"data_dir" : "Data_D3/PC/MPQs/",MPQs are Blizzards update and data files. Boring and useless.

"switcher" : false, Not sure what this is. It's not going to compromise someone else's account though.

"use_sparse" : false, Useless

"patch_url" : "http://public-test.patch.battle.net:1119/patch", Yep. This is where the patches come from

"priority_file_layout" : "Retail", Again, boring and useless.

"product" : "D3B",  OMG the product is D3!!! My accounts! they are haxed!

"updater_product" : "d3_patch", Boring, useless. 

"update_identifier" : "d3-update-", Boring, useless.

"update_method" : "patch on demand",Boring, useless. 

"update_regex" : "(?Pd3-update-(?P\\w+))-(?P\\d+)\\.mpq$",

 

"torrent_file_path" : "Diablo III.tfil", < WTF is this?! Again, displaying your lack of knowledge about Blizzard products. Blizzard uses bittorrent to download patches. Commonly well known publicly available knowledge. .tfil probably stands for Torrent File. BOOOOOOOOORING. 

 

"manifest_file_path" : "Diablo III.mfil",This is all file structure stuff. You could have discovered this info by browsing the folders. Again, boring and useless. 

"priority_file_path" : "Diablo III.pfil",

"binary_version_path" : "Diablo III.exe",

"binary_launch_path" : "Diablo III.exe",

"uninstall_path" : "C:\\Program Files\\Common Files\\Blizzard Entertainment\\Diablo III Beta\\Uninstall.exe",

"installed_locales" : [

"enUS"

 

],

 

This is all just determining the region of the install for region locking. Useless. 

 

2012.04.23 16:09:51.685309000 FileSystemGetLocale, AgentSettings: 1

2012.04.23 16:09:51.686843600 Detecting installed locales:

2012.04.23 16:09:51.688421600 Found: enUS

2012.04.23 16:09:51.690466000 FileSystemGetLocale, returned locale: enUS

2012.04.23 16:09:51.692904000 SNOFilesInitialize('Data_D3', enUS)

2012.04.23 16:09:51.695050300 Initializing Streaming

 

Further in the debug file is this line.

 

2012.04.23 16:09:57.455768600 Protocol Hash = 0x33CABB38  

 

Plain text hash codes?  Um...a hash is not code. A hash is also by definition not in plain text. It's a Hash. By looking at this it is painfully obvious to anyone with ANY security knowledge that this hash is not being used for anything secure AT ALL. It is a very simple hash. 

 

This is not your password. Sorry

 

I was pretty sure I had seen this line before, so I googled it. Sure enough it is posted all over the official forums from people having errors. It shows up EXACTLY the same way in peoples log files and error messages. It is not a unique value to you or anyone's account. It is not secure, and does not need to be. 

 

You sure did get excited to see some hex though!

 

Holy shit this is a hackers heaven but I will not proceed (I love my freedom) to the old days of 'fixing' things. Some of my old buddies are better than me.

 

No. No it's not. In fact, nothing you posted here goes anywhere near compromising another players account. Period. There is not one shred of evidence that this is possible through in game means.  Show me proof, until then stop claiming that you have some.

 

I'm sure this all looks very technical and important to a person who has little understanding of the subject matter, but the fact is this is all useless. None of the information here could be used to compromise an account.  

 Your words:

Blizzard database is not hacked.

Blizzards servers are not hacked.

Originally posted by ArChWind

[snip]

 Your words:

Blizzard database is not hacked.

Blizzards servers are not hacked.

Hackers are not hacking Blizzard nor are they hacking you.

 

Hackers don’t even have accounts with Blizzard.

 

my words.

 

Hackers don’t need an account, password or Authenticator

Wait wait wait a minute.  

I did say the database has not been compromised. I did say the servers have not been compromised.

I did NOT say that "hackers don't even have accounts with Blizzard"  I did not say that "they are not hacking you."

The part that is "Your Words" aren't even relevant to what I posted, and they don't make sense. Whatever your claim is, I'll continue waiting on some proof from you.  So far all you have shown is nonsense. 

Are you saying the hackers don't need the password of the account they attack or they don't need their own account/password. If it's the former, prove it. Blizzard has said that no account compromise that's been reported has not used the users login and password to gain access. Not a single one.  If it's the latter, of course they don't need to buy the game to hack you. DUH. 

I'm not even sure what the point of quoting my response to you was. You're not addressing anything I wrote.