Strange HTTP POSTS From Rust - Rust

[QUOTE=alloin;43908293]And where exactly did we agree to share all this stuff with you ? What happens If we block that traffic ?[/QUOTE] [url]http://playrust.com/tos/[/url] [quote]To detect cheats, hacking and to improve Rust we might periodically report back to our servers with a variety of data. This might include, but is not limited to, your hardware statistics and your frame rate. Any of this information will only be used to detect cheats and improve the quality of the game. It won’t contain any personal information beyond your SteamID.[/quote]

[QUOTE=Amic;43908417][url]http://playrust.com/tos/[/url][/QUOTE] It doesn't matter. If I was a serious asshole, I could it at least get Rust banned in the EU if I were to spend enough time and money on it. Why? Because it's illegal. Just like reverse engineering someone's property to make cheats for. Because cheat/gamehacks and anti cheats aren't on politicians/law radars

[QUOTE=Andendumwel;43909366]It doesn't matter. If I was a serious asshole, I could it at least get Rust banned in the EU if I were to spend enough time and money on it. Why? Because it's illegal. Just like reverse engineering someone's property to make cheats for. Because cheat/gamehacks and anti cheats aren't on politicians/law radars[/QUOTE] that would never hold up in court "we are stopping cheaters, and it ONLY takes images of assumed cheaters for proof", VS "that is bad and illegal" How is it illegal exactly? does it prevent you from personally aimbotting? [editline]14th February 2014[/editline] [QUOTE=Andendumwel;43907846]Nice try, but that's all spoofable. He also collects things like token.bin and other data. Why? I don't know. That's why someone said it looked like a trojan. For anti cheat purposes of course :) Is it possible to frame innocent people, who knows. I'm not fucked up enough to ban random innocent players.[/QUOTE] [QUOTE=Immortalis;43899145]Make the already abusable system even worse you mean? I send a packet of data to that address with your steam ID and the correct payload saying you were cheating.. now I don't even need to photoshop a plausible screenshot showing the said hack.. just need to spam the server with random ID's.. baldrnl was it? Now Cheatpunch thinks you were on my computer using Dizzy's ESP. EDIT: That wasn't a threat btw.. It was a hypothetical situation of how this system can be abused.[/QUOTE] STEAM_0:1:51494798 I willingly and knowingly want to see them try to ban my account please go ahead "leet hackers", get my steam account banned from rust.

[QUOTE=J!NX;43909448]that would never hold up in court "we are stopping cheaters, and it ONLY takes images of assumed cheaters for proof", VS "that is bad and illegal" How is it illegal exactly? does it prevent you from personally aimbotting? [editline]14th February 2014[/editline] STEAM_0:1:51494798 I willingly and knowingly want to see them try to ban my account please go ahead "leet hackers", get my steam account banned from rust.[/QUOTE] Taking "screenshots" of others peoples computers is a fine line in the illegal/illegal section without their express permission (Need a lot more info on the TOS for that one)/warrant, mainly because the user in question has no power over what is seen on that screenshot. From what I can tell, it only takes screenshots from the Rust frames, but I couldn't and wouldn't put money on that, and I have no was off knowing what else its taking a picture off.

[QUOTE=Multd;43909545]Taking "screenshots" of others peoples computers is a fine line in the illegal/illegal section without their express permission (Need a lot more info on the TOS for that one)/warrant, mainly because the user in question has no power over what is seen on that screenshot. From what I can tell, it only takes screenshots from the Rust frames, but I couldn't and wouldn't put money on that, and I have no was off knowing what else its taking a picture off.[/QUOTE] if you don't want your game screencapped [B]don't cheat[/B], it's that simple. it only takes images of rust, and apparently only after it detects hacks. if you don't want to be arrested and videotapped, don't run around naked flapping your dick. This isn't NSA 101, this is "don't cheat", it's not hard.

[QUOTE=Multd;43909545]Taking "screenshots" of others peoples computers is a fine line in the illegal/illegal section without their express permission (Need a lot more info on the TOS for that one)/warrant, mainly because the user in question has no power over what is seen on that screenshot. From what I can tell, it only takes screenshots from the Rust frames, but I couldn't and wouldn't put money on that, and I have no was off knowing what else its taking a picture off.[/QUOTE] Try flicking between full screen applications when recording using PlayClaw or the like. See what happens.

-snip- Apologies Larhten It's already been stated that the function to capture the screen is part of unity. This is not a screenshot, this is capturing whatever UNITY is rendering at that point in time. Keep up. edit: In case you don't understand, that means it cannot capture what is outside of rust in the picture.

[QUOTE=mdeceiver79;43909614]It's already been stated that the function to capture the screen is part of unity. This is not a screenshot, this is capturing whatever UNITY is rendering at that point in time. Keep up. edit: In case you don't understand, that means it cannot capture what is outside of rust in the picture.[/QUOTE] Which was exactly my fucking point. Keep up yourself.

[QUOTE=Teddybeer;43899090]Would be lovely if not receiving screenshots would equal a ban.[/QUOTE] Now that is just silly. If your firewall program sees Rust.exe connecting you allow it.. and then if you see a random URL (not even a secure URL or an URL with a relevant name) trying to pass data every few minutes.. of course you are going to block it. Users are correct in this thread.. This isn't a secure way of doing things and skilled hackers can easily manipulate that system. I've read some already have beat the cheatpunch.

[QUOTE=dlovin123;43909767]Now that is just silly. If your firewall program sees Rust.exe connecting you allow it.. and then if you see a random URL (not even a secure URL or an URL with a relevant name) trying to pass data every few minutes.. of course you are going to block it. Users are correct in this thread.. This isn't a secure way of doing things and skilled hackers can easily manipulate that system. I've read some already have beat the cheatpunch.[/QUOTE] Funny story, for the longest time Norton thought Garry's mod 9 was a virus Unreal Gold on steam also gets called a virus for some weird reason.

[QUOTE=dlovin123;43909767] Users are correct in this thread.. This isn't a secure way of doing things and skilled hackers can easily manipulate that system. [/quote] Any proof of this? You're assuming there no authentication, which there probably is. [quote]I've read some already have beat the cheatpunch.[/QUOTE] This is nothing to do with the above, why would you group is so. Make a fallacious statement then back it up with irrelevant information?

[QUOTE=Multd;43907566]So what happens if I just block all traffic to it?[/QUOTE] Nothing bad - feel free :)

[QUOTE=garry;43913136]Nothing bad - feel free :)[/QUOTE] Thank you Garry for feedback on this system. I have tons of respect for the challenges your trying to overcome and how your going about it. Again please be cautious of spoofed reports in the next couple of days.

Reports can't be spoofed :)

So garry when I'm running Rust in the background and checking my emails you do a screenshot of those?

[QUOTE=J!NX;43909448]that would never hold up in court "we are stopping cheaters, and it ONLY takes images of assumed cheaters for proof", VS "that is bad and illegal" How is it illegal exactly? does it prevent you from personally aimbotting?[/QUOTE] You're not allowed to capture information off peoples computers without the strict consent of the user. Writing down a TOS won't work if someone is actually going to take the effort. The other side. Reverse engineering is only allowed for educational purposes or to whistle blow. So making hacks isn't allowed either. Everyone stating that i'm "dumb" is even dumber.. it's not who's right its about who wins the game in court.

[QUOTE=Andendumwel;43932933]You're not allowed to capture information off peoples computers without the strict consent of the user. Writing down a TOS won't work if someone is actually going to take the effort. The other side. Reverse engineering is only allowed for educational purposes or to whistle blow. So making hacks isn't allowed either. Everyone stating that i'm "dumb" is even dumber.. it's not who's right its about who wins the game in court.[/QUOTE] Are you stating you're going to sue garry? If not, shut the fuck up about court, it's an irrelevant argument unless you are prepared to file. Your consent is recorded by your acceptance of the TOS and your continued use of the product. Don't want Cheatpunch to capture your Rust play? Uninstall Rust and never use it again, bulletproof privacy from Cheatpunch.

[QUOTE=elixwhitetail;43932949]Are you stating you're going to sue garry? If not, shut the fuck up about court, it's an irrelevant argument unless you are prepared to file. Your consent is recorded by your acceptance of the TOS and your continued use of the product. Don't want Cheatpunch to capture your Rust play? Uninstall Rust and never use it again, bulletproof privacy from Cheatpunch.[/QUOTE] I'm here to discuss, not to hear your fucking fanboy shit. I'm allowed to post a hypothetical situation, without you getting on my back. And no, i'm not going to sue anyone. I'm just stating facts here. TOS is irrelevant when it comes to stuff that is potential law breaking.

[QUOTE=Immortalis;43898934]I would think.. (hope) that if Rust Anti-Cheat is talking to a webserver.. it would be using a Secure protocol.. The type of information being sent means that I could get other Steam ID's banned if I was so inclined..[/QUOTE] Using TLS (HTTPS) doesn't prevent me from sticking a "man in the middle" attack using my own signed certs that I've installed on my personal computer and watching the traffic in an attempt to reverse engineer what is going on. If the system is not properly secured against spoofing HTTPS wont help that. HTTPS just prevents other people from snooping.

[QUOTE=StrangeWill;43933991]Using TLS (HTTPS) doesn't prevent me from sticking a "man in the middle" attack using my own signed certs that I've installed on my personal computer and watching the traffic in an attempt to reverse engineer what is going on. If the system is not properly secured against spoofing HTTPS wont help that. HTTPS just prevents other people from snooping.[/QUOTE] Because VAC will happily accept your self-signed cert because you're a CA, right?

[QUOTE=Andendumwel;43932933]You're not allowed to capture information off peoples computers without the strict consent of the user. Writing down a TOS won't work if someone is actually going to take the effort. The other side. Reverse engineering is only allowed for educational purposes or to whistle blow. So making hacks isn't allowed either. Everyone stating that i'm "dumb" is even dumber.. it's not who's right its about who wins the game in court.[/QUOTE] it detects hacks, it screenshots those hacks, [B]it's not taking any information but from the game itself and that is it[/B] [B]absolutely nothing else[/B] this isn't "if you aren't hiding something you shouldn't worry" NSA shit that screenshots everyones game. this is "cheat and get caught" aimbots are so obviously against the game. That wouldn't hold up in court. [QUOTE=Andendumwel;43933099]I'm here to discuss, not to hear your fucking fanboy shit. I'm allowed to post a hypothetical situation, without you getting on my back. And no, i'm not going to sue anyone. I'm just stating facts here. TOS is irrelevant when it comes to stuff that is potential law breaking.[/QUOTE] no it isn't stop

[QUOTE=elixwhitetail;43934083]Because VAC will happily accept your self-signed cert because you're a CA, right?[/QUOTE] All local applications do is check your certificate store (open up MMC, add the certificate snapin, you'll find your certs under Trusted Root Certification Authorities, you can add your own certs to this), when you install your own certs, you [i]might as well[/i] be a CA as far as your desktop is concerned. Let alone if you wanted to be pedantic about [i]being[/i] a CA (not that it matters when you're tampering with your own certificate stores), spinning one up is [i]trivial[/i]. For example, it's how Applidium reversed engineered Siri on the iPhone.

oh and btw [url]http://en.wikipedia.org/wiki/Information_privacy_law[/url] this? [QUOTE]The right to data privacy is heavily regulated and actively enforced in Europe. Article 8 of the European Convention on Human Rights (ECHR) provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions. The European Court of Human Rights has given this article a very broad interpretation in its jurisprudence. According to the Court's case law the collection of information by officials of the state about an individual without his consent always falls within the scope of Article 8. Thus, gathering information for the official census, recording fingerprints and photographs in a police register, collecting medical data or details of personal expenditures and implementing a system of personal identification has been judged to raise data privacy issues. Any state interference with a person's privacy is only acceptable for the Court if three conditions are fulfilled: [B]The interference is in accordance with the law The interference pursues a legitimate goal[/B] The interference is necessary in a democratic society The government is not the only entity which may pose a threat to data privacy. Other citizens, and private companies most importantly, engage in far more threatening activities, especially since the automated processing of data became widespread. The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was concluded within the Council of Europe in 1981. This convention obliges the signatories to enact legislation concerning the automatic processing of personal data, which many duly did. As all the member states of the European Union are also signatories of the European Convention on Human Rights and the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the European Commission was concerned that diverging data protection legislation would emerge and impede the free flow of data within the EU zone. Therefore the European Commission decided to harmonize data protection regulation and proposed the Directive on the protection of personal data, which member states had to transpose into law by the end of 1998. The directive contains a number of key principles with which member states must comply. Anyone processing personal data must comply with the eight enforceable principles of good practice.[4] They state that the data must be: [B]Fairly and lawfully processed.[/B] Processed for limited purposes. [B]Adequate, relevant and not excessive.[/B] [B]Accurate.[/B] Kept no longer than necessary. [B]Processed in accordance with the data subject's rights. Secure.[/B] Transferred only to countries with adequate protection.[/QUOTE] I don't think any court is going to give a care about someone that says "I was cheated and banned"

[QUOTE=J!NX;43934291]it detects hacks, it screenshots those hacks, [B]it's not taking any information but from the game itself and that is it[/B] [B]absolutely nothing else[/B] this isn't "if you aren't hiding something you shouldn't worry" NSA shit that screenshots everyones game. this is "cheat and get caught" aimbots are so obviously against the game. That wouldn't hold up in court. no it isn't stop[/QUOTE] Please do not post if you don't have any idea what cheatpunch does. Thank you.

[QUOTE=Andendumwel;43934559]Please do not post if you don't have any idea what cheatpunch does. Thank you.[/QUOTE] [URL="http://en.wikipedia.org/wiki/Information_privacy_law#Europe"]please do not post about laws you have no idea about[/URL] and I know exactly what it does. Once it sees a hack it takes an image from the game and sends it off [t]https://dl.dropbox.com/u/3590255/Shares/2014-02/2014-02-15_07-07-59.png[/t] that's enough info, not any more than is needed. please tell me where garry is infringing on someones rights in this image or showing personal info outside of hacking and steam ID, I'd love to hear it. and "it's not taking any information but from the game itself and that is it " you mean like, steam ID and an image from their screen? maybe a little info on the hacks they are doing? [QUOTE=Andendumwel;43933099]I'm here to discuss, not to hear your fucking fanboy shit. I'm allowed to post a hypothetical situation, without you getting on my back. And no, i'm not going to sue anyone. I'm just stating facts here. TOS is irrelevant when it comes to stuff that is potential law breaking.[/QUOTE] so exactly how is this law breaking? is it because you don't like it? it's only "Invasive" if you're using aimbot and shit like that.

[QUOTE=Andendumwel;43934559]Please do not post if you don't have any idea what cheatpunch does. Thank you.[/QUOTE] Because you [B]do[/B] know what it does? :v: hello 911 there's an emergency this poster's head is jammed up his own ass and it's stuck oh god please help he's turning blue

I like how hackers are upset about this sending screenshots to a server. Do they realize how much info their hacking software sends to some datamining center in China or somewhere else?

I am currently preforming a trace route on the IP the URL gave me and its taking some time, will post screenshots of my log Edit: [IMG]http://imgur.com/J03MmOG[/IMG] Things in red are the Weird ones, that stoodout Things in blue are some interesting leads

[QUOTE=nicename;43936793]I like how hackers are upset about this sending screenshots to a server. Do they realize how much info their hacking software sends to some datamining center in China or somewhere else?[/QUOTE] None because that is retarded... Most hacks offer the source code with the binaries so you can see what it is doing.. Or you are already paying money for your hack in which case the author makes more money from your hacking subscription then some obscure data mining for China retarded theory. [QUOTE=StrangeWill;43933991]Using TLS (HTTPS) doesn't prevent me from sticking a "man in the middle" attack using my own signed certs that I've installed on my personal computer and watching the traffic in an attempt to reverse engineer what is going on. If the system is not properly secured against spoofing HTTPS wont help that. HTTPS just prevents other people from snooping.[/QUOTE] Why would you even do that... Like did you seriously type that? Your on the receiving end of that payload.. I don't even understand your logic here.. All I care about is other people snooping.. I don't care if a hacker can reverse engineer the packet structure.. They can do that any way using the binary

[QUOTE=Immortalis;43936970]None because that is retarded... Most hacks offer the source code with the binaries so you can see what it is doing.. Or you are already paying money for your hack in which case the author makes more money from your hacking subscription then some obscure data mining for China retarded theory.[/QUOTE] Almost as retarded as suggesting Rust is a trojan, huh.