Blizzard spyware app revealed
p2p news / p2pnet: Open source BnetD lets people do their own online MPGs (multiplayer games) and tap additional features instead of being locked into Blizzard’s proprietary Battle.net game service.
Or, rather, it used to because Blizzard didn’t like the idea. So it successfully claimed BnetD violated a clause in its EULA (End User License Agreement) that forbade reverse-engineering.
Blizzard also has an interesting application called The Warden, billed as anti-cheat software. But, says Greg Hoglund, co-author of “Exploiting Software, How to Break Code,” it’s actually spyware which collects information about the other programs running on players’ PCs.
Blizzard doesn’t deny it, but says it hasn’t done anything with the data collected by its app, says the BBC.
“I recently performed a rather long reversing session on a piece of software written by Blizzard Entertainment, yes – the ones who made Warcraft, and World of Warcraft (which has 4.5 million+ players now, apparently),” writes Hoglund on Rootkit, going on:
“This software is known as the ‘warden client’ – it’s written like shellcode in that it’s position independant. It is downloaded on the fly from Blizzard’s servers, and it runs about every 15 seconds. It is one of the most interesting pieces of spyware to date, because it is designed only to verify compliance with a EULA/TOS. Here is what it does, about every 15 seconds, to about 4.5 million people (500,000 of which are logged on at any given time):
Hoglund says he watched the warden “sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar”.
If you have a window titled ‘WoW!Inmate,’ “regardless of what that window really does, it could result in a ban. If you can’t believe it, make a dummy window that does nothing at all and name it this, then start WoW. It certainly will result in warden reporting you as a cheater. I really believe that reading these window titles violates privacy, considering window titles contain alot of personal data. But, we already know Blizzard Entertainment is fierce from a legal perspective. Look at what they have done to people who tried to make BNetD, freecraft, or third party WoW servers.”
He emphasises that under some circumstances, the results can econtain social security or credit card numbers.
The Warden opens every process running on your computer and when they’re running, Hoglund continues, “calls ReadProcessMemory and reads a series of addresses – usually in the 0×0040xxxx or 0×0041xxxx range – this is the range that most executable programs on windows will place their code. Warden reads about 10-20 bytes for each test, and again hashes this and compares against a list of banning hashes.
“These tests are clearly designed to detect known 3rd party programs, such as wowglider and friends. Every process is read from in this way. I watched warden open my email program, and even my PGP key manager. Again, I feel this is a fairly severe violation of privacy, but what can you do? It would be very easy to devise a test where the warden clearly reads confidential or personal information without regard.”
And that, says Hoglund in his Rootkit post, “places the warden client squarely in the category of spyware”.
But what’s interesting, he states, is that it might be the first use of spyware to verify compliance with a EULA.
“I cannot imagine that such practices will be legal in the future, but right now in terms of law, this is the wild wild west,” he says.
“You can’t blame Blizz for trying, as well as any other company, but this practice will have to stop if we have any hope of privacy. Agree w/ botting or game cheaters or not, this is a much larger issue called ‘privacy’ and Blizz has no right to be opening my excel or PGP programs, for whatever reason.”
Nor can you blame people for wanting to know what The Warden is up to and with that in mind, Hoglund built The Governor, which watches World of Warcraft, and clearly reports which data are being read from other processes.
“The Governor makes no attempt to subvert or alter the behavior of the warden client, or World of Warcraft,” states Hoglund.
“The Governor will not assist you in cheating. The Governor exists for one reason, to tell you the truth.”
Here’s The Governor as a .rar file, and as a zip.
Will using it get you banned? “I have personally been running The Governor on a test account and there have been no problems,” Hoglund says. The Governor does not modify the behavior of WoW.EXE or the warden. The Governor is not designed to assist cheaters, and offers no mechanism to help cheaters hide their programs.
“But, that being said, Blizzard can choose to ban you for using a 3rd party program. The Governor is a 3rd party program. While the Governor poses absolutely no threat from a cheating aspect, it does expose the behavior of their warden client. In my opinion, banning people for seeking the truth about warden would sink Blizzard to a new all-time low. But, this isn’t my decision. I cannot guarantee you won’t be banned.”
Something you think we should know? tips[at]p2pnet.net
First they ignore you, then they laugh at you, then they fight you, then you win
- Mohandas Gandhi
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local political representatives. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance.
See:-
used to – BnetD looses in Blizzard case, September 2, 2005
BBC – Warcraft game maker in spying row, October 31, 2005
Rootkit – KEEPING BLIZZARD HONEST, October 17, 2005
October 31st, 2005 at 5:02 pm
As we sink deeper and deeper into a surveillance society, the principle defense against such monitoring or snooping is ’souveillance’ or “watching the watchers.”
It’s not the same thing that Underdog used to do when he went to the TV Studio where Polly Purebread was a reporter and looked through the lens of the television camera and used his superpowers to be able to see everything that was going on in range of the TV sets tuned in at that time.
The concept is that you collect information as to exact what information they have collected about you, so that you know exactly what information they have. It would be very hard for any entity to make a case that you would not (in a non-governmental, non-judicial or non-national secuity context) be entitled to have this information, other than “it would cost too much if we had to provide that information to everyone who asked.”
“No, you are not entitled to a complete listing of everything that you purchased in our supermarket during the last calender year as a result of user our Saver Club card to get discounts.”
“No, we’re not going to tell you how many times you drove through a specific automated toll booth using a transponder so we could automatically extract the toll charges from your bank account.”
Assuming that enough political pressure was brought to bear to require dossier compiling entities to provide this information to the targets of the data collection, then the cost of doing so would be a limiting factor to the data collection. This has already occured in some narrowly specific areas. The abuses that occured in the early 1970s by Credit Bureaus and Bill Collectors resulted in the Fair Credit Reporting Act and the Fair Debt Collection Practices Act. These laws regulate the entities operating such businesses and put an end to such abusive practices as notifying ones employer regarding an alleged debt that is gone to collections. We’ve seen the beginnings of such a revolt from the revelations of the numerous security breaches at banks and data brokers.
Watching the watchers makes the watchers rather nervous and uncomfortable. One can do some experimentation to verify this. Select a target suveillance device that can be observed while standing on public property. The device should belong to a private-sector entity so as not to run afoul of some obscure Governmental regulation. A surveillance camera that’s mount on the front of a large office building in a downtown area that is privately owned is an optimal choice. Ensure that you are standing on the public portion of the sidewalk, or just in the public street and begin to surveille the target device. At first just look at it very carefully with the unaided eye. It also adds to the effect if you have a companion with you with whom you appear to be conferring about your activities. Take out a pad a paper and start making notes regarding the target device. The take out a pair of compact binoculars and resume surveilling the target, while your companion takes notes of your observations.
Finally, ask your companion to hand you the camera. The camera should be fitted with something that is quite obvious to be a telephoto lens. Have your companion take out the video camera and start surveilling you surveilling the target surveillence device. It probably will not take long once the camera comes out and you start taking pictures before some uniformed person or person in a dark suit dashes out of the building and demands to know what you are doing. Since the video camera is rolling and you are not trespassing on their private property, you can now start having fun having unnerved this buildings ‘watchers’.
October 31st, 2005 at 7:02 pm
We are Blizzard.
Resistance is futile.
You will be assimilated & spied on.
July 4th, 2007 at 4:06 pm
Hello! Good Site! Thanks you! brehpkfrkqot