Unban yourself from WGC. Works, enjoy! Have fun.

Download unbanner here-
http://dump.stoleyour.net/uploads/bcce357635.zip

Could be some fun in this.  Thanks

Thanks carb0n for your contribution to zonehacks.

Make a patch carb0n ;)

.NET applications are so secure *cough... not*

I think devs must realise using information on the clients system for permanent bans is inherently flawed. RegMon, FileMon and other monitors, basically make the feat of grabbing the relevant information akin to childs play. Even if the dev decided to use low level usermode ntdll api to achieve the task, the monitors spy on the functions in kernelmode. So they're fucked no matter what way you think about it, we always have the upper hand.

I think devs should try on using information that we CANNOT change. Mark said he thinks the only application variable would be IP. With many, if not most people now resorting to broadband with dialup something but a remnant of the past slowly fading out of fashion, it's harder for people to change their IP (emphasis on harder).

Having said that, im really glad devs use stupid methods like grabbing reg keys, because it makes our job ever so much easier... that said I cant really complain. Though it does make me scratch my head.

Food for thought.

No matter what developers do to ban a specific computer, there will always be workarounds.  The problem is finding information unique to the client's computer that cannot be modified. Everything can be hacked! Perhaps developers do not emphasize "permanent," but hope to slow down those who are malicious.

So what should developers do to improve their ban?  Get collection of computer's DNA!!!  Cover your tracks!

not kidding, I'll explain if you're interested.

Need to fix this to handle exception if the keys do not exist.

But even if it is permenant, the method of transmitting said permenant data can never be secured. The data can be modified at will by anyone who has enough time on their hands to reverse whatever protection is applied to it. As Ksbunker said, the idea of using information from the client to ban people is inherently flawed.

In my opinion, the most reliable way to enforce bans would be by IP/hostname, and with proxy checking on connect (as is done by many IRC networks). Then you limit the average user to unbanning by changing IP address, which isn't exactly the most convenient thing to do every few minutes at the best of times, and again as Ksbunker mentioned, is impossible with quite a few ISPs (long lease time/static IP).

Having said that, I'd like to hear more about your proposal Spec :)

Many software applications have an End-User License Agreement - a legal contract between the manufacture and/or the author and the end-user of an application.  MSN Gaming Zone EULA covered use of any means possible to establish the identity of a computer. 

So what is the computer DNA?  It's a perplexed collection of unique data stored on the computer.   I've used this DNA to identify computers for the same reason as zone, wgc, and others - to prevent access of those who have violated the terms of service - in many software applications with success!  Fact is that no computer is exactly the same. And with a vast array of computer DNA, the developer can significantly increase odds of keeping that person away - determining checksum of DNA by mathematical or logical methods and passing on to the server to compare with original saved from previous session.

I don't want to discuss specifics of computer DNA on the forum, but give the general idea to get your mind going.  You can contact me on msn if you would like further information: specific@zonehacks.com

...but the method of transmitting said 'computer DNA' is the same. In my opinion, using client-supplied data to ban clients is fundamentally the wrong way to go about it. Any information the client has, the user also has if they're skilled enough. You might slow them down, but it's not a viable long-term solution.

But the problem is that there aren't really any better ways to go about it...