Getting banned on every silent server

[Sky]

Hello , I'm Sky and I'm from TWC clan, admin in TWC No Download.

I've been playing some silent from time to time a but I never really got much into that mod since I'm more a jaymod player.

But few weeks/months ago I decided to try silent again by visiting sky-e server, my visit abrubtly ended with a nice 365days autoban ... 

 

Now I posted a topic about it on sky-e forum and they didn't really believe my story : https://esport.rocks/forum/index.php?f=18&t=813&rb_v=viewtopic 

Few days ago I got the same problem when joining DRI server, I could play one map but as soon as the map changed I'd get autobanned, and today when I tried to join a few other silent servers the ban was instant.

 

I'm a 100% clean player, never cheated on public servers (I tried out cheats in my private server a few times) but some people are starting to question my playstyle so I'd like to be cleared out & understand why the AC keeps banning me , hope you can help me out , thanks ! 

Edited March 31, 2016 by Sky

[Sky]

Sorry for double post but since I can't edit my post anymore : I just deleted and reinstalled ET (clean install just my cfg and etkey) and got same problem in another random server, I have no idea what's going on lol 

Edited March 31, 2016 by Sky

[ligustah]

Hello,

 

I am one of the owners of the TWC clan, which Sky is a member of. I have no doubt that he is getting falsely banned and tried to find out more about the problem. Here's what we did so far:

• used TeamViewer to control his computer
• set up a Silent mod server, all default settings
• ran the game and got banned on map change
• tried two different custom ET installers (one of which was downloaded from this forum)
• no custom pk3 files, our unmodified server was the only one these installations were connected to
• disabled anti-virus
• killed all userland processes except for TeamViewer, ET and a few processes from Windows itself

We removed the ban between all of these tests respectively (some of the bullet points being several tests on their own). Surprisingly, when running ET Legacy we were able to connect to the server and get into the game perfectly fine. While we cannot currently identify the problem, we can definitely reproduce it 100%.

 

Unfortunately, the server wouldn't show anything more than a message like "banned for technical evidence of cheats". I assume there is no way to find out what that evidence is for security reasons? If that is the case, I'd like to know what we can do to help you identify the problem so that it can be fixed eventually.

 

While we don't run a Silent mod server for our clan we'd like to help solving this issue to protect the reputation of our member(s).

 

Thanks in advance,

Ligustah

[Zelly]

Just curious as it wasn't mentioned, unless i skimmed over it. What version did the server / client have.

 

And if its 0.9.0 are you sure you upgraded both server and client correctly. (As in using correct qagame/cgame and not mistakenly using the binary from the old version)

Also if 0.9.0 does it work on 0.8.x fine? (Trying to isolate which version is affected.)

[ligustah]

I set up the server just for this test. I downloaded the most recent version from this site, which I assume was 0.9.0 (can tell for sure later, currently using my phone).

 

Not sure if Sky is available today, but we can definitely try to see if older versions are affected as well.

[ligustah]

(I am apparently not allowed to edit my previous post)

 

I just checked, we were using 0.9.0 indeed. I simply dropped all the files from the zip file onto my server and started it without any configuration changes whatsoever.

[ligustah]

We tried the same with 0.8.0 and it doesn't issue a ban there (assuming it would ban in the default configuration).

[gaoesa]

I already pm'd him few days back to connect to my server so I can see the ban. Yes, there is a way to get detection classification code from the info sent by the client. If you want to make comparisons, you need to use 0.8.1, because it has most detections enabled from old versions.

 

http://www.wolffiles.de/index.php?filebase&cat=1&scat=14&p=2

[ligustah]

Ok, we'll try 0.8.1 next. I'll ask Sky to check the PM.

[Sky]

Connected and got banned on mapchange as expected

[gaoesa]

You got multiple detections for hacking the engine (ET.exe) in memory (not possible to identify the actual cheat or program). I don't think it is false (as in bug) as these are also very old detections and have never given false detections in the past. It doesn't come from for example proxying the client dll. As you told in your unban thread at sky-e, you have installed multiple cheats in the past, so maybe one of those is not cleanly uninstalled. You should do a process dump of ET.exe using task manager to see if there is anything recognizable and weird loaded to the process, after you get the ban on your test server of course.

[ligustah]

We tried 0.8.1 and it didn't trigger a ban. We also go a list of all DLLs loaded into the ET process, and there weren't any that seemed suspicious to me (i.e. unsigned).

 

Interestingly, whatever software is causing this is apparently triggered by the filename, which is also why ET Legacy worked. When we renamed the stock ET binary it worked fine as well. So we also checked two programs (mouse, gpu) that allow creation of process specific profiles, but neither seemed to be the cause.

 

I'm now trying to compare memory dumps trying to find the parts that are being modified, though I probably haven't worked enough with this kind of low-level stuff to find something useful. If you have any other tips on how to track down this I'd very much appreciate it.

[gaoesa]

Sounds like there could be something that is installed as a service and is keeping track of the executable. You should check everything that can be found from the services tab of task manager (location may vary depending of your Windows version).