Blizzard's Warden Thwarted by Sony's DRM Rootkit

shotfeel writes "First, news of Warden -a bit of code from Blizzard's WoW to trounce game cheats. Then, a Sony rootkit to make your computer safe for music. Now, news that you can use the Sony rootkit to make your game cheats safe from the Warden."

YRO?

[LostCluster]

Are we suddenly interested in the rights of game cheaters? Whose rights are being impacted here?

This is just a classic hack. Nothing impacting free speech or even property rights. Yes, it belongs on /., but in a different section...

Sue Sony

[Anonymous Coward]

Sue sony under the DMCA

Hell, you knew it was coming.

[Tuxedo Jack]

If the process is hidden, the Warden can't pick up on it, right?

So hypothetically, ANY rootkit could be used to hide processes - HackerDefender and the others out there would do the job nicely.

Of course, the other edge of the sword is that you don't know just what _else_ is hiding... unless you wrote and compiled the rootkit yourself using your home-brewed compiler.

Re:Sony owns Everquest

[harrkev]

But Sony has some MMORPGs too. Any word on using this for the Star Wars RPG?

Re:Just goes to show..

[networkBoy]

Because now Blizzard (hopefully) will sue Sony for some DMCA violation on breaking their game security device :-)
[/wishful thinking]
-nB

I pray for the day

[sammy baby]

I now live in hope for the day that a bunch of the corporations pushing for invasive DRM like Blizzard's Warden and Sony's whatever-it's-called sue each other under the DMCA for circumventing each others technologies, instead of suing us for trying to crawl out from under them.

Game Cheaters are human beings too!

[xtermin8]

...well, maybe they're not human in the gameworld. ;) WoW uses a rather invasive technique for scanning Gameplayers whether they cheat or not. Sony's DRM scheme also inteferes with the ability for people to make backups of they're own property. In fact, the only interesting thing about this story is these two issues have collided in an unexpected way at a moment in time.

Re:Next fun hack?

[harrkev]

What about using Sony's rootkit to hide Alcohol 120%. Does this work?

What really is scary...

[Skiron]

..for all windows users, ~and I am a bit surprised no blog or tech site picked this up~, is what the hell is it with windows and the way a piece of code can 'hook' into a kernel call and redirect it - and it's all HIDDEN - I mean, what the hell is a sysadmin supposed to do now?

What the hell else is there, running *unknown*.

MS, through their obsession with hidden controls, little or no documentation, a nubilious registry system (what DO all those entries do?) and total disregard to people that buy it, it's a sure eyeopener for all concerned - and windows users should be.

Thanks to Mark Russinovich for this - and if HE struggles to find/remove this type of delibrate (by MS) obscuration to an operating system, what hope does all the mortal 'Harry homeowners' have?

This whole rootkit business leads one to wonder

[Nom du Keyboard]

This whole rootkit business leads one to wonder what happens if you play the Sony CD in an instance of a Virtual Machine (ala VMware). Does it only root the virtual machine? Can you burn endless CD's, 3 at a time? Since Sonly has clearly granted you a licence to burn the number of CD's permitted by the DRM, can you now put them out of business selling yours on the street? Inquiring minds blah blah blah...

And speaking of WoW, you mean there is no game hack that changes it's name each instance so that The Warden will never have it in its signature file?

Re:Profit line

[Anonymous Coward]

you can sell Game Gold on eBay. There is an entire industry based on workers in lower income base countries playing these games, and selling the online currency online. In the US, selling this currency might make $40/day, but in other countries, $40/day is a good days' work.

Re:Let's bash Sony

[HTH NE1]

How accessible are other rootkits to the average WoW cheater? I haven't done any searches, but surely nothing compares to being able to walk in to a record store and buy pluton^H^H^H^H^H^H a rootkit.

And it is always the latest of the breed that would be the most desireable, especially when it could be found on many systems innocently. The rootkit comes with it's own human shield of innocents.

And Blizzard would violate the DMCA if they removed Sony's DRM software that restricts access to Sony's so-protected copyrighted works.

Sony has opened a Pandora's Box distributing and installing the rootkit. Blizzard spies on what programs you run. The question is not whether two wrongs make a right but rather whether two wrongs make an actionable case, and on whom.

I'm sure there are other ways to exploit this rootkit: hiding porn stashes from a nosy spouse would be another one. The Blizzard WoW cheating just happens to relate to recent news stories and rises to the top.

Re:Just goes to show..

[kdekorte]

Point #2 is something that really ticks me off. Spyware is a virus in my opinion, but since A/V companies don't consider it a virus you have to buy another product to remove the spyware. Good for them, but a total rip off of the consumer who has to buy and update two products where one should do it all.

Re:That's the beauty of it.

[Knetzar]

Blizzard could, and I hope they do, re-write warden to detect the rootkit, and then if it's installed let the user know that sony installed a virus on their machine and that it needs to be removed to play WoW.

Re:Just goes to show..

[Papineau]

That is why you should install 2 Windows installations side-by-side when you install it in the first place. One is your "normal", work and games related one, the other one is for snooping on the first one if you need to do something it won't let you by itself (like replacing some registry files, etc.).

Works like a charm when you want to restore a system backup too, and there's no need to play with CaptiveNTFS or such.

It worked quite well in NT4 with the NT bootloader (boot.ini), so you can probably do the same with XP's bootloader without resorting to a 3rd party boot loader (like grub :)). Don't forget to have different desktop backgrounds (like a red one for the administrative install), so you don't end up doing stuff you don't want to in the wrong environment.

What goes around comes around

[narfbot]

Second, as it is installed it in no way would assist in cheating in WoW. A third party can take advantage of what it does do. In other words Sony is not shipping this DRM software with the primary intent to enable cheating in WoW.

While we are talking about blizzard, lets go back to similar incident in blizzard's past. Bnetd, as written, did not support the Warcraft III beta. The authors of bnetd did not want to support the beta and the intent of bnetd was not to support pirating. Some third party (warforge) took the bnetd source, extended for the Warcraft III beta, and it enabled playing of the pirate copy of the beta that was going around. By your logic, the third party that enabled Sony's rootkit to be used to hide the cheats should be sued. By blizzard's logic, bnetd was sued, not the warforge people. Blizzard sued the people who created the original tool that had no bad intentions. If blizzard sticks to their priniciples, they will sue Sony.

But I don't believe blizzard has any morals in regard to their decision to sue bnetd, therefore, they won't sue Sony. And the cheating and pirating continues...

Re:Next fun hack?

[murfman5000]

This reminds me of something a professor once taught me:

1. Someone creates a problem
2. Someone else finds a way to make the problem affect the creator (tie the problem to the creator)
3. The problem resolves itself
4. PROFIT!!!!

(sorry, made that last one up)

Re:Next fun hack?

[Anonymous Coward]

Confirmed as YES.

I have now used that wonderful rootkit to hide alcohol, deamon tools *AND* my antivirus program.

Think about it for a minute - I am hiding MY AV program.

Now, any malware that purposely hunts out to shutdown av programs before they propogate will not function. :)

The only thing that has NOT been succesfully hidden in my few tests so far is anything from Zonelabs. (ZoneAlarm, Integrity, etc)