Jump to content

Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker.
Mr Wolf

Uses XingCode Anti Cheat. Game uses "Xing Code" Anti Cheat Rootkit...

Recommended Posts

 i read a steam   


Reminder Game Uses XingCode Anti Cheat.
Game uses "Xing Code" Anti Cheat Rootkit...

Once installed can't be uninstalled by Add & Remove, or Basic Methods even with uninstall of Black Desert, and this is downloaded after launching the game for the first time without asking you.


  Originally posted by Smaxx:
While it's true and it's using shady practices (rootkit like behavior, blacklisting legitimate programs, etc.) and inspects everything you've done on your HDDs the last 48 hours, but as far as I'm aware it's really only sitting in the BDO install directory and ran from there.

Um I thought this too which is why I gave Black Desert a try even after I didn't want to and argued it for months, Not only did I find it in my black desert directory, but if you are using windows 10.

And you click start or Windows + R key, and type services.msc, press enter, you will see that it has a service if I remember correctly called "Xhunter1" running, as well as these file locations should point to C:\windows directories, and uninstall of the game doesn't remove the service or files from C:\windows as it should. "It might also be called XingCode, but should have the description of Wellbia."

Also my Android Device was destroyed by "XingCode" android version running with Kritika, and Nexon Titles within 3 months after I found it modifying files and messing with stuff totally violated Googles App Store Policy for listing it there but Google looks the other way because of money unless they get sued.

There are however legitimate Anti Cheats that respect privacy, and don't do this.
Last edited by Smaxx; May 25 @ 4:03am


Easy Anti Cheat
Battleye
Punk Buster
VAC
EA Origins
Nexon Anti Cheat

Just a few I know of, too bad Game Guard & XingCode, Hack Shield as well but its not used much are 3 of the worst ever used that do this.
Last edited by Lilith; May 25 @ 4:09am


For those looking for more information, the game silently installs a hidden "service" under the name "xhunter1" loading the binary C:\Windows\xhunter1.sys. The service is set to manual start, so won't run automatically when you boot Windows.

To manually uninstall it, open a command prompt as administrator and run the following commands:

net stop xhunter1
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xhunter1
del C:\Windows\xhunter1.sys

If you're paranoid about it, you an add those steps to a file named "unXign.cmd" (or similar) and run it as administrator every time you stop playing.
#6
 
Heathy May 25 @ 4:28am 
i checked services and i couldn't see anything there under xhunter1.

i also checked the resource monitor left the network window open for a while and the xigncode didn't even pop up on there unless it sends all its data through the blackdesert64.exe.

all i see are 2 files with .xem extentions, the xigncode3 system and the watchdog, they are definitely reading and maybe writing data but they aren't sending anything through the network.
Last edited by Heathy; May 25 @ 4:33am
#7
 
squarecrusher  has Black Desert Online May 25 @ 4:33am 
Originally posted by Heathy:
i checked services and i couldn't see anything there under xhunter1.

i also checked the resource monitor left the network window open for a while and the xigncode didn't even pop up on there unless it sends all its data through the blackdesert64.exe

Dido this. While XING doesnt like to be monitored (will exit if, say, procmon is running), i cant find any services installed by it. the XING binary points back to the installdir of BDO.

There is however a xhunter.sys located in c:\windows\

not really drawing any conclussions, just echoing that there doesnt seem to be a service like others have mentioned..
#8
 
Smaxx May 25 @ 4:34am 
Originally posted by Heathy:
i checked services and i couldn't see anything there under xhunter1.

It's set to not show in the list of services. Open "regedit" and look for the path mentioned in my quote. I bet it's there if you've ran the game.

More technically:

The sub key "type" is set to "1", marking it as a kernel mode driver file – therefore it's not shown to the user as the user isn't supposed to block/stop such services.

This also means the service will run with highest access rights on your system, allowing it to (theoretically) access and modify any hardware connected to your computer, including any storage devices, network interfaces (logging outgoing and incoming packets), input devices (key logging), etc.

Edit:

You can also run the following line from any command prompt (doesn't have to run as administrator) to list the service information:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xhunter1

The output will look like this:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xhunter1
DisplayName REG_SZ xhunter1
WOW64 REG_DWORD 0x1
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\xhunter1.sys
Last edited by Smaxx; May 25 @ 4:35am
#9
 
Heathy May 25 @ 4:45am 
well this is a bit beyond me i got as far as figuring out you can open a .sys file with a hex editor but i have no idea how you could read what its actually doing its all literally gibberish to me.

i mean neither of the 2 .xem running files seem to be sending any data anywhere so im not too worried, i mean hell i've had the game install on my external hd since december so if it can screw you some how then its probably already done me by now.

oh wait it just started using bandwidth so yeah i guess its intermittent. i'm guessing it sends information about the files you've been accessing back to wherever. whatever it transfered i think was measure in bytes, it couldn't have been much data at all. 

i'm not too worried i don't have anything that could be considered a cheat so i think i'm safe from any potential ban hammers.
Last edited by Heathy; May 25 @ 4:49am
#10
 
Kana  has Black Desert Online May 25 @ 4:51am 
I'm pretty sure it's illegitimate, or at the very least against Steam's TOS to install a sniffer/rootkit malware on our systems under the guise of "anti-cheat utility". 

Also, the game's EULA didn't mention it as a rootkit or mention it invades our privacy by logging what we do on our computers and sending that data away. I can remove it from the game executable, and i've done this with numerous♥♥♥♥♥♥show anti-cheats (largely gameguard), but that's against the EULA and will get you banned if caught, so i won't spread the methods.
#11
 
squarecrusher  has Black Desert Online May 25 @ 4:52am 
You are correct, the service is hidden from services (both sc query, get-services etc) by the type being value 1. That is quite sneaky.

Cant say im very comfortable with this running on my computer...

The company developing it doesnt really put up a trustworthy front either.
http://www.wellbia.com/home/en/pages/xigncode3/

Last edited by squarecrusher; May 25 @ 4:53am
#12
 
Lilith May 25 @ 4:58am 
Originally posted by Kana:
I'm pretty sure it's illegitimate, or at the very least against Steam's TOS to install a sniffer/rootkit malware on our systems under the guise of "anti-cheat utility". 

Also, the game's EULA didn't mention it as a rootkit or mention it invades our privacy by logging what we do on our computers and sending that data away. I can remove it from the game executable, and i've done this with numerous♥♥♥♥♥♥show anti-cheats (largely gameguard), but that's against the EULA and will get you banned if caught, so i won't spread the methods.

Yeah I can totally remove XingCode too and play without it but I too am Legitimate, and I would rather just play "Black Desert" without XingCode there is no point in having this inside the game itself, and there are legitimate Anti-Cheats that actually inform users they are going to be installed, and provide support, and removal instructions...

Game Guard & XingCode / Hack Sheild rarely used do not, and personally I would rather form a Truthworthy Relationship so to speak with an Anti-Cheat company that is totally transparent about what goes on provides the support, and uninstall instructions.

Also Steam / Valuve Terms OF Service people said that games are allowed to install Rootkits or Anti Cheats like this through Valves service because of a certain section of it, but wait...

**Games should be required to disclose what Anti-Cheat it uses on steam, and who would Green Light Black Desert in the first place.**

I really wish Steam enforced policies to protect its users.
#13
 
Professor Nep-Nep  has Black Desert Online May 25 @ 5:00am 
Originally posted by Lilith:
valve doesn't give a♥♥♥♥♥♥aslong as it makes money, honestly the only reason we even have a refund option now is because it was required by law of where ever it was again, without it we'd still be getting ♥♥♥♥ed by ♥♥♥♥♥♥ broken games and what not
Last edited by Professor Nep-Nep; May 25 @ 5:00am
#14
 
The Mad Doctor  has Black Desert Online May 25 @ 5:16am 
Rip
#15
 
Lilith May 25 @ 5:16am 
Originally posted by Professor Nep-Nep:
Originally posted by Lilith:
valve doesn't give a♥♥♥♥♥♥aslong as it makes money, honestly the only reason we even have a refund option now is because it was required by law of where ever it was again, without it we'd still be getting ♥♥♥♥ed by ♥♥♥♥♥♥ broken games and what not

Um Black Desert isn't broken its the fact that their game is located in Europe and installs a Rootkit without permission on peoples computers hopefully someone in Europe will sue them for this, as I hear in Europe its highly illegal to be doing such things but I don't live there so );.
Last edited by Lilith; May 25 @ 5:17am
#16
 
Kana  has Black Desert Online May 25 @ 5:18am 
Professor Nep-Nep

"Hurr durr valve doesn't give a ♥♥♥♥ hurr durr"

Valve gives a ♥♥♥♥ if it knows users have an issue that interrupts normal operation. Valve is not clairvoyant, and you have to report the issue to them, instead of just expecting something will magically just happen on its own because it's a rule.
#17
 
Robbie May 25 @ 5:23am 
Originally posted by Smaxx:
If you're paranoid about it, you an add those steps to a file named "unXign.cmd" (or similar) and run it as administrator every time you stop playing.
This doesn't have anything to do with being paranoid, the same way SSD can't be defragged because it causes writes on it when doing so, so does these kind of applications.

SSDs have a limit of Data that can be written on them before they start to fail, and this application contributes to it.

If the rootkit is enabled even when uninstalling the game and over time it will contribute to killing it by writting useless data on it you don't want and without your consent.

The term most manufacturers use for SSD fail is TBW (Terabyes Written), after a certain amount of TB the SSD will start to fail, look it up of you don't believe.
#18
 
Professor Nep-Nep  has Black Desert Online May 25 @ 5:25am 
Originally posted by Lilith:
Originally posted by Professor Nep-Nep:
valve doesn't give a♥♥♥♥♥♥aslong as it makes money, honestly the only reason we even have a refund option now is because it was required by law of where ever it was again, without it we'd still be getting ♥♥♥♥ed by ♥♥♥♥♥♥ broken games and what not

Um Black Desert isn't broken its the fact that their game is located in Europe and installs a Rootkit without permission on peoples computers hopefully someone in Europe will sue them for this, as I hear in Europe its highly illegal to be doing such things but I don't live there so );.
i wasn't saying it was a broken game? you said you wished steam enforced it's policies to protect it's users, i responded with saying they don't care aslong as they make money

Originally posted by Kana:
Professor Nep-Nep

"Hurr durr valve doesn't give a ♥♥♥♥ hurr durr"

Valve gives a ♥♥♥♥ if it knows users have an issue that interrupts normal operation. Valve is not clairvoyant, and you have to report the issue to them, instead of just expecting something will magically just happen on its own because it's a rule.
and i never said they won't step in if something interrupts normal operation but the fact of the matter is, unless it comes to that, they do not really care what so ever, as i mentioned the only reason we can refund games is because it was required by law to be implemented, if they didn't introduce that feature they would of been unable to sell in that country, thus losing them money, we don't have it because valve cares
#19
 
Smaxx May 25 @ 6:40am 
Originally posted by Robbie:
If the rootkit is enabled even when uninstalling the game and over time it will contribute to killing it by writting useless data on it you don't want and without your consent.

The term most manufacturers use for SSD fail is TBW (Terabyes Written), after a certain amount of TB the SSD will start to fail, look it up of you don't believe.

The service is set to manual start, I have to give them that. This means it won't be loaded/active, unless actively triggered (e.g. by launching the game). The file remains on your hdd, but it also remains inactive after you uninstalled the game.

Also reported the game as potentially harmful/malware, since Xigncode's kernel mode driver's installation isn't communicated properly and it's clearly going out of scope for an anti-cheating tool (in my opinion).

If there's ever some issue found in that driver – which isn't unlikely – malware can just start the service and use it to manipulate and intercept user data, without needing any further vulnerabilities in Windows or any other program.
#20
 
Robbie May 25 @ 6:58am 
Originally posted by Smaxx:
Originally posted by Robbie:
If the rootkit is enabled even when uninstalling the game and over time it will contribute to killing it by writting useless data on it you don't want and without your consent.

The term most manufacturers use for SSD fail is TBW (Terabyes Written), after a certain amount of TB the SSD will start to fail, look it up of you don't believe.

The service is set to manual start, I have to give them that. This means it won't be loaded/active, unless actively triggered (e.g. by launching the game). The file remains on your hdd, but it also remains inactive after you uninstalled the game.

Also reported the game as potentially harmful/malware, since Xigncode's kernel mode driver's installation isn't communicated properly and it's clearly going out of scope for an anti-cheating tool (in my opinion).

If there's ever some issue found in that driver – which isn't unlikely – malware can just start the service and use it to manipulate and intercept user data, without needing any further vulnerabilities in Windows or any other program.
I can confirm this, i uninstalled the game yesterday and got a refund because i already own the game and i still can't set keys to Numpad, after all this time, not going to contribute to devs who can't fix the basics of PC games, not to mention there's still no option to fix pop-ins.

Anyway, i deleted the driver file manually and the system didn't refuse deletion, which means the file wasn't active nor even protected to begin with.

Still it shouldn't be left there in the first place for the simple reason that as Windows accumulates drivers being them active or not, the system readies them for use at boot and slows boot time due to that, as time passes more drivers that don't get deleted make it even slower, and can come to a point where the system won't even boot because of a conflict with a Windows driver update or just any driver update that comes after when it loads them on boot.
#21
 
dmdport  has Black Desert Online May 26 @ 7:24pm 
Originally posted by Robbie:
Originally posted by Smaxx:
If you're paranoid about it, you an add those steps to a file named "unXign.cmd" (or similar) and run it as administrator every time you stop playing.
This doesn't have anything to do with being paranoid, the same way SSD can't be defragged because it causes writes on it when doing so, so does these kind of applications.

SSDs have a limit of Data that can be written on them before they start to fail, and this application contributes to it.

If the rootkit is enabled even when uninstalling the game and over time it will contribute to killing it by writting useless data on it you don't want and without your consent.

The term most manufacturers use for SSD fail is TBW (Terabyes Written), after a certain amount of TB the SSD will start to fail, look it up of you don't believe.
You do realize that most good ssd's such as Samsung end up lasting nearly forever when actually tested. Nearly 1 petabyte of data written to it before they die. Will probably die to something else long before being written to.
https://www.extremetech.com/computing/184619-how-long-do-modern-consumer-ssds-actually-last-longer-than-youd-expect
#22
 
Lilith May 27 @ 10:52am 
Originally posted by dmdport:
Originally posted by Robbie:
This doesn't have anything to do with being paranoid, the same way SSD can't be defragged because it causes writes on it when doing so, so does these kind of applications.

SSDs have a limit of Data that can be written on them before they start to fail, and this application contributes to it.

If the rootkit is enabled even when uninstalling the game and over time it will contribute to killing it by writting useless data on it you don't want and without your consent.

The term most manufacturers use for SSD fail is TBW (Terabyes Written), after a certain amount of TB the SSD will start to fail, look it up of you don't believe.
You do realize that most good ssd's such as Samsung end up lasting nearly forever when actually tested. Nearly 1 petabyte of data written to it before they die. Will probably die to something else long before being written to.
https://www.extremetech.com/computing/184619-how-long-do-modern-consumer-ssds-actually-last-longer-than-youd-expect

Yeah but I still prefer to keep my Hard Drive Read and Writes down on an SSD as much as possible.

I have some Hard Drives in my system I've been using over 15 years still working purrfect if you want the winner its (Maxtors) or (Western Digitals) Sea Gate and other brands fail faster lol.
#23
 
Frugl1  has Black Desert Online May 27 @ 10:59am 
Its a hard sell to label it a rootkit, as it does not appear to perform any actions to conceal itself.
#24
 
Smaxx May 27 @ 2:55pm 
Originally posted by Frugl1:
Its a hard sell to label it a rootkit, as it does not appear to perform any actions to conceal itself.
No. It doesn't. It just kills itself and the game if it thinks some other program might be capable of spying on it like Visual Studio's debugger. If I debug anything the game will no longer start, even if the debugger isn't running anymore. I have to reboot my computer to get the game working again, because it automatically assumes I want to cheat or manipulate it.
Last edited by Smaxx; May 27 @ 6:50pm
#25
 
D# May 27 @ 4:59pm 
Thanks for saving me 30 bucks.. was getting tempted into purchasing.
#26
 
Lilith May 28 @ 10:39am 
Originally posted by Frugl1:
Its a hard sell to label it a rootkit, as it does not appear to perform any actions to conceal itself.

But it does...

Once you Launch the game (You are not asked consent for Xing Code to be installed) Unlike Arma, Planet Side 2, ARC Survival where it asks consent for Battleye and Easy Anti Cheat to be installed...

When XingCode is installed (You are not told how to remove it and after removing the game from your add and remove programs Xing Code stays hidden on your system unless you know where to find and remove it.

Although its possible to remove by looking up means through 3rd parties this should never be required.
Last edited by Lilith; May 28 @ 10:39am
#27
 
UNREAL  has Black Desert Online May 28 @ 11:02am 
Well you can remove it by going: Start>Run, type: regedit, press Enter. Find its register key and unistall it manualy. Ofc dont do this if you want to play the game cause probably it would tag u as a potentional in-game cheater or bot user etc. 

The only thing that could be against the EU laws and policy is that it install itself in to a kernel which is no more a behavior of Anti-cheat program but a Spyware.
Last edited by UNREAL; May 28 @ 11:03am
#28
 
byblo May 28 @ 3:06pm 
Is it possible to run the game without running at all that xindcode garbage? I tried to run the game without the service activated and game closed by itself, then the xm.exe gave me this warning: https://s12.postimg.org/alvv67vxp/Clip059.png
#29
 
Yolo Swaginson  has Black Desert Online May 28 @ 4:01pm 
so... is it bad? I don't think I understand quite well...

Share this post


Link to post
Share on other sites

Xigncode3 is a "spyware" anti-cheat which stops any kind of cheating and does it rather well. I guess you shouldn't be afraid, unless you're planning to do something shady.

Share this post


Link to post
Share on other sites

Posted 21 Dec 2015 (edited)

I'm seeing a lot of theories in this thread, and a bit of misinformation on what to call Xigncode.

Xigncode is not a rootkit, it does not start on boot, it does not facilitate other viruses and intrusions, it does not hide itself in running processes either. It runs ontop of another engine to perform its actions. It is not spyware, it is not adware, it is not a keylogger, either. Xigncode is a 3rd party anti-cheating monitoring tool. It checks to see if there are any programs that hook into your game, or run anything "Untended", like a bot. That's not spyware, although it might looks very similar to it. Its the same thing Google and all other companies do. They get usage statistics of what's running parallel to an application and report back. Xigncode, allegedly, does it a bit more aggressively, which doesn't make it illegal, just very immoral.

To get additional information on what other programs people may use to cheat that don't fit under its "advanced-protection" umbrella, it will (allegedly) gather the information of the program's ProcessID, run-location, window title, and start/run/end times of its use. They would use this information (hopefully....) to better their product by blocking common programs with suspicious names, and parallel programs to the one they're protecting.

What its allegedly doing is not right, as DAUM never made a statement to us (as far as I am aware) that using their application (BDO) will mean running Xigncode, either willingly, or unwillingly. They have an obligation as a company pushing a product to tell us about any and all third party applications, and their intents and purposes for using them, and the company they're using's mission statement, what implications running the program means, etc. That includes the means that it collects "OTHER" data, AKA, 3rd party information.

If the information in this thread is to be taken as fact, for all intents and purposes an invasion of privacy, whether you care about your privacy, or not, its still an invasion of it.

I made a post in another thread just like this one about what to do if you do not like this at all.

http://forum.blackdesertonline.com/index.php?/topic/5647-remove-the-spyware-from-the-game/&do=findComment&comment=102293 

Edited 21 Dec 2015 by Kuliya 
Clarification
1 person likes this

the site from the linked  info is from http://forum.blackdesertonline.com/index.php?/topic/5649-xingcode-3-spyware-in-game/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This website uses cookies to provide the best experience possible. Privacy Policy & Terms of Use