Jump to content
Sign in to follow this  
Nevermind

Security vulnerability in XIGNCODE3

Recommended Posts

Nevermind    7

We (for now) probably avoided XIGNCODE3 yet, but it seems that NC West is probably going to use it.

Here is the newest vulnerability in this malware:

https://x86.re/blog/xigncode3-xhunter1.sys-lpe/

TL;DR: It basically allows anybody (skilful enough) on any site to get control of your computer if you have XIGNCODE3 running (you are playing game using XIGNCODE3).

Share this post


Link to post
Share on other sites
Alexiel    5

That "anybody" would have to escape the browser sandbox which is neither trivial nor cheap.

Vulnerabilities get patched sooner or later. Wellbia is not a dead company so hope for a newer/patched version of xhunter until it gets to you.

Share this post


Link to post
Share on other sites
mixa    327
14 hours ago, Nevermind said:

We (for now) probably avoided XIGNCODE3 yet, but it seems that NC West is probably going to use it.

Here is the newest vulnerability in this malware:

https://x86.re/blog/xigncode3-xhunter1.sys-lpe/

TL;DR: It basically allows anybody (skilful enough) on any site to get control of your computer if you have XIGNCODE3 running (you are playing game using XIGNCODE3).

This is patched in many browsers, including but not limited to Chrome, Chromium, Edge, Firefox, Opera...

Let alone that it ain't the average joe's work to put such exploit in practice as said above.We`re talking state sponsored attack here, nothing much more smaller ....

Share this post


Link to post
Share on other sites
Alexiel    5
7 minutes ago, Daikon said:

State sponsored like that 16yo boy that stole 90gb of date from Apple?

Wait just a few more years and he will be state sponsored. :D

Share this post


Link to post
Share on other sites
MonsterSA    0
On 24/08/2018 at 1:15 AM, Nevermind said:

We (for now) probably avoided XIGNCODE3 yet, but it seems that NC West is probably going to use it.

Here is the newest vulnerability in this malware:

https://x86.re/blog/xigncode3-xhunter1.sys-lpe/

TL;DR: It basically allows anybody (skilful enough) on any site to get control of your computer if you have XIGNCODE3 running (you are playing game using XIGNCODE3).

great...

 

@Conguero  dude, if you allow me to comment on the issue of bot ...

if this XIGNCODE3 is no longer reliable, not the arm to twist ...
Can not you put the same of the European servers? I heard good comments about this anti-cheat.

Something you can do to ease the situation is to remove all the benefits you get from Mentee's Mark, the bot is favoring those takers who are ultimately involved.

Disable these items from Mentee's Mark

Share this post


Link to post
Share on other sites
Dargor    22
23 hours ago, MonsterSA said:


Something you can do to ease the situation is to remove all the benefits you get from Mentee's Mark, the bot is favoring those takers who are ultimately involved.

Disable these items from Mentee's Mark

Yeah, lets remove all the remaining profitable things so NOTHING can be farmed anymore. Farming anything at all in NCWest usually involves leveling up a trillion toons, be it for the mentee marks or oly farm or whatever else. That is certainly not the kind of pve people have in mind when they think of L2, but that's what we have. They nerfed the drops to the point of making spoilers a thing of the past and now you're pretty much asking them to remove the rest. And why they did that? Because that was their idea of an anti-bot at the time. Fun fact for you: if a bot works, then anything can and will be farmed. If you removed every item drop and every quest reward you'd just see bots everywhere grinding 200 adena at a time in lowbie zones.

Share this post


Link to post
Share on other sites
Yidao    149

The Fortune Pockets, which is probably what the bots in the lvl 85~97 hunting grounds are after - I can't imagine that from the dropped adena they can pay their Adenaline subscription - have been removed in Korea on May 23:
http://lineage2.plaync.com/board/update/view?articleId=634946&query=포츈&searchType=content

We will probably get this change together with the Mentee Mark nerf bundled into the Fafurion update next year.

Share this post


Link to post
Share on other sites
beleaua    66
4 hours ago, Yidao said:

The Fortune Pockets, which is probably what the bots in the lvl 85~97 hunting grounds are after - I can't imagine that from the dropped adena they can pay their Adenaline subscription - have been removed in Korea on May 23:
http://lineage2.plaync.com/board/update/view?articleId=634946&query=포츈&searchType=content

We will probably get this change together with the Mentee Mark nerf bundled into the Fafurion update next year.

Bots have  ways to make adena from 85 to 97. Look at Zaken and Freya spots, tens of characters looking exactly the same and moving the same way. They farm them all the time. For a simple player it's not that profitable, you can walk out of those instances with 0 adena gained every three days or it could be 5m, 10m or even 100~200m if a weapon drops at Freya. A bot party will always have drops. Bots can just switch to other characters and farm again or move on to other areas. You see Bloody Swampland is full of them, or even Harnak. For a simple player it's boring as hell to do four quests in the swamp and not even getting a quest item each mob but bots do them, log out and come with another character. It's not only for the 500k each quest but adventurer faction increase. After 93-94 there are new quests and they start to give 1m adena. After they finished leveling faction they get four jewels and each of them is worth at least 60-70m in powders. There are also one time quests, giving you 20-40m. If you remove every single drop or reward they might move on to kartias, balok, olympiad for giant's energy, dimensional, and those are just some examples. If me as a normal player made ~600m by 95, at 97 bots should have around 1b adena farmed.

As someone said, there are always ways as long as they are able to bot. The solution is not to remove all rewards but to police and combat the bots. For example mentee marks here don't give giant enchants anymore, or any kind of enchants like on EU, and there are a lot more bots farming mentee coins here, for the books I guess. In the end the purpose is to make players buy everything from store, bot being a problem is just an excuse for them not hiring staff members to police the servers. It's not only cheaper not to hire someone but also profitable to make the real players just spend more on the store.

Edited by beleaua

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×