Nexon's latest privacy transgression

[TheHiddenOne]

After yesterday's update, I took a closer look at the MapleStory client, as I usually do. This time, however, I noticed an anomaly: After connecting to a channel server, the client sends huge chunks of data (several kilobytes) to the server. While it is normal that there is much traffic directly after the connection was established, it's usually the server that sends much information (character data, keymaps, and all kinds of other things) to the client.

I took a closer look at the data being sent and found this:
http://pastebin.com/1hwVj0ma

The client sends a list with the paths of ALL running processes to the server. They split the list into several packets that are sized around 2000 bytes, and depending on your system configuration, about 5-6 such packets are sent. I find this highly intrusive - technically it's none of Nexon's business what kind of software I am running on my system. I'm fine with local checks (like HackShield's), but sending everything to the server, where they quite possibly save it, is a wholly different matter. Sadly, their Privacy Policy allows them to do just this - true to the motto "If you play our game we are allowed to log everything that takes place on your computer."

You might think HackShield has always done this - it has not. While it is true that HS collects the same kind of information (and more), they just store it in their encrypted log files. Nothing of it is sent anywhere, unless you use their AhnReport utility.

If you're interested in some technical information, here's what I collected:

Spoiler

Packet structure:
uint16 opcode 0x1D5
uint32 entryCount
uint8 always 1?
{
Str imagePath
Str fileDescription
Str productName
Str mapleClientHash
Str processHash
} entryCount times

The packet is sent when the client receives opcode 0xFB.
Handler address: 0x01183820
VMProtect entry: 0x01183867 -> 0x01B27E58

They think code virtualization makes their code safe and inaccessible to anyone who wants to check it out. A lesson that Nexon apparently has not learned yet is that every software can be cracked.

VMProtect call trace:
http://pastebin.com/xHevqGs6

They want to achieve two things:
1) Find out if the game executable (not its memory!) has been tampered with. This is only the case when the client has been unpacked, and only few people are able to do this nowadays.
2) Find out if malicious processes are being executed, for example trainers.

In the end it's just another failed measure in an endless row of useless security checks. It's a piece of cake for both target groups to disable/fake this data, so there's only one victim: The players, because their privacy is compromised. Maybe they'll reconsider sending these packets when enough people complain.

[LeoDirk]

Sure they are allowed to due to agreeing to terms of service but I'd rather not have my running processes stored on server for who knows how long. I don't get why they think this will help, either. It is pretty much just a local scan, just done remotely. If they can work around a program meant to scan your computer for illicit content, I'm sure they can stop or edit the sending of a packet to a remote server to do that same thing.

[Tyler]

Was hoping it would be a bit longer before this submerged, but as it has so will answer any questions to avoid misinformation.

If the information about the processes / data collected is properly encrypted it would make it much safer for players and would no longer be readable. I can say that the issue is at least being monitored / looked into for the time being.

Sure they are allowed to due to agreeing to terms of service but I'd rather not have my running processes stored on server for who knows how long. I don't get why they think this will help, either. It is pretty much just a local scan, just done remotely. If they can work around a program meant to scan your computer for illicit content, I'm sure they can stop or edit the sending of a packet to a remote server to do that same thing.

It is only collected once when going on a character, not throughout being connected. If you feel that it's exposing your privacy or wish for an application to not be monitored, just open it after this point. It is mainly to see what is currently opened when you're first launching MapleStory likely to check for hacking clients and other malicious tools.

[LeoDirk]

Was hoping it would be a bit longer before this submerged, but as it has.

If the information about the processes / data collected is properly encrypted it would make it much safer for players and would no longer be readable. I can say that the issue is at least being monitored / looked into for the time being.

Sure, the sending of the data not encrypted is even worse, but for a lot of players, myself included, would rather not have it stored on a server. Especially when they have a local scan that is grabbing the exact same information, but it stays local. Just seems like an extra, unneeded security step that is just going to cause people to "hack" or straight up quit. People enjoy their privacy.

[SaptaZapta]

Friendly reminder:

TOS

Point Value: 2 points
Definition: "The posting of information regarding how-to's on private servers or hacking."
Additional comment: You can discuss the effects of private servers or hacks on the community. You can also discuss the basic premise of how and why the hack works. You cannot discuss how to perform hacks or link to places where hacks can be found. You cannot discuss how to set up a private server.

Hacking

Point Value: 16 points (Permanent Ban)
Definition: "Posting that you are or you have hacked any online game."
Additional comment: Known hackers from other forums are not banned on sight here. We, as admins and mods, cannot police every person that enters the site based on their behavior across the entire internet. We deal with what happens here, and that doesn't include extensive background checks on registering and lifelong monitoring thereafter. If a person is stupid enough to say, "I am a hacker", then he deserves a banning. This also includes people who post pictures where it's readily obvious the user hacked the game. Use of the Robin Hood Defense (hacking for the public good) will be determined by moderators.

Just to be clear: interfering with the normal operation of the client, or its communication with the server, is "hacking" for the purposes of the above rules.

[LeoDirk]

Was unaware posting about basic knowledge on networking and packet structure/handling was saying how to preform any sort of hacking, but my apologies. Also, not really sure as to why the second part of the post was edited out, seemed like a harmless inquiry about the topic at hand but alright, my bad.

[Takebacker]

Honestly i don't see a problem unless these "huge chunks of data" actually impact your connectivity and it doesn't look like it.

Inb4 Nexon uses it to check for keylogging for compensation.

Was hoping it would be a bit longer before this submerged, but as it has so will answer any questions to avoid misinformation.

If the information about the processes / data collected is properly encrypted it would make it much safer for players and would no longer be readable. I can say that the issue is at least being monitored / looked into for the time being.



It is only collected once when going on a character, not throughout being connected. If you feel that it's exposing your privacy or wish for an application to not be monitored, just open it after this point. It is mainly to see what is currently opened when you're first launching MapleStory likely to check for hacking clients and other malicious tools.

Do you proofread what you post on the internet? Just wondering.

[KhainiWest]

Was hoping it would be a bit longer before this submerged, but as it has so will answer any questions to avoid misinformation.

If the information about the processes / data collected is properly encrypted it would make it much safer for players and would no longer be readable. I can say that the issue is at least being monitored / looked into for the time being.



It is only collected once when going on a character, not throughout being connected. If you feel that it's exposing your privacy or wish for an application to not be monitored, just open it after this point. It is mainly to see what is currently opened when you're first launching MapleStory likely to check for hacking clients and other malicious tools.

I don't get why you think you can speak behalf of nexon, you didn't even know those notes were half finished and put southperry in a bad spot. You just no longer can speak with authority, especially when your credibility has been put into question twice now :| 3 times for certain people.

[Mazz]

[MountLag]

The silly thing is that the extra server load from this info being sent probably costs more than just hiring GMs that will actually do something. And of course it's a lot less effective too.

[Zelkova]

I feel like I should throw this in now as well:

Tyler, pomegranate means shit. Shit. "To be a Pomegranate" literally translates to "To be a Shit".

[MetaSeraphim]

Was hoping it would be a bit longer before this submerged, but as it has so will answer any questions to avoid misinformation.

[KhainiWest]

[Niernen]

This is getting interesting...

[Crowhogan33]

[Declaimed]

If you feel that it's exposing your privacy or wish for an application to not be monitored, just open it after this point. It is mainly to see what is currently opened when you're first launching MapleStory likely to check for hacking clients and other malicious tools.

That's totally solid! Theres no way we can bypass that! Said no hacker ever.

The people this is out to catch will strip the measure away before it can log the first 50 culprits.

[Zerard]

I can't help but think that none of this will end well.

[Zelkova]

I can't help but think that none of this will end well.

A mental breakdown or worse.

[Netto]

[dowie]

Shouldn't it be like emerge rather than submerge since it has been ya whatever