?

Log in

No account? Create an account
February 26th, 2008 - Adventures in Engineering — LiveJournal
The wanderings of a modern ronin.

Ben Cantrick
  Date: 2008-02-26 10:52
  Subject:   Putting the bullet in GameGuard.
Public
  Music:Bon Jovi - Shot Through The Heart

Most people who play FlyFF don't know that GameGuard installs a rootkit in order to protect FlyFF from hacking. Even fewer know that when you uninstall FlyFF, the rootkit is NOT removed! I would not know these things myself if GameGuard wasn't such an intolerable piece of crap, and I hadn't been forced to learn all about it as I was trying (without success) to make FlyFF playable on my computer.

Here's a summary of a security vulnerability in the GameGuard rootkit. It includes the source code of a program to exploit the hole, and source for a program to uninstall the rootkit:

http://archive.cert.uni-stuttgart.de/bugtraq/2005/01/msg00209.html

I have also read that some of the newer anti-rootkit programs, like F-Secure Blacklight, SysInternals Rootkit Revealer, and Sophos Anti-Rootkit will find the GG rootkit and destroy it.

But for those of you who like me are oldskool, this is a set of directions I typed up on how to remove the GameGuard rootkit by hand:



The short version - uninstall FlyFF, then cold boot to Safe Mode and delete all files under C:\WINDOWS and subdirs that match the pattern "NPPT*.*" except for npptools.dll.


The long version - Recommend you save these directions as a notepad .txt file in C:\, that way you can find them in safe mode real easy.

First, FlyFF needs to be uninstalled before you do this. FlyFF will (attempt to) reinstall the rootkit whenever you run it. So kill FlyFF first.

To get into Safe Mode, reboot (cold boot with full power off is best) and then start tapping the F8 key. If you start tapping too early the BIOS may complain about a stuck key. You may have to reboot and try again in that case. If all goes well you'll get a text screen allowing you to boot into different modes. I recommend "Safe Mode with Command Prompt".

You may still have to login, and when you do the screen should be all ugly and low-resolution and there should be a DOS window waiting. Now do the following:

cd\windows

dir /a /s nppt*.*

Should find two files in c:\windows\system32\, NPPTNT2.SYS and NPPT9X.VXD. And probably one or two others elsewhere as well. Delete all of them. Don't miss any. The only exception is a file called "npptools.dll" which is not from GameGuard, it's part of Microsoft's Network Monitoring API. Don't delete that one. But all the rest, because they might be backup copies of the rootkit that Windows will re-install at next bootup. (It's possible some files you need to delete might have their protection attributes set. You'll know because it won't let you delete them. You can unset protection with the command "attrib -h -s filename.etc".)

When you've deleted them all, shut down again (probably have to use Ctrl-Alt-Del and then click the "Shutdown" button) and then boot up normally. The rootkit is now gone. There will probably still be some unused registry keys kicking around in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPPTNT2. You can delete these if you want to, but they're harmless without the rootkit.



4 Comments | Post A Comment | | Link



Ben Cantrick
  Date: 2008-02-26 14:21
  Subject:   Judge to Patent Trolls: "No, you can't have $51 million. Not yours."
Public

A federal judge recently got so infuriated by the conduct of two highly regarded trial attorneys that he overturned a jury's $51 million verdict, then ordered the lawyers to pay the fees and costs of the opposing lawyers, a sum that could total several million dollars.

U.S. District Senior Judge Richard P. Matsch sanctioned attorneys Terrance McMahon and Vera Elson of the firm McDermott, Will and Emery, of Chicago and San Francisco, for "cavalier and abusive" misconduct and for having a "what can I get away with?" attitude during a 13-day patent infringement trial in Denver. He ruled that the entire trial was "frivolous" and the case filed solely to stifle competition rather than to protect a patent.

Neither McMahon nor Elson returned phone calls. But their firm defended them by stating it "believes in vigorous and ethical advocacy on behalf of our clients. While we respect Judge Matsch, we disagree with the conclusions of the opinion and believe that it will be reversed on appeal." The U.S. 10th Circuit Court of Appeals saw it differently, and affirmed Matsch's decision.


http://www.denverpost.com/husted/ci_8354619

Bahahahaa!!! Suck it, patent trolls!
Post A Comment | | Link






Ben Cantrick
  Date: 2008-02-26 18:16
  Subject:   Why you shouldn't learn Perl.
Public
  Mood:der uber-nerd
  Music:Type O Negative - Who Will Save The Sane
  Tags:  reddit

Perl will get under your skin. You will miss its features and quirks when you're not using it. You might even find other languages insufferable, once you get comfortable with Perl. After you've started using Perl, there's a significant chance you'll start loathing whatever code base you currently have to work on. Especially if it's a statically compiled language. A code base you used to think was ok, except for its few quirks.

You've been warned. If you learn Perl, you'll start thinking it's impossible for you to keep using the technology you're currently using at work. If you're patient you'll try to introduce it there gently (and most likely get frustrated at the time it takes). If you're not so patient, you'll just end up changing job.


http://ubermonkey.net/blog/2008/02/24

As someone who's spent the last 6 months programming real world systems in Perl on a full-time basis, I agree with this advice wholeheartedly. Perl is so much faster and easier to write and debug than C, it's hard for me to imagine ever being as happy coding again. I wouldn't use Perl for anything real-time or system critical. And I don't recommend Perl as your first language, or to learn programming with. But for what I do? Processing huge flows of email, with any individual message being more or less expendable? Perl is great. And runs plenty fast enough. And it's so damn easy to get things done compared to C or Java.

For instance...Collapse )
4 Comments | Post A Comment | | Link



browse
May 2015