[DiscordArchive] Now I should know the warden internals and have basic knowledge of reverse engineering. What else?
[DiscordArchive] Now I should know the warden internals and have basic knowledge of reverse engineering. What else?
Original source
A launcher can be statically analysed, decompiled, fingerprinted... RCE is code injected on the fly from a remote server. That's about as bad as it can get
rektbyfaith
09-13-2025, 10:23 AM #11Archived author: stoneharry • Posted: 2025-09-13T10:23:30.777000+00:00
Original source
A launcher can be statically analysed, decompiled, fingerprinted... RCE is code injected on the fly from a remote server. That's about as bad as it can get
Original source
RS server run client side Java code, so yeah that was pretty much full client access. I recall a private RS server where they would bombard the user with advertisement windows in their browser if they were caught cheating, not exactly ethical
rektbyfaith
09-13-2025, 10:24 AM #12Archived author: stoneharry • Posted: 2025-09-13T10:24:17.356000+00:00
Original source
RS server run client side Java code, so yeah that was pretty much full client access. I recall a private RS server where they would bombard the user with advertisement windows in their browser if they were caught cheating, not exactly ethical
Original source
I mean when Turtle got hacked, they did try to tamper with the patch that is sent on login. I think they lacked the knowledge on how to modify it properly, so no update got deployed to users. But that goes to show, if any bad actor decides one day to do something, they can just send that malicious payload on login
rektbyfaith
09-13-2025, 10:25 AM #13Archived author: stoneharry • Posted: 2025-09-13T10:25:53.367000+00:00
Original source
I mean when Turtle got hacked, they did try to tamper with the patch that is sent on login. I think they lacked the knowledge on how to modify it properly, so no update got deployed to users. But that goes to show, if any bad actor decides one day to do something, they can just send that malicious payload on login
Original source
Yeah the moment I had it happen to me, I quit playing RS private servers. Feels akward seeing a random process pop up and then all the bs getting rid of it..
rektbyfaith
09-13-2025, 10:26 AM #14Archived author: Furioz • Posted: 2025-09-13T10:26:10.952000+00:00
Original source
Yeah the moment I had it happen to me, I quit playing RS private servers. Feels akward seeing a random process pop up and then all the bs getting rid of it..
Original source
yeah thats the sad part about it, there are tons of people doing right, but there are always individuals out there with less ethical purposes :/ .
rektbyfaith
09-13-2025, 10:27 AM #15Archived author: Furioz • Posted: 2025-09-13T10:27:48.807000+00:00
Original source
yeah thats the sad part about it, there are tons of people doing right, but there are always individuals out there with less ethical purposes :/ .
Original source
Despite my doom-mongering, no WoW private server has done anything malicious to players over 20+ years to my knowledge.
rektbyfaith
09-13-2025, 10:28 AM #16Archived author: stoneharry • Posted: 2025-09-13T10:28:21.596000+00:00
Original source
Despite my doom-mongering, no WoW private server has done anything malicious to players over 20+ years to my knowledge.
Original source
But yeah, knowing how to exploit RCE probably shouldn't be public knowledge
rektbyfaith
09-13-2025, 10:28 AM #17Archived author: stoneharry • Posted: 2025-09-13T10:28:58.211000+00:00
Original source
But yeah, knowing how to exploit RCE probably shouldn't be public knowledge
Original source
i will send malicious html to your news ticker!!1
rektbyfaith
09-13-2025, 10:29 AM #18Archived author: Kaev • Posted: 2025-09-13T10:29:31.104000+00:00
Original source
i will send malicious html to your news ticker!!1
Original source
Yesn't. Any launcher downloads stuff. Wouldn't be hard to let the launcher download a new wow.exe that is not a wow.exe :p
So technically you would also never know.
So I wouldn't worry about any RCE in the client. If the owners have malicious intend, they can do it in way better ways than delivering it through the wow client.
Especially with the rise of all the client mods being done, the RCE is the least of my concerns. Servers can add anything at any time, even without RCE.
rektbyfaith
09-13-2025, 10:34 AM #19Archived author: Saty • Posted: 2025-09-13T10:34:51.730000+00:00
Original source
Yesn't. Any launcher downloads stuff. Wouldn't be hard to let the launcher download a new wow.exe that is not a wow.exe :p
So technically you would also never know.
So I wouldn't worry about any RCE in the client. If the owners have malicious intend, they can do it in way better ways than delivering it through the wow client.
Especially with the rise of all the client mods being done, the RCE is the least of my concerns. Servers can add anything at any time, even without RCE.
Original source
People scared about RCE but not about installing launchers and running custom .exe is what confuses me
rektbyfaith
09-13-2025, 10:45 AM #20Archived author: Jyria • Posted: 2025-09-13T10:45:55.538000+00:00
Original source
People scared about RCE but not about installing launchers and running custom .exe is what confuses me
1 Guest(s)
1 Guest(s)