Store Page
The First Descendant
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

The First Descendant

Store Page
View Stats:
Global Achievements
Nubadak Jul 8, 2024 @ 5:32pm
Like this game but very weiry of BlackCipher64.aes
I pulled this from file.net and decided a 42% dangours rating is way to high for me. I've uninstalled The First Descendant :(

BlackCipher.aes file information

The process known as Nexon Game Security belongs to software Nexon Game Security by NEXON Korea.

Description: BlackCipher.aes is not essential for the Windows OS and causes relatively few problems. BlackCipher.aes is located in a subfolder of "C:\Program Files". The file size on Windows 10/8/7/XP is 7,505,680 bytes. https://www.file.net/process/blackcipher.aes.html
The program has no visible window. BlackCipher.aes is a Verisign signed file. The file is certified by a trustworthy company. The BlackCipher.aes file is not a Windows core file. BlackCipher.aes is able to connect to the Internet and monitor applications. Therefore the technical security rating is 42% dangerous.
The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.
Originally posted by dairy farmer:
here's more not directly about BlackCipher, but just the general danger and stupidity of this sort of software:

https://www.reddit.com/r/gaming/comments/xf1cwr/the_insanity_of_eas_anticheat_system_by_a_kernel/
Code running in the kernel, however, has none of this isolation, and is essentially free to do anything it wants with your system - down to controlling all of your hardware. The kernel runs in a super privileged mode that allows calling any instruction your CPU can execute. This code also has free access to the internal data structures of the kernel, which are normally hidden from user processes. What this means is that this type of spyware can exfiltrate sensitive information, control your computer, and record all of your activities and running programs.

https://news.ycombinator.com/item?id=30244529
I did a lot of cheat development and always read the related forums. Let me tell you that kernel anti-cheats are the funniest and ugliest pieces of software out there.

Almost ALL exhibit rootkit behaviour. Capture all OS events, dig through system and user directories, list all processes, fetch DNS and browser histories, block certain system calls, and more just to name a few. But hey! Their software (including drivers) are signed by Microsoft, so that’s alright :))

Funny part is that all those drivers are created by no other than ex-community members, under no advisory from system specialists or security experts. So guess what? Security vulnerabilities all around. Pretty much all their drivers are wide open and unsecure.

Nice fun having persistent, kernel-level, system-trusted exploits auto-installed on your system!

Oh, almost forgot, BattlEye has the ability to download custom bytecode from their servers and execute it. RCE baked right in. Good stuff.

tldr: BlackCipher has more privileged access to your computer than you do

"but I have nothing to hide!" (so I'll give you everything)

but anyways, people will find excuses to keep allowing and enabling this sort of practice. For those who have the basic ability to self-educate, there is plenty on the web you can read about BlackCipher, kernel-level drivers, and nowadays you can even have AI explain almost anything to you.

To be fair, chances are pretty good that nothing will happen to most players. It's up to everyone to decide if it's worth installing a vulnerability so they can look at Bunny's backside.
< >
Showing 1-15 of 64 comments
Nubadak Jul 8, 2024 @ 5:35pm 
Ps. here is the default file path: C:\Program Files (x86)\Steam\steamapps\common\The First Descendant\M1\Binaries\Win64\BlackCipher
#1
dairy farmer Jul 9, 2024 @ 3:01am 
gamers spreading their legs to have their privacy and computer integrity invaded, so Nexon can save money by not having to hire decent programmers to make secure netcode.

straight from the EULA:
The Services may access and monitor your device (including without limitation the hard drive and other storage devices, central processing unit, random access memory, video card, and peripheral hardware, software and applications)
i.e. Nexon owns your computer, "without limitation"

This is from an independent analysis of BlackCipher I found online. I don't want to give the link because other info on the page could be seen as promoting hacking. You can find it yourself with a simple web search.
BlackCipher while running, can be seen scanning, logging, and sending notes about anything you are doing on your computer to Nexon's servers. It will log ip addresses, workgroups, windows versions, passwords, network credentials, hardware, hosts, libraries, current tabs in browsers, windows dialog, files, and more.

The dangers of this security is stealing logs and data collected by BlackCipher.
What that last part means: Hackers like to do something called "living off the land," which means they make use of the tools they find on the systems they invade. If you have BlackCipher, this means BC is already doing most of the hackers' work. All they need to do is collect and decrypt BC logs. The fact that most anti-cheats are incompetently made isn't a good thing -- it just means your computer is more vulnerable.

I would've played this day 1 Nexon, even if a lot of the gameplay is ripped off from Warframe and Destiny.
Last edited by dairy farmer; Jul 9, 2024 @ 5:37am
#2
Skulls Jul 9, 2024 @ 3:04am 
Not sure if it helps but you can block the blackcipher executable from internet access via firewall and the game still works.
#3
p00se2 Jul 9, 2024 @ 3:05am 
Originally posted by dairy farmer:

This is from an independent analysis of BlackCipher, which you can find online yourself:
BlackCipher while running, can be seen scanning, logging, and sending notes about anything you are doing on your computer to Nexon's servers. It will log ip addresses, workgroups, windows versions, passwords, network credentials, hardware, hosts, libraries, current tabs in browsers, windows dialog, files, and more.

The dangers of this security is stealing logs and data collected by BlackCipher.

provide source link to said analysis
#4
SOAP!!! Jul 9, 2024 @ 3:22am 
Virustotal literally doesn't even detect it as harmful. It has 0 hits except the Nexon game security .exe which has 3 hits
#5
MoppBoi37 Jul 9, 2024 @ 3:35am 
ok so what's the overral shpeal of this? is this bad? should i be concerned?
#6
The author of this thread has indicated that this post answers the original topic.
dairy farmer Jul 9, 2024 @ 5:36am 
here's more not directly about BlackCipher, but just the general danger and stupidity of this sort of software:

https://www.reddit.com/r/gaming/comments/xf1cwr/the_insanity_of_eas_anticheat_system_by_a_kernel/
Code running in the kernel, however, has none of this isolation, and is essentially free to do anything it wants with your system - down to controlling all of your hardware. The kernel runs in a super privileged mode that allows calling any instruction your CPU can execute. This code also has free access to the internal data structures of the kernel, which are normally hidden from user processes. What this means is that this type of spyware can exfiltrate sensitive information, control your computer, and record all of your activities and running programs.

https://news.ycombinator.com/item?id=30244529
I did a lot of cheat development and always read the related forums. Let me tell you that kernel anti-cheats are the funniest and ugliest pieces of software out there.

Almost ALL exhibit rootkit behaviour. Capture all OS events, dig through system and user directories, list all processes, fetch DNS and browser histories, block certain system calls, and more just to name a few. But hey! Their software (including drivers) are signed by Microsoft, so that’s alright :))

Funny part is that all those drivers are created by no other than ex-community members, under no advisory from system specialists or security experts. So guess what? Security vulnerabilities all around. Pretty much all their drivers are wide open and unsecure.

Nice fun having persistent, kernel-level, system-trusted exploits auto-installed on your system!

Oh, almost forgot, BattlEye has the ability to download custom bytecode from their servers and execute it. RCE baked right in. Good stuff.

tldr: BlackCipher has more privileged access to your computer than you do

"but I have nothing to hide!" (so I'll give you everything)

but anyways, people will find excuses to keep allowing and enabling this sort of practice. For those who have the basic ability to self-educate, there is plenty on the web you can read about BlackCipher, kernel-level drivers, and nowadays you can even have AI explain almost anything to you.

To be fair, chances are pretty good that nothing will happen to most players. It's up to everyone to decide if it's worth installing a vulnerability so they can look at Bunny's backside.
#7
Danyel Jul 9, 2024 @ 5:41am 
Originally posted by Skulls:
Not sure if it helps but you can block the blackcipher executable from internet access via firewall and the game still works.


Oh does this help at all?
#8
Kyrie Jul 9, 2024 @ 5:43am 
Play on Linux and dont worry about stuff like this ;)
#9
Danyel Jul 9, 2024 @ 5:44am 
Originally posted by Kyrie:
Play on Linux and dont worry about stuff like this ;)

I am a Bunny player and haven't you heard we are all stupid so that's far too complicated for me ;)
#10
Nubadak Jul 9, 2024 @ 3:54pm 
Originally posted by MoppBoi37:
ok so what's the overral shpeal of this? is this bad? should i be concerned?

My thought is this is bad and in m opinion not needed. With that level of control they can see anything you do on your computer. Banking, photos the whole shabang. The only reason I see them having full access is to gather all your data and then selling it. It might even be illegal to install software like that in some countries.

For me it just weird's me out to much to continue playing.
#11
JackieTheDemon Jul 9, 2024 @ 4:03pm 
They can go ahead and look at the gigabytes of furry p*rn saved in dozens of folders.
#12
Virtu Jul 9, 2024 @ 4:13pm 
teach us how to block the darn thing on Firewall senpai =]
#13
STARMANNNN Jul 9, 2024 @ 4:17pm 
yea now im feeling kinda iffy i like the game but after reading this thread an uninstall may be coming
#14
Nubadak Jul 9, 2024 @ 4:23pm 
Originally posted by Virtu:
teach us how to block the darn thing on Firewall senpai =]
If you turn on controlled folder access in Windows Security (windows11) it will at least block it from the memory (you also have to turn that on). But It might still run around the rest of your PC. That's how I became aware of it.
#15
< >
Showing 1-15 of 64 comments
Per page: 1530 50

The First Descendant > General Discussions > Topic Details
Date Posted: Jul 8, 2024 @ 5:32pm
Posts: 64

Discussions Rules and Guidelines