Black Desert Online

Black Desert Online

View Stats:
This topic has been locked
Lilith May 25, 2017 @ 12:59am
Reminder Game Uses XingCode Anti Cheat.
Game uses "Xing Code" Anti Cheat Rootkit...

Once installed can't be uninstalled by Add & Remove, or Basic Methods even with uninstall of Black Desert, and this is downloaded after launching the game for the first time without asking you.
Last edited by Lilith; May 25, 2017 @ 1:00am
< >
Showing 1-15 of 442 comments
Nordomus May 25, 2017 @ 1:00am 
Whaaaaat?
Aruk May 25, 2017 @ 1:01am 
WTF
Lilith May 25, 2017 @ 1:01am 
Originally posted by Nordomus:
Whaaaaat?

^ See above LOL, I uninstalled this game over 5 months ago after I found it copying files to my C:\windows directories and being Malicious slowing down other apps / games when Multitasking.
Smaxx May 25, 2017 @ 1:01am 
While it's true and it's using shady practices (rootkit like behavior, blacklisting legitimate programs, etc.) and inspects everything you've done on your HDDs the last 48 hours. Okay, just checked again and it indeed installs a kernel driver it seems…
Last edited by Smaxx; May 25, 2017 @ 1:03am
Lilith May 25, 2017 @ 1:05am 
Originally posted by Smaxx:
While it's true and it's using shady practices (rootkit like behavior, blacklisting legitimate programs, etc.) and inspects everything you've done on your HDDs the last 48 hours, but as far as I'm aware it's really only sitting in the BDO install directory and ran from there.

Um I thought this too which is why I gave Black Desert a try even after I didn't want to and argued it for months, Not only did I find it in my black desert directory, but if you are using windows 10.

And you click start or Windows + R key, and type services.msc, press enter, you will see that it has a service if I remember correctly called "Xhunter1" running, as well as these file locations should point to C:\windows directories, and uninstall of the game doesn't remove the service or files from C:\windows as it should. "It might also be called XingCode, but should have the description of Wellbia."

Also my Android Device was destroyed by "XingCode" android version running with Kritika, and Nexon Titles within 3 months after I found it modifying files and messing with stuff totally violated Googles App Store Policy for listing it there but Google looks the other way because of money unless they get sued.

There are however legitimate Anti Cheats that respect privacy, and don't do this.

Easy Anti Cheat
Battleye
Punk Buster
VAC
EA Origins
Nexon Anti Cheat

Just a few I know of, too bad Game Guard & XingCode, Hack Shield as well but its not used much are 3 of the worst ever used that do this.
Last edited by Lilith; May 25, 2017 @ 1:09am
Smaxx May 25, 2017 @ 1:19am 
For those looking for more information, the game silently installs a hidden "service" under the name "xhunter1" loading the binary C:\Windows\xhunter1.sys. The service is set to manual start, so won't run automatically when you boot Windows.

To manually uninstall it, open a command prompt as administrator and run the following commands:

net stop xhunter1
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xhunter1
del C:\Windows\xhunter1.sys

If you're paranoid about it, you an add those steps to a file named "unXign.cmd" (or similar) and run it as administrator every time you stop playing.
Heathy May 25, 2017 @ 1:28am 
i checked services and i couldn't see anything there under xhunter1.

i also checked the resource monitor left the network window open for a while and the xigncode didn't even pop up on there unless it sends all its data through the blackdesert64.exe.

all i see are 2 files with .xem extentions, the xigncode3 system and the watchdog, they are definitely reading and maybe writing data but they aren't sending anything through the network.
Last edited by Heathy; May 25, 2017 @ 1:33am
squarecrusher May 25, 2017 @ 1:33am 
Originally posted by Heathy:
i checked services and i couldn't see anything there under xhunter1.

i also checked the resource monitor left the network window open for a while and the xigncode didn't even pop up on there unless it sends all its data through the blackdesert64.exe

Dido this. While XING doesnt like to be monitored (will exit if, say, procmon is running), i cant find any services installed by it. the XING binary points back to the installdir of BDO.

There is however a xhunter.sys located in c:\windows\

not really drawing any conclussions, just echoing that there doesnt seem to be a service like others have mentioned..
Smaxx May 25, 2017 @ 1:34am 
Originally posted by Heathy:
i checked services and i couldn't see anything there under xhunter1.

It's set to not show in the list of services. Open "regedit" and look for the path mentioned in my quote. I bet it's there if you've ran the game.

More technically:

The sub key "type" is set to "1", marking it as a kernel mode driver file – therefore it's not shown to the user as the user isn't supposed to block/stop such services.

This also means the service will run with highest access rights on your system, allowing it to (theoretically) access and modify any hardware connected to your computer, including any storage devices, network interfaces (logging outgoing and incoming packets), input devices (key logging), etc.

Edit:

You can also run the following line from any command prompt (doesn't have to run as administrator) to list the service information:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xhunter1

The output will look like this:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xhunter1
DisplayName REG_SZ xhunter1
WOW64 REG_DWORD 0x1
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\xhunter1.sys
Last edited by Smaxx; May 25, 2017 @ 1:35am
Heathy May 25, 2017 @ 1:45am 
well this is a bit beyond me i got as far as figuring out you can open a .sys file with a hex editor but i have no idea how you could read what its actually doing its all literally gibberish to me.

i mean neither of the 2 .xem running files seem to be sending any data anywhere so im not too worried, i mean hell i've had the game install on my external hd since december so if it can screw you some how then its probably already done me by now.

oh wait it just started using bandwidth so yeah i guess its intermittent. i'm guessing it sends information about the files you've been accessing back to wherever. whatever it transfered i think was measure in bytes, it couldn't have been much data at all.

i'm not too worried i don't have anything that could be considered a cheat so i think i'm safe from any potential ban hammers.
Last edited by Heathy; May 25, 2017 @ 1:49am
Ra-Ra-Rasputin May 25, 2017 @ 1:51am 
I'm pretty sure it's illegitimate, or at the very least against Steam's TOS to install a sniffer/rootkit malware on our systems under the guise of "anti-cheat utility".

Also, the game's EULA didn't mention it as a rootkit or mention it invades our privacy by logging what we do on our computers and sending that data away. I can remove it from the game executable, and i've done this with numerous ♥♥♥♥-show anti-cheats (largely gameguard), but that's against the EULA and will get you banned if caught, so i won't spread the methods.
squarecrusher May 25, 2017 @ 1:52am 
You are correct, the service is hidden from services (both sc query, get-services etc) by the type being value 1. That is quite sneaky.

Cant say im very comfortable with this running on my computer...

The company developing it doesnt really put up a trustworthy front either.
http://www.wellbia.com/home/en/pages/xigncode3/

Last edited by squarecrusher; May 25, 2017 @ 1:53am
Lilith May 25, 2017 @ 1:58am 
Originally posted by Kana:
I'm pretty sure it's illegitimate, or at the very least against Steam's TOS to install a sniffer/rootkit malware on our systems under the guise of "anti-cheat utility".

Also, the game's EULA didn't mention it as a rootkit or mention it invades our privacy by logging what we do on our computers and sending that data away. I can remove it from the game executable, and i've done this with numerous ♥♥♥♥-show anti-cheats (largely gameguard), but that's against the EULA and will get you banned if caught, so i won't spread the methods.

Yeah I can totally remove XingCode too and play without it but I too am Legitimate, and I would rather just play "Black Desert" without XingCode there is no point in having this inside the game itself, and there are legitimate Anti-Cheats that actually inform users they are going to be installed, and provide support, and removal instructions...

Game Guard & XingCode / Hack Sheild rarely used do not, and personally I would rather form a Truthworthy Relationship so to speak with an Anti-Cheat company that is totally transparent about what goes on provides the support, and uninstall instructions.

Also Steam / Valuve Terms OF Service people said that games are allowed to install Rootkits or Anti Cheats like this through Valves service because of a certain section of it, but wait...

**Games should be required to disclose what Anti-Cheat it uses on steam, and who would Green Light Black Desert in the first place.**

I really wish Steam enforced policies to protect its users.
Captain Nep Nep May 25, 2017 @ 2:00am 
Originally posted by Lilith:
valve doesn't give a ♥♥♥♥ aslong as it makes money, honestly the only reason we even have a refund option now is because it was required by law of where ever it was again, without it we'd still be getting ♥♥♥♥ed by ♥♥♥♥♥♥ broken games and what not
Last edited by Captain Nep Nep; May 25, 2017 @ 2:00am
The Mad Doctor May 25, 2017 @ 2:16am 
Rip
< >
Showing 1-15 of 442 comments
Per page: 15 30 50

Date Posted: May 25, 2017 @ 12:59am
Posts: 442