game.exe reading google?

[SheenBR]

I was playing with the game until I found something odd.

a send request.

the buffer:

Code:

0x1017f980 "GET /csi?v=3&s=webhp&action=&e=17259,30316,31701,36683,36888,36891,36934,37111,37223,37431,37501,37573,37645,37655,37682,37695,37696,37697&ei=fKNvT820F8ustgfL0O1N&imc=1&imn=1&imp=0&rt=xjsls.35,prt.37,ol.44,iml.37,xjses.102,xjsee.128,xjs.133,wsrt.31,cst.0,dnst.0,rqst.7,rspt.7 HTTP/1.1
Accept: */*
Referer: Google
Accept-Language: pt-BR
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Host: Google
Connection: Keep-Alive
Cookie: PREF=ID=4d2248a8121ea1fc:U=5bc019f170d0ddab:FF=0:NW=1:TM=1332705732:LM=1332706033:S=JaG_rEzxF34lfRzb; NID=58=E5hIU1ZquY_MS-rKRart1bQHNgyNmH7t3cmDQvIs1qgbTkmIDMNXUUUjyPfuK5n4fvv7hUNxmfy50xLNifwn4BvIICNqM6JmvCjlzXUU2U8n2sQjL1FxIPYeZCXTCjue

)Sî"	char *

wait, what?

[MentaL]

[SunnyZ]

Yeah a few years ago (before window mode was invented (or after I dunno))

You could press some button on ur keyboard I think "-" on the numpad and it would open IE explorer inside ur game window so you could browse the webs while in full screen playing pt.

I dont think it works any more yet it still tries to contact google every time you play.

If I were a conspiracy nut I would say the government is in cahoots with Korea and they are spying on you!

[bobsobol]

lol

@Sunny: Actually Window mode was originally "normal". The lock down to full-screen came some time after AOR and before Pay2Play, I believe. I got quite annoyed I couldn't see my "network stats" while playing when they took it off us and that's when I started learning about GameGuard and XTrap.

I decided, at that time, that I would have to "log" my network stats and read them later if I wanted to play without "hacking" and looking like a cheat. But the fact that fullscreen drove me to try to remove the securities even though I didn't want to cheat has always led me to believe that such strong restrictions are not good for security. You just make criminals out of your regular players.

@Sheen: Anyway, a fresh official download has many IPs and URLs which it will make calls to. I think I removed 6 - 10 from the Butchered client. Of which my network snoops showed only 3 or 4 where ever called when *I* play tested. (doesn't mean others wouldn't be if I did something unusual)

Fingering their destination suggested a couple where XTrap / GameGuard related (even though GameGauard was never enabled, and XTrap was neutered) 1 was probably a YD owned Korean site which is not their normal site etc. There is a link to the registration page which I left. (you should set it to your own)

Why Google? I'm not sure, but Google automatically Geo-locate you. It's possible they could look at the response to see if you are actually in Korea rather than work it out for them-self. (how many of us block Google? ... Actually, Google are getting way too big, and I do block many of their services, filter all of them, and try to break out of the Geo-locate ... but I don't remember how much of that will work outside my browser)

Additionally, it hard links to IE (IMS) and since I take the option to install Windows without bundled browser, some of that doesn't work. However, since IE is kinda integrated into the desktop of Windows (even more so in Vista and 7) I know I can't get rid of all it's underlying functionality and still have a working OS.

Spoiler:

In 98 - 2K I could replace the compiled help-text engine (for mht, chm etc.) with FOSS Wine for Windows versions and the Mozilla ActiveX control for IE-in-an-app, and 90% of everything worked completely without any IE code ... XP & 2k3 broke some desktop stuff, but was bearable, Vista and 7 I cannot do without completely replacing the desktop, start menu and task bar. (explorer.exe)

Anyway, I would say it's safe to remove any and all such references. I would actually say, it's probably safer than not doing so if you are modifying the client. I'm not convinced they aren't logging who is using which client where in the world.