Punkbuster – Busting everybody BUT the Punks
Over a span of the last 2-3 months, I’ve had the joy of dealing with one of the most controversial anti-cheat softwares to date – Punkbuster.
I had bought Battlefield 3 (or rather my girlfriend bought it for me) when it first came out. Actually, before then. I got the pre-order version which included “Back To Karkand”. Around the same time I had build a new PC to help cope with the demand of the game (plus I was overdue for an upgrade).
For the next few months, I had a blast. I even ranked up to a Colonel Service Star 16 (Rank 61). Needless to say a lot of time was put into ranking up. You can view my battlelog profile here. All was good.
The “What the Hell”
One night (January 20th) I was playing on a server called ”Noobs Hiding In The Bush – [HAI]“. After a few minutes I suddenly saw a message saying “Syntack banned for gamehack”. Immediately I was booted from the game and greeted with a Punkbuster message on the battlelog page saying I was banned for 20 minutes. I was confused, but figured it was by mistake and decided to wait it out. Soon afterwards I tried to rejoin and was immediately given the same message with a longer ban duration. Soon afterwards I started getting a mixture of error messages from any server I would try to join including ”Something went wrong (NaN NaN)”.
I figured the logical thing to do would be to post on the forums and see if anybody had any insight. I should’ve figured I had high expectations and didn’t realize everybody would immediately assume I was a hacker trying to wiggle my way out of a ban. Despite some of the responses being completely asinine, I must say I laughed at a few of them:
No spread, reduced recoil, infinite hold breath, red triangles without spotting – nice. Appeal probably won’t work here
After viewing your battle reports, you got busted, son. All of your recent reports are completely inconsistent with your overall stats. You suddenly became about a 300% better player. Don’t let the flag pole hit you in the butt on the way down.
ENJOY YOUR BAN LOL.
The only real useful response was one containing a link to my PBBans ban report with the ever-so-helpful violation description of “VIOLATION (GAMEHACK) 89241″. Looking at the description for the violation returns the following: #80000s – Gamehack. Very descriptive.
During the time that all of this was occuring, there was a lot of drama surrounding PunkBuster and PBBans involving innocent players being banned. This wasn’t the first time PunkBuster had been exploited either. With GUID spoofing and a code signature scanning proof of concept. I figured there was a good chance that I was one of the many who were caught up in the mess.
The Appeal
Having never dealt with punkbuster/pbbans before, I wasn’t sure where to appeal first.
After reading the appeal documentation, I decided to contact Even Balance (the company behind PunkBuster). After a few days of slow message exchanges, I was finally told “We do not find this violation to be triggered in error, and it will not be removed. It is at the discretion of the third-party ban list administrator to remove any ban given as a result of this violation.”. Time to go back to PBBans.
I went back to my PBBans ban report and filled out the appeal form. After a few days I was a bit peeved to find that my appeal was flat out denied. No insight. No explanation. Nothing. After that point, I gave up for a while.
Return to PBBans
Finally on March 21st, I decided it had been long enough since my last appeal attempt. I had learned that a webform based communication wouldn’t suffice, so I decided to try the #pbbans IRC channel on Quakenet. I requested to speak in private to a PBBans admin and one (who goes by the handle “HSMagnet”) accepted. I explained my situation and expresses some of my thoughts regarding how Even Balance handled the situation. Surprisingly, it seems PBBans admins don’t know any more than I do when it comes to what triggered a particular violation. He told me to try opening up another ticket through Even Balance and if the violation was found to be triggered in error, they would lift it. I did just that.
Again my wishful thinking got the best of me and no further insight would be shed regarding my “violation” even after pushing for something as simply as stating whether it was a disk file or running process that triggered the violation.
I relayed the message back to HSMagnet and was told it would not be lifted and that I had two options:
- Play on servers that do not subscribe to the banlist
- Buying a new game
Conclusion/TL;DR
I personally have to deal with ban appeals daily within the Ace of Spades community pertaining to the forums as well as the global blacklist that I operate. Obviously the forums are a bit easier to manage due to it being a bit more structured, plus quick access to evidence for the initial banning. As for the global blacklist, it’s managed by trusted server admins. Bans are issued for those who have been caught in-game, by said administrator(s). Sure there are the cliché appeals including “my brother was the one cheating”, but if I’ve learned anything from this, it’s to give the user a fair shot. If they are persistent, their story is consistent, and they seem to be telling the truth, use your own judgement. Don’t just rely on some sort of software or a possible human error.
I can understand Even Balance keeping some things in secret. But telling somebody what triggered the violation does not seem like very sensitive information (or at the very least, whether it was a disk file or a running process). If somebody was cheating, I’m sure they’re aware of what triggered the violation.
The only sense of rationalism during this whole process was talking to the admin one on one. I think that speaks a lot for itself. Hopefully over time, users will be given the benefit of the doubt at the discretion of the admin, rather than snuffing them out by relying entirely on Evan Balance’s seemingly holy word.
Another thing that still peaks my curioustiy, is why a third-party banlist (such as PBBans) exists in the first place? Don’t get me wrong, I understand the concept behind it. But I mean why doesn’t Even Balance host a federated banlist themselves if third-party associates are going to value their word over the user in the end anyway? I was really hoping talking to a person one on one (and discussing any updates with that same person) would help me bypass some of these roadblocks that many users seem to face, but it seems my attempts were futile.
DICE (the creators of Battlefield 3) seem to be looking for an anti-cheat developer. Who could blame them for all of the drama surrounding third-party anti-cheat tools like PunkBuster? A native implementation should prove to be a lot more reliable rather than outsourcing it to outdated/easily exploited solutions. More information regarding the DICE job opening here.
Just some advice to server administrators, banlist administrators, PunkBuster officials, and more:
- Don’t rely on a system that has a smeared track record.
- Don’t rely on a fully-automated “you’re caught-you’re banned” system.
- Don’t rely on the honesty and integrity of server admins – or at least not as much as you do currently. Human error is prone, humans can have malicious intent.
- Look into false positive reports.
- Stop treating players as some sort of criminals. No software is 100% reliable just as no human is.
Innocent players are constantly banned while there are obvious cheaters running rampent in public, PunkBuster-enabled servers.
No system is perfect, but no user should have to deal with a system as broken as this.
/rant
5 Comments to Punkbuster – Busting everybody BUT the Punks
Leave a Reply
@NateShoffner
Recent Posts
- A Well-Deserved Apology March 2, 2013
- C# – Reusable Portable Application Settings January 24, 2013
- Aaron Swartz – Making Progress Without Being Demanded January 12, 2013
- C# INI Reader/Writer January 2, 2013
- PySnip Linux Setup December 22, 2012
I also have the same problem as you, and they have also rejected my appeal to get unbanned. Have you by any chance used a key binding software? I was banned for 89241. Some people are telling me it is a macro ban, while others tell me it’s a different thing. I don’t get evenbalance. Why would they not tell you why you are banned and how did it happen..
The only macros I use (on occasion) are those for programming environments. Some programs I write use RegisterHotKey for global hotkey hooking. It seems unlikely that something like that would trigger a violation though, seeing as many programs do the very same thing.
Another possibility could be things that use overlays. Programs like Mumble and Fraps inject a DLL to paint an overlay on the game window. But again, both of these are very popular applications and if these were triggering violations like this, I’d imagine far more people would be banned at this point.
in the interest of transparency and fairness, you are aware of other possible triggers in your case. denying you would have forgotten to close them before starting bf3 goes back to your statement that no one is 100%.
I’m not entirely ruling out the possibility that I could have forgotten to close a process that Punkbuster could’ve considered to be a violation, just that it seems unlikely.
If there was anything on my computer that would be picked up (excluding false positives like antivirus), it might’ve been a basic injector or memory editor. Things anybody with Google can get their hands on.
Let’s go through 2 hypothetical situations regarding background processes:
First the memory scanner/editor. Pretty much pointless on many online games now days seeing as *hopefully* most important variables are stored server-side. And some like Cheat Engine include features like speed-hacking. Again, easily countermeasured by server-side tactics.
Second, a DLL injector. DLL injectors (as I’m sure you know) are harmless/pointless by themselves, but serve as a simple interface to inject a DLL into a running process. There are a few injectors that I use. Namely Winject and one that I wrote myself. DLL injection is one of the most common methods used for online cheating now days. Legimate purposes for injection and debugging purposes aside, running an injector and using an injector are two different things. I would imagine Punkbuster would be able pick up an arbitrary library being loaded into a game process. That would be a completely different story (unless of course it was for some sort of non-malicious overlay as I mentioned above).
Another thought crossed my mind regarding debuggers. Not sure if they could be picked up as being malicious or not. I don’t mean debuggers attatched to a game process, but for general debugging purposes. If it was attatched to a game process, then I could understand it being suspicious lol.
This is why I was so curious as to what triggered the violation or at the very least, what kind of violation it was (e.g. a running process or disk file). It would kind of help alleviate that initial confusion and hopefully go from there.
All I can assume is that it was one of those two. Which makes me wonder why there was no initial server kick. Just a flat out ban. Seems a bit extreme to try and justify a ban from that alone.
It’s very hard to not be skeptical when it comes to software that involves active scanning of ALL virtual memory. The possibilty of false positives is staggering.
EA = yuck