Image Image Image




Post new topic Reply to topic  [ 17 posts ] 
Author Message
 Post subject: Reverse Engineering Poker Clients / Protocols
PostPosted: Wed Apr 21, 2010 9:05 pm 
Offline
PokerAI fellow
User avatar

Posts: 7731
Favourite Bot: V12
This is a suggested reading as a guideline for how to act or what to consider when in doubt if some discussions related to reverse engineering of poker clients are going into the infridgement space.

My conclusion basically is:
  • Reverse engineering of client/server network protocols looks OK (Except possibly if explicitely forbiden in EULA/ToS)
  • Reverse engineering of client binaries/code (that e.g. relates to bot detection/anti-detection) is in general not OK (Therefore I would remove reported threads on such topics without applying additional personal judgement, and also proactively topics that I manage to notice of being suspicious or going into that direction).

You can find below some more details, what follows is quoted from:
http://www.eff.org/issues/coders/revers ... eering-faq
(Read the original source for the full FAQ).

Quote:
First the Scary Stuff: What Kinds of Reverse Engineering Are Most Legally Risky? ^By using the term "legally risky" here, we aren't saying that the activity is certainly legal or illegal. We're saying that these are areas where the law may apply so any researcher considering these steps should take the time to think it through and probably get some legal help.

* If your access to the code or computer system you are studying is conditioned upon agreeing to any contractual terms (e.g. End User License Agreements (EULA), terms of service notices (TOS), terms of use notices (TOU), a non-disclosure agreement (NDA), developers agreement or API agreement), you are at greater legal risk if your research activities do not comply with their stated terms and conditions. * You should talk to a lawyer before agreeing to any terms and before studying any software distributed with such terms and conditions, even if you have come into possession of that code without agreeing to anything.
* It is extremely risky to disclose or use any information you obtained subject to an NDA or other negotiated contractual obligation of confidentiality.
* It is legally risky to study software you do not possess legally.
* It is legally risky to make any copies of software that have not been authorized by the copyright owner (such as by a license agreement).
* It is legally risky to bypass any “technical protection measures” (e.g., authentication handshakes, protocol encryption, password authentication, code obfuscation, code signing) that control access to the code or any specific functionality.
* It is highly risky to copy any code into a program you create as a result of reverse engineering, because that copy could infringe copyright unless it is a fair use under copyright law. Note that copying can include both imitation of non-functional elements as well as verbatim duplication.
* It is legally risky to perform any network packet inspection unless (1) the network is configured to be accessible to the general public; (2) you have consent of all users whose packets are intercepted; or (3) you have consent of the network provider where the inspection is necessary for provision of the service or to protect the network provider’s rights and property.


I know that popular poker sites (like TwoPlusTwo for example) 2+2 often contain reverse engineering topics or other various copyright infridgements which stays there, but I want to be a bit more proactive with topics that related to such matters.

_________________
indiana


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Wed Apr 21, 2010 9:13 pm 
Offline
PokerAI fellow
User avatar

Posts: 7731
Favourite Bot: V12
What I'm not yet sure (how to act towards) is if linking to 3rd party articles about reverse engineering poker clients would be OK, e.g. that one:

http://www.criticalsecurity.net/index.p ... pokerbots/

_________________
indiana


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Thu Apr 22, 2010 3:32 am 
Offline
Senior member
User avatar

Posts: 225
Favourite Bot: Still Deciding
:xx01

I understand some of the benefits for taking a stronger stance against some of the more legally questionable material - it's better to stay legally safe-ish and it doesn't raise as many red flags for the poker sites to pay attention to - but I'm not sure how I feel about this policy. Don't get me wrong, with or without some of the deeper security reversing discussions the pokerai.org forums are easily the best resource for anyone trying to write poker software that's compatible with various sites. It just seems like limiting the realms of public analysis could do more damage than good. James Devlin (from coding the wheel) puts it best when describing the value of discussing the reverse engineering of poker clients (http://www.codingthewheel.com/archives/ ... r-client-1):

Quote:
And of course, we use the word "exploit" [when describing reversing poker clients] but what we really mean is a reaffirmation of your basic electronic rights.

* The right to know exactly what a given third-party piece of software is doing on and to your machine.
* The right to run whatever software you like on your personal computer, provided it doesn't hurt or defraud someone.
* The right to aggressively defend your property and your privacy against an army of spyware, adware, and other classes of malware.

Most online gambling software (not just online poker; I mean the entire online money gaming industry) can technically be classified as spyware.

Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.

These programs, operating without oversight under the broad umbrella of "game integrity", and propped up by draconian, completely unenforceable EULAs, scan and monitor your system for a hundred and one telltale clues. They install browser add-ons without your express permission. They scan your list of running processes. They perform full-text, key-by-key searches through your Registry. They touch foreign directories on the local filesystem. They take screenshots. And so forth.

Hello, Big Brother.

Whether or not these techniques are justified for fraud prevention and/or operational efficiency is a discussion we can have when the online gambling sites stop trying to sneak these techniques in through the electronic back door. Just because we mindlessly click the "I Accept" button on the software EULA does not give a fly-by-night, often dubiously legal online casino (which would quickly go bankrupt without our patronage) a carte blanche to do whatever the hell it pleases to your machine, across international waters no less.


As poker site security evolves (and it will continue to evolve) the next step for poker sites to truly stop data mining will be to start hooking system calls / using rootkit-style spying. Sure, screen scraping can be virtually undetectable right now and it works on just about every site, but what will people do when sites start really checking for BitBlt and watching for other screenshot style behavior? How will people even know that sites are doing this kind of stuff? I'm not saying that we need to allow all levels of conversation about how to find and avoid these protection mechanisms, but surely there must be a middle ground between allowing everything and banning all threads on reversing site security.

Just my 2 cents.


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Thu Apr 22, 2010 3:56 am 
Offline
Senior member
User avatar

Posts: 250
Favourite Bot: Deep Blue
I think the difference here comes between what we think is right and what is provably being done. I doubt you will find many people on this forum who think that you shouldn't learn how to use IDA and figure out what the client is doing, but is it worth the risk to discuss it publicly in a forum that is googleable and viewable by anyone?

There is a wealth of information (other than reverse engineering) on this forum that benefits many people. It seems silly to risk our access to this community to discuss a topic that can be fairly easily explored out of the public eye.

_________________
-Galgara


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Thu Apr 22, 2010 4:16 am 
Offline
Senior member
User avatar

Posts: 356
Favourite Bot: OpenHoldem
PokerProspector wrote:
Sure, screen scraping can be virtually undetectable right now and it works on just about every site, but what will people do when sites start really checking for BitBlt and watching for other screenshot style behavior?


Then I will build a robotic arm that plays poker using AHK


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Thu Apr 22, 2010 11:17 am 
Offline
Senior member
User avatar

Posts: 247
I completly understand why you want this kind of policy but I hope, and believe, that the moderators here don't go crazy with the moderation.

The threads about networks protocolls obviously are in a really dark gray area.

What about the threads covering dll injection and the threads where people have looked at clients code and lists anti-bot functions?


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Thu Apr 22, 2010 6:35 pm 
Offline
PokerAI fellow
User avatar

Posts: 7731
Favourite Bot: V12
loudion wrote:
The threads about networks protocolls obviously are in a really dark gray area.


My understanding of the FAQ was that probably this is OK (as long as you get just information that any other participant in the game would get - which is what one would expect, as otherwise the site would be rigged). There are thousands of tools doing that, and it is fairly standard practice for people to expect what *any* program running on their PC is sending/receiving over the network, for no other than personal security reasons.

All in all, I cannot see an indication currently that RE network traffic would break anything (except if the site somehow hinted this, or explicitely disallowed it in their ToS).

So all in all, for now I would say this is OK (And if someone raise a valid complain here I would reconsider).

loudion wrote:
What about the threads covering dll injection

These are OK, in my opinion. I know that there is a myriad of 3rd party tools, which are allowed by pokersites (some of them listed officially as allowed) that work by dll injection. Anyway, this might be more gray zone and I can reconsider if it raise a discussion.

Most "HUDs" work with DLL injection. If people are selling commerical programs doing these things, I think dicussing on that should be a huge offense.

loudion wrote:
the threads where people have looked at clients code and lists anti-bot functions?

These aren't allowed. RE the binaries to make casinos anti-detection measures public goes against, and it would even fit to the spirit (not only to the letter) of the copyright laws - basically, you are reverse engineering (falling under copyright laws) their binaries to expose some sort of a secret that sites didn't make public in other or general ways.

_________________
indiana


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Sun Apr 25, 2010 6:01 am 
Offline
Junior member
User avatar

Posts: 34
Favourite Bot: skynet
RCE of software which transmit personal information (all poker clients do this afaik) is ok to reverse according to the DMCA (as long as we do it to keep them honest). So listing all the techniques poker clients use to detect bots might actually be ok. And why wouldnt it be? The poker clients are already employing completely retarded methods to catch us (screenshots anyone? :xx04 ). Someone has to keep them honest and reversing the client is the only way. Even the dickheads who wrote the DMCA could recognize this :) (i dont like digital laws hehe)

As the link you provided said the contract law is kind of in flux but do we really think their eulas would hold up in a court?

So i guess the question is WHY we would prohibit RCE topics? DMCA violation or EULAs... You might have a bunch of reasons to disallow RCE topics, but im just saying the DMCA should probably not be one of them.

(my source for the DMCA stuff is the book "Reversing: Secrets of Reverse Engineering" by Eldad Eilam page 21)


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Mon Apr 26, 2010 9:13 pm 
Offline
PokerAI fellow
User avatar

Posts: 7731
Favourite Bot: V12
skynet wrote:
RCE of software which transmit personal information (all poker clients do this afaik) is ok to reverse according to the DMCA (as long as we do it to keep them honest). So listing all the techniques poker clients use to detect bots might actually be ok. And why wouldnt it be?


Because if you do it in these forums, the reasons for RE a bot detection is actually pretty clear. I don't think you would do it because of privacy concerns. :)

And if you look at and of these threads, it just confirms the intention behind RE client. Now trying to moderate RE threads so that they can show other reason than the presumed intended would be too much work, and they would eventually end up in the same state.

You should also keep in mind, that sites do not run under laws where DMCA runs. So if DMCA allows reverese engineering for reasons to check for privacy that doesn't mean it's the same under the laws where these sites operate, but all in all, these are tricky points to consider.

Just out of curiousity, can you post the DMCA chapter which allows reverese engineering of any software, if done for special purposed (e.g. privacy concerns)?

_________________
indiana


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Mon Apr 26, 2010 10:41 pm 
Offline
Senior member
User avatar

Posts: 251
Favourite Bot: The Crushinator
Under DMCA I think most reverse engineering is done under the "software interoperability" exemption granted by the Librarian of Congress.

Now if you look at Bnetd vs. Blizzard case, they ruled that even though the reverse engineering was done for that purpose, it still did not count, because it was counter to the EULA - which seems to be a terrible decision because it would mean copyright holders may be able to disallow all DMCA exemptions simply by claiming they are not allowed.

However if you look at other cases, they have held that the limiting factor is whether you are intending to circumvent some access control provision inherent in the software. That is, if you use official user account (as bnetd did not) then you are not in violation, as you haven't circumvented any access control, or if you do not interact with access control, then you are ok. But, if your system allows users without authentication, as might lead to piracy, then that is not OK, even if your software doesn't do anything to actually enable piracy (for instance Bnetd didn't bypass any copy protection, and pirate users could play on Battle.net, so the ruling makes no sense). Good news for bots is that no one is trying to do anything like what bnetd did (closest parallel might be to run your own poker site, using some other site's software).

Overall the Blizzard vs. Bnetd ruling just sucks, but subsequent cases indicate it probably doesn't apply to bot type reverse engineering.

No cites as I'm at work, can provide later perhaps


Last edited by psilon on Mon Apr 26, 2010 11:53 pm, edited 1 time in total.

Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Mon Apr 26, 2010 11:42 pm 
Offline
Senior member
User avatar

Posts: 225
Favourite Bot: Still Deciding
indiana wrote:
You should also keep in mind, that sites do not run under laws where DMCA runs. So if DMCA allows reverese engineering for reasons to check for privacy that doesn't mean it's the same under the laws where these sites operate, but all in all, these are tricky points to consider.


Most of the big sites that would be the targets of this kind of reversing go out of their way to establish themselves in countries where they're protected from foreign laws. Mainly these are gambling related, but they also base themselves in these countries to shield them from intellectual property laws. This is especially true of any site with servers hosted on an island chain or small nation. Having looked into patenting some poker tech back in the day (to make sure that sites didn't just snipe the idea and implement it themselves) I can't even begin to describe the hoops one has to jump through to guarantee the sites will be forced to respect your intellectual property. Long story short, you're forced to patent your stuff in about 20 - 30 different countries because there's that many different patent ecosystems for handling intellectual properties in the world.

It seems this would go both ways though - if they've based themselves in a country where the IP laws of foreign nations don't apply, they might not have a leg to stand on when defending their own binaries from reversing. I'm not an IP lawyer though, so it would be nice if someone with the proper credentials could discuss the ramifications of them basing themselves in legal gray areas.

It's also worth mentioning that most of the EFF's guidelines about reversing only apply to US citizens. Until the bastard DMCA bill that is the ACTA gets passed everywhere else, reversing is much more legal in Europe / pretty much anywhere that isn't the US. I can't find the video right now, but there was a lecture by the guy in charge of Red5 (reversing Adobe's RTMP protocol) that was given in Europe where he discussed how much easier it would have been to reverse if he didn't live in the states - there's far fewer restrictions on what's legal.

When sites see the internals of their client posted online are they tempted to have their lawyers launch a salvo of C&D orders? Probably, but to my knowledge this isn't a common reaction (please correct me if I'm wrong). I imagine the reaction is probably much more limited: Jeff (or whoever) from the casino's security team reads through it, takes some notes, and eventually either patches the discovered holes or finds a way to build a better mousetrap.

All of this unqualified posturing and guessing aside - I'm not the one on the hook for getting sued - it's the mods putting their money, time, and effort on the line. Regardless of how this ends up being resolved, thanks for providing a venue for discussion.


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Tue Apr 27, 2010 7:58 pm 
Offline
Junior member
User avatar

Posts: 34
Favourite Bot: skynet
Indiana: http://cyber.law.harvard.edu/openlaw/DVD/1201.html#i paragraph (i)
Apparently there are a couple of restrictions working against us. It seems like you can only reverse an app if it doesnt clearly tell you its collecting personal info. Does poker sites tell you everything they do in their eulas? And would it matter? Nobody reads those things :P

Also this:
PokerProspector wrote:
if they've based themselves in a country where the IP laws of foreign nations don't apply, they might not have a leg to stand on when defending their own binaries from reversing.


PokerProspector wrote:
When sites see the internals of their client posted online are they tempted to have their lawyers launch a salvo of C&D orders? Probably, but to my knowledge this isn't a common reaction (please correct me if I'm wrong).

I know of 2 people from the wow botting scene who personally got C&Ds from blizzard for being involved in (small) open source projects. And they also went ahead and sued the maker of a bot called glider a few years ago and they are still going at it. Its a very high profile case which may set some precedence. All of them are from the US. Meanwhile tons of people are actually selling bots in europe and none of them have had any legal trouble yet. :)

Indiana, in the end you do what you want. Either way is fine by me. Im just discussing this to try and see if we really have anything to fear.


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Tue Apr 27, 2010 8:35 pm 
Offline
Senior member
User avatar

Posts: 225
Favourite Bot: Still Deciding
skynet wrote:
I know of 2 people from the wow botting scene who personally got C&Ds from blizzard for being involved in (small) open source projects. And they also went ahead and sued the maker of a bot called glider a few years ago and they are still going at it. Its a very high profile case which may set some precedence. All of them are from the US. Meanwhile tons of people are actually selling bots in europe and none of them have had any legal trouble yet. :)


Blizzard has historically been very protective of their software. The Blizzard vs BNetD case comes to mind. That lawsuit, by the way, was purely defensive. BNetD had been going on for years - then the WarForge team adapted the code so people could play the Warcraft III beta on non-official servers, which left Blizzard without a means to shut off their beta and force people to buy the game.

Blizzard also had some serious issues with hacking / botting with WoW. I'm not familiar with how much Glider might have been circumventing Warden or whatever other protections were in place, but I know that the WoW client stores a lot of state that, when altered, allows blatant cheating. (Z hacking, teleporting, rubber-banding, and some other very insane stuff). Once people can circumvent Warden entirely you can do some things which would normally be impossible.

Both of these cases were severely threatening to Blizzard's revenue streams - either people wouldn't purchase the client or the hacking would get SO bad that normal players literally couldn't compete. The Glider case is similar to botting on poker sites in that some players can get an "edge" which might make some players quit the game, but I think the damage done by circumventing poker site security pales in comparison to circumventing Warden when playing WoW. WoW is significantly more complex and it's impossible to handle everything server-side, so there's a number of client side exploits available. Poker is almost entirely handled on the server - the client just sends actions / relays info.

Pretty much, as weird as it sounds, I think Blizzard has more to lose from having their client-side security disabled than most online casinos do - and that's why you might see a company like Blizzard file C&Ds while a poker site will not.


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Fri Apr 30, 2010 1:23 am 
Offline
Junior member
User avatar

Posts: 34
Favourite Bot: skynet
yeah i agree, a c&d from a poker site seems far less likely.

Whether or not blizz actually loose money from bots in their current state is a discussion for another day (its much easier to make a strong case against priv servers for sure). This might be considered off-topic? idk :)


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Fri May 07, 2010 11:17 pm 
Offline
Senior member
User avatar

Posts: 225
Favourite Bot: Still Deciding
There's been a conversation on the main Online Botting forum with regards to posting general reversing techniques / learning resources on the forum. I'm reposting it here so we can have discussion consolidated in one thread (as requested).

Ockham wrote:
This is my own opinion but I believe indiana was refering to specific advices, hints and techniques on reverse engineering specific clients, not just links to a well known and perfectly legit online shop which sell books published by mainstream editors.

I may be wrong but i really fail to see anything unlawful when people suggest a public technical book in a technical forum.
Different matter if i told someone "if you want to reverse *that* client you have to open *that* file and the read *that* address. That would probably be illegal and i believe this is what indiana want to avoid.


PokerProspector wrote:
My understanding of the reversing restrictions is similar to what Ockham suggested. Apologies if I overstepped any bounds, I'm just trying to help out. If non-poker specific reversing techniques / learning resources shouldn't be discussed though, can we update the language of the reversing policy thread (http://pokerai.org/pf3/viewtopic.php?f=80&t=3371&hilit=) so it's a little more clear?


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Tue May 25, 2010 9:38 am 
Offline
PokerAI fellow
User avatar

Posts: 7731
Favourite Bot: V12
skynet wrote:
Indiana, in the end you do what you want. Either way is fine by me. Im just discussing this to try and see if we really have anything to fear.


I don't think fear have so much to do with it. I simply want to have this site setup in a way that doesn't break the laws, regardless of the probability that someone can send me C&D etc.

_________________
indiana


Top
 Profile E-mail  
 
 Post subject: Re: Reverse Engineering Poker Clients / Protocols
PostPosted: Tue May 25, 2010 7:14 pm 
Offline
Senior member
User avatar

Posts: 225
Favourite Bot: Still Deciding
indiana wrote:
I simply want to have this site setup in a way that doesn't break the laws, regardless of the probability that someone can send me C&D etc.


This makes sense. If that's the case though, does that mean we're allowed to discuss reversing techniques as long as there are not site specifics involved? It seems like any of the big players don't have much of a case for a C&D if the conversation remains general.

Some example "general" discussions would be things like:
-Methods for finding things in memory using language that is site neutral (table, player, pot, hand, etc.)
-General tips / advice for reversing clients (no site specific info of course) or how to pick up the skillset.


Top
 Profile E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: