Secret Backdoors in Mods?

[Tally]

Posted by long-time community member, and my fellow staff member at IWNation:

Quote:

Originally Posted by #7

Killer - The users of your mod deserve an apology regarding the "back door" that you've added to it.
In all my years with the community, i've never come across something as lame as this.
Stealing passwords? Aimbot scripts? What is wrong with you?

Your mods should be removed from the communitiy ASAP.

#7

He refers to KiLL3R's "K3" mod.

This is KiLL3R's reply:

Quote:

Originally Posted by KiLL3R

read the commented part

the aimbot was used for the bots to aim at me while testing...

oh.. and who gave you permission to extract (or w/e you call it) my scripts?

Source:

http://www.infinityward.com/communit...topic=36639.15

If #7 is right about this, and K3 does indeed contain a backdoor torjan that steals passwords, and also includes an aimbot script, this mod needs to be outlawed.

I trust #7. Ive known him a long time, and he's about as an accomplished a modder as you can get.

There is simply no excuse for aimbot scripts in mods. You cannot justify their inclusion in a mod with such a lame excuse as "the bots needed it" because, put simply: bots dont need them! There are far more acceptable methods of making them aim at you other than using an aimbot.

KiLL3R took my CTF scripts and didnt ask permission. I told him to take them out. He took a long time doing it, but when he finally got round to doing it, what did he have to say about it? Say sorry for it?

No. Rather, he tried to turn it round and make it look like I was the one at fault:

http://forums.raidersmerciless.com/s...1&postcount=14

Now he trys to defend himself by trying to turn it around on #7 about "permissions" to decompile the K3 mod.ff file. Sorry, but it wont wash. If #7 had cause to suspect there was something amiss with this mod, and decompiled to confirm his suspicions, then that is fully justified in my view.

This goof needs to adjust his attitude. Simply not acceptable behavour. Period!

[Mike_Nomad]

Hmmmm, KiLL3R is also one of the SCRIPTERS at Modsonline helping to script "EXCLUSIVE" maps.

Where the hell is this kid's head at? Is he that starving for recognition that he'll resort to nefarious deeds to achieve some modicum of notoriety? I was asked to accept this young man and I did but this latest revelation combine with the exclusive map nonsense, is a bit much to bear. KiLL3R, you owe all of us an explanation.


With his "MOD"... all I can say is WOW a BACKDOOR?? WTF is up with that?

As far as I am concerned, he has some serious explaining to do.

It appears at this time that... instead of helping the Call of Duty 4 community, KiLL3R is busy trying to screw it over!

How about it KiLL3R?? What's the deal?

[zeroy]

I hope this isnt true - at this point i would think that checking this further is required, whats your views guys?

[Tally]

Quote:

Originally Posted by zeroy

I hope this isnt true - at this point i would think that checking this further is required, whats your views guys?

I dont have his mod, and after seeing this, there is no way Id even download it.

However, if anyone of you already has it, then I say: decompile it, and let us know what you find.

I've PMed #7 over at IWNation, and I'll get his reponse.

[Mike_Nomad]

Quote:

Originally Posted by zeroy

I hope this isn't true - at this point i would think that checking this further is required, whats your views guys?

KiLL3R needs to fully explain himself.... else, he's history.

[sprinter]

I hope its not true aswell, and hope an explanation is produced.

As for an investigation to look into it, think theres only one answer to that.

[zeroy]

Well i think i got my answer now ....

My post over at IW:

Quote:

I hope this isnt true KILL3R - what have you to say about the comment on Stealing passwords?

Kill3r's answer a few minutes ago:

Quote:

// dont worry... im not a jurk with rcon, i probebly wont even bother to login

Source

[zeroy]

Quote:

Originally Posted by Tally

I dont have his mod, and after seeing this, there is no way Id even download it.

However, if anyone of you already has it, then I say: decompile it, and let us know what you find.

I've PMed #7 over at IWNation, and I'll get his reponse.

I have it and will decompile, see my post above !!!!

[Mike_Nomad]

Frankly.... if the crap is not removed from the MOD....

Quote:

the aimbot was used for the bots to aim at me while testing...

oh.. and who gave you permission to extract (or w/e you call it) my scripts?

Permission?? Now, after this... I'd expect everything to be checked for BACKDOORS Thanks to Kill3r we can't trust diddly! Nice going Kill3r.

Quote:

// dont worry... im not a jurk with rcon, i probebly wont even bother to login

That's hard to believe!! What's to say in a week, month or 6 month's from now he becomes angry with some Admin and decides to "teach that Admin a lesson"?

This BACK DOOR matter is very upsetting. I want a full explanation.

[richman]

Wow, and to think I've just about read and seen everything over these past years.

This pretty low.

WE as admins have to trust the mod maker. Stick to those who have been around. Stick to sites that are reputable.

Thanks for the heads up Tally.

Go get them #7.

[zeroy]

Quote:

Originally Posted by Mike_Nomad

Frankly.... if the crap is not removed from the MOD....

Quote:

Permission?? Now, after this... I'd expect everything to be checked for BACKDOORS Thanks to Kill3r we can't trust diddly! Nice going Kill3r.

Quote:

That's hard to believe!! What's to say in a week, month or 6 month's from now he becomes angry with some Admin and decides to "teach that Admin a lesson"?

This BACK DOOR matter is very upsetting. I want a full explanation.

Mike, this is borderline with an actual crime/offense.

Whats the difference between doing this and stealing CC details on someone's PC? not much if you ask me. I don't think Kill3r realises the importance of this matter.


On a side note i think this STRONGLY questions the FastFile method now used in COD4, how far can someone get at your settings/information without your knowledge? Whats next, source .map scanned/gathered and send to an email account? This really sucks big time.

[superman]

This is the probably the worst case scenario that I have ever seen in mod authoring. I trust #7's explanation, and Kill3r has already hung himself in my eyes.

Simply put, "Legit" mod authors do NOT do this kind of crap to the community. I am disgusted by this. I do agree that someone should decompile it for our own records of proof. However, I want to thank #7 for bringing this to the light for the gaming community. In my eyes, #7 just saved many people from this headache.

Kill3r needs to clean up his act, but if Zeroy finds something, (Although, Kill3r has already mentioned that he had done it), then I really think we need to gather up the pitchforks, the ramming bar and torches, and take care of Kill3r once and for all.

People need to learn that they are responsible for their actions. Why do we have people in the gaming community that want to egotistically screw people, when all their doing is hurting themselves in the end.

It was rumored that microsoft had a backdoor in one of their Operating Systems in the past, although that was just a rumor, and the rumor went that Microsoft could peer into anyones computer and take it down at will.

But, now we have a Mod Author that can simply do that which is named Kill3r. That is very fitting for his name I might add.

Is there really anything that can justify this? Maybe, I'm just overreacting... But, I agree Outlaw the dude.

[Mike_Nomad]

Perhaps, as part of the RGN Developers Team duties, we should consider a MOD and MAP certification team... one that checks and certifies that mods and maps are safe.

[superman]

That is perfect idea Mike. Three options to that idea might be:

1) Just you send out the certifications.
2) Just you and Tally send out the certification
3) Or have a panel of Mod Authors, that must approve of a certain Mod that is being designed for certification purposes.

[zeroy]

Quote:

Originally Posted by superman

That is perfect idea Mike. Three options to that idea might be:

1) Just you send out the certifications.
2) Just you and Tally send out the certification
3) Or have a panel of Mod Authors, that must approve of a certain Mod that is being designed for certification purposes.

While i agree with the idea it would imply getting the Source of the mod/maps GSCs, something not all modders/mappers will want to do. then again, if they arent prepared to be transparent they might have something to hide.

Not an easy one but definetly an idea here!