How Project 1999 MQ2 Detection System Works

Fry

Fry Guy
Joined
Jan 31, 2005
Messages
11,851
Reaction score
574
Points
113
Location
Australia
Website
www.mmobugs.com
Secrets posted on Reddit today how P1999 detection system worked here

Interesting read.

Secrets said:
heh, this P1999 thing keeps ending up on reddit. I used to be a developer there, and a developer on EQEmulator. The story you are about to read is pretty screwed up.

I was removed from the project about 3 months ago for releasing personal details on a person who was spamming our forums with porn and gore. While I can see why that happened, the backlash and public outcry from the community was half in my favor, half not.

Let's put it this way: I logged on EQEmulator IRC to the coders channel for the first time in a month, and was instantly g-lined for 'creating hacks for p1999', which is a falsehood and slander. If anything, Project 1999 should be ashamed for doing far worse than I have ever done.

dsetup.dll is a fake DirectX upgrade assistant for the EverQuest client. Most PCs don't detect it as a virus because it is a third party library, well, that and it's packed with Themida. You wanna know what it does? Well, first and foremost it provides classic fixes. Adds an extra texture back for skeletons, prevents the new tradeskill UI from showing up, etc, amongst other things. But wait, there's more.

This rogue dll also is their anti-cheat. It encrypts spawn packets, detects popular cheating programs such as MQ2, and, get this, collects your window titles, your process list, computer name, network interface devices, and other potentially personally identifiable information.


Now, I posted that their suspicion about what it collects on the popular guild website which is known for discrediting P1999 in all of their social endeavors, which is Fires of Heaven. I didn't think it would be bad at the time, but then I logged into EQEmulator IRC to be GLined by an old friend for 'creating hacks' for p1999, that guy was Rogean.

When asked about what the motive was behind banning me, it was because I constantly put myself in bad situations and that I would be ending up with unwanted scenarios each time. The real motive behind collecting this data for extended periods of time is unknown; some say it's real-money trade which I personally think is bullshit; when I was in power I did not hear of any of this, though it could've been hidden from me, just like the fact that someone had access to cellphone logs of every person in the US available to them and they allegedly used that to call a person who I had only contacted before that actually DID make p1999 hacks, who is Itchybottom.

The moral of this story is, if you play on this server, you better damn do it in a VM. I am not responsible for what happens to you and I hate to trouble the only EverQuest post on reddit for ~5months with this bullshit drama.
 
Fascinating. I only play red, and took one look at the P1999 red server and wrote it off. There have always been more forum posts than there were active players, and that's always a clear sign that the people playing are pretty low quality. Collecting all that info on users is horseshit, though, any way you slice it.
 
lol nice... i was wondering if anyone would get around to that one
 
I've been following that FoH thread for a month now. I've read all two hundred plus pages....it took me two weeks of reading durring work, on my iphone while taking a poop and at night durring game recovery time...awesome ready btw.
 
Hard to believe such a program wouldn't be detected by ANY anti-virus, anti-spyware or anti-malware program?
 
it likely hasn't been detected because no one has told them what it is doing. the fact that it does some pretty nifty obfuscation makes it harder to detect for things like heuristic scanners.
 
I've been following that FoH thread for a month now. I've read all two hundred plus pages....it took me two weeks of reading durring work, on my iphone while taking a poop and at night durring game recovery time...awesome ready btw.

Link to thread? I read stuff. And take poops.
 
I really can't decide if this whole affair is a super interesting illustration of just how deeply invested (both financially and personally) people become in virtual worlds, no matter how small the particular sandbox of their choosing, or if it's just a really boring example of your typical petty squabble played out across a novel virtual landscape.

I think what will make one of these episodes interesting is when law enforcement, IRS, etc. actually decides to come down on the small time crookery involved. I wonder who will have the dubious distinction of being the first EQ enthusiast to get jail time for his missteps. I know bigtime operators (IGE, Yantis, etc.) have run afoul of the law before, but it's only a matter of time before something like this attracts some ambitious young District Attorney's attention for its novelty and its likelihood to generate some press coverage.

This one actually seems like a good candidate given how much mileage you can get out of scaring people about programs that collect their personal info.
 
I really can't decide if this whole affair is a super interesting illustration of just how deeply invested (both financially and personally) people become in virtual worlds, no matter how small the particular sandbox of their choosing, or if it's just a really boring example of your typical petty squabble played out across a novel virtual landscape.

I think what will make one of these episodes interesting is when law enforcement, IRS, etc. actually decides to come down on the small time crookery involved. I wonder who will have the dubious distinction of being the first EQ enthusiast to get jail time for his missteps. I know bigtime operators (IGE, Yantis, etc.) have run afoul of the law before, but it's only a matter of time before something like this attracts some ambitious young District Attorney's attention for its novelty and its likelihood to generate some press coverage.

This one actually seems like a good candidate given how much mileage you can get out of scaring people about programs that collect their personal info.

Challenge accepted.
 
I really can't decide if this whole affair is a super interesting illustration of just how deeply invested (both financially and personally) people become in virtual worlds, no matter how small the particular sandbox of their choosing, or if it's just a really boring example of your typical petty squabble played out across a novel virtual landscape.

I think what will make one of these episodes interesting is when law enforcement, IRS, etc. actually decides to come down on the small time crookery involved. I wonder who will have the dubious distinction of being the first EQ enthusiast to get jail time for his missteps. I know bigtime operators (IGE, Yantis, etc.) have run afoul of the law before, but it's only a matter of time before something like this attracts some ambitious young District Attorney's attention for its novelty and its likelihood to generate some press coverage.

Whoa whoa whoa... be careful what you say. CodeCompiler will start talking about his girlfriend/sister/mother/wife. She once read a book that mentioned the word "law" before, remember?

This one actually seems like a good candidate given how much mileage you can get out of scaring people about programs that collect their personal info.

Challenge accepted.
 
Apparently so....hrm...can't even remember what I was going to say...
 
I'm curious about the part where secrets mentions playing p99 inside a virtual machine. I wonder if that works.
 
I'm curious about the part where secrets mentions playing p99 inside a virtual machine. I wonder if that works.

I have a Windows 7 VM on my Mac Air using VMWare and I can play EQ just fine on it. It's a little slow because the Air is slow, but it works just fine.

VMWare Fusion (and workstation, actually) have 3D drivers for the virtual graphics card. I think it's mostly a passthrough wrapper - I've only ever used it on machines with integrated intel graphics and I can't see much of a difference in performance between through a VM and not, at least not with EQ.
 
Last edited:
I wouldn't call what they gather personal information. Below is the code that gathers "personal" information, if it can be called such. Outside of that, they do indeed iterate all of your modules from within eqgame, as well as all remote processes. VAC actually scans every file on your entire hard drive (hashed but no contents sent) so this isn't atypical of an anticheat. With that said, you can block all of this information from being sent incredibly easily and getting around their MQ2 check is a breeze.

As a matter of fact, this is the simplest anti cheat I have ever seen. They rely fully on their Themida protection assuming that nobody will be able to unpack it I suppose. I will concede that window titles does not seem necessary at all for cheat prevention, and I am curious what the purpose of this scan is, if it serves any at all. Although I have seen other anticheats (i.e Battleye) use this method to detect things such as Cheat Engine.

192aeaf384fe5fe815abf94fe665abf0.png


40c790f7a1eda519bb69b50a6458b7ee.png


EDIT: Just a disclaimer, I only spent a few hours on this anti cheat and have not fully reversed it yet. Very possible that personal data is sent in which I simply haven't noticed yet, but I will update everyone if I find such a scan.
 
Last edited: