PSA: Don't start Dirty Bomb from a UAC-elevated Steam client

TL,DR; Xigncode doesn’t like it when Steam is running as an elevated process, and you’ll get your account “permanently suspended” if you try to play Dirty Bomb.

Edit: Update here. Either something’s changed with Xigncode in this update or restarting Steam removed some random offending process.

Story time! I recently decided to replay Fallout 3, which doesn’t play nicely with Windows 7/8 (Because Bethesda). The workaround is to run it in compatibility mode for Windows XP SP3, and run it as an elevated process. The latter has a couple of implications;

1. You get a UAC prompt whenever you start Fallout 3
2. You can’t use the Steam overlay unless Steam’s running elevated as well
3. Alt-tabbing to check Steam messages without the overlay can make the game unresponsive

So I ran Steam as an elevated process instead. No UAC prompt, the overlay works so I don’t need to worry about alt-tabbing making the game unresponsive, all positives… Right? I took a break to play Dirty Bomb, and Xigncode - the wonderful anti-cheat that we all know and love - decided it didn’t like Steam being elevated. So I restart Steam without the elevation, play Dirty Bomb, and everything’s fine… Right?

Decided to play this afternoon, only to find my account - a Founder’s account of two years - has been “permanently suspended”. Good job, Xigncode. You managed to detect my totally malicious Steam client and prevent me from hacking with it. I genuinely don’t expect this thread to get my account back, and I can probably deal with the handful of lost cash that I’ve put into DB, but I hope that it at least serves as a warning to others. Xigncode is ridiculously over-sensitive, and anything that isn’t exactly the way Xigncode thinks it should be will get you banned.

Oh man @missmurder get on this please

Cracking down on aimbotters needs to be moved down the priority list, we have bigger problems. I can’t sleep at night knowing that people might be running their steam client when they play dirty bomb… What if everyone I thought was good was just clienting the whole time???

what if everyone who is really bad in game wasnt actually bad and they were just chatting on a steam overlay message to their mother in peru!! they are not handing out ammo and running into walls? ITs not because they are newbies like we thought its because they are checking their achievements in steam overlay!!!

oh my my life is ruined thank goodness they are putting their foot down and stamping out this steam nonsense - i expect to see a 999% increase in player performance once we finally get rid of steam for good and ban every DB player that uses it

I play dirty bomb on a laptop that I recently reformatted. It just has steam, mumble and the essentials. I still feel like I’ll screw up somehow and get banned by Xigncode because I ran Autodesk update or something. It’s making me pretty paranoid with all these stories.

BUT, I’ve never been paranoid about VAC false positives or even Punkbuster though. So what gives?

Eh… I was gona buy phantom today since i didnt make enough credits to get him…

Guess im keeping my money !

At this point…I think i need to disable XIGNCOD permanently on my system… Since im a persistent steam user…and what if XIGNCOD finds out im steaming my game and im not a good player ?!

I thought PB was shit…But this is a whole new level of bullshittiness !

Other anti-cheat systems often work on a principle along the lines of “it’s easier to deal with false-negatives than false-positives”, because user reports will often help to patch the holes and it’s often far more costly to lose reputation with your consumers than to have a not-quite-perfect anti-cheat.

Xigncode appears to be a combination of all the worst elements of anti-cheat. Regular users need to fear running anything outside of core OS processes, they can’t tell what’s triggering Xigncode without trial-and-error (which will most likely result in a suspension) or waiting to get a response from support, and hackers are still as common as they are with other anti-cheat systems.

And don’t even get me started on scanning my system. Sure, scan running processes, that makes sense. Scanning my browser history and recently run processes? HowAboutNo.jpg

If xigncode is so brutal with not allowing programs, then how are people still aimbotting?

xigncode is much like a cattle-fence. As a child, you don’t understand how it works - a puny band of string is keeping you from going there? RIDICULOUS, CHARGE! Your parents probably warned you to not touch it, and probably even explicitly mentioned not licking the fence (I was a bit special).
You wouldn’t listen and got hurt.
Hopefully you will stay clear for a time. Being human and not cattle, you eventually understand electricity and insulators and a cattle-fence can’t stop you anymore
(still, licking it isn’t a good idea. licking most stuff you find in nature is generally not safe)

Same goes for proper hackers, there is only so much an anti-cheat can possibly do and if you have time, knowledge and disposable steam accounts, you can get through.

SO yeah, xigncode is stopping cattle from getting inside, and people who touch it by accident. (A long blade of grass is enough to get you)

If you have never seen/touched a cattle-fence: it makes noise if it’s active, and you do not test if it’s active by licking it. I can’t stress not licking cattle-fences enough, they taste hurty.

dont wizz on the electric fence

I doubt running your client at an elevated privelage would trigger xigncode. More people would notice since a lot of people do it by default.

xigncode is much like a cattle-fence. As a child, you don’t understand how it works - a puny band of string is keeping you from going there? RIDICULOUS, CHARGE! Your parents probably warned you to not touch it, and probably even explicitly mentioned not licking the fence (I was a bit special).
You wouldn’t listen and got hurt.
Hopefully you will stay clear for a time. Being human and not cattle, you eventually understand electricity and insulators and a cattle-fence can’t stop you anymore
(still, licking it isn’t a good idea. licking most stuff you find in nature is generally not safe)

Same goes for proper hackers, there is only so much an anti-cheat can possibly do and if you have time, knowledge and disposable steam accounts, you can get through.

SO yeah, xigncode is stopping cattle from getting inside, and people who touch it by accident. (A long blade of grass is enough to get you)

If you have never seen/touched a cattle-fence: it makes noise if it’s active, and you do not test if it’s active by licking it. I can’t stress not licking cattle-fences enough, they taste hurty.[/quote]

A cute story, however the case here is you barely need any knowledge to bypass xigncode, yes it is that bad. Currently it is more likely to stop a legitimate player from playing in comparison to a guy running hacks.

Well since I stupidly run under the built in Administrator account all my applications are auto elevated. No problems here.

I’m using the only account on my computer - which I’ve set up myself - and I was using explicit elevation (“Run as admin” under the compatibility tab). Simply being an administrator doesn’t trigger it. I’m going to set up a new disposable account to be absolutely sure, hopefully the update doesn’t change anything.

My suspicion is that it might be something to do with how the Xigncode watchdog is spawned. Normally, elevated processes spawn child processes which are also elevated unless explicitly instructed to do otherwise. If the watchdog is being spawned with “regular” permissions, then it won’t have access to the DB client, which would probably trigger it.

Which is why I made sure to say the ‘built in’ Administrator account. The one you have to activate and has auto elevated privileges that mean everything is run as Administrator by default.

I’m not saying what you’re saying didn’t happen, but simply being elevated is not it, something else along the way caused it to happen.

This immediately made me start singing the Log song at my office.

Also, I’ve ran Steam with elevated privs quite a few times due to it being a requirement to play some non-steam games using Steam’s in-home streaming and I haven’t had any issues with DB/XIGNcode. But I probably haven’t done that in about a month and change so perhaps this is a new development?

Created a throwaway account to test, and nothing that I’m doing to replicate the situation is triggering Xigncode;

• Steam elevated via compatibility
• Steam elevated for all users via compatibility
• Running all of the same processes (Atom, Chrome, Skype, default Task Manager)
• Running Fallout 3 before running Dirty Bomb
• Running Fallout 3 via FOSE before running Dirty Bomb
• Running Fallout 3 via FOSE while running Dirty Bomb

So now I’m left with a mystery. Either;

1. The DB update changed how the Xigncode watchdog process was spawned, meaning that it uses the same credentials as the DB client, allowing access no matter what
2. Some background process was triggering Xigncode, and restarting Steam removed that process

So there’s ~$60 and two years down the drain for something that I couldn’t prevent. It’d be nice if Xigncode could actually tell us exactly what’s triggering it so that we don’t need to risk our account being banned for trial-and-error closing of any process that might be triggering it.

@MissMurder, if you can help, I’d really appreciate it. I can’t think of anything else that would trigger Xigncode and then stop triggering it once Steam’s been restarted.

[quote=“Hipolipolopigus;40422”]Created a throwaway account to test, and nothing that I’m doing to replicate the situation is triggering Xigncode;

• Steam elevated via compatibility
• Steam elevated for all users via compatibility
• Running all of the same processes (Atom, Chrome, Skype, default Task Manager)
• Running Fallout 3 before running Dirty Bomb
• Running Fallout 3 via FOSE before running Dirty Bomb
• Running Fallout 3 via FOSE while running Dirty Bomb

So now I’m left with a mystery. Either;

1. The DB update changed how the Xigncode watchdog process was spawned, meaning that it uses the same credentials as the DB client, allowing access no matter what
2. Some background process was triggering Xigncode, and restarting Steam removed that process

So there’s ~$60 and two years down the drain for something that I couldn’t prevent. It’d be nice if Xigncode could actually tell us exactly what’s triggering it so that we don’t need to risk our account being banned for trial-and-error closing of any process that might be triggering it.

@MissMurder, if you can help, I’d really appreciate it. I can’t think of anything else that would trigger Xigncode and then stop triggering it once Steam’s been restarted. [/quote]

Put in a ticket with support. https://support-dirtybomb.nexon.net/hc/en-us

They can most likely tell you exactly what you were banned for and if it was some bug then they can remove it so you won’t be out any time or money.

Are you sure you didn’t have anything that’s on the banned list running?

[quote=“Amerika;40596”]Put in a ticket with support. https://support-dirtybomb.nexon.net/hc/en-us

They can most likely tell you exactly what you were banned for and if it was some bug then they can remove it so you won’t be out any time or money.

Are you sure you didn’t have anything that’s on the banned list running?[/quote]

Yeah, I’ve done that, but they’re either swamped or AWOL. I don’t think that support will give enough of a damn to reverse the suspension, anyway. “All heil the mighty, infallible Xigncode!” and all that.

And yeah, I’m sure. I got a three-day suspension for Process Hacker a few months back which, despite the name, isn’t used for hacking. This is a dev rig, so being able to do things like see and close erroneous handles - unlike the regular Task Manager - is a big help. Punkbuster doesn’t hate it, VAC doesn’t hate it, Xigncode is just rubbish.

@GM-Radrodo could assist. I’ve had rather good luck with support being responsive so hopefully they catch up quickly for your inquiry.