ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

  • LumbermillOverlord
    LumbermillOverlord
    ✭✭✭
    In the process of decompiling redshell.dll using MS reflection. Will update with results.

    thanks
  • Zinaroth
    Zinaroth
    ✭✭✭✭✭
    ADarklore wrote: »
    Zinaroth wrote: »
    Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

    If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.

    Yes I know, because ZOS, or rather, ZENIMAX, doesn't have enough money to have expensive lawyers who comb through all the laws before implementing anything.

    Not officially informing us about collecting this data and their intent of usage along with instructions on how to delete said data is already a violation of these laws. It doesn't matter how many lawyers they have or the fact that they are based in the US - there are no loop holes for these laws; they are specifically made with the intent of not allowing big corporations to be able to weasel their way around it.
    Zin A'roth | Orc | Stamplar | Ebontard Packed | Bleaker's Role Player | 27335/30645 Achievements | 3632/3653 Lorebooks | Original Hodor January 2015 | YouTube | Twitch | EU
    Father to a new born son, slave to a master's degree thesis. And I will have my sleep, in this life or the next...
  • xRIVALENx
    xRIVALENx
    ✭✭✭
    In the process of decompiling redshell.dll using MS reflection. Will update with results.

    x64dbg works quite well for this if you run into problems with MS Reflection.
  • Merlin13KAGL
    Merlin13KAGL
    ✭✭✭✭✭
    ✭✭✭✭
    This is a big deal, far more then people realize.

    I am not going to get into technical details, simply because most won't understand. What I will say is they are using a .DLL file to harvest hardware identifying information from your computer so they can track said information regardless if you delete cookies, browser cache, etc. You can get away from Facebook, Google, etc tracking...there is no getting away from this.

    I have been here since the beginning, but this is the end of the road for me. This is simply unacceptable, and I really don't care what their EULA says. I consented to their Eula change under the impression they were going to use monitoring for Anti-cheat purposes(Steam VAC, Punkbuster, etc)....I didn't sign up to be tracked and followed for marketing purposes so they can sell more crown store content. This is akin to installing Spyware on my machine, and its a huge betrayal. I'll never buy another game again that Zenimax Online Studios has any part in publishing or selling.

    this right here, is the beginning of the end...many of you just don't know it yet...things like this have a colorful history of killing games off, give it time. You won;t believe me now, but you will later down the road.

    Sad too, I enjoyed my time here, I still enjoy the game even today, but there is no way I will continue to play under these pretenses.

    So I guess this is the end of the road for me, maybe i'll come back if they remove this nonsense, if not, then its been fun. Say what you want about Google but they at least give you the ability to opt-out of this nonsense. You can only push things so far, and they have pushed me to the point I won't be pushed any further. Everyone has their own breaking points, and each persons point isn't always the same.

    Take it easy folks, its been a fun ride.
    Probably for the best, since you don't understand yourself.

    It's a hardware ID. Windows does the same thing when you activate. It's nothing new, and it's not going away anytime soon, because it's an effective way to have pretty good odds of identifying a unique system without having to otherwise have the details about that system.

    If you don't think Google analyzes your data anonymously, you're seriously deluded.

    Just because you don't like the way something is doesn't necessarily make it wrong...

    Earn it.

    IRL'ing for a while for assorted reasons, in forum, and in game.
    I am neither warm, nor fuzzy...
    Probably has checkbox on Customer Service profile that say High Aggro, 99% immunity to BS
  • Chicharron
    Chicharron
    ✭✭✭✭✭
    They have my credit card number, whatever else they spy from my computer, I do not care.
  • karthrag_inak
    karthrag_inak
    ✭✭✭✭
    this is not just for spying by a single individual/corporation. This information is regularly shared/sold among 3rd parties who then use it to build comprehensive online behavior profiles, which are then shared/sold. On top of this, having a 3rd party dll executing on the host machine enables them to potentially access -everything- you have and do on your computer.
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    If you remove the dll, the game won't launch.

    ^

    xjYi9io.jpg
  • karthrag_inak
    karthrag_inak
    ✭✭✭✭
    In the process of decompiling redshell.dll using MS reflection. Will update with results.

    it's not a dot.net dll so c/c++. Much more difficult, but I'm still interested in seeing what I can find out.
  • Marginis
    Marginis
    ✭✭✭✭✭
    Cadbury wrote: »
    All I want to know is, how does this connect back to the Illuminati?

    Illuminati. Freemasons. Aliens. ALIENS. 9/11 was an inside job. Chemtrails. The Earth is flat! Lizard people.






    Well, I guess we've confirmed Half Life 3 again.
    @Marginis on PC, Senpai Fluffy on Xbox, Founder of Magicka. Also known as Kha'jiri, The Night Mother, Ma'iq, Jane Shepard, Damia, Kintyra, Zoor Do Kest, You, and a few others.
  • Bucky Balls
    Bucky Balls
    ✭✭✭
    if anyone is interested, the decompiled cpp file for redshell.dll (not the one in /debug/) is available here :

    https://nofile.io/f/38euVu05rMw/redshell.cpp

    it's not for the faint of heart, particularly since it has embedded library functionality and arcane structuring, but maybe some folks might enjoy attempting to rebuild/reinterpret it.

    Thank you - might be worth a look when I can find some time. :)
  • Minno
    Minno
    ✭✭✭✭✭
    ✭✭✭✭✭
    Marginis wrote: »
    Cadbury wrote: »
    All I want to know is, how does this connect back to the Illuminati?

    Illuminati. Freemasons. Aliens. ALIENS. 9/11 was an inside job. Chemtrails. The Earth is flat! Lizard people.






    Well, I guess we've confirmed Half Life 3 again.

    Game over mannnnnnnn.
    Minno - DC - Forum-plar Extraordinaire
    - Guild-lead for MV
    - Filthy Casual
  • PouletRico
    PouletRico
    ✭✭✭
    if anyone is interested, the decompiled cpp file for redshell.dll (not the one in /debug/) is available here :

    https://nofile.io/f/38euVu05rMw/redshell.cpp

    it's not for the faint of heart, particularly since it has embedded library functionality and arcane structuring, but maybe some folks might enjoy attempting to rebuild/reinterpret it.

    I'm pretty sure decompiling and sharing code it's something illegal. Or, at least, would infringe any User Aggrements... Just telling tho.
    @PouletRico - EU PC Megaserver
    PouletRico - TankDK - EP
    Experimental Kamikaze - StamDK - AD

    I'm doing my best, but I'm not a native speaker
  • Minno
    Minno
    ✭✭✭✭✭
    ✭✭✭✭✭
    Have we figured out how to block it?
    Minno - DC - Forum-plar Extraordinaire
    - Guild-lead for MV
    - Filthy Casual
  • karthrag_inak
    karthrag_inak
    ✭✭✭✭
    Here's their agreement :

    https://redshell.io/privacy-policy

    since ZOS didn't link to it, this is what they are doing, or at least this is what they admit doing.
  • billp_ESO
    billp_ESO
    ✭✭✭✭
    A couple of questions:

    - Are they gathering machine information only? Like what CPU, how much mem, graphics, etc? That would help them figure out what their player base is. That seems totally fine.

    - Or are they also gathering your browsing information that has nothing to do with the game? So if you looked up kitten mittens, ZoS would sell that information to marketers?
  • PouletRico
    PouletRico
    ✭✭✭
    PouletRico wrote: »
    if anyone is interested, the decompiled cpp file for redshell.dll (not the one in /debug/) is available here :

    https://nofile.io/f/38euVu05rMw/redshell.cpp

    it's not for the faint of heart, particularly since it has embedded library functionality and arcane structuring, but maybe some folks might enjoy attempting to rebuild/reinterpret it.

    I'm pretty sure decompiling and sharing code it's something illegal. Or, at least, would infringe any User Aggrements... Just telling tho.

    It's a 3rd party program that I did not expressly allow on my machine, and as such, until demonstrated otherwise, I consider it malware. As such, decompiling/analyzing it for its impact and purpose is, as per DCMA 1205(I), considered fair use.

    More information can be found here :

    http://scholarship.law.marquette.edu/cgi/viewcontent.cgi?article=1087&context=iplr/

    I was more concerned about sharing it.

    One solution, I think, would be to block the api.readshell.io DNS on outgoing requests (in the windows firewall or a other software). Not sure the game would launch, could give a try tonight.
    billp_ESO wrote: »
    A couple of questions:

    - Are they gathering machine information only? Like what CPU, how much mem, graphics, etc? That would help them figure out what their player base is. That seems totally fine.

    - Or are they also gathering your browsing information that has nothing to do with the game? So if you looked up kitten mittens, ZoS would sell that information to marketers?

    I think that the purpose of RedShell is to match game user with internet user. Match a player profile with their Facebook profile (for example). So I think that the game is gathering data related to your PC/Game, and then, they use data from Facebook to enrich them and make a whole new profile, having data from your game + from your Facebook profile.
    Edited by PouletRico on May 31, 2018 5:03PM
    @PouletRico - EU PC Megaserver
    PouletRico - TankDK - EP
    Experimental Kamikaze - StamDK - AD

    I'm doing my best, but I'm not a native speaker
  • LumbermillOverlord
    LumbermillOverlord
    ✭✭✭
    PouletRico wrote: »
    PouletRico wrote: »
    if anyone is interested, the decompiled cpp file for redshell.dll (not the one in /debug/) is available here :

    https://nofile.io/f/38euVu05rMw/redshell.cpp

    it's not for the faint of heart, particularly since it has embedded library functionality and arcane structuring, but maybe some folks might enjoy attempting to rebuild/reinterpret it.

    I'm pretty sure decompiling and sharing code it's something illegal. Or, at least, would infringe any User Aggrements... Just telling tho.

    It's a 3rd party program that I did not expressly allow on my machine, and as such, until demonstrated otherwise, I consider it malware. As such, decompiling/analyzing it for its impact and purpose is, as per DCMA 1205(I), considered fair use.

    More information can be found here :

    http://scholarship.law.marquette.edu/cgi/viewcontent.cgi?article=1087&context=iplr/

    I was more concerned about sharing it.

    One solution, I think, would be to block the api.readshell.io DNS on outgoing requests (in the windows firewall or a other software). Not sure the game would launch, could give a try tonight.
    billp_ESO wrote: »
    A couple of questions:

    - Are they gathering machine information only? Like what CPU, how much mem, graphics, etc? That would help them figure out what their player base is. That seems totally fine.

    - Or are they also gathering your browsing information that has nothing to do with the game? So if you looked up kitten mittens, ZoS would sell that information to marketers?

    I think that the purpose of RedShell is to match game user with internet user. Match a player profile with their Facebook profile (for example). So I think that the game is gathering data related to your PC/Game, and then, they use data from Facebook to enrich them and make a whole new profile, having data from your game + from your Facebook profile.

    ok pls post the results later
Sign In or Register to comment.