Friday, November 27, 2009

Games and privacy

I was in the mood to play a game. So I downloaded "Little Space Duo" to give it a try. But I never had the chance to run this Game. It was complaining it needs to register itself at launch. Now why? Its the first launch of the game. I didn't even had a chance to enter a registration key or anything. So what is it registering??

Now I use LitteSnitch for a very clear purpose. To know when evil programs violate my privacy and send out data I don't want to be sent out. Well in this game's point of view, LittleSnitch is considered evil as it specifically complains about it. Never the less, even if you allow all on LittleSnitch or disable it temporarly, it didn't work. So I did some research on what this app is really doing and did a wireshark trace with interesting results:

The app does connect to and sends the following HTTP request:

GET /blocked/Little%20Space%20Duo HTTP/1.1
User-Agent: Little%20Space%20Duo/1.0 CFNetwork/454.5 Darwin/10.2.0 (x86_64) (MacBookPro5%2C3)
Connection: close

So far not much information being revealed except my computer's type and architecture.
The response is however indicating more clearly on to why this doesn't work:

HTTP/1.1 404 Not Found
Set-Cookie: bpp=324184256.20480.0000; expires=Fri, 27-Nov-2009 17:41:17 GMT; path=/
Date: Fri, 27 Nov 2009 13:53:22 GMT
Server: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.3 mod_ssl/2.2.4 OpenSSL/0.9.8e
Last-Modified: Tue, 25 Mar 2008 05:53:37 GMT
ETag: "da4b2b-3c2-92d2da40"
Accept-Ranges: bytes
Content-Length: 962
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<TITLE>404 Not Found</TITLE>
<H1>Not Found</H1>
The requested document was not found on this server.
Web Server at

- Unfortunately, Microsoft has added a clever new
- "feature" to Internet Explorer. If the text of
- an error's message is "too small", specifically
- less than 512 bytes, Internet Explorer returns
- its own error message. You can turn that off,
- but it's pretty tricky to find switch called
- "smart error messages". That means, of course,
- that short error messages are censored by default.
- IIS always returns error messages that are long
- enough to make Internet Explorer happy. The
- workaround is pretty simple: pad the error
- message with a big comment like this to push it
- over the five hundred and twelve bytes minimum.
- Of course, that's exactly what you're reading
- right now.

In other words they built a blacklist mechanism into the application and lateron removed the blacklist from the server which makes probably all games complain which have an online connection. The workaround is simply to disable the network interface completely. Then it doesn't complain ;-)

No comments: