Theory On Anti-Ban

[The Modder]

Hello MPGH Community. I have found that there are many files that can be deleted in the Vindictus directory that change some of the aspects of the game, obviously these aspects are all client side. There was one file though that I am interested in. It is the NMService.exe file. All it seems to do is create a text file with a log of the game info, but there is something else.

When you run the game without this file it gives you a message saying "failed to log in" but the game still runs. This message pops up every minute. Because of this I think it may be trying to send files to the server. Those files may contain information on whether or not you have used a hack, and by stopping the NMService you should be able to hack without Nexon finding out. This is just a Theory. This is probably just going to hit a dead end.

Yes I know that the NMService is Nexon's Messaging Service but when I tested this I was still able to speak in the town, join channels, my guild still worked, and I could join and host boats.

I would like to know more about this and have some other people test this out.

[Sunrise]

Sounds very interesting. But I don't want the message to keep popping up every minute because that would be greatly annoying. It could be a theory but more or less not really but could be. Not enough info to really decide though.

[nexonfails99]

I thought Nexon's Messaging Service was their rubbish friend chat system.

[nb109]

I thought Nexon's Messaging Service was their rubbish friend chat system.

I believe it is. And as for Nexon not receiving any files that could point you out as a hacker, doesn't the fact that they aren't receiving anything from you even though you are logged in make you look suspicious?

[The Modder]

I believe it is. And as for Nexon not receiving any files that could point you out as a hacker, doesn't the fact that they aren't receiving anything from you even though you are logged in make you look suspicious?

I have already thought of that and I think I have a solution. Make another NMService file that generates a file at random and sends it. That way they are still getting files but you aren't giving them any incriminating information.

NOTE: This would take some extensive programming.

[pyrobryant]

I dont know if this will help you or not but, I have COMODO Firewall and it blocks this service by default. I could not use guild or friends list until I unblocked it.

[The Modder]

I dont know if this will help you or not but, I have COMODO Firewall and it blocks this service by default. I could not use guild or friends list until I unblocked it.

Ya your right, but if you are using hacks you won't really need to see your friends, guild members, or be able to join other peoples boats. All you need to be able to do is make your own boat, do some battles, and mabye use the marketplace every once and a while. But if you want to get things back all you have to do is put the NMService file back.

[UnitedMassacre]

This is an interesting theory... but if the "sv_cheats_1" command is what is detected than everyone using the console would be detected... what would be the next step in this theory is try to weed out the people that already had nmservice.exe disable or blocked by a firewall.. if they were not banned because they didnt have a connection to the nmservice.exe than that would be a thing to investigate into more.

theory is plausable but with deeper thought it proably is unlikely...

the programing involed in attempting to mimic the nmservice.exe wouldn't be as difficult as you assume allthough it is tricky... youd have to get a just on what that executables perpose is and the layout of packets that are being strung from said executeable. also you could tear it apart (good luck with that one) and look at its guts.

now is nmservice an executable that runs along with the vindictus.exe that is visable in the task manager (asuming no its proably an executable that is used by the client upon login) if no than its communication is limited to client control... and proably is nothing more than annoying.

all in all plausable theory but i still put my money on its a string of codes at a particular time that are detected. either something that is stays active or something that sets off a flag when set to xxxx ammount..
NONE of my characters on ANY ips were banned during the recent patch ... im assuming ill know the correct answer as to how people are being banned the 16th by trial and error testing.
lets just hope an pray its not as simple as detecting "sv_cheats_1" .. if that is the case then all hope of being able to exploit on a main account is lost.

[drake112]

Here's a thought...

If someone from your friends list levels up, ranks skill up, gets achievement, you get to see that by a pop-up at right lower corner of the screen. If nmservice.exe is nexon's messenger, and it is related to guild & friends list... then maybe it might send logs about friends activities to the server.? I mean, I've read somewhere that people from trusted friends group got banned in the end, even if their friends kept silent about hacks.. Maybe it's somehow related to the friends list and nmservice.exe

It's just a thought.. And highly unlikely that it's happening this way.. but you may never know.

[jiggs7]

Drake does have a good thought.... EVERYBODY has friends on the friends list on vindictus.. what better way to monitor users than through people they trust?

Sorry to double post but yea i have a level 40 Evie that I've been hacking on for a couple weeks now. I don't have any friends on my friends list because it was originally just a test account. I always solo and i use hells console with only the damage and fast walk commands. I log on EVERYDAY and use them and haven't been banned.... why? Just a thought

[nb109]

Here's a thought...

If someone from your friends list levels up, ranks skill up, gets achievement, you get to see that by a pop-up at right lower corner of the screen. If nmservice.exe is nexon's messenger, and it is related to guild & friends list... then maybe it might send logs about friends activities to the server.? I mean, I've read somewhere that people from trusted friends group got banned in the end, even if their friends kept silent about hacks.. Maybe it's somehow related to the friends list and nmservice.exe

It's just a thought.. And highly unlikely that it's happening this way.. but you may never know.

It makes sense, but its still not definitive. It has to be something passive in the game because, as of yet, there is still no in-game function for one player to report another.

[ryuji296]

The console hack is really Detected. I've been on a xurv3y of what is the sign of the console packet.

I've run a dungeon(1) without cheat.
Next I've run with a cheat.

comparing the 2 notepads in en-US folder.
The first one has a code of "[02/14 11:29:23] Accept NMFunc = [0x1108:CNMChangeMyLevelFunc]"

Then the second Has both "[02/14 11:29:23] Accept NMFunc = [0x1108:CNMChangeMyLevelFunc]"

and


"[02/14 12:19:17] Send Hello Packet!"

Now im guessing the Hello Packet is the packets detected name??

Sorry for bad english and stupid opinion. Just sharing

[Harmless]

All these conspiracy theories are so far-fetched. In reality, the Source Engine (before modification) is capable of outputting cvar usage demographics for Valve (to help narrow down balance issues) and there's no online service that doesn't have a demographics system in place, it would be a no-brainer to utilize what was already proven effective by the engine's creators. US Nexon has to keep in sync with Korea's developers, which delays any possible counter-measure. They also need to crunch numbers to average server usage (and minimize, if possible) then present the new numbers to their boss(es) and order new/more hardware (if necessary). Patching console commands isn't a crippling issue like the pt2boy hack which uses internal commands, enjoy it while it lasts and quit sweating over when you'll lose it.

[Jirachi7]

There is nmcorsv_(randomnumber) and nmconew.(random number) files in the Vindictus folder that I think are the logs that NMService is creating. Has anyone tried deleting these? Does it cause the game not to work? Does it delete the log history of hacking via console? Does it create new ones after you delete the old ones? Sorry for so many questions, just trying to think of ways to get rid of any hacking history is all.

[The Modder]

There is nmcorsv_(randomnumber) and nmconew.(random number) files in the Vindictus folder that I think are the logs that NMService is creating. Has anyone tried deleting these? Does it cause the game not to work? Does it delete the log history of hacking via console? Does it create new ones after you delete the old ones? Sorry for so many questions, just trying to think of ways to get rid of any hacking history is all.

You can delete the nmcorsv and nmconew and the game will still work. These files are also sent to the server so if you did hack and you want to delete these it won't make any difference.

Every time the game is started a nmconew.(RandomNumber) file is made and every time you log in a nmcorsv_(RandomNumber) file is made.

Something interesting about these files is that the both have a different ip address in them.
The nmconew file has: 63.251.217.193
And the nmcorsv file has: 208.85.108.111

I think the first is the authentication server and the second is the actual game server. That means that if someone does make a NMService file they will have to know which packets to send to which servers