NGS detects security threat

[pikmar]

Running the scripts works for about 3 minutes and then the game boots me out because of security issues. Not sure if there is a work around to bypass the security check.

[cursey]

Are you using the 64bit version of python?

[pikmar]

I'm currently using Python 3.5 64bit. Should I just reinstall python and try again?

EDIT: Reinstalling python didn't resolve the problem. Any suggestions? Also tried the auto and debug .bat files while running them as administrator and enabling and disabling different combinations of scripts. Ngs still kicks me out after a couple minutes, but all the applied scripts work.

[ghost]

FWIW, someone posted about Kanan giving NGS on MM earlier this week. https://mabimods.net/index.php?topic=17491.msg248366#msg248366

[Aahzmandius]

Having no problems with NGS here, using Kanan with redirected data folder (loosely UOTiara with a few extra things) and a few Poison packs.

You haven't mentioned if this was a sudden detection, where everything was previously working fine with your kanan setup, and now only recently you're getting NGS detected? Or is this your first time trying to get kanan working?

Is this a clean setup, no previous mods like Abyss installed?

[pikmar]

This is the first time trying to get kanan to work on my laptop. Haven't used other mods before on this laptop. Downloaded the files using the links in this github.

[Tonkatunk]

http://puu.sh/s4Pxm.png Just wanted to say i've been on for 30+ mins with those scripts, no issues.

[ghost]

@Tonkatunk aren't you also the one who posted the post I referred to in my previous comment?

Report that Kanan's triggered NGS for last night. If anyone wants to test and/or narrow it down to a specific mod, it'd be appreciated.

What changed?

[Tonkatunk]

Yeah that was me. I don't know what changed honestly. I downloaded all the stuff a few hours ago, removed all the scripts that were redundant with other things or i just didn't want, and the ones that were left worked. The image i posted shows which scripts i had. So i assume one of the scripts that i'm not using, will trip NGS. I just don't know which.

As for that post, i was actually posting on behalf of someone else, so i can't say what was included as i don't know.

[pikmar]

These are the scripts that I tried to use just now and one or more of them caused the ngs to respond. Not sure if this helps, but I'm launching the game using the default nexon launcher. My image link failed so here's a list: Autosetmtu disablenagle dungeonmapresize elflagfix fovchange freeindoorcamera hotkeyanyitem minuteclock removedungeonfog secondtimer

[Tonkatunk]

@pikmar i'm actually not able to see that image on chrome, get a 404 error from github

[pikmar]

Edited my last post with a list. Tested again using fewer scripts and some of the ones that seemed to work (based on the list in Tonkatunk's image). Minuteclock or elflagfix cause the ngs response (unless my setup of kanan is incorrect).

[Tonkatunk]

Mkay, having just done this with abyss, i'd like to say something in case anyone else spaces this. Mod_sharker or any other mod loaded through the loaddll feature. Do not forget you have done so, and don't forget to troubleshoot them.

I load mod_sharker through abyss, and didn't give it a second thought. Mod_sharker was tripping NGS, but i was blaming it on abyss and trying to figure out what was wrong while talking to blade, certainly felt dumb. So keep in mind if you associate files, to double-check and make sure they're not complicating things.

[Kyralis]

There should be no reason to delete any mods from kanan, you can disable them in the configuration. This being said I would suggest deleting your kanan folder entirely and downloading it fresh, then test it without deleting any files. Run the batch as admin and ensure you are not removing something that is linked to another script, as I am not seeing what you mean by redundant scripts. Also you should try launching the game from the batch and not the launcher. Make sure to check the batch window for any errors.

[Tonkatunk]

@Kyralis i'd like to point out that the current version actually does not include a delayed or coalesce txt file. I have a previous version which i assume would be safe to just copy into the current version. I just wanted to point out that i don't actually see those two files in this version however. http://puu.sh/s5oEw.png

[Aahzmandius]

Played around with it for about an hour in many different configurations, enabled every mod (not all at once), especially the ones @pikmar listed, and I couldn't get NGS to kick me. Since I can't reproduce your configuration in a way that gets me kicked, I'm at a loss to figure out why you're having problems and I'm not.

Kanan automatically detects when the client is available for injection, and should be patching properly, so unless you have some console logs from debug mode to show us... We most likely won't be able to pinpoint the problem, other than "there's something wrong with your computer".

@Tonkatunk Everything moved to a single config.toml file, where you can still enable/disable/delay things.

[Tonkatunk]

@Aahzmandius Alrighty, thanks for testing. I'll edit the post in mabimods to say that someone's tested all the mods in kanan's and confirmed them working. Can double post if you'd rather that instead.

And just to repeat myself, the mods i use with kanan's, i have confirmed working. My report about NGS was on behalf of someone else, so my information is much more limited. They may have made the same mistake i did when setting up abyss, and the issue isn't kanan itself, they just made a mistake.

[Kyralis]

@Tonkatunk Those files do not exist anymore, it was all converted into the config.toml and you must indicate if its coalesced or delayed there. Some things were added and removed from Kanan a while back and simply extracting the changes into an old folder of kanan will not remove them. As it only replaces existing files and adds new ones. I ran into the same issue last week because I did not bother to make a new folder, so I had a lot of excessive files that were not needed.

[Tonkatunk]

thanks for the clarification kyralis

[pikmar]

I tried a couple different things and redownloaded all the files, but I wasn't able to avoid ngs. I didn't notice anything that seemed like an error when running the debug .bat file and checking the entries. Fiddling around with my computer settings also didn't help, so I guess my laptop is "broken." I noticed that I can't connect to FTP when I use mabinogi.exe and I can't seem to run the client.exe file on its own (had to use the auto.bat or other launchers to start the game). Not sure if this has anything to do with the ngs checks. I guess my college campus wifi is probably blocking something, so the scripts probably don't have any issues. Thanks for the input.

[cursey]

Please try the following:

• Open a windows command prompt.
• Type pip install frida --upgrade in the prompt and hit enter.
• Start kanan and mabi and see if you get NGS'd.

If you do get NGS'd, do the same except try typing pip install frida --upgrade --pre at the command prompt. What these commands do is upgrade your frida installation (a library used by kanan), first to the latest release, and then to the latest developer release. This may or may not fix your issue but its worth trying.

The above has caused me to get NGS'd as well meaning they are most likely detecting the recent versions of frida. I'll come out with a fix shortly.

[pikmar]

debug log.txt Here is the debug command log that I get (assuming the attachment loads properly) when I run kanan up to the part where I exit the game after being kicked by ngs. Kind of redundant now that I see your edit, but I tried the upgrade steps and unfortunately nothing improved. Although, one of the components of python did upgrade to 9. something (forgot the exact number and description). Not sure if that's important.

[Aahzmandius]

Yup, good catch @cursey, that was it, kicked now with an upgraded frida, and downgrading back fixes it. Nothing wrong with your computer, NGS has just added some basic kanan detection now.

And so it begins...

[cursey]

For now just open a command prompt and type the following

• pip uninstall frida
• pip install frida==8.0.3

This will uninstall frida and reinstall an older version that NGS doesn't pick up. I'll work on a better solution in the meantime.

[cursey]

So after testing to day it seems like the most up to date version of frida is no longer being detected. If someone would like to check just run:

• pip unisntall frida
• pip install frida

to get the latest version and let me know how it goes. Thanks!

[SoSadToday]

I just tried it out, had 8.0.3 installed and got NGS, uninstalled then installed latest version being 8.1.10 and still getting NGS kicked. Maybe just a few people are lucky and it's not detecting it for them.

[ghost]

Are you using 32 or 64 bit python?

[SoSadToday]

64 bit, made sure I was running it when that problem first arose.

[pikmar]

I also got kicked by NGS while using both 8.0.3 and the upgraded version. 8.0.3 was working fine yesterday (around 10pm PST).

[ghost]

Yep. Seems 8.0.3 NGS's. And so does the newest.

[cursey]

Yeah, so I'm pretty sure I've created a working bypass for NGS. I'm in the process of testing it right now (it does work 😄) then I'll clean it up and release it soon. I have to make some decisions on how I want to release it since I don't want them to just fix it 😒 .

I'll keep everyone updated here.

[Kyralis]

Alternatively if need be, I have been using version 7.2.14 since I first installed kanan and it still runs fine for me. I have not encountered any ngs errors. But I only use kanan, and sweetfx enb, no abyss. pip install frida==7.2.14

[Tonkatunk]

Didn't realize how old my version of frida is, but since there are a few people complaining of issues atm, i can safely say 3.5.2 works. Just wanted to share that.

[ghost]

...That's your python version.

[cursey]

type pip show frida to get your frida version.

[Pyropiro]

so guess only way to make it work atm is to use a older frida?

[ghost]

For the moment, yes.

[blookvoodow]

well, looks like multiclient died

[ghost]

Seems to work just fine? No other mods installed, either.

Edit: Nevermind. It just NGS'd on one, but not the other. But that seems like it's some server-sided detection then, otherwise the client wouldnt even start, or both should've disconnected.

[milktao]

other forms of multiclienting are failing such as abyss and pack file mods. renaming client.exe and running two differently (and identically) named versions also causes ngs on one client.

[ghost]

Yeah, the patch is working just fine (all it does it bypass the "multiple clients detected prompt"). The problem is that they're detecting multiple logins from the same computer through different means now.

[blookvoodow]

My guess? periodic server side checks for ip addresses

[inklit]

Easy to tell @blookvoodow just run the game on a different computer on your LAN if you have a NAT. My guess is that your guess is wrong and that it's doing something else client side. :question:

[blookvoodow]

@inklit how does the client behave any differently without a client update?

Unfortunately I don't have a second device that can run this game, hence the need for multiclienting. But perhaps you can humor us and confirm that my guess was wrong?

[ghost]

I can play at the same time my brother is, so I doubt it's IP check. MAC Address check would be more realistic.

NGS is mostly updated on the server side, with some client side update when you run the game, so you don't necessarily need to log out to get NGS'd

[Tamelions]

Any news on the Multi Client issue :o, Curious.

[Nan0bit]

@QewQew https://sourceforge.net/projects/forcebindip-gui/ We could try binding extra clients to loopback adapters? Seems like a better solution than running a ton of VM's

[blookvoodow]

Seems like multi-client is no longer getting NGS'ed?

[Coziestest]

@blookvoodow I've noticed this has been the case since a few weeks ago after one of the maintenances, but I don't believe anyone actually mentioned it publically yet.