Home Explore Help
Sign In
Krock
/
dawn
Watch 85
Star 192
Fork 43
Files Issues 9 Pull Requests 0
Labels Milestones
New Issue

#500 [EU] Data error, please log in again. Error code: 10010-4001

Open
opened 3 months ago by demicorn · 11 comments
demicorn commented 3 months ago

https://imgur.com/a/eC4Lrm6

A large number of reports about this error in discord https://discord.com/channels/910869215857217596/1402223751302483978
The error appeared August 4 or 5 both on pc and on steamdeck.
The version of wine does not make a difference.
Adding -platform_type CLOUD_THIRD_PARTY_PC -is_cloud 1 and/or hostname steamdeck does not help either.

Looks like a new server-side check. In the first week after the update the game worked fine.

The error happens after ~2 minutes of being in-game and for now only EU server

https://www.hoyolab.com/article/40400523

https://github.com/an-anime-team/an-anime-game-launcher/issues/543

https://imgur.com/a/eC4Lrm6 A large number of reports about this error in discord https://discord.com/channels/910869215857217596/1402223751302483978 The error appeared August 4 or 5 both on pc and on steamdeck. The version of wine does not make a difference. Adding `-platform_type CLOUD_THIRD_PARTY_PC -is_cloud 1` and/or `hostname steamdeck` does not help either. Looks like a new server-side check. In the first week after the update the game worked fine. The error happens after ~2 minutes of being in-game and for now only EU server https://www.hoyolab.com/article/40400523 https://github.com/an-anime-team/an-anime-game-launcher/issues/543
Krock commented 3 months ago
Owner

Can reproduce the same error on EU, using the very same WINEPREFIX and Wine version since at least version 5.6.0. This error is thrown to all accounts, regardless of AR. The countdown is started after entering the door.

The startup behaviour is identical to 5.6.0, where the game raises a hard fault after processing the current security file.

For testing, I used an older security file version from just after the 5.8.0 update. This does get rid of the "errorCategory":"MHYpBase", "logStr":"LocalKick","stackTrace":"(1,4,1114)" error log, but not the in-game error message.

As a next step, I will retry the method used by the patch scripts, However, in case of runtime checks, this might not help at all.

Can reproduce the same error on EU, using the very same WINEPREFIX and Wine version since at least version 5.6.0. This error is thrown to all accounts, regardless of AR. The countdown is started after entering the door. The startup behaviour is identical to 5.6.0, where the game raises a hard fault after processing the current security file. For testing, I used an older security file version from just after the 5.8.0 update. This does get rid of the `"errorCategory":"MHYpBase", "logStr":"LocalKick","stackTrace":"(1,4,1114)"` error log, but not the in-game error message. As a next step, I will retry the method used by the patch scripts, However, in case of runtime checks, this might not help at all.
FichteFoll commented 3 months ago

Same problem here. Was fine yesterday.

I was using caffe but the problem also occurs on vanilla 10.12.

On the referenced GitHub issue, some people reported success by not disabling their network connection anymore, however when I do it the game process just exits with code 1280 before showing (or printing) anything.

Same problem here. Was fine yesterday. I was using caffe but the problem also occurs on vanilla 10.12. On the referenced GitHub issue, some people reported success by not disabling their network connection anymore, however when I do it the game process just exits with code 1280 before showing (or printing) anything.
infine commented 3 months ago

I managed to run it without errors without disconnecting the internet using proton experimental via steam setting up genshin as a 3rd party application

I managed to run it without errors without disconnecting the internet using proton experimental via steam setting up genshin as a 3rd party application
Krock commented 3 months ago
Owner

Can confirm that starting it directly from Steam works.

Proton: 1753369568 experimental-10.0-20250724b

Log level: WINEDEBUG=+timestamp,+loaddll,-sync,-seh

Outside of Steam: Crash upon startup

27.644:00e4:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFFFFFFFFFA, 0000000000AEFF50
27.874:00e0:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\dxgi.dll" at 00006FFFFC5E0000: native
27.875:00e0:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\POWRPROF.dll" at 00006FFFFC5C0000: builtin
27.875:00e0:trace:loaddll:build_module Loaded L"Z:\\MHYPBase.dll" at 00006FFFFC8A0000: native
29.038:00e0:fixme:ntdll:NtQuerySystemInformation SystemCodeIntegrityInformation, size 8, info 0x11e400, stub!
29.038:00e0:fixme:advapi:GetCurrentHwProfileA (000000000011E220) semi-stub
^^^ last common log line
29.054:0048:err:service:validate_context_handle Access denied - handle created with access 34, needed 10000
29.419:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\winedevice.exe" at 0000000140000000: builtin
29.420:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\kernelbase.dll" at 00006FFFFFC00000: builtin
29.421:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\kernel32.dll" at 00006FFFFFEC0000: builtin
29.422:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\msvcrt.dll" at 00006FFFFFAF0000: builtin
29.423:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\ucrtbase.dll" at 00006FFFFF9E0000: builtin
29.423:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\sechost.dll" at 00006FFFFFAC0000: builtin
29.424:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\advapi32.dll" at 00006FFFFFBA0000: builtin
29.424:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\ntoskrnl.exe" at 00006FFFFF7E0000: builtin
29.431:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\rpcrt4.dll" at 00006FFFFF900000: builtin
29.442:0118:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\HAL.DLL" at 00006FFFFC5A0000: builtin
29.442:0118:err:module:import_dll Library WDFLDR.SYS (which is needed by L"C:\\windows\\system32\\HoYoKProtect.sys") not found
29.444:0118:err:ntoskrnl:ZwLoadDriver failed to create driver L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\HoYoProtect": c0000142
29.611:00f4:fixme:ntdll:NtRaiseHardError 0x50000018 4 0x3 0xeefb60 0 0xeef9e8: stub
29.611:00f4:err:virtual:virtual_setup_exception stack overflow 1792 bytes addr 0x6ffffff6723a stack 0xdf0900 (0xdf0000-0xdf1000-0xef0000)
39.628:0138:fixme:ntdll:NtRaiseHardError 0x50000018 4 0x3 0xcefd70 0 0xcefd60: stub

Start from Steam: (identical WINEPREFIX) Starts up. driverError.log is not updated, and the rootkit is not attempted to load. However, the CPU usage is unreasonably high.

49.919:0144:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFFFFFFFFFA, 0000000000ACFF50
50.117:013c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\dxgi.dll" at 00006FFFFC040000: native
50.118:013c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\POWRPROF.dll" at 00006FFFFC020000: builtin
50.118:013c:trace:loaddll:build_module Loaded L"Z:\\MHYPBase.dll" at 00006FFFFC300000: native
51.276:013c:fixme:ntdll:NtQuerySystemInformation SystemCodeIntegrityInformation, size 8, info 0x11e400, stub!
51.276:013c:fixme:advapi:GetCurrentHwProfileA (000000000011E220) semi-stub
^^^ last common log line
51.327:016c:fixme:ntdll:NtPowerInformation semi-stub: SystemPowerCapabilities
51.327:013c:trace:loaddll:build_module Loaded L"c:\\windows\\system32\\winex11.drv" at 00006FFFFDF90000: builtin
51.359:013c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\uxtheme.dll" at 00006FFFFDF40000: builtin
51.399:0190:fixme:thread:NtQueryInformationThread info class 21 not supported yet
51.404:0190:fixme:thread:NtQueryInformationThread info class 21 not supported yet
51.408:0190:fixme:thread:NtQueryInformationThread info class 21 not supported yet
51.420:013c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\PSAPI.DLL" at 00006FFFFBD80000: builtin
51.420:013c:trace:loaddll:build_module Loaded L"Z:\\GenshinImpact_Data\\Plugins\\Astrolabe.dll" at 00006FFFFBDA0000: native
51.435:01bc:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFFFFFFFFFA, 00000000031BFF50
51.439:019c:fixme:cryptasn:CryptDecodeObjectEx Unsupported decoder for lpszStructType 1.3.6.1.4.1.311.2.1.4
51.440:019c:fixme:cryptasn:CryptDecodeObjectEx Unsupported decoder for lpszStructType 1.3.6.1.4.1.311.2.1.4
51.440:01bc:fixme:file:NtLockFile I/O completion on lock not implemented yet
51.466:0178:fixme:file:NtQueryObject Unsupported information class 20973840
51.470:0178:fixme:file:NtQueryObject Unsupported information class 20973888

Differences from start within Steam vs from outside:

  • steam.exe is loaded
  • start.exe is not used
  • Loaded DLLs (likely steam.exe dependencies): cabinet.dll, imm32.dll, rpcrt4.dll, combase.dll, coml2.dll, ole32.dll, oleaut32.dll, oleacc.dll, comctl32.dll, bcrypt.dll, crypt32.dll, dbghelp.dll, imagehlp.dll, mspatcha.dll, odbccp32.dll, sxs.dll, mpr.dll, ws2_32.dll, wininet.dll, urlmon.dll, version.dll, wintrust.dll. msi.dll, explorer.exe
  • Not loaded DLLs (likely start.exe dependencies): conhost.exe
  • winebth.sys fails to load
  • tabtip.exe is loaded
  • xalia.exe is loaded
  • lsteamclient.dll is loaded (briefly)
  • vrclient_x64.dll is loaded (briefly)
  • In Steam: ntlm:ntlm_LsaApInitializePackage no NTLM support, expect problems

Currently trying to narrow down the exact difference between these two. Note: The test report of any in-game error message will follow.

EDIT: It has to be exactly wine64 "c:\windows\system32\steam.exe" GAMEEXECUTABLENAME.exe (optional arguments). wine or steam.exe (no path) will not work.

Can confirm that starting it directly from Steam works. Proton: `1753369568 experimental-10.0-20250724b` Log level: `WINEDEBUG=+timestamp,+loaddll,-sync,-seh` **Outside of Steam:** Crash upon startup ``` 27.644:00e4:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFFFFFFFFFA, 0000000000AEFF50 27.874:00e0:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\dxgi.dll" at 00006FFFFC5E0000: native 27.875:00e0:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\POWRPROF.dll" at 00006FFFFC5C0000: builtin 27.875:00e0:trace:loaddll:build_module Loaded L"Z:\\MHYPBase.dll" at 00006FFFFC8A0000: native 29.038:00e0:fixme:ntdll:NtQuerySystemInformation SystemCodeIntegrityInformation, size 8, info 0x11e400, stub! 29.038:00e0:fixme:advapi:GetCurrentHwProfileA (000000000011E220) semi-stub ^^^ last common log line 29.054:0048:err:service:validate_context_handle Access denied - handle created with access 34, needed 10000 29.419:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\winedevice.exe" at 0000000140000000: builtin 29.420:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\kernelbase.dll" at 00006FFFFFC00000: builtin 29.421:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\kernel32.dll" at 00006FFFFFEC0000: builtin 29.422:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\msvcrt.dll" at 00006FFFFFAF0000: builtin 29.423:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\ucrtbase.dll" at 00006FFFFF9E0000: builtin 29.423:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\sechost.dll" at 00006FFFFFAC0000: builtin 29.424:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\advapi32.dll" at 00006FFFFFBA0000: builtin 29.424:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\ntoskrnl.exe" at 00006FFFFF7E0000: builtin 29.431:010c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\rpcrt4.dll" at 00006FFFFF900000: builtin 29.442:0118:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\HAL.DLL" at 00006FFFFC5A0000: builtin 29.442:0118:err:module:import_dll Library WDFLDR.SYS (which is needed by L"C:\\windows\\system32\\HoYoKProtect.sys") not found 29.444:0118:err:ntoskrnl:ZwLoadDriver failed to create driver L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\HoYoProtect": c0000142 29.611:00f4:fixme:ntdll:NtRaiseHardError 0x50000018 4 0x3 0xeefb60 0 0xeef9e8: stub 29.611:00f4:err:virtual:virtual_setup_exception stack overflow 1792 bytes addr 0x6ffffff6723a stack 0xdf0900 (0xdf0000-0xdf1000-0xef0000) 39.628:0138:fixme:ntdll:NtRaiseHardError 0x50000018 4 0x3 0xcefd70 0 0xcefd60: stub ``` **Start from Steam:** (identical WINEPREFIX) Starts up. `driverError.log` is not updated, and the rootkit is not attempted to load. However, the CPU usage is unreasonably high. ``` 49.919:0144:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFFFFFFFFFA, 0000000000ACFF50 50.117:013c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\dxgi.dll" at 00006FFFFC040000: native 50.118:013c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\POWRPROF.dll" at 00006FFFFC020000: builtin 50.118:013c:trace:loaddll:build_module Loaded L"Z:\\MHYPBase.dll" at 00006FFFFC300000: native 51.276:013c:fixme:ntdll:NtQuerySystemInformation SystemCodeIntegrityInformation, size 8, info 0x11e400, stub! 51.276:013c:fixme:advapi:GetCurrentHwProfileA (000000000011E220) semi-stub ^^^ last common log line 51.327:016c:fixme:ntdll:NtPowerInformation semi-stub: SystemPowerCapabilities 51.327:013c:trace:loaddll:build_module Loaded L"c:\\windows\\system32\\winex11.drv" at 00006FFFFDF90000: builtin 51.359:013c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\uxtheme.dll" at 00006FFFFDF40000: builtin 51.399:0190:fixme:thread:NtQueryInformationThread info class 21 not supported yet 51.404:0190:fixme:thread:NtQueryInformationThread info class 21 not supported yet 51.408:0190:fixme:thread:NtQueryInformationThread info class 21 not supported yet 51.420:013c:trace:loaddll:build_module Loaded L"C:\\windows\\system32\\PSAPI.DLL" at 00006FFFFBD80000: builtin 51.420:013c:trace:loaddll:build_module Loaded L"Z:\\GenshinImpact_Data\\Plugins\\Astrolabe.dll" at 00006FFFFBDA0000: native 51.435:01bc:fixme:kernelbase:AppPolicyGetThreadInitializationType FFFFFFFFFFFFFFFA, 00000000031BFF50 51.439:019c:fixme:cryptasn:CryptDecodeObjectEx Unsupported decoder for lpszStructType 1.3.6.1.4.1.311.2.1.4 51.440:019c:fixme:cryptasn:CryptDecodeObjectEx Unsupported decoder for lpszStructType 1.3.6.1.4.1.311.2.1.4 51.440:01bc:fixme:file:NtLockFile I/O completion on lock not implemented yet 51.466:0178:fixme:file:NtQueryObject Unsupported information class 20973840 51.470:0178:fixme:file:NtQueryObject Unsupported information class 20973888 ``` Differences from start within Steam vs from outside: * `steam.exe` is loaded * `start.exe` is not used * Loaded DLLs (likely `steam.exe` dependencies): `cabinet.dll`, `imm32.dll`, `rpcrt4.dll`, `combase.dll`, `coml2.dll`, `ole32.dll`, `oleaut32.dll`, `oleacc.dll`, `comctl32.dll`, `bcrypt.dll`, `crypt32.dll`, `dbghelp.dll`, `imagehlp.dll`, `mspatcha.dll`, `odbccp32.dll`, `sxs.dll`, `mpr.dll`, `ws2_32.dll`, `wininet.dll`, `urlmon.dll`, `version.dll`, `wintrust.dll`. `msi.dll`, `explorer.exe` * *Not loaded DLLs* (likely `start.exe` dependencies): `conhost.exe` * `winebth.sys` fails to load * `tabtip.exe` is loaded * `xalia.exe` is loaded * `lsteamclient.dll` is loaded (briefly) * `vrclient_x64.dll` is loaded (briefly) * In Steam: `ntlm:ntlm_LsaApInitializePackage no NTLM support, expect problems` Currently trying to narrow down the exact difference between these two. Note: The test report of any in-game error message will follow. EDIT: It has to be exactly `wine64 "c:\windows\system32\steam.exe" GAMEEXECUTABLENAME.exe (optional arguments)`. `wine` or `steam.exe` (no path) will not work.
demicorn commented 3 months ago
Poster

https://github.com/NelloKudo/Wine-Builds/releases/tag/wine-tkg-aagl-v10.12-2

The issue has been fixed in this version. Tested in lutris.

https://github.com/NelloKudo/Wine-Builds/releases/tag/wine-tkg-aagl-v10.12-2 The issue has been fixed in this version. Tested in lutris.
mkrsym1 commented 3 months ago

This patch specifically https://github.com/NelloKudo/Wine-Builds/blob/wine-tkg-aagl-v10.12-2/patches/0001-HACK-kernelbase-Report-steam.exe-as-parent-process-w.patch , just lie that a steam.exe definitely exists.

It appears like they are now explicitly checking for Steam to allow launching without the driver. Well, at least not Deck hardware check.

This patch specifically https://github.com/NelloKudo/Wine-Builds/blob/wine-tkg-aagl-v10.12-2/patches/0001-HACK-kernelbase-Report-steam.exe-as-parent-process-w.patch , just lie that a steam.exe definitely exists. It appears like they are now explicitly checking for Steam to allow launching without the driver. Well, at least not Deck hardware check.
Krock commented 3 months ago
Owner

Thank you for letting me know.

I might have found another clue in the meantime: Depending on the payload in the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HoYoProtect, the game might still attempt to load the driver, thus raising a hard fault (exit). For those affected by this issue I would recommend to remove or rename this key and retry. EDIT: DO NOT PERFORM ANY OTHER REGISTRY MANIPULATIONS. SEE COMMENT FROM mkrsym1 BELOW.

EDIT: One hot path is revealed by +seh, where a newly spawned thread (0160) repeatedly runs into NtCreateTimer access violations (Wine issue?).

10.106:0130:trace:loaddll:build_module Loaded L"XXXXXXX\\MHYPBase.dll" at 00006FFFFC250000: native

11.342:0160:trace:seh:sigsys_handler SIGSYS, rax 0x33, rip 0x6ffffc5e5dbf.
11.342:0160:trace:seh:handle_syscall_fault code=c0000005 flags=0 addr=0x7f3500f6ec13 ip=7f3500f6ec13 tid=0160
11.342:0160:trace:seh:handle_syscall_fault  info[0]=0000000000000001
11.342:0160:trace:seh:handle_syscall_fault  info[1]=0000000000000000
11.342:0160:trace:seh:handle_syscall_fault  rax=0000000000000033 rbx=00007f3500fb48c0 rcx=00006fffffed4ab0 rdx=0000000000755bd0
11.342:0160:trace:seh:handle_syscall_fault  rsi=000000000241ff40 rdi=0000000000000000 rbp=00000001009fe9b0 rsp=00000001009fe8d0
11.342:0160:trace:seh:handle_syscall_fault   r8=0000000000000000  r9=0000000000000000 r10=00007f3500fb35a0 r11=000000000241ff40
11.342:0160:trace:seh:handle_syscall_fault  r12=0000000000000000 r13=0000000000000000 r14=0000000000000001 r15=000000000241fef0
11.342:0160:warn:seh:handle_syscall_fault backtrace: --- Exception 0xc0000005 at 0x7f3500f6ec13: XXXXXX/lib/wine/x86_64-unix/ntdll.so + 0x58c13 (NtCreateTimer + 0x13).
11.342:0160:warn:seh:dwarf_virtual_unwind backtrace: 0x7f3500f6ec13: XXXXXX/lib/wine/x86_64-unix/ntdll.so + 0x58c13 (NtCreateTimer + 0x13).
11.342:0160:warn:seh:dump_syscall_fault backtrace: __wine_syscall_dispatcher.
11.342:0160:warn:seh:dump_syscall_fault backtrace: returning to user mode ip=00006ffffc5e5dbf ret=c0000005
Thank you for letting me know. I might have found another clue in the meantime: Depending on the payload in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HoYoProtect`, the game might still attempt to load the driver, thus raising a hard fault (exit). For those affected by this issue I would recommend to remove or rename this key and retry. EDIT: **DO NOT PERFORM ANY OTHER REGISTRY MANIPULATIONS. SEE COMMENT FROM mkrsym1 BELOW**. --- EDIT: One hot path is revealed by `+seh`, where a newly spawned thread (0160) repeatedly runs into `NtCreateTimer` access violations (Wine issue?). ``` 10.106:0130:trace:loaddll:build_module Loaded L"XXXXXXX\\MHYPBase.dll" at 00006FFFFC250000: native 11.342:0160:trace:seh:sigsys_handler SIGSYS, rax 0x33, rip 0x6ffffc5e5dbf. 11.342:0160:trace:seh:handle_syscall_fault code=c0000005 flags=0 addr=0x7f3500f6ec13 ip=7f3500f6ec13 tid=0160 11.342:0160:trace:seh:handle_syscall_fault info[0]=0000000000000001 11.342:0160:trace:seh:handle_syscall_fault info[1]=0000000000000000 11.342:0160:trace:seh:handle_syscall_fault rax=0000000000000033 rbx=00007f3500fb48c0 rcx=00006fffffed4ab0 rdx=0000000000755bd0 11.342:0160:trace:seh:handle_syscall_fault rsi=000000000241ff40 rdi=0000000000000000 rbp=00000001009fe9b0 rsp=00000001009fe8d0 11.342:0160:trace:seh:handle_syscall_fault r8=0000000000000000 r9=0000000000000000 r10=00007f3500fb35a0 r11=000000000241ff40 11.342:0160:trace:seh:handle_syscall_fault r12=0000000000000000 r13=0000000000000000 r14=0000000000000001 r15=000000000241fef0 11.342:0160:warn:seh:handle_syscall_fault backtrace: --- Exception 0xc0000005 at 0x7f3500f6ec13: XXXXXX/lib/wine/x86_64-unix/ntdll.so + 0x58c13 (NtCreateTimer + 0x13). 11.342:0160:warn:seh:dwarf_virtual_unwind backtrace: 0x7f3500f6ec13: XXXXXX/lib/wine/x86_64-unix/ntdll.so + 0x58c13 (NtCreateTimer + 0x13). 11.342:0160:warn:seh:dump_syscall_fault backtrace: __wine_syscall_dispatcher. 11.342:0160:warn:seh:dump_syscall_fault backtrace: returning to user mode ip=00006ffffc5e5dbf ret=c0000005 ```
ElecDashi commented 3 months ago

If only EU is affected and co-op also gets banned it could mean that they want to improve their anti-cheat because of this one cheater who is/was very active in EU and cheated in co-op

HoYo definitely knows about them because they do give you the option to reset the Purveyor of Punishment achievement now since a lot of people complained to CS about the cheater making everyone deal 20 mil DMG 

If only EU is affected and co-op also gets banned it could mean that they want to improve their anti-cheat because of this one cheater who is/was very active in EU and cheated in co-op HoYo definitely knows about them because they do give you the option to reset the Purveyor of Punishment achievement now since a lot of people complained to CS about the cheater making everyone deal 20 mil DMG 
Krock commented 3 months ago
Owner

Findings so far:

  1. Found DRV_IsWineCompatible in heap. There are no such references online, thus I would assume this originates from mhypbase.dll.
  2. The security file is of the XML format.
    • It was encoded using extra-salted base64. I cannot get it do decode past the first index using naive A-z0-9$! random pattern swapping.
    • This file contains flags to change the behaviour of mhypbase.dll.
    • Newer files (with the CPU overhead) contain an extra payload which I yet cannot decypher more values set to 1000.
    • I hope it is helpful to anyone: https://litter.catbox.moe/8z2tw9n0q78e9krv.7z . sha256: 2afa646f2376355b498fb331292cd907d24cca63a17c4cbb13d17481654635ed (expires in 3 days)
    • EDIT: The tailing data might be garbage, originating from reading out-of-bounds.

EDIT2: The previous upload was broken. Replaced it.

EDIT 2025-08-10: The base64 encoded equivalent and this file do not have the same entropy (i.e. compression ratio), which mean they are salted by XOR (array), or an encryption key.

Findings so far: 1. Found `DRV_IsWineCompatible` in heap. There are no such references online, thus I would assume this originates from `mhypbase.dll`. 2. The security file is of the XML format. * It was encoded using extra-salted base64. I cannot get it do decode past the first index using naive `A-z0-9$!` random pattern swapping. * This file contains flags to change the behaviour of `mhypbase.dll`. * Newer files (with the CPU overhead) contain ~~an extra payload which I yet cannot decypher~~ more values set to `1000`. * I hope it is helpful to anyone: https://litter.catbox.moe/8z2tw9n0q78e9krv.7z . sha256: `2afa646f2376355b498fb331292cd907d24cca63a17c4cbb13d17481654635ed` (expires in 3 days) * EDIT: The tailing data might be garbage, originating from reading out-of-bounds. EDIT2: The previous upload was broken. Replaced it. EDIT 2025-08-10: The base64 encoded equivalent and this file do not have the same entropy (i.e. compression ratio), which mean they are salted by XOR (array), or an encryption key.
mkrsym1 commented 3 months ago

Big warning: messing with the driver registry key can get you a ban of 50 years. We currently have 2 cases (although not very clean, there was other fun stuff like lsfg-vk). All at your own (huge) risk.

Big warning: messing with the driver registry key can get you a ban of 50 years. We currently have 2 cases (although not very clean, there was other fun stuff like lsfg-vk). All at your own (huge) risk.
Krock commented 3 months ago
Owner

Moved this repository to https://codeberg.org/Krock/dawn/ to have more reliable access and give newcomers a chance to leave a comment here.

Moved this repository to https://codeberg.org/Krock/dawn/ to have more reliable access and give newcomers a chance to leave a comment here.
Sign in to join this conversation.
Labels
Clear labels
@ AMD @ Input @ Intel @ Network @ NVIDIA @ Setup MacOS Meta Obscure Other game Q + A Suggestion Task Troubleshooting Windows
No Label
@ AMD
@ Input
@ Intel
@ Network
@ NVIDIA
@ Setup
MacOS
Meta
Obscure
Other game
Q + A
Suggestion
Task
Troubleshooting
Windows
Milestone
Clear milestone
No Milestone
Assignee
Clear assignee
No assignee
6 Participants
Write Preview
Loading...
Cancel
Save
There is no content yet.