#7 WARNING! BAN WAVE!

I am not currently aware of the details, but the Company seems to have banned some users. If you are affected by this, please share any possibly relevant information.

This seems to not affect the EU server. This seems to be especially prominent on the Asia server.

25.05 10:00 UTC: EU ban wave has started

25.05 16:00 UTC: NA ban wave has started

Leading theory: an RCE Lua script has been sent out by the server, which might have incorrectly detcted the patch as an injected module. Fixed with the experimental mitigation.

Bans seem to be collateral damage from targeting a specific cheat.

After analyzing the Lua script, I might have found the potential trigger. Am working on new mitigations.

New mitigations released. Please uninstall the old patch, and follow all instructions in the readme exactly to install the new one. Warning: I have not been able to identify all triggers yet, and slightest user error is enough for a ban. Please only use testing accounts.

Released experimental mitigation with 5f19b5aa0b . Very dangerous. Use only if you wish to sacrifice your account Do not use. Experimental mitigation did not cover all checks

I got banned, I sent an email to SC asking what triggered the ban as I use multiple devices to play, let's see if I can get something useful (that I doubt).

Regards.

Last night I returned to Windows, while playing on the phone in parallel. This morning and afternoon, both from the phone and from the PC, everything worked fine, now I tried to log in - I received a Ban for a week (until June 1, 14:52), the reason indicated "use of third-party plug-ins". Waiting for a response from support with details

I logged in via Windows just now and it seems my own account is still active (NA). The last time I logged in via Linux probably would've been around 13:30 UTC.

I suppose I won't be logging in via Linux anymore for the time being, as I don't want to risk my account.

Let us know if there's a way we can help test mitigations or anything else.

Got banned too for a week. I won't be able to play until June 1, 2023 it seems. Ah well, time to dual boot with Windows again it seems.

Released experimental mitigations. Please only use test accounts

https://notabug.org/mkrsym1/astra/src/mitigations

Interesting, my account is still active. I logged in and played on my iPhone fine just now, no ban, but I can't test on my PC anytime soon because it actually just died a few days ago. But to be honest, for awhile I kind of abandoned Star Rail when PGR got ported to PC, so maybe I avoided the detection script just by not playing for awhile, and then my PC died.

Warning: EAC/BattlEye runtimes might trigger a ban. I will not explain the truly comedic process through which that happens, but I will warn you: make sure that you have them disabled.

I tested the patch with the new mitigations on a test account. Played fresh from the start of the game for about 20 minutes, logged out and in again, made sure everything worked. No ban.

Arch Linux, zen kernel 6.3.2, wine lutris-ge-proton-8.4, dxvk 2.2, AMD cpu/gpu.

Mitiagtions seem to be working so far. Still, please only use testing accounts and report any bans here.

Please include the steps you went through to install the updated patch, how you were launching the game and the output of

find /game/directory -name '*.exe' -o -name '*.dll' -o -name '*.sys'

with ban reports.

I've played for a few days on a game start using this patch, then abandoned the game for a bit. Logged in yesterday from an Android device, no ban.

@Alex72 Bans are related to the script that the Company dispatched about May 8th, so that is to be expected.

Ban waves continue, mitigations proven unsafe. It seems like I'll have to radically change the patching process.

I've checked my accounts. My testing account received a 7 day ban. My main account still seems to be untouched. The only difference between the two that I can think of is that the main account isn't f2p, so it's possible that that's something that's taken into account as part of the ban criteria.

Best of luck on figuring a way around all of this.

@saturn I got a 7 days ban as well and my account is not f2p also, so probably not related

I've got banned also for 7 days. I've played the last weekend using the latest mitigations patch. Best of luck and thanks mkrsym for taking your time for us! I hope you find a way! I'm really enjoying this game.

I've been playing without the mitigations patch until last Friday i think. When i figured out about the ban wave, I've uninstalled the previous patch with the uninstall.sh script and then installed the newer one using the instructions provided here.

This is my current log, i hope it helps somehow.

$ find "/media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR" -name '*.exe' -o -name '*.dll' -o -name '*.sys' /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/UnityPlayer.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/ACE-BASE.sys /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/GameAssembly.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/UnityCrashHandler64.exe /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRailBase.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/TVMBootstrap.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/AntiCheatExpert/InGame/x64/ACE-DRV64.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail.exe /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/Astrolabe.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/vulkan-1.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/ZFEmbedWeb.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/libEGL.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/kcp.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/chrome_elf.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/xlua.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/InControlNative.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/d3dcompiler_47.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/libGLESv2.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/AkWaapiClient.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/XInputInterface64.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/cri_ware_unity.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/zf_cef.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/Telemetry.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/ZFProxyWeb.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/cri_mana_vpx.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/MiHoYoMTRSDK.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/NamedPipeClient.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/MiHoYoSDKUploader.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/MTBenchmark_Windows.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/ZFGameBrowser.exe /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/crashreport.exe /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/vk_swiftshader.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/mailbox.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/AkSoundEngine.dll /media/pacapaw/Datos/Juegos/Honkai Star Rail/HSR/StarRail_Data/Plugins/x86_64/hpatch.dll

Should we continue playing after the ban lifts? Or maybe we should wait for another patch?

Hoyo really is going all out with this. Can't they just server-side all the game's systems? This is way too aggressive.

@Yukimana Yes, this is indeed extremely aggressive. Current potential trigger list (things that get sent back to the server by the script):

• Foreign .exe/.dll/.sys anywhere the game directory
• Foreign modules attached to the game process
• Parent process file path and file checksum
• Signatures of all loaded modules (includes system libraries, reports empties on Wine, probably the thing that gets you banned). They are also matched against a list of "valid publishers" defined in the script
• Currently running process list
• Values from three specific memory locations (targeted at a particular cheat, patch doesn't modify those)
• [Asia-specific] Five more memory locations (not modified by the patch either)

None of these seem to be specifically targeted at Wine, and the bans are probably a side effect of the signature one.

I have also seen numerous reports of people being banned for Reshade, and even an unconfirmed report of someone getting banned for running Razer Synapse.

idk if it would be helpful with the last 1.1 update hsr now connects to cheatexpert.com to download its dll file in /Games/AnticheatExrert

Hey! What's the progress on everything? Any chances to play 1.1 in few days?

@CODIC #11. I am currently testing out a new approach, that would allow launching without any on-disk file modifications. I've only implemented it for HI3 yet.

You can take a look at this repository: https://codeberg.org/mkrsym1/jadeite

Development moved to the abovementioned repository. Report bans in mkrsym1/jadeite#1

@mkrsym1 okay. thank u very much for your work!

Closing as this patch was marked legacy