PDA

View Full Version : Understanding the risks of Boontybox (with your brain!)



A.K.Davis
05-01-2006, 05:09 PM
Thanks to Mazex at SimHQ.

Hi!

As a lot of potential buyers are concerned about Boontybox that is used to distribute the PE-2 addon I did a quick analysis of it and found out the following (which may naturally be proven otherwise - please do (I know you will )).

On my computer which has about 15 games installed it only identifies ONE game and that is IL2. I have amongst other games Silent Hunter 3 which is a UBI game (and yes thats the one with Starforce which works like a charm on my PC even though I really don't like it). It does not identify SHIII, Lock On, Battlefield 2, F1 Challenge 99-02, Oblivion, CMBB, SPWAW or WinSPMBT etc...

It looks like it uses the easy to read xml-files BoontyGames.xml and OtherGames.xml in <sysdrive>:\Program Files\Boonty\BoontyBox\Data to identify games that they distribute while scanning and none of my other games are there (accept the "default" windows "games"). I have been running a number of scans while snooping the network traffic with Ethereal and it sends no data after scanning. If you choose "Update" (the Boonty software) it makes a number of http gets that seems fair. Besides it seems like it only scans your "Program Files" directory... That is nice for people that do not whant their drivers scanned but makes the installer mess up if you have not installed to the default directory. I hadn't and that made the installation fail as it couldn't even find my IL2 installation!

The games it has identified are under HKEY_LOCAL_MACHINE\SOFTWARE\Boonty like this (regedit export). It did not find IL2 first either as it was not under "Program Files" and did not save this info until I had executed the installer manually:

[HKEY_LOCAL_MACHINE\SOFTWARE\Boonty]

[HKEY_LOCAL_MACHINE\SOFTWARE\Boonty\B4103000]
"intIdMetaGame"=dword:000007b5
"szGameLang"="en"
"szGameName"="IL2 Forgotten Battles - PE-2"
"intIdGame"=dword:0001d596
"szFile2"="Pe-2_2.mis"
"szOutDirectory"="C:\\GAMES\\IL-2\\Missions\\Single\\RU\\Pe-2\\"
"szFile1"="Pe-2_1.mis"

[HKEY_LOCAL_MACHINE\SOFTWARE\Boonty\Common Install]

[HKEY_LOCAL_MACHINE\SOFTWARE\Boonty\Common Install\Shared Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Boonty\Common Install\Shared Service\B4103000]
"IL2 Forgotten Battles - PE-2"=hex(7):32,00 <etc...>

[HKEY_LOCAL_MACHINE\SOFTWARE\Boonty\Games]

[HKEY_LOCAL_MACHINE\SOFTWARE\Boonty\Games\{B56687A4-6EF1-449B-A5EA-21230942FEDA}]
"site"="en"
"hour"="204545"
"date"="20060428"
"version"="2.0"
"path"="C:\\GAMES\\IL-2"
"name"="IL2 Forgotten Battles - PE-2"
"fullpath"="C:\\GAMES\\IL-2\\il2fb.exe"
"intIdMetagame"=dword:000007b5

[HKEY_LOCAL_MACHINE\SOFTWARE\Boonty\Licenses]

[HKEY_LOCAL_MACHINE\SOFTWARE\Boonty\Licenses\Boonty Games]
@=hex:58,12 <etc...>

[HKEY_LOCAL_MACHINE\SOFTWARE\Boonty\PandoraBox]
"Version"="1.1.1.34"
"Path"="C:\\Program\\Boonty\\BoontyBox\\BoontyBox.exe"
"fr"="C:\\Program\\Boonty\\BoontyBox\\Languages\\boontyb ox_fr.xml"
"en"="C:\\Program\\Boonty\\BoontyBox\\Languages\\boontyb ox_en.xml"
"de"="C:\\Program\\Boonty\\BoontyBox\\Languages\\boontyb ox_de.xml"
"it"="C:\\Program\\Boonty\\BoontyBox\\Languages\\boontyb ox_es.xml"
"us"="C:\\Program\\Boonty\\BoontyBox\\Languages\\boontyb ox_us.xml"
"nl"="C:\\Program\\Boonty\\BoontyBox\\Languages\\boontyb ox_nl.xml"
"Languages"="en"

It also uses some other registry keys which all seem fair enough for an application like this (under HKEY_CURRENT_USER and the installed service etc). In no way does it seem to be done to be hard to interpret the registry values...

It has some other data in the xml file directory and everything seems very much like it's done to make the application as transparent as possible (not at all like Spyware applications).

If you go to http://www.boonty.com/ it seems very obvious that what they are trying to make money of is to make it easy for people to buy, download and install games via their application. In the EULA it says that they will NOT SELL the information they gather to third parties. Why should they really, and who would be interested?

Then we have the issue with il2fb.exe starting the Boonty.exe application and BontyGame.0001 after starting IL2 (even if you have unistalled Boontybox and deleted Boonty.exe from "shared files"). They have injected some small piece of code into il2fb.exe that calls "FLEXnet Activation Service Installer.dll" that has been installed in your IL2 directory as well. Try rename that file and see what happens... That annoys me but whatever, it seems to be done to verify that you have paid for your copy of the game. When running Ethereal to see if it sends any information after starting IL2 (and thus Boonty.exe) I found that it does not "phone home" or such. I guess it checks that you have license to the application and updated the "last played" date - but it does not send that to anyone else. It is however annoying that it only kills BontyGame.0001 after IL2 has finished but leaves the service Boonty.exe running (even if you have said that you don't want that). I guess it's just cheesy programming as services are running in separate threads and may be a bit difficult "to talk to" sometimes... The whole issue with this is really not that big as it does not "phone home" and the Boonty.exe comsumes nada resources...

Conclusion:

They scan your drive to see if you have any of the games that THEY sell so that you may download patches etc for them (or buy add-ons ). They in no way seem interested in what other games you have or other applications (thats why the scan only found ONE game on my PC, they just don't care about the others).

It's really no big deal. Their goal is to make this application accessible so that you go to their web page and download other games (at rather nice prices). They use the "try it before you buy it" which seems to eliminate one of the excuses you hear about why rather decent people download pirated versions of games (they had no demo...).

IN NO WAY DOES IT SEEM LIKE THEY SCAN YOUR DRIVE TO SELL INFORMATION ABOUT YOUR SYSTEM TO OTHERS! They make money from selling other games in an easy way to existing customers...

Please add further stuff you have found out while looking at this application! I really feel like it's rather harmless and I really hope that as many as possible buy all the add-ons to keep Oleg and the guys afloat while finishing BoB!

In no way am I associated with UBI and I don't like them more than any other publisher. Name one publisher that you actually like? Maybe Matrix games... There are at the other hand a number of publishers that I like less... Think about EA publishing IL2. They would have released one or two patches after IL2 1.0 and then cut the funds for any further development.

The only way I'm biased is that I want BoB badly...

S! Mazex

A.K.Davis
05-01-2006, 05:11 PM
P.S. I demand that Hemorrhoids be spelled correctly in my forum title! :P

danjama
05-01-2006, 05:28 PM
lol

thanks for postin that here, maybe people will stop crying now.

steve_v
05-01-2006, 05:56 PM
Originally posted by A.K.Davis:
P.S. I demand that Hemorrhoids be spelled correctly in my forum title! :P Correction made. http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif

Also, a very good post. Informative, easy to understand, and provides enough insight for any person to make an informed decision on downloading Pe-2.

georgeo76
05-01-2006, 07:50 PM
Have you been hurt at work? Got asbestoses? Taken Vioxx? Has a mod changed altered your account in any way w/o your express approval and consent? If so, you may be entitled to compensation under the law. Hi, my name is Dexter Chestwood P.A. and I will FIGHT FOR YOU!

Remember, the law limits the time you have to file, so give us at Chestwood, Chestwood, Chestwood, and Diggler a call today!



Originally posted by A.K.Davis:
P.S. I demand that Hemorrhoids be spelled correctly in my forum title! :P

Targ
05-01-2006, 07:53 PM
Originally posted by A.K.Davis:
P.S. I demand that Hemorrhoids be spelled correctly in my forum title! :P

Sorry http://forums.ubi.com/groupee_common/emoticons/icon_confused.gif

Thanks for helping spread the word http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif

AKA_TAGERT
05-01-2006, 09:15 PM
Originally posted by georgeo76:
Have you been hurt at work? Got asbestoses? Taken Vioxx? Has a mod changed altered your account in any way w/o your express approval and consent? If so, you may be entitled to compensation under the law. Hi, my name is Dexter Chestwood P.A. and I will FIGHT FOR YOU!

Remember, the law limits the time you have to file, so give us at Chestwood, Chestwood, Chestwood, and Diggler a call today! ROTFL!

Popey109
05-01-2006, 10:03 PM
LOL! Well, one test by one person dosnt really prove anything. Many people had no problem with starforce, just like some people dont seem to have any problems with Boontys FB+Pe exe. but others do...whitch is why I havent got the Pe addon yet. Still hopeing ubi will fix it http://forums.ubi.com/images/smilies/compsmash.gif

georgeo76
05-01-2006, 10:54 PM
Ok, so what your saying is that before you will abandon the supposition, rumor, and anecdote you'll require absolute proof? ...Just so we're clear.

I don't see anyone who claims BB is harmful posting any evidence at all! But your right, the growing body of evidence doesn't conclusively prove anything.



Originally posted by Popey109:
LOL! Well, one test by one person dosnt really prove anything. Many people had no problem with starforce, just like some people dont seem to have any problems with Boontys FB+Pe exe. but others do...whitch is why I havent got the Pe addon yet. Still hopeing ubi will fix it http://forums.ubi.com/images/smilies/compsmash.gif

Targ
05-01-2006, 11:19 PM
My theory is that it is madness.
Some of these people have this desire to connect anything and everything in life and behind it is evil plots to control you or spy on you.
Caution and to a certain degree paranoia are common traits in all of us. What has happened is a classic example of mass hysteria, those that were drawn in at first have backed off after understanding that there pron collection and downloaded copy of photshop 7 were not exposed.
The borderline crazy people will only stop once peer pressure becomes to much, sort of like urban camo, the need to remain unspotted is strong as they live on the fringe and blending in makes them more functional.
The true nut jobs will never stop but move on to some other connection as this one will go to the back burner or there family has them commited again and they are forced to get back on the meds.
Yes, I am certain of this as the proof is all around me.
Go ahead, try and prove me wrong.

Popey109
05-02-2006, 12:57 AM
[QUOTE]Originally posted by georgeo76:
Ok, so what your saying is that before you will abandon the supposition, rumor, and anecdote you'll require absolute proof? ...Just so we're clear.

I don't see anyone who claims BB is harmful posting any evidence at all! But your right, the growing body of evidence doesn't conclusively prove anything.[QUOTE]


No deffrent than your blind faith in a program loaded without your concent!...So who's at greater risk? Anyway, I hope to get the addon soon, Boonty or no if ubi will correct some of the problems others seem to have had I'm more than happy to hand over my money. I just dont think I should have to go through a dog and pony show to make what I pay for work...neather should any of us including you. http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif

micksaf
05-02-2006, 02:25 AM
May be A.K.Davis should have told us (who have brain) that the one who wrote the quote is a MOD, whose "task" isn't specifically to deter people from buying the add-on....
Now even though Boonty thingie ain't dangerous it is TOTALLY USELESS at least for us customers, since Oleg gave Ubi the .exe with the add-on....and has no idea about this BB...
It is that useless that it does things in your six while you play online.....writes registry keys on your HD and it isn't that easy to delete from your system....
That's why I haven't downloaded PE2 so far, waiting for Ubi WHO SHOULD HAVE TOLD US ABOUT WHAT BB REALLY IS AND DOES BEFORE, to fix all the other known issues....and hoping this won't happen again for the next add-on

AWL_Spinner
05-02-2006, 03:23 AM
and hoping this won't happen again for the next add-on

Just hoping that the very visible way in which BB has been easily (*after initial trials) removed from people's systems doesn't drive Ubi back into the arms of nastier options like Starfarce. Then there really would be some whining!

BB's easily countered - if you're wavering, buy the Pe-2 addon and follow the instructions on Luthier's thread to clean your system afterwards, it's a short operation.

The Pe-2 is a lot of fun, don't cut off your nose to spite your face http://forums.ubi.com/groupee_common/emoticons/icon_smile.gif

FluffyDucks
05-02-2006, 04:21 AM
Its spelt haemorrhoids, bad job when even the moderators cant spell http://forums.ubi.com/groupee_common/emoticons/icon_rolleyes.gif

MrMoonlight
05-02-2006, 04:51 AM
Originally posted by FluffyDucks:
Its spelt haemorrhoids, bad job when even the moderators cant spell http://forums.ubi.com/groupee_common/emoticons/icon_rolleyes.gif

Actually, the mods are correct as they have used the correct American spelling. Of course, in the UK, your variation is the accepted spelling.

Just as I could have dinged you for using "spelt" instead of "spelled", but I realize that "spelt" is the common UK past tense of "spell", whereas "spelled" is the accepted American usage.

In any case, I don't think we need to get too picky about spelling here. For many folks, English isn't their native language, so we need to accept that fact that there are going to be mistakes. No biggie for me. If I can understand what somebody writes, I'm not going to get too upset if they misspell a word or let a participle or two dangle here or there. http://forums.ubi.com/images/smilies/16x16_smiley-wink.gif

Monguse
05-02-2006, 06:11 AM
Davis,

Excellent POST! This IS the information we need.

FluffyDucks
05-02-2006, 06:18 AM
Very funny moonlight....the clue is in the name ENGLISH, if the yanks cant be arsed to spell things correctly that is their lookout, but they can't then call it ENGLISH because it isn't, it is a DIALECT. http://forums.ubi.com/groupee_common/emoticons/icon_razz.gif
The correct spelling in ENGLISH is haemorrhoids http://forums.ubi.com/groupee_common/emoticons/icon_razz.gif http://forums.ubi.com/groupee_common/emoticons/icon_razz.gif

Popey109
05-02-2006, 07:33 AM
Thank you all for not beating me to "deth" for my poor speling and gramer! ti's enough I get my meaning across http://forums.ubi.com/images/smilies/11.gif Good news is it looks like ubi has understood the problem and will fix it http://forums.ubi.com/images/smilies/25.gif We can all put this behind us. I looking forward to supporting Oleg and flying the Pe...good days ahead http://forums.ubi.com/groupee_common/emoticons/icon_biggrin.gif

Low_Flyer_MkVb
05-02-2006, 09:57 AM
I call 'em 'piles'...saves a lot of potential misunderstanding, unless of course, you're talking to a Frenchman who will think you're referring to batteries (electric, not artillery). Just thought I'd help out here...

A.K.Davis
05-02-2006, 09:58 AM
Originally posted by micksaf:
May be A.K.Davis should have told us (who have brain) that the one who wrote the quote is a MOD, whose "task" isn't specifically to deter people from buying the add-on....
Now even though Boonty thingie ain't dangerous it is TOTALLY USELESS at least for us customers, since Oleg gave Ubi the .exe with the add-on....and has no idea about this BB...
It is that useless that it does things in your six while you play online.....writes registry keys on your HD and it isn't that easy to delete from your system....
That's why I haven't downloaded PE2 so far, waiting for Ubi WHO SHOULD HAVE TOLD US ABOUT WHAT BB REALLY IS AND DOES BEFORE, to fix all the other known issues....and hoping this won't happen again for the next add-on

WTF are you talking about? I posted this here from SimHQ and then a moderator copied the link into a sticky at the top of the forum.

So are you now saying that anything a moderator posts is automatically discredited and false, even if they are reposting independent information?

We have long since departed the realm of the rational and are now treading on the borders of faith and superstition. Those who want to BELIEVE that this software is malicious will do so regardless of any amount of information that is presented to them. Wrapped tightly in their own righteousness, there is no hope that they will ever see themselves as others do.

It's a comfort, in a way, to be able to always rage without thought. Makes the world very simple.