I’ll admit, I’m a World of Warcraft player. I’ll also admit, I don’t have time to farm. You see where this is going. I was a WoW Glider user until the American justice system gave in to nicely dressed and well paid lawyers (who didn’t see that coming) and Michael Donnelly was held personally responsible for $6,500,000 of damages his project apparently caused Blizzard. But that’s not what I’m blogging about — I’m blogging about Pocket Gnome, a neat little bot for OS X.

But this is a blog about technology, not gaming, isn’t it? Right! Blizzard (the company that made WoW), like many other gaming companies, employs an anti-cheat engine to keep the game fair. Everyone does it their own way, and Blizzard’s personal brand is called Warden. Warden runs in the background whenever a WoW player is online. I’m not up to date with the technical aspects of how it works, but at least in their other games, it involves checking the values at memory locations that have cheat code “injected” into them — in English, where it’s modified to act differently. A famous hack for their WarCraft and StarCraft RTS games is the maphack, which causes other players bases to appear through the “fog of war” and in unexplored areas, giving an obvious unfair advantage to the player using it. By checking the memory locations involved in map display for modifications, poorly written maphacks are easily detected by Warden, who phones home to Blizzard to rat you out, and then they’ll do what they want with you — generally ban your CD-Key from ladder play.

Notice, though, that I said poorly written hacks. WoW Glider was a different breed — it was undetectable by Warden for a very long time. It did this by running World of WarCraft as an unprivileged user and running the bot itself as an administrator. Doing this made WoW metaphorically blind — Glider was there, but WoW had no idea. Another detection mechanism is seeing if keyboard and mouse activity comes from a physical device or from a program. Glider defeated this by loading a device driver, known as “Shadow”, emulating a keyboard and mouse so it would appear that Glider was a physical device as far as WoW was concerned. There was a few years of cat and mouse between the two companies, and eventually WoW followed the American way: when in doubt, legal action. I guess we figured out what they do with people’s subscription money, didn’t we?

Back to Pocket Gnome, though. It’s an interesting product because where Glider’s innards were a major secret, Pocket Gnome is actually open source. This allows many benefits that I won’t go into detail about here (but if you’re interested, check out GNU). The reason that they don’t have to be secretive of the inner workings is because of the system it runs on. Pocket Gnome only runs on Mac OS X Leopard or Snow Leopard. To quote their website: Pocket Gnome does not and will never run on Windows. Why? Because Mac users are elitist jerks? No. The entire reason for it’s security is in OS X itself. Because software runs as an unprivileged user by default in UNIX (yes, OS X is UNIX), WoW is blind from point A, and it’s not suspicious at all that WoW can see nothing. Even if Pocket Gnome were run as an unprivileged user WoW couldn’t see it, but it also couldn’t see WoW, so it has to run as an administrator. You remember when you were 16 and hated your parents and had this helpless feeling, like there was nothing you could do no matter how hard you tried? That’s World of WarCraft without admin privileges. Detect this, Warden!

Unfortunately that leaves Blizzard with only two choices: ignore Pocket Gnome, which they seem to be doing for now, or have them shut down, which I hope isn’t the course they’re going to take. But even to non-gamers, the technology behind the situation is interesting. The security that Windows users have longed for is built right into each and every Mac.. until you install Windows.