Welcome Guest [Log In] [Register]
Welcome to Fort Apache Americas Army Gaming Board . We hope you enjoy your visit.


You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.





If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
-ACI- Background Check Tutorial
Topic Started: May 22 2007, 08:19 PM (51 Views)
=Fas=Lazerboy2000
Member Avatar
FBI Agent
Quote:
 
All info in this Tutorial is copyright of -ACI- 2007 Unless otherwise mentioned in its section.
This tutorial is not to be redistributed in any format anywhere else in part or in whole without prior written permission from the Staff of -ACI-


Ok, since this is a tutorial, it will be laid out for beginners, as well as those who’ve been doing checks for years. However, for the most part, we will error on the side of caution and present this as if this is your first time doing a background check. Some things to keep in mind are not all of the necessary information will always be available to you. Sometimes you will simply have to proceed with what you have available and work with that in order to reach as educated a conclusion as possible.

The sections of this tutorial cascade from novice to pro, so if you are just beginning, you can read as much you like, go try some things at the basic level, and come back to learn more later. Or, you can just burn through the whole thing and start doing the most thorough checks possible.

However, the worst possible thing you can do is just take few things away from this and call it a day. This is because, without knowing how or why you are doing what you are doing, you will defeat half the purpose of doing it, and thus, risk screwing up the actual results of your check.

Finally, if you read this all the way through, you will notice some things repeated throughout the tutorial. This is not only for emphasis, but for the sake of those who will simply hop and skip through this in a big hurry to "get to the good stuff."

NOTE: A bit of advice for those not yet familiar with doing basic Background Checks, please get familiar with the basics before rushing out and attempting to build a CIA dossier on somebody. If you are NOT familiar with the basics and rush out to just collect whatever information falls on to your screen, you WILL bungle the results. It's as plain and simple as that.

This Tutorial has 3 major parts:

Part 1 - The Player
The Account
The GUID
The IP Address
The MAC Addres


Part 2 - The Search

Player History

Account History
Log-In History
Kick History
Violation History


Tracker Accounts

Find the User Account
Find the Username Changes
Find the Clan Account
Private Accounts


Other Searches

IP Locations
AA MBS
FBI Searchable Bans Database
AA GUID Database
Other Useful Information


Part 3 - The Results

Understanding Bans
Understanding Linked Accounts
Understanding Kicks


Part 4 - The Tools
-ACI- Tool Locations
Other Tool Locations


---------------------------------------------------------------------------------------

Part 1 - The Player

The Account

Each player is assigned an account by the U.S. Army Game Project. This account is set apart from all others by a Unique Identifier, or UID. This is an 8 digit number that is assigned to your chosen player name and it's account. Since no two accounts can exist at the same time with the exact same name, this number can be recycled as needed and re-assigned to new player accounts after an old account has sat inactive long enough for the database to delete that account. This number affects nothing more than account management, and is not used or recorded anywhere that is accessible by the community.

A player's account history only consists of information that is available. That information can come from a few different sources, including servers that are streaming to ACI, servers that are streaming via the PBBans Hub, and through information sharing and cooperation with other communities. Sometimes not all of a player's information makes it in to our records, or anybody else's for that matter. So, sometimes an account history check will return very little or no information. This a very important thing, because just as one persons account might be linked to many other accounts that are not theirs, another persons account may be linked to nothing and even contain little or no information.

It is important to understand both of those facets of the account history, because one is usually given much more attention than the other one. And that is the linking of accounts. Many times accounts are linked together that have very little in common other than a shared IP address or a common MAC address. Sometimes they share both of those attributes. But that linking of accounts can be very misleading. If you do nothing more than enter one piece of information and proceed with only the first results you get, then you will have nothing but what recorded account history exists for the information you entered. If you run a check in that fashion, and proceed in that fashion, then you can completely and totally disregard any accounts that might appear linked. This is because those linked accounts are listed there for reference only. They are only a starting point for those who actually choose to do a Background check. If you plan to proceed with the first results you get, you are not doing a background check, you are doing an account history look-up and that is all.

-----------------------------------------------------------------------------------------

The GUID

Because AA does not use a CD Key like many other retail games, the GUID is a unique, alpha-numeric sequence that is generated by PB and AA based on a combination of your registration information (i.e. - user name, password, email, etc.). And, since a valid PunkBuster account is required to play on PB enabled servers, players are assigned an account number from Punkbuster, known as a Globally Unique Identifier, or GUID. This GUID, much like your Army UID will not change no matter how times a player changes the player name on an account. However, unlike your Army UID, each GUID is unique to a players account and is not recycled. If a new account is created, a new GUID will be assigned from PB, but the old one will forever be registered to the account it was first registered to, regardless of name changes and regardless of how many new accounts a person makes. Every time you connect to an authorized server, you will see a PB message that states

PunkBuster Client: PB Server assigned GUID = 81621a4febc43125ad4680479c52cd31

This is your own personal GUID and it will never change unless you change accounts.

--------------------------------------------------------------------------------------------------

The IP Address

In order to understand IP addresses, a brief explanation of the IP address is necessary. An IP address is the Internet Protocol (IP) address given to every computer connected to the Internet. An IP address is needed to route information much like a street address or PO box is needed to receive regular mail. But, unlike a street address, IP addresses do not belong to the people that use them, and therefore are subject to change at anytime. In general, IP addresses belong to IANA, or the Internet Assigned Numbers Authority. This is an international group that is responsible for keeping the internet organized. It parcels these numbers out to the 5 regional authorities that govern internet activity in the various areas of the world, such as North America, Europe, Africa, Asia, Latin American countries, and the Caribbean islands. These numbers, or addresses, are parceled out in blocks or ranges. This keeps things easily organized because each country is only assigned a certain range of numbers. For the sake of simplicity, lets say that North America is assigned a block of numbers between 300 and 399. Well, no other country could use those numbers. And now, inside that range of 300 to 399, lets say that 300 to 349 is assigned to the United States. Now, from there, the block of addresses that are assigned to the U.S. are broken up and assigned to the various internet service providers here in the U.S. Finally, the internet service providers, or ISP's assign these numbers to customers as they see fit.

So, now that we know where the IP address comes from and where it goes, let's take a look at how it is used by people. There are various means to connect to the internet and various speeds at which it can be done. But it all happens the same way. So how come some people have only one IP address listed for them, while others might have many? That is because, due to the limited amount of numbers that an ISP is given to work with (they can only use numbers in the range they are assigned) the ISP's are sometimes forced to recycle numbers randomly or on a set schedule. This is known as a Dynamic IP address, because it is always changing. Sometimes people are fortunate, and their ISP has assigned them an IP address which will remain with them for a very long time, or sometimes even permanently. This is known as a Static IP Address, because it is constant.

This is why some players will only have one IP address connected to their AA Player History and why others will have many. Even more, this exactly why many players will appear as being linked to various other accounts. Not because they are the same person, but because they may be in the same geographic location or simply have the same ISP that is recycling it's IP addresses. And it also the biggest reason why you should make no assumptions when you see one account linked to one or more other accounts that have bans on them.


So, IP addresses are another way accounts are linked together. And, at first glance, can seem to be the proof of someone having multiple accounts. This is possibly the biggest and most often made assumption, as well as the most erroneous and the most ignorant. IP addresses are limited to geographic location, and further limited by the internet service provider to which they are assigned. This would seem to lock things down in a nicely organized sense for IP addresses and their users. But, that would be much too easy for us. So, we need to take a few realities in to consideration. One of which is that internet service providers, like any other business, come and go. Some ISP's switch the focus of their business, while others simply go out of business. And because of the many comings and goings of various companies, combined with the constantly fluctuating needs of existing companies, some IP ranges are constantly shifting from representing one geographic location to another.

All this shifting is not the general rule, it is the exception. But it is something that needs to be understood. Because, If I have a dynamic IP address, somewhere in my history of recorded IP addresses, I might show an IP address I only used one time in my life. But, that same IP address might have also been used by someone else who lives in England and who also plays AA, and thus our accounts have become forever linked together. Again, we are a world apart, yet we appear to be the same person.

Keep in mind that MAC addresses can be spoofed, or made to look like something other than what they really are. IP addresses, on the other hand, are pretty solid in this respect. An IP address can be spoofed, masked, or flat out changed. This does not even take in to consideration the miracles of the Virtual Private Network. But none of that matters when it comes to AA. Because Punkbuster software is interactive, it depends on constant communication between a players computer and the server they are connecting to. If or when that communication ceases to function, the player is removed from the server and the game. This is the culprit behind the infamous "Ignoring MD5 Tool Queries" kicks that we often see. It is do to a lack of communication between the clients computer and the server to which they are connected. This is usually indicative of a poor internet connection. And it is the very reason why the IP address is one of the few things that a cheater cannot get around. Because, if they make it appear as anything more than it really is, then PB will try communicating with this different address, it will fail to communicate since that is not where the player is really connecting from, and thus PB will remove them.

With the clarification of IP addresses, we no longer need to assume someone is a cheater simply because they have had the misfortune of using an IP address that some other person cheated on at some point in time. This should also reinforce the fact that the system presented for us on the account history site has nothing to do with absolute account links. When we see a players Account History, we are presented with accounts that share similarities for one reason and one reason only. And that is to make our search a little bit easier if we are choosing to do an in-depth search. Any accounts that appear linked because of some similarity are in no way proof that this player is a cheater of some kind. The linked accounts are only provided as a starting point.

NOTE: What you have just read is based on the current and popular IPv4, or IP version 4. There is a new standard for IP addresses that will be in use in the future. This is known as IPv6, or IP version 6. But since it will be a very long time before we see this new version in use, it has not been covered in this part of the tutorial.

-----------------------------------------------------------------------------------------------------

The MAC Address

We'll try to keep this as simple as we can. A Media Access Control Address, or MAC address, is the physical address of an item used to connect to the internet via the IP provided to a person. This Item can actually be many different things, but for the purpose of this tutorial, we will limit it to being a modem or a router that is used to connect to the internet. Now we already know each person uses an IP address (or street address) to identify it's connection location to the internet. Each connection is identified at it's "Street Address" by it's own MAC address. If we can think of an IP Address as a street address, then we can think of the MAC Address as a persons name. For example, you can have many different people at one street address, but if they all have different names, then they are easy to identify, e.g., Steve connected to the game server from 1501 Maple Street.

For those who commit to a full background check, there are many important things to understand. First is that MAC addresses have not been recorded in AA since September 14th, 2006 which was the release of version 2.7. There are many people who have played long before that, and thus there are many more MAC addresses recorded than not. So it is important to understand the MAC address and how it can work for or against you. A MAC address is an address given to any piece of hardware that connects to the internet, be it your router, your modem, or your Ethernet card. This is a unique address so that your hardware can be distinguished from any other that may share or use the same IP address at the same time. Basically, it tells the next machine your computer is talking to where it is sending information from and where to send information back to. This is less important if you are the only one using that IP address at that moment. Nevertheless, your hardware will be assigned a MAC address whether you are the only one or not.

Most pieces of hardware have a preset MAC address. Such as cable modems, DSL modems, and most popular models of routers. This is where a bump in the road occurs for us. If I live in the U.S. and No^AmP lives in Belgium, but we both happen to have a popular model of a router hooked up to our machine, then the chances of us having a similar MAC address have just increased geometrically. Now, considering that most manufactures of popular routers and modems only use a certain range of addresses to issue to their hardware, the chances of us having the same MAC address have increased to the point of very likely. So, judging by MAC address alone, we appear to be the same person with two different accounts. But yet, we are a world apart. This is only one area where an account link can be misleading. Though, MAC addresses are usually more accurate for matching accounts than IP addresses are, they can still be very misleading. This is why we put such an emphasis on research, and stress why you should not just perform "fire and forget" searches.

Please note, I have purposefully left out information regarding the spoofing and / or changing of MAC addresses. This is because, since MAC's are no longer recorded for the purpose of identifying players, that entire subject is completely irrelevant in this area of discussion.

Only Reaper-ACI- has access to the full MAC address

-----------------------------------------------------------------------------------------------

Part 2 - The Search

Player History

A players account history can and never will be complete. Let's get that out of the way. There are servers that stream their server logs to -ACI-, some that stream there logs to other places (AON, AASA, PsB, PBBAns, CB, etc.) and some that do not stream information at all. This is a choice made by the owner / operator of a server. And because very few players will ever only play on one server and one server only, that players information may or may not make it to a place where it will become accessible by the general public. Also, because of that, a players history can appear to be very fragmented since he is not accounted for on non-streaming servers or servers that do share information with -ACI- via the streaming hub or some other means. So, when you look at a players account history, don't ever be fooled in to thinking your seeing the whole picture, because that will rarely, if ever, be possible.

NOTE: I have omitted pictures from this section, as most of you already know what these tools look like and how they function.

Account History

The basic account history tool will show you many things about a players account history. One of the most misunderstood things is the history of linked accounts. When you view a players accounts history, you are seeing only what is known about that player, followed by a list of accounts that share some similarity to other accounts on record. Important things to pay attention to in this section include the players GUID, other names used, and the last seen date. These will be key items further along in your search.

When you see other accounts that are linked to your targets account, don't take it on face value that those are rock solid links. It may be a link from a dynamically shared IP address or a matching MAC address with the last two digits removed (thus you see XX.) In the case of someone with multiple IP's in their account history and / or multiple accounts linked to them, this is the place where your search begins, not where it ends.

Find out why they are linked. Find out if there are Tracker accounts for these player accounts. Are there Username Changes in the Tracker account that reflect names seen in the list of multiple accounts? How about tracing the IP. Are they from the same city or are they all in different countries? Are all the IP's in the players history from the same location? Or would it appear that the player has logged in from a few different locations?

"Thanks to Rifle For This Info"
 
Also if you want to add this - you can add a % to the beginning of any search for a user name and it will search for any account that currently has string in it. For example %[Hazard] will print out all players that current have the name [Hazard] any where in their name. A wildcard is by default added to the end of a name search (hence you not having to add a % at the end.) You can also search for specific words with in a name (must be in order) like R%[Hazard] then anyone with their name beginning with R and containing [Hazard] will be displayed. Also a _ can be used as a single character wild card for instances where you are only missing one character - good for when you don't know somebodies exact clan tag. An example of using it would be Rifle_Hazard will find all accounts that start With Rifle have any one character following and then Hazard.


------------------------------------------------------------------------------------------------

Log-In History

This handy little tool will allow you to see when, where, and how a player logged in to a server. Rarely is this tool good for proving something about a player. More often, it is best used for disproving a theory. Such as, if you think your target was on a certain server at a certain time, and you look up an name or GUID here, or even an IP, and it shows your target was actually on another server at that very time or that they have never logged in to the server in question, then you know one of two things. Either your target was never there, or he wasn't using the account you have the information for. This is also good in the reverse, since you can look up log-in's by server IP. In this case, you can look up a list players who logged in to your server around a certain time, begin gathering player names, GUID's, and player IP's, and go begin your search. No need to make another half-assed post about a player name you think sounded like this or looked like that.

Further, it allows you to compare suspected accounts against one another. Do your target and the suspect account log in to the same servers? Have they ever logged in to two different servers at the same time? A little research can quickly allow you to rule out the possibility of a suspect account belonging to your target. Or just the other way around, as well, as it can serve to show many similarities between the two accounts. Too many similarities to ignore?
There is an option on the search page to search either the ACI Logs or the Auto-Ban Logs. You should always choose the ACI Logs option since Auto-Ban hasn't collected very much information since September 14th, 2006 which was the release of version 2.7. Auto-Ban is being developed to work with current releases of AA, but until it's done, you will collect next to no information from this format. Most, if not, all the information contained in the Auto-Ban Log's is also contained in the ACI Logs since most, if not all, servers that were running Auto-Ban were also streaming their servers to ACI at the time.

This tool allows you to do look up's based on Player GUID, Player name, Player IP, and Server IP.

-------------------------------------------------------------------------------------------------------

Kick History

This handy little tool will allow you to see when, where, and why a player was kicked from a server. It functions much the same as the Log-In history tool, except that it shows kicks instead of log-in's. You can search for a player, you can search for kicks from a particular server, or you can even search an IP address to see how many people using that IP were kicked and what they were kicked for. This can be useful in many different areas of your search, especially when trying to match player accounts.

This tool allows you to do look up's based on Player GUID, Player name, Player IP, Server IP or by Kick-Line (type of kick.)

-------------------------------------------------------------------------------------------------

Violation History

This handy little tool will allow you to see when, where, and why a player received a violation on a server. It functions identically to the Kick History tool, also allowing you to search by either player or server specific information.

This tool allows you to do look up's based on Player GUID, Player name, Player IP, Server IP or by Log-Line (type of violation.)

--------------------------------------------------------------------------------------------------

Tracker Accounts

AAO: Tracker provides the community with many great services. One of those is the ability to build a viewable history for your account. Among the many benefits that come from that, it also provides a giant benefit to the anti-cheat community. It gives us the ability, sometimes, to see a different perspective on a player's account history. Surprisingly, a lot of cheaters just can't seem to let go of that 2.3 Frag-Rate. So when they are suspected of cheating or get banned, they simply change their Tracker account name to reflect their new Army Game account, thus keeping their precious Frag-Rate. Have doubts about this? Just look at the ridiculous postings in any appeals section at ANY anti-cheat site. People know they were caught red-handed, but they will put up the effort to fight a ban with the silliest excuses. Why bother? It's all in the hopes of re-gaining that high honor account of theirs. Well, the same goes for Frag-Rate's. And that combination of greed and ego provides us an opportunity to know more about them. If we know where to look...

-------------------------------------------------------------------------------------------------

Find the User Account

If we already have a link to our targets Tracker account, then this step can be skipped.
The first thing we do is see if our target has an existing account at Tracker. So we visit Tracker's website, and we do a quick search for a User account with that name. There are two ways we can do this. If we know the exact spelling of the account name, then we go down the left side of the Tracker page and find the USER SEARCH link.
Posted Image
After clicking on this link, we see the search box, and we input our target's account name right in the EXACT USERNAME box and we click on search and wait to see if we get a hit for that name.
Posted Image
And if an account with that exact name exists, it will appear in your results. So, we click on the player name and begin gathering information from the account page.
Posted Image
Now, what if we we're not sure of the exact spelling of the account name? Or maybe we want to search to see if there are any accounts with a similar name or clan tag. Well, then we input the first few letters of the name or clan tag in the USERNAME CONTAINS box and we click on search and wait to see if we get any hits for similar names.
Posted Image
Ok, so we find our target, and maybe some similar names. If any of the names strike you as being a spin-off of the original name you searched for, take note of this, as you may want to investigate those accounts as well. Now, this doesn't mean similar names that appear to bear a clan tag. But, rather, names that may be the same, e.g., Red+Cell and R3d-C3ll. Ok, so we find an account with our target's name. Let's click on it...
Posted Image
Some accounts are marked as Private by the account holder. If so, skip below to the section on private accounts.
But, if our target's account is open to the public, then that account page will have this box right in the middle of it. And it is the most useful box on the page, because it provides all our information about our target. Though we will want to look at many things here, the far most useful is highlighted for you...
Posted Image

-----------------------------------------------------------------------------------------------------

Find the Username Changes

If we click on that magical number, a new window will pop open, and it will tell us how many different Usernames have been used to represent that account.
Posted Image

This is extremely useful, because whether a person changed their Army game account name and then changed it here or simply created a new Army game account and then changed it here, any name they have used for this Tracker account will be shown here. And this is golden if you are looking for an Army game account name that you think may have been associated with this person at one point in time. If you found a banned account you think might belong to your target and you find the exact banned account name here in this list, you should hear alarm bells going off by now. The chances that this is a mere coincidence are very poor. At this point, you can safely say this is the same person.

However, if you found no matches, then compare this list to the list of names in your targets account history. Not just those for the present account, but also compare it to the linked accounts and their various names. You just might find something that starts a new hunt all over again. And if you find nothing there, try running some of these names through the account history tool and see if you get any new leads. You might find a banned account that wasn't even linked because of some drastic change in your targets history, such as a geographic re-location (he moved from one city to another,) or any other number of things that could cause two accounts not to be linked.

Also, bear in mind that this is a good opportunity to compare your targets Tracker account with another account you may suspect of belonging to your target. Compare things like the amount of time spent playing on various servers, and especially the types of servers. Even more, usually a big indicator can be seen in the maps played. Are both accounts that of an SF Hospital fanatic or a Bridge junkie? Do they both prefer only a few maps or are the two accounts reflective of two totally different maps? None of this is solid evidence of anything. But as you gather information on your target, you will begin to get a feeling about them. And simple things like the type of maps played can be just enough to make you raise an eyebrow as you either begin to suspect that this account may or may not appear to belong to your target. And whether it does or not, you should be running checks on every name found in the Tracker Username History box, just to make sure there are no overlaps between the accounts outside of some similarities between Tracker accounts.

--------------------------------------------------------------------------------------------------------

Find the Clan Account

What if you have a persons name, but nothing else to work with?If they belong to a clan, finding the clan account can be useful because you might find your targets correct name spelling or whatever on the Clan's Tracker page, and thus, be able to narrow your search down. Or, you may find another member of that clan with the same name as one of the names you are searching for. Which would open more doors for you. Or maybe you want to visit that clan's website. Most clan's have their Roster or Members list readily available for public viewing. What if your target has one name for his AA account but has something similar, but slightly different at his clan's website? Is the slightly different name the one you've been searching for?

I recently did a search for a player named -Cru$h-. I could not find anything about this guy anywhere to link him to the account (-Cru$heR-) that I swore up and down was his. Finally, one of the last things I did out of habit was, when on -Cru$heR-'s clans Tracker page, to check to see if they had a valid website listed on their Tracker page. And sure enough they did. So, I went to their clan's website. And there, voila', I found I player named -Cru$h- listed on their player roster. And being the great clan they are, they were nice enough to provide links to all their members Tracker accounts. So, on a whim, I clicked on the link for -Cru$h-'s Tracker account. And guess who it linked back to. Yup! Ding-Ding-Ding We have a winner folks! Found my proof by the dumbest and least expected means possible.
Many different things can lead you to your answer, it's just a matter of where you look. So let's take a look at how to find a clan account.

The first thing we do is see if we can find an existing account at Tracker. So we visit Tracker's website, and we do a quick search for a User account with that name. There are two ways we can do this. If we know the exact spelling of the account name, then we go down the left side of the Tracker page and find the CLAN SEARCH link.
Posted Image
After clicking on this link, we see the search box, and we input our clan tag or symbols in to the CLAN TAG CONTAINS box and we click on search and wait to see if we get a hit for that name.
Posted Image
And if there are any clan's listed with Tracker with that tag, we will get results that look similar to this.
Posted Image
Or, if we don't know the clan's tag, but we know it's name, we can begin a brand new search here, which will later lead us back to the history tool's and such, just as soon as we know the exact User Name of our target. So, we would then enter our information in the CLAN NAME CONTAINS box and we click on search.
Posted Image
And if there is clan with that name you will see results similar to this.
Posted Image
So we click on that clans name, and there we see it's members listed.
Posted Image
And perhaps we see our targets name on there. Perfect! Now we have the correct spelling for their name. That will help us with our other searches. So, we click on the name and we begin the rest of our search.

---------------------------------------------------------------------------------------------------------

Private Accounts

doh! It's a private profile. Now what? Well, we can see some information about our target, such as the Honor Level and the last time they were online. Though small, this information could prove helpful somewhat. If the person we are searching out was just playing last night, and this date doesn't reflect that, then this is either not the right person, or they were using a different account.

More information that can be gleaned from this part of the public profile comes in if we are watching or tracking this persons movements. We can still track the last time they were online, we can see any recent name changes if we are keeping a diligent record of the person we are following, and we can see if they are online now (useful for other tools that depend on the player being online.) For example:
Posted Image

---------------------------------------------------------------------------------------------------

Other Searches

IP Locations: How to determine where the IP addresses are located


There are many ways to go about finding where an IP address originates from. This can be helpful because sometimes it will show you two accounts connected by IP, but separated by a large geographic difference. This can be used to show that, unless a person moved 500 or 1,000 miles away to a new home or new internet connection, the two linked accounts are not the same person and have only used a shared IP, usually via an ISP with a dynamic IP's for it's customers.

It can also come in handy when doing a B/C and finding someone linked to 10 different accounts. If you trace the IP and find it belongs to an ISP in the Netherlands, you will realize that there are about 25 times more gamers in the Netherlands than there is ISP's, thus, people there have no choice but to be linked to other accounts by IP alone.

There are many ways to go about resolving an IP address. One those that is most helpful is the rDNS lookup, or Reverse Domain Name Server look up. Reverse DNS turns an IP address into a hostname -- for example, it might turn 192.0.2.25 into host.example.com. This often accompanied by other information, such as the ISP that maintains the DNS which hosts that IP address. This type of search generally turns up information because RFC 1912 says that all hosts on the Internet should have a valid rDNS entry. This is an international standard set forth by ICANN, or The Internet Corporation for Assigned Names and Numbers.

For a list of websites where you can do these searches and learn more about how internet protocols work, see the section at the end of this tutorial. There is no "Best" place or way to perform these types of searches. Each website offering these types of services will have it's own look, it's own feel, and it's own services. It's up to you to decide what you prefer. And because services offered can change at any site at anytime the site owners see fit, it's usually good to be familiar with a few different websites offering these services.

-----------------------------------------------------------------------------------------------------------------

The AA MBS
All images are
copyright of
The AA MBS


The AA MBS, or the America's Army Master Browser System, is a database system that is based upon the actual database which records all official account information. That is easily achieved, since the AA MBS is brought to us by Pragmatic Solutions, the very people who maintain the official player accounts for the Army Game Project. The AA MBS can be a powerful tool for tracking and maintaining the status of any player in America's Army. Unlike AAO: Tracker, the AA MBS tracks players as soon as they get an official AA account, whereas a person actually has to register at Tracker's website in order for you to follow them around. Also, unlike Tracker, it does not maintain a history of the player, does not track username changes, and does not show the last server or servers that a player was seen on. So, it is not meant as a replacement for Tracker at all. The AA MBS and AAO: Tracker are two completely different, yet complimentary, services.

The AA MBS, however, is very similar to AAO: Tracker in a few ways. It will allow you to search for any server, player or map by name, server IP, or skill level. It gives you the ability to keep track of your favorite servers and to maintain a buddy list. It allows you to see the details of any players on a given server at any time, allowing you the ability to join a server where the Honor levels of players there might be better balanced to your liking.

But... That is where the similarities end. Unlike other services offering similar tools, the AA MBS has some options that are very useful for the Anti-Cheating community. One of those, possibly the best in my opinion, is the ability to add a player to your buddy list completely anonymously. Other services with such an option allow for the viewing of who is watching you or keeping track of you. Not so with the AA MBS. You will have to find that player currently playing on a server in order to add them to your list. And if they are online, this can be achieved using the Player Search function. But once found, They are easily added to your Buddy list. And once added, you can check your buddy list at anytime to see the status of that player and where they are playing if they are online. And it doesn't matter if they have a Tracker account or not, since it is based off the official AA database. That means that no valid AA account can hide from the MBS. Period. No matter what account it is. Even if they are playing on a server that is not Tracked or listed with AAO: Tracker. Face it, if you know the account name, or even part of the account name, they can't hide from you.

Now that you've found them, what to do with this information? Well, I used to suggest that clan leaders use it to check their potential recruits. Because of the unique availability of data from the provider of this service, besides normal player stat's such as honor, it shows a lot more information than the average server browser is capable of showing. Lets take a look at some examples and how they can be used.

First, we have the search. Do we know the player's name or part of it? If they have a Tracker account, we can use that to see if and when they are online, thus narrowing our search down even more. If we know that, we can just go to the AA MBS site and enter the sever name or server IP and pull that info right up. From there we can begin to gather our other information about the player, as well as add them to our Buddy List. If it seems like a server they frequent a lot, we might even add it to our Favorite Server List. This is helpful once we know a little bit about the player. Perhaps, for what ever reasons, they come here under another name sometimes. Well, if we have them linked to another account, and we just happen to see that account playing on the server at times when the primary account is not seen, then we have another possible lead to follow. Remember, if both accounts show up on the server at the same time, then we can be pretty sure that it isn't the same player. It is possible, but not likely. But this can also help us if we're trying to rule out the possibility of both accounts belonging to the same person.

But what if our target has no Tracker account. Well, if we know part of the name, we can do a search for it. From this search, we will have to pick out the correct name from a list of similar possibilities. Or if we know the name, and search for it directly, we will only get one result if the player is online at the time of the search. When it is not know if the player is online, this can take repeated searches at random times of the day or night to attempt to locate this player. Now, assuming our search results found our player. Below is an example of what your search results will look like. I picked a player at random, whom I already knew was online. Here are the results I got. Notice the name willi31 just above the information box about which server he is currently playing on.
[img]http://www.redcell.anticheatinc.com/B-C/images/aambs-search.png[img]
So from here, it's pretty simple. we're just going to click on the highlighted name of the server on which we located our target. From that click, we are presented with a new table of the information about the server on which our target is currently playing. It will look like the image below, except that I've obviously added some quick tips to point out what each column of information represents.
Posted Image
Now you have a plethora of information available about your player at your fingertips. From the above list we can see some important details. The two most useful of these being the player's location and the date on which their account was activated. These can be useful for many reasons used during your search, and maybe even answer some questions along the way. But you must take care to remember this information is only circumstantial information, as it fits in to your search and is in no way 100% solid. It is the equivalent of having a puzzle with too many puzzle pieces, so that you must sort them out, to see what belongs in the picture and what doesn't. With that said, does your target have a current, or past, name on their Tracker account (assuming they have one) or in their player history that closely resembles one listed here? Is the Honor level exactly the same here as it is on Tracker? Does the start date of their Tracker account reflect the date shown here that their account was activated? What about an old Tracker account found that you suspect may have been theirs... Does it's start date match the one shown here? None of these questions, except the player name can be almost or close, they must be exact. And even then, this is proof of nothing at all. Just more pieces in your puzzle. Once again, it is up to you to follow your instincts. If you create connections or manufacture some distorted idea of this being the same person, then you will get distorted results from your distorted thinking. That means don't spend a month with a calculator in one hand and the I-Ching in the other trying to find a connection through patterns in the night time stars. Simply gather your information, make your comparisons, and move on. The more you think about it, the more you will be able to invent all sorts of things. Just get your info and move on.

One notable thing for server owners, is being able to find a name-changer on your server.
Though they can use their special software to spoof your game server in to thinking that their name has changed, they cannot fool the official database that tracks and records player info. Therefore, they can change their in game name to reflect anything they want on a server, but the original account they log in with still be shown here. Now, for you, this isn't as simple as it may sound. Using this method in real time would require you comparing a list of players currently playing on a server against a list of players shown here. If you want to do it based on an after the fact incident, it will not work because the player is probably gone by the time you get around to gathering your information and looking here. However, you can sort it out rather quickly, during or after the fact, if you do one of two things. One, visit this site and find the server in question to show the players currently playing on it, and take a screenshot capture of your desktop (if you have the software installed to do that.) or... Two, start at the bottom of the table that displays all the players currently on the server, and using your mouse cursor, highlight the player names from top to bottom and then select copy. Now open notepad and select paste. This will paste a copy of the players currently playing on that server in to a text format for you. It will look a bit different than it does on the web page, but the player names are distinguishable and easy to pick out, none the less. Now if you go to any web-spectator, such as the one located at AAO: Tracker and do the same thing, you will have a copy of the server's idea of player names present. If you simply compare these two lists within seconds of each other, you might see a discrepancy in names. And if you do, you might have a name changer on your server. This is not proof that will get that person banned anywhere. But it is proof enough for you alone if you feel you need to begin an investigation in to this players activities.

Now, if you are in game, you can also do something very similar to this. First, remember that all everything that appears on your screen will also appear in your Armyops log file, in your AA folder on your PC. So, if you suspect a name changer is present on your server... In to your game console type the words pb_plist and as soon as that list scrolls across your screen, type in your console playerlist and let it scroll by. Now, navigate to the folder in which you AA game is installed, go in to the System folder and open Armyops log file. It is a text file and will usually open in notepad by default. Scroll down until you find the two lists you just asked PB for and compare the names on those lists. If you have a name changer present, one of those names will be different. If a name shows up in the pb_plist request that is NOT shown in the playerlist, then there is your name-changer.

-------------------------------------------------------------------------------------------------------------

FBI Searchable Bans Database
All images are
copyright of FBI-CLAN.ORG


The Searchable Bans Database, brought to us by the FBI Clan is a gift like no other. It allows you to search for just about anything related in anyway to banned player accounts. Far too many options to list them all here, but I will explain a few. The main feature of the site allows you to search for bans from all the major Anti-Cheat sites, without having to visit each and every one of those sites one by one. That's right, you can search ALL the ban lists by player GUID, player name, clan tag, IP address, a specific date on which an account was banned, by the group that banned them, and you can even search for them by country! And all this is available in just the first search option. Here's what the search box you will see looks like.
Posted Image
And just to the side of that is another menu of many more options. Lets take a closer look at some of these and how they can help you even more. Lets begin by looking on the second line of that menu. It provides you with an option to see how many people were added to the FBI's list of banned players today and how many were banned yesterday.
Posted Image
ow, since this list is updated daily, it makes time frames pretty accurate for us. This list can be very useful if our target doesn't show any valid bans in our search so far. Our target could have only recently been banned, and therefore not widely known as of yet. Or maybe our target suddenly changed their player name and / or Tracker account name very recently. Could this be why? If we select the option for bans yesterday (at the time of this printing there were no "Bans Today" thus nothing to view in that category.)
Posted Image
And after selecting that option, we are shown all the information we need to continue our search further if need be. We have all the account information, the organization that banned them, the ability to search for an appeal, and even the ability to search for that name on the AA MBS if we believe the player in question is the same one playing on a current server right now. We can also do an instant search through the AA GUID Database, as well as search a Tracker account under that name (which means we can also check the Username Changed list that we covered earlier.)
PLEASE NOTE: The option to view a picture of the player is only there as satire. One of many things a player opens themselves up to when getting banned. Please do not send PM's and emails to the FBI clan complaining because you could not actually view a picture of the player.

On a side note, if we are really after someone and have the time to invest, and we happen to know the player's country of origin, then we can search through the ban accounts by country if we want to.
Posted Image
Find all of those French and Polish bastards!
And while this can prove to be a long and arduous search, it can lead you to information about a player or a possible account that might have otherwise went unnoticed. It may not lead to rock solid evidence, but if you are doing a B/C for someone wanting to join your clan or if someone has asked you for a FULL Background Check for a similar reason, then you owe it to yourself and them to explore all possibilities, however remote. It may turn out to be information that means nothing. Or it may be the single thin thread that makes a connection.

------------------------------------------------------------------------------------------------------

AA GUID Database

All images are
copyright of AA GUID Database

Here we have another tool that is not as well known as it should be. The AA GUID Database provides us a quick and easy way to find a players GUID if we only know the name, or only know part of the name. Or vice-versa, if we know the GUID, but don't know the player it belongs to. We can go there and find our information really quick if we need to. And sometimes we can find information about our target we didn't know we were looking for. Simply select your option from the drop down box and enter the information you already have.

The menu will look like this:
Posted Image
And if we remembered to click on Submit Search (pressing the enter key doesn't always work for websites with search functions) then we will see results similar to those below. Now we have another starting point to begin our Background Check.
Posted Image
I wish I could begin to explain all the extra toys and extra search features that come with Private Membership at the AA GUID Database. Unfortunately, I will not even try. All I will say is, if you don't have a private membership there, you really should be getting it, because they have some invaluable tools for doing background research. and the results you can get from searching for player accounts there more than triples when you have private membership access.


------------------------------------------------------------------------------------------------------------

Other Useful Information

Other types of information gathering can be used to gain intelligence about your target. Be it an IP address they logged on to Teamspeak with or a post they made in a forum (which will also record their IP address on most forums.) Even if it's not your TS or your forums. Do you know the owner? Would they look up this information and give it to you if you asked them to? What about a certain server they logged in to? Would the owner look that up for you? Did you check the Log-In History tool for that? Did they send an email or can you get them to reply to an email from you? You can trace an email address back to it's IP very easily by looking in the header for where the email originated from.

And please never forget the most obvious and most useful... Google! You would be surprised how much information you can get on someone just by Googling their player name. I have people that made posts or showed up in the weirdest places using their AA game name. And was able to finally track them down based on that information. Sounds really dumb, but you'd be surprised what ol' Google can do when you keep hitting dead ends everywhere.

-------------------------------------------------------------------------------------------------
Posted Image
Offline Profile Quote Post Goto Top
 
=Fas=Lazerboy2000
Member Avatar
FBI Agent
Part 3 - The Results.

Understanding Linked Accounts
Just because they're linked doesn't mean they are guilty.

It is important to know how and why accounts can seem to be linked together. Sometimes they are linked by MAC address and IP Address, but usually just by IP Address. Since the release of 2.7, MAC addresses have no longer been recorded, so they only exist for players that were around for version 2.6 or before.

When someone does a background check, depending on the tool(s) they use, they can find various accounts that seemed to have used the same IP address at one time or another. This can be confusing because the people who have dynamic IP addresses are subject to having a new IP address every 24 hours or every time they get on the internet. Some people with a dynamic IP address will be lucky and only cycle through a small series of addresses. Others can be unlucky and end up having as many as 100 different IP addresses in their history.
And some of us are lucky enough to have static IP addresses, which means we will almost always have the same IP address in our history. This is good for an honest player, but bad for a dishonest one.

Now, of course, there are many ways to circumvent or modify MAC addresses and IP addresses, but this isn't the time nor place for that discussion. Just needed to mention that before I was gently overwhelmed with reminders about how easy it is to do this or do that.

So, when we get our B/C results, we see we have a person linked to a few accounts or, depending on your tool of choice, you might just have a list of names, or a list of GUID's and a list of IP addresses, as well. What we need to keep in mind is that never 100% proof of anything after the GUID. Names can fluctuate between accounts as simple as taking banned account X and renaming it to Y, so that a second account can be named X. And though rare, even an exact IP match and an exact MAC match between two accounts can still be two different people ( as one gentleman from Canada found out when he discovered that he was linked by both IP and MAC addresses to another player from Poland.) Though, that matter was quickly clarified in writing, it still appears to be him, unless someone takes the necessary steps to sort out the connection. Which in that case was a simple matter of rDNS look-up's.

--------------------------------------------------------------------------------------------------------------------------

Understanding Bans
There are 4 types of account bans.

1. The private ban. This is when a server Admin, or group of server Admins decided they no longer wish to see a player on their server. So they have banned that AA Name or that Player GUID, or both. The way to become un-banned on those servers is to make an appeal with that server owner, or group of server owners. This type of ban only prevents a player from playing on those specific servers.

2. The GUID ban. This is when a player has given sufficient reason to an Anti-Cheat organization to ban that account. In order to achieve this, they were CLEARLY using something or somehow to gain an unfair advantage in the game. This usually means an extra program, such as an aimbot or radar program. Or to have tampered with the game files sufficiently enough to make them beyond their original state of playing. Anti-Cheat organizations do not ban on suggestion or rumor. They do not ban because they do not like somebody. They ban because of CLEAR evidence, such as seen in many PB screenshots, or based on evidence from the log file of a "streaming" server. The way to become un-banned on this list is to make an appeal to the organization that banned you. This type of ban prevents a player from playing on any server that subscribes to a ban list from the organization that banned that player.

3. The Global GUID ban. This is when Punkbuster has found a clear and known cheat in use and has permanently banned a player's current account. This does not mean they are permanently banned from the game. But it means the account that used a cheat is banned permanently. There are only 2 solutions to this ban. A player can appeal the ban to Punkbuster directly by going to
http://www.evenbalance.com/troubleticket/n...et.php?game=aao
Or theycan simply start from scratch, get a new account, and play with integrity from this point on.

4. The Hardware ban. This means a player's computer has been banned from the game by Punkbuster. This results from very serious violations only. A player can appeal the ban to Punkbuster directly by going to
http://www.evenbalance.com/troubleticket/n...et.php?game=aao
Or they can simply start from scratch, get a new computer, get a new account, and play with integrity from this point on.

-------------------------------------------------------------------------------------------------------------------------------

Understanding Kicks
There are many different types of kicks.

When you see that an account has kicks, they can be for various reasons. Some malicious and some harmless. For instance, did you know that kicks for Ignoring MD5Tool Queries are almost always the result of a communication problem between Punkbuster, the player, and the server they are playing on? This is rarely the players fault. Usually it is a result of a very slow or very bad internet connection. And it provides absolutely no benefit to the player at all. Or, did you know that some people were receiving kicks and bans from Punkbuster because a release of Windows Vista had processes running in it that Punkbuster thought was a cheat? The kick looked something like this...

[06.10.2006 21:56:27] |4257| VIOLATION (GAME HOOK) #120035: {xxx}AA-Player (slot #2) Violation (GAME HOOK) #120035 [0a1b2c3d4e5f6g7h8i9j10k11l12m13n(-) 8.24.76.176:38433]

Even though that looks really, really bad, it was completely unintentional and harmless. A good reminder not to jump to conclusions. There are far too many types of kicks to list them all here. But, did you know that an explanation for most of them can be found right there on the ACI forums? That's right. Problem is, to get to them requires some really strange actions... On the right hand side of the menu bar in the ACI forums, there sits this nifty little, unappreciated tool, called the SEARCH function. Something most people would have trouble finding if they were told they would get money for doing so. but, there it is, and if you use it, you can get information about almost any type of kick.

-----------------------------------------------------------------------------------------------
Posted Image
Offline Profile Quote Post Goto Top
 
=Fas=Lazerboy2000
Member Avatar
FBI Agent
Part 4 - The Tools.


-ACI- Tool LocationsOther Useful Tool LocationsPrograms & Tools for the AA Community http://www.anticheatinc.com/forums/showthread.php?t=16844

Some IP and DNS Tool Locations
This Background Check Tutorial was conceived, made possible, written, compiled and complimented by every single member who contributes suggestion, help and advice on the -ACI- forums.


Thanks to all of you for helping the AA Gaming Community.

Posted Image
Posted Image
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · Wall Of Shame · Next Topic »
Add Reply