Discuss defeating various other anti-cheat systems such as Aequitas, CAL Anti-Cheat, DMW Pro, and CEVO.
Sticky Threads
In this short tutorial i will show you how to spoof Aequitas Hardware Hash & Mac hash. Both hashes are used to recognize previously banned cheaters from ESL league. This method is going to work as long as Aequitas is developed in Visual Basic language. Rumors says that next version - Aequitas 2.0 -...
Hey, I was always interested how anti-cheat programs work so I decide to create my own program to detect modifications. The program does only work with Counter-Strike. I patch some engine functions, check for a opengl wrapper and look if some important files were modificated. /EDIT: Maybe...
In this short tutorial i will show you how to bypass newest version of EasyAntiCheat. There were a lot of rumors saying that this software is a beast, many Europeans league believe this and replaced their current anticheats with EasyAntiCheat. I must say i was one of the people who believe in...
This is another thread from the series "how to bypass ....". Today we will review ESEA Client and its security. I won't give out any code, only some theoretical knowledge which should be enough for you to accomplish a working bypass. ESEA is the biggest American league, this is the reason why they...
Earlier this day some guy posted a hshield log viewer - problem was, it's infected with some shity trojan. Nonetheless it contained a valid GUID-translation table! >time to profit< Attached is small c# prog that will decrypt (XOR) the logs, and translate the GUIDs for maximum entertainment....
A few months back I started reversing nProtect's GameGuard and I had created an emulator for it for a game called GunZ. Unfortunately, my emulator was leaked late in April and since then, GameGuard has updated. I have not had any interest to update any of the code (even though INCA only changed...
http://csmega-bg.com/ I analysed the client-side protection scheme. It's ridiculous: http://img4.abload.de/img/gacpafg.jpg How can we emulate? (auth on the server without running the AC) Easy. Just forge a setinfo string.
Hack Shield Analysis First of all, DO NOT LEECH THIS. Credits: Big fucking credits to Token. Created by Th4natoS (ThaNatoS). Please don't use this without my permission. Thanks : lolz2much for the function addresses, Token for the pictures Hi there, and welcome to my information dump on...
Some of you probably think that hooking BitBlt is all what you need to do, in order to make your cheats proof. You're wrong. Aequitas can stream extra code whenever they want and then execute it on your machine. Thats why they keep detecting new cheats without updating the Aequitas client itself....
int (*orig_integrityfailure)( char * str,char* num); int integrityfailure( char * str,char* num) { /* string is hide! -> http://etpro.anime.net/.... 004219C2 68 A0F83B01 PUSH ET.013BF8A0 ; ASCII "Server Disconnected - integrity failure" 004219CC E8...
I wrote this for Combat Arms, but since i have no business with that game anymore im prettymuch dumping a lot of the codes i wrote here u go, no additional info will be included (find the addresses n shit yourself, losers!) although i will mention the addresses included are from the game exe,...
Protocolo sXe Injected Bueno despues de pensarlo bien decidimos hacer publico el protocolo de sXe Injected, podeis crear vuestros propios emuladores o para la gente que quiera hacer una implementacion para sistemas operativos oficialmente no soportados (linux,sistemas de 64 bits y todo aquel SO...
void CAequitas::HandleBreakPoint( CONTEXT* pContext, PEXCEPTION_POINTERS* pException ) // called whenever a screenshot is taken { ASSERTCONEXT( pContext, pException, m_hAequitas ); // is this even our exception ? DWORD pdwStack = { 0 }; if( !g_pBreakPoints->m_pRemotePatcher->ReadStack(...
I present to you a completely non invasive method to perform Antiscreenshot against Aequitas. We are NOT hooking or patching ANYTHING. We are NOT entering kernel mode at any time. We are just reading memory of the aequitas process. For extra security i also let aequitas run with limited...
The newest C-D has anti-debugger check, which makes game impossible to debug (for me, dunno what about the others) now. If you wont play with plugins, patching or w/e you can use simple opcodes reader which i wrote yeasterday. // The function gets the size of the MAIN part selected engine...
What CD does is: - Overwrites first 5 bytes with an jmp to their engine call check function - Replaces hl's nullstub address with their own check Example (pfnClientCmd): //With C-D 01D0D3C0 -E9 1950117E JMP 7FE223DE ; First check 01D0D3C5 FF15 6091EC01 CALL DWORD PTR DS: ;...
FOR CD 4.23.4 If you wanna get a access to engine functions ( pEngfuncs, IEngStduio, ppmove.. ) you have to byppass the engine check functions. 7FE29DD2 60 PUSHAD 7FE29DD3 8B4424 24 MOV EAX,DWORD PTR SS: 7FE29DD7 3B05 C842E77F CMP EAX,DWORD PTR DS: ...
Normal Threads
Hello, Posting this here for the interested. This project of mine, is a runtime for GameGuard -- which will allow GG/GameMon to run and execute as if a game client were present. It is for educational purposes... some may find it helpful -- if you do, lovely. Also, I mention -- another...
http://www.esl.eu/de/development/news/127766/ EDIT: Lul, 6 Days old those News.
Today we will review 4Players anticheat tool called Insight. Im really tired of all speculations how good this tool is. Many people ask me about this day by day, so i hope this thread will answer their questions. First i would like to remind some official facts which were published by 4Players.de...
Hi gamedeception. Need help with new ac: speedlink anticheat. it is codet by chaplja who made cheats in past, but now sponsored by speedlink I was reading for long and learnd much, this is great forum but now i need help from you!! i logged loaded dlls with Module32First and saw he loads his...
I wanna know everything about this but i don't know where/how to start it 1st. Hope someone expert here can justify how to bypass this Xingode. Website Protection Data Question is, how to disable this xingcode?
http://uac2.com Does any one know any thing about this client ? I checked a bit and looks weird, lots of options to get SS from banned players, but what i would like to find was if... does this AC scans for memory ? thanks 4 Reading
does anyone want to help me ban evade i will pay someone to help me :(
Hello once again, I have some questions concerned about HackShield GUIDs used in log file. I reversed Encryption algorithm and inverted it (To create decryption). Works fine, but the GUIDs aren't really helpful. My friend told me, that there was an tool for translating GUIDs on this forum. There...
Hello, nice forum, glad do join here. :] What is Flex Anticheat? Flex Anticheat is the same like GAC-Anticheat, but for Counter-Strike 1.6. Picture: This anticheat has got an *.exe file, which is an updater and looks for a newer version in an exact website. (The *exe file is packed with UPX...
Can someone please tell me the easiest way to bypass CMN3 client? Thanks
Hi. I would like to know where does Hackshield hooks functions like OpenProcess or WriteProcessMemory. I guess this is performed by EagleNT. I've searched through SSDT and SSDT Shadow ( only sendinput hooked ). I've tried various tools but none of them detects the hooks. Are they inline hooks or...
Hello everyone! I decided to release the Source-Code of this little Tool. It gives you Information when the next Screenshot will be taken from Aequitas. It's external and you don't need to inject a Dll into the Anti-Cheat Process or hl.exe Best Regards and Have Fun Inliferty Greetz to:
Here are some undocumented Aequitas functions ( offsets are correct for version 1.04 ). dwHTTP_decompress = 0x5151E0; dwDoLog = 0x4EF050; dwSendDebug = 0x50C010; dwBase64DecodeUnicode = 0x569BB0; dwBase64EncodeUnicode = 0x5691D0; typedef LPWSTR (_stdcall* Base64DecodeUnicode_t)( LPWSTR...
Hey Guys, i've found some public bypass for voiplay, but dont know how it works/howto build .. :mouthtie: Can everyone help me? Please! Here the code: else if (DebugEv.u.Exception.ExceptionRecord.ExceptionAddress == (PVOID) readpixels) { context.ContextFlags = CONTEXT_ALL;
When an admin requests a snapshot of your screen the server sends the client the user message "sXe-SS ", only to do one function and visual turn off the cheat and then call the real function of the anticheat. hook the user msg: eng->pfnHookUserMsg("sXe-SS",SS); Pointer to function in...
Hi I unpacked Warrock.exe but my unpakcer cant unpack dll files, so meybe somebody know how to unpack it ? i thinking about Ehsvc :)
Dumped with olly after hiding against all anti-debug funcs. Still needs some work to be fully unpacked but its a step. Was wondering if anyone else is currently looking into this client and would like to share infoz. I found a few interesting things like, client.dll, engine.dll (which are dlls...
So I know some pretty annoying people. They really like to say things over voicechat. Most of the servers they play on use sourcemod and something to this effect: http://hg.alliedmods.net/releases/sourcemod-1.3/file/a71318396392/extensions/sdktools/voice.cpp As for text mute, it(sourcemod)...
Hello people, I was hoping that maybe you could help me with my problem, please. Let me describe it: We all know, that HShield protected games has packets encrypted with AES. And because I'm not really confident to reverse encryption (and I'm not sure if it would help me anyway) I decided to...
EasyAntiCheat is an anticheat for half-life and source/hl2 engine made by an ex-hacker xliqz^ who is known for his work in bypassing screenshotting client(SSC). In year 2006 he started developing his own anticheat. At first it was only made for counter-strike 1.6, but in year 2007 xliqz^ made an...
greetings, heres a code is very known i think, what it tries to do is to fill an entity struct and then call that engine function CL_CreateVisibleEntity to create the visible entity, this can be usefull for server sided antiwallhacks, im not sure if sxe antiwallhack is server sided still, hmm, but...
ASADASADASADAS
hello i was trying to bypass some detours of sxe, i must say sxe is detouring some client functions, most of engine functions, pfnhookusermsg too, and opengl, but for now i was trying to get to work a simple esp, i want to know if you know a simple method to bypass detours, i was reading about the...
look at GetEntityByIndex engine function: 01D0ECC0 8D4424 04 LEA EAX,DWORD PTR SS: 01D0ECC4 50 PUSH EAX 01D0ECC5 FF15 CCD4EC01 CALL DWORD PTR DS: ; hl.01D63580 01D0ECCB 8B4424 08 MOV EAX,DWORD PTR SS: ..... ....... more code
MyAC -------- russish anticheat for hl1 mods download http://cs-bg.info/myac_16.php this anticheat for nonsteam seems to be a possible replace for sxe injected, i just post it bc for everyone interested to be aware off it and find the download, is not very used atm, but if sxe gets rlly...
hi, Main Features of xray: -enumerate all processes and modules exactly this way http://msdn2.microsoft.com/en-us/library/ms682621(VS.85).aspx -Take a screenshot And the best thing is how they schedule the SS..with SetTimer
Hello, i have a idea make encryption for .xml here sources what i find.. PolarSSL - Show source - AES source code PolarSSL - Show source - AES-256 file encryption XML Security Library Reference Manual Advanced Encryption Standard (AES) XML Encryption Syntax and Processing
I wonder if there I can get the coords of the players, even though the server don't send them. Besides the sound, is there another way to get them ? Thanks !!!
Hi all, I;m looking for some info about this anticheat. From what i know i downloads and executes code sent by server side. What is the easiest way to hide your code modifications in war3.exe? What function warden uses to read game.dll ? (tried hooked rpm and memcpy and seems that warden doesnt...
Hello, I need to emulate engine functions like GetLocalPlayer for the game Counter-Strike 1.6. Give me detailed info how to do this, please. I use delphi Thanks.
There are currently 1 users browsing this forum. (0 members & 1 guests)
Use this control to limit the display of threads to those newer than the specified time frame.
Allows you to choose the data by which the thread list will be sorted.
Order threads in...
Note: when sorting by date, 'descending order' will show the newest results first.
Forum Rules
