Jump to content
Tuts 4 You

Recommended Posts

Posted (edited)

Title says it all. Willing to pay for your time and expertise.

A little info about anticheat:

- Packed with VMP.
- Blocks api calls like PostMessage ( to prevent macros, etc )
- Memory CRC

What I'm aiming to do:
- Able to modify the game's memory.
- Able to send keystrokes to the game.

Edited by _trx
Posted (edited)

If is a online game you can put some code in your server able to detect if the player do non-sense things -> like 100000 coins in 1 second and ban his account cause of this.

he won't be able to bypass that system because is detected from the server, not from his computer,

i guess is a fast and easy option, then you don't need use any anti-cheat system on customer computers.

Edited by Reasen
Posted

@Reasen he want to reverse not to protect the game (the title says RE Anti-Cheat)

  • Like 1
Posted (edited)
12 hours ago, _trx said:

Title says it all. Willing to pay for your time and expertise.

A little info about anticheat:

- Packed with VMP.
- Blocks api calls like PostMessage ( to prevent macros, etc )
- Memory CRC

What I'm aiming to do:
- Able to modify the game's memory.
- Able to send keystrokes to the game.

Check if the AntiCheat has a driver, if so, it will be hard to deal with, but not impossible, if not, it's probably that it has a Ring-3 Driver, or no driver at all, and it's easy to work with, however being an AntiCheat software I really doubt it's gonna be easy to work with...

- Able to modify the game's memory:
        > What's preventing you from doing so? The AntiCheat block calls to API like ReadProcessMemory / WriteProcessMemory or simply blocks any Cheating Software?

- Able to send keystrokes to the game:
        > Get  PC Hunter, Go to Kernel or Ring0 Hooks, scan for KEYBOARD hooks if it shows your game hooked, Right Click -> Restore Hook, otherwise go to Processes, and check if the hook is there, in the process...

 

if it detects third party programs like Cheat Engine, or PC Hunter, in the end if you have tried everything up to your exhaustion, then your best and last resort would be to write your own Driver and deploy it on your machine, and use hiding techniques like dynamic api calls and PE headers invalidation, so the AntiCheat driver won't pick up your driver...

Edited by 0xNOP
Posted
12 hours ago, cob_258 said:

@Reasen he want to reverse not to protect the game (the title says RE Anti-Cheat)

That's Correct.

 

2 hours ago, 0xNOP said:

Check if the AntiCheat has a driver, if so, it will be hard to deal with, but not impossible, if not, it's probably that it has a Ring-3 Driver, or no driver at all, and it's easy to work with, however being an AntiCheat software I really doubt it's gonna be easy to work with...

- Able to modify the game's memory:
        > What's preventing you from doing so? The AntiCheat block calls to API like ReadProcessMemory / WriteProcessMemory or simply blocks any Cheating Software?

- Able to send keystrokes to the game:
        > Get  PC Hunter, Go to Kernel or Ring0 Hooks, scan for KEYBOARD hooks if it shows your game hooked, Right Click -> Restore Hook, otherwise go to Processes, and check if the hook is there, in the process...

 

if it detects third party programs like Cheat Engine, or PC Hunter, in the end if you have tried everything up to your exhaustion, then your best and last resort would be to write your own Driver and deploy it on your machine, and use hiding techniques like dynamic api calls and PE headers invalidation, so the AntiCheat driver won't pick up your driver...

 

- The anticheat has memory CRC. It checks if the memory is tampered. I think it copies whole memory or important part of memory and compare with existing.

- I don't have any experience in writing my own driver, that's why I resorted to paying for people to RE this anticheat.

 

Thanks all. Hoping for a positive response.

Posted

Are you talking about BattlEye?

That's the only AC i have heard of which is packed with vmp. And yes, it got a r0 driver.

 

However, if it's filtering OpenProcess and similar calls, it probably created a handle creation callback with ObRegisterCallbacks. You can easily iterate the callback list, and unlink the callback, or link it to your own driver and only let your own programs pass.

 

What memory do you want to modify?

Code section or data section?

Some ACs tend to steal your data, so i'd highly recommend using a vm. 

 

I can highly recommend you getting into kernel driver programming, it can be really helpful :)

Posted (edited)

The first thing that comes to my mind is SG from lineage?
Did i guess it? :)

Anyways, would be great to give us a link to the thing

Edited by Pancake
Posted
On 5/10/2016 at 3:04 PM, A200K said:

What memory do you want to modify?

Code section or data section?

It's not BattleEye. It's a custom anticheat. I want to modify the code section.

 

On 5/11/2016 at 9:10 PM, Pancake said:

The first thing that comes to my mind is SG from lineage?
Did i guess it? :)

Anyways, would be great to give us a link to the thing

Nope. And about giving the link, I want to give it to the person who will do the job..because I don't want to alarm the anti-cheat about this.

 

BTW:

I saw some people bypass the anticheat by suspending the thread of it. But I tried it and the game is auto closing itself.

Posted

Just paste the name or link. Do you seriously expect someone to PM you, ask for details because we got nothing better to do?

Posted
1 hour ago, Pancake said:

Just paste the name or link. Do you seriously expect someone to PM you, ask for details because we got nothing better to do?

I think as the client I have the rights about the details of the job, right?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...