Go Back   Hags-club forums Main News

Notices

Closed Thread
 
Thread Tools Display Modes
Old 10-24-2012, 11:44 AM   #31 (permalink)
nubcake.net
 
Hagzor's Avatar
Join Date: Dec 2011
Posts: 12,228
Thanks: 956
Thanked 2,073 Times in 1,483 Posts
Hagzor is a jewel in the roughHagzor is a jewel in the roughHagzor is a jewel in the rough

Default

Will see, what anti cheat they will show us
Hags-Club socials:

Facebook | Twitter | Google+| Вконтакте

Follow!11
All news and cookies!
Hagzor is offline
Old 10-24-2012, 11:57 AM   #32 (permalink)
Junior Member
Join Date: Oct 2012
Posts: 29
Thanks: 0
Thanked 1 Time in 1 Post
MrTiger is an unknown quantity at this point

Default

Quote:
Originally Posted by Atmosk View Post
Ok detections can only happen in 2 ways:

1.) Detect signature strings/injection points
2.) Detect modified memory

PB has an onupdate routine that changes the region it looks at randomly at different times. Guess what? You can hook that and essentially prevent it from doing anything.

Problem is that it changes all the time so you can't predict when it'll change.

BUT: Dogmatt has this driver protection shits and I have no idea what it does or how it works, but it's supposed to be the best.

Whatever man, worry about detections, I'll be out there raping face with my hags, thanks to eld and nubleng.
Mother of god. I love it when someone that has no idea talks just to talk.

If you honestly think those two are the only ways of discovering a hack I'm really wasting my breath and time.

I did it as a favor, pointing out easy fixes and weaknesses. If you want to be an ostrich with yer head stuck in the ground go ahead.

Taking things out of context and replying with nonsensical bullshit is just the a-typical annoying kissass retard.

First of all - PunkBuster is not a threat, unless yer retarded. Ways of bypassing the debugging func, ss func and kick func and even replacing the GID are widely available.

However, detecting this hack is easy. Want to know how? Sure I'll let you know as a proof of concept.

First of all the config writes to a certain mapfolder, not hard to check or see the writing happen or monitor for it.

Theirs a full load of files that remain on the computer how hard is it to check the MD5/hash/CRC32-signature? Not hard at all.

Monitor which engine functions are being called - profit.

It runs in ring3 - very easy to detect.

I checked around the driverprotection, not to tamper just to see what I could get from it without triggering anything - it's not rootkit level. Which basically makes it null and void.

Theirs a whole more to detecting hacks then

"
1.) Detect signature strings/injection points
2.) Detect modified memory
"

Scrub.
MrTiger is offline
Old 10-24-2012, 12:17 PM   #33 (permalink)
nubcake.net
 
Hagzor's Avatar
Join Date: Dec 2011
Posts: 12,228
Thanks: 956
Thanked 2,073 Times in 1,483 Posts
Hagzor is a jewel in the roughHagzor is a jewel in the roughHagzor is a jewel in the rough

Default

http://www.reddit.com/r/Planetside/c...ady_available/

Let the hate begin
Hags-Club socials:

Facebook | Twitter | Google+| Вконтакте

Follow!11
All news and cookies!
Hagzor is offline
Old 10-24-2012, 12:43 PM   #34 (permalink)
nubleng
 
dogmatt's Avatar
Join Date: Dec 2011
Posts: 3,479
Thanks: 40
Thanked 1,287 Times in 557 Posts
dogmatt has disabled reputation

Default

public hl2hook was vac proof for 2 years (after that i just become bored & removed security)
royalhack still vac proof since 2005
bfbc2/bf3/apb hag still pb proof since release
and ~10 years ago shit to avoid cheating-death was made, it was named "deep hookenz", still alive

probably soe have no chance with their omgdetection team
spectating GMs ftw ofc, but how many GMs they have?

Click the image to open in full size.
dogmatt is offline
Old 10-24-2012, 12:56 PM   #35 (permalink)
nubleng
 
dogmatt's Avatar
Join Date: Dec 2011
Posts: 3,479
Thanks: 40
Thanked 1,287 Times in 557 Posts
dogmatt has disabled reputation

Default

Quote:
Originally Posted by Eldaen View Post
Quote:
I am not really convinced to be honest. The video "jumps" on several occasions so to me this looks like a bad video-shop. Example 1: At 0:28 the video is fast forwarded by about 1 second to make it appear like he has super fast aim - the "unsprint - aim" animation is faster than normal. Example 2 - 1:05 it skips frames when he shoots the second guy. This sort of tries to "prove" the aimbot, however everything else jumps as well, meaning what really happened was the player aimed at the head of the second soldier and this 1-2 seconds was cut out of the video to make it look "unreal".

Right now it looks really fishy, seems more like a scam to me and not an actual aimbot.

/e That's not to say somebody shouldn't look into this. The poor editing skills (Skype popup in the background) could also be the reasons.
y u no aim while u aim?
dogmatt is offline
The Following User Says Thank You to dogmatt For This Useful Post:
UnstucK (10-25-2012)
Old 10-24-2012, 01:01 PM   #36 (permalink)
Junior Member
Join Date: Oct 2012
Posts: 29
Thanks: 0
Thanked 1 Time in 1 Post
MrTiger is an unknown quantity at this point

Default

Quote:
Originally Posted by dogmatt View Post
public hl2hook was vac proof for 2 years (after that i just become bored & removed security)
royalhack still vac proof since 2005
bfbc2/bf3/apb hag still pb proof since release
and ~10 years ago shit to avoid cheating-death was made, it was named "deep hookenz", still alive

probably soe have no chance with their omgdetection team
spectating GMs ftw ofc, but how many GMs they have?
VAC has been shit since day one and CD was just write to avoid the engine call check.

I would imagine instead of getting defensive and taking suggestions that points out flaws and weaknesses that easily can be exploited I'd take it with open arms. Instead of living on "glory" of making a hack VAC/CD proof. Better to improve then risk anything. But I guess thats the difference between these communities. The ones I've frequented demand highest security - due to prizemoney, leagueplay and scrutinizing anticheats.
MrTiger is offline
Old 10-24-2012, 01:03 PM   #37 (permalink)
nubleng
 
dogmatt's Avatar
Join Date: Dec 2011
Posts: 3,479
Thanks: 40
Thanked 1,287 Times in 557 Posts
dogmatt has disabled reputation

Default

will never release league hacks
dogmatt is offline
Old 10-24-2012, 01:17 PM   #38 (permalink)
Junior Member
Join Date: Oct 2012
Posts: 29
Thanks: 0
Thanked 1 Time in 1 Post
MrTiger is an unknown quantity at this point

Default

Quote:
Originally Posted by dogmatt View Post
will never release league hacks
and where did I say you would or even raise that question?

I drew the comparison that the places I've been involved with have another standard for security.

If you want to keep the hack as-is. Go ahead. Don't take my suggestions seriously - it's up to you. I came with the suggestions as an act of good faith and as a friendly tip. But clearly it was a mistake on my behalf. I'm sure the driverprotection and easy PB work-arounds will keep this hack safe for years to come.
MrTiger is offline
Old 10-24-2012, 02:08 PM   #39 (permalink)
nubleng
 
dogmatt's Avatar
Join Date: Dec 2011
Posts: 3,479
Thanks: 40
Thanked 1,287 Times in 557 Posts
dogmatt has disabled reputation

Default

ofc it will x)
atm current hag engine is most protected shit ever made

but main problem still spectators, so why the fcuk i need to analyze alien anticheats if peeps will be banned by GMs, not by software
dogmatt is offline
Old 10-24-2012, 02:21 PM   #40 (permalink)
Junior Member
Join Date: Oct 2012
Posts: 29
Thanks: 0
Thanked 1 Time in 1 Post
MrTiger is an unknown quantity at this point

Default

Quote:
Originally Posted by dogmatt View Post
ofc it will x)
atm current hag engine is most protected shit ever made

but main problem still spectators, so why the fcuk i need to analyze alien anticheats if peeps will be banned by GMs, not by software
Most protected shit ever made..... Really?

Never said you need to analyze any anticheat, I simply said easy ways of detecting the current cheat that you have made. Which kind of shows it is not the most "protected shit ever made".

Anything is just as strong as it's weakest link. It is easy as hell to look for CRC32/MD5/HASH-signatures and mark a person as a user of the hack or not.

Oh yeah, so you block GetBlt and see when it's pushing for the function.. So yeah - if they add GetPixel yer just as far. Banwave.

But yeah - sure. Most protected shit ever made. Good to see that you can take constructive critique.
MrTiger is offline
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off