UnKnoWnCheaTs - Multiplayer Game Hacking and Cheats - Anti-Cheat Bypass http://www.uc-forum.com/forum/ Discuss how to go undetected against anti-cheating software.Anti-Cheat Bypassing Tutorials en Fri, 10 Sep 2010 17:50:42 GMT vBulletin 180 http://www.uc-forum.com/forum/ambience/misc/rss.jpg UnKnoWnCheaTs - Multiplayer Game Hacking and Cheats - Anti-Cheat Bypass http://www.uc-forum.com/forum/ MD5 Scan/Cypt/Init http://www.uc-forum.com/forum/anti-cheat-bypass/65073-md5-scan-cypt-init.html Fri, 27 Aug 2010 12:56:38 GMT Hi guys, cyberdwak posted these offsets for PB (yes they still work): ---Quote--- MD5_Scan: dwPbclBase + 0x11D0 MD5Init: MD5_Scan - 0x44 MD5Crypt: MD5_Scan + 0x1B9 ---End Quote--- This... Hi guys, cyberdwak posted these offsets for PB (yes they still work):

Quote:
MD5_Scan: dwPbclBase + 0x11D0
MD5Init: MD5_Scan - 0x44
MD5Crypt: MD5_Scan + 0x1B9
This is what i have found in IDA (In order):


Code:
int __cdecl sub_4011D0(SOCKET s, u_short hostshort, const char *cp)
bool __cdecl sub_40122B(SOCKET s)
Didn't find the third one yet though.
Anyways, whenever i try to hook the MD5Scan / MD5Init, i keep crashing. Is there a way to hook it succesfully and then alter the socket / strings etc?

Thanks!

P.S. There seems to be MD5 Update at 0x21D0, but the strings are encrypted i think, all it outputs is your GUID with a load of crap right after it .. ]]> Anti-Cheat Bypass JackODoo http://www.uc-forum.com/forum/anti-cheat-bypass/65073-md5-scan-cypt-init.html <![CDATA[[Information] pbcl.dll / PnkBstrB.exe]]> http://www.uc-forum.com/forum/anti-cheat-bypass/64967-pbcl-dll-pnkbstrb-exe.html Sun, 22 Aug 2010 02:57:08 GMT Here is some information that can help some people bypass pb memory scans. NOTE: All Tested in CoD 4 PBCL.dll Information: 0x40D0B2-memory scans/d3d scans Some basic scans passed through... Here is some information that can help some people bypass pb memory scans.

NOTE: All Tested in CoD 4

PBCL.dll Information:

0x40D0B2-memory scans/d3d scans

Some basic scans passed through this function:

Code:
* \d3d9.dll 0C89D07C p c p 

1_8bff558bec8b451c8b4d188b5514508b 

\xfire_toucan_42654.dll \xfire_toucan_42654.dll 04455B 5E0 

c_b8309bbc30e8ec77000081ec98010000 

100000 100000
 
98D267A3BF34DF4976A6B2F909C2A1A0 

1000 ff000 

776C3835DB719C286ED218EDE43DC5A8 

200000 90fff 

BB617D99129F6559A165C47F9E796638 

* \Kernel32.dll 075009 p 

1_64a1180000008b4024c390909090903b

Guid Strings:

When replacing the strings pb will kick for pb auth unknown.

0x459574-holds guid strings and key strings


PNKBSTRB.exe Information:

I dont know why they havent encrypted this yet but all memory srings are found in PnkBstrB.exe in strlen:

0x412B70-memory scans


Anyways if replacing the strings in pbcl and pnkbstrb correctly it is very easy to bypass pb's memory checks :) I havent used this method in a long time but came across the scans when i was messing about with pb. ]]> Anti-Cheat Bypass sycore http://www.uc-forum.com/forum/anti-cheat-bypass/64967-pbcl-dll-pnkbstrb-exe.html Punkbuster bypassing http://www.uc-forum.com/forum/anti-cheat-bypass/64937-punkbuster-bypassing.html Fri, 20 Aug 2010 20:38:17 GMT Hi, Recently I became interested in reverse engineering and followed some tutorials and guides. I mainly use Battlefield 2 for experimenting. I got pretty far so far, managed to do things like... Hi,

Recently I became interested in reverse engineering and followed some tutorials and guides. I mainly use Battlefield 2 for experimenting. I got pretty far so far, managed to do things like nametags, minimap, fog on my own. I am also getting a good idea on how ollyDbg works, how memory works etc.

There is only one problem though: I want to make my hacks Punkbuster proof because I want to know how to defeat it's protection. I've googled a lot the past few days, but the results are poisoned with topics from 10 year old people interested in cheating and no decent questions being answered. Also the most topics are from 2004 - 2007

I would be really thankful if someone could point me in the right direction concerning on how to get your hacks undetected.

Things I've read a lot:

- Code caves don't work anymore because punkbuster scans whole bf2.exe and RendDX9.dll
- Punkbuster doesn't scan the DMAs so that's a way to get hacks working

Is it true that you can't use code caves anymore? And the problem is, some hacks can't be done with only DMAs..

Any methods that still work are welcome. Even if you don't want to explain, pointing me in the right direction is also apreciated :)

All help apreciated :knockedout: ]]> Anti-Cheat Bypass T0mz0r http://www.uc-forum.com/forum/anti-cheat-bypass/64937-punkbuster-bypassing.html <![CDATA[[Question] Need help! How to make old Soldierfront Hacks work again?]]> http://www.uc-forum.com/forum/anti-cheat-bypass/64931-need-help-make-old-soldierfront-hacks-work-again.html Fri, 20 Aug 2010 17:24:25 GMT Need help! How to make Detected Soldierfront Hacks undetected?

hi! i got a source code of stickleback's hack from other forum and manage to compile it with no errors and it works in lobby and in room but ingame it says something like "D3D8.dll error."

Is there a way to make it work again? i think its the hooking method,..


sorry for my English..
]]> Anti-Cheat Bypass trismund http://www.uc-forum.com/forum/anti-cheat-bypass/64931-need-help-make-old-soldierfront-hacks-work-again.html <![CDATA[[Undetected] Finally a private Modern Warfare 2 Hack with no subscription!]]> http://www.uc-forum.com/forum/anti-cheat-bypass/64920-finally-private-modern-warfare-2-hack-no-subscription.html Fri, 20 Aug 2010 06:08:08 GMT A buddy told me about this MW2 Hack | Facebook Its a facebook fan page where they will custom code you a private hack so you dont get detected, I've been using this hack all night and all i can say is WOW!

 Moderator note (SimPle01)  Link Removed
]]> Anti-Cheat Bypass solixa http://www.uc-forum.com/forum/anti-cheat-bypass/64920-finally-private-modern-warfare-2-hack-no-subscription.html <![CDATA[[Release] Darky BattleEye Bypass]]> http://www.uc-forum.com/forum/anti-cheat-bypass/64887-darky-battleeye-bypass.html Wed, 18 Aug 2010 20:56:28 GMT How-to-Use:

1- Open the folder Darky BattleEye Bypass and then edit the file Bypass-Options.ini.

Quote:
[Process Hider Options]
// CompareOption can be (0 = Partial Compare using FindString) or (1 = Full Compare)
CompareOption=0
proHide(1)=Cheat Engine
proHide(2)=TSearch

[Window Hider Options]
// CompareOption can be (0 = Partial Compare using FindString) or (1 = Full Compare)
CompareOption=0
winHide(1)=Cheat Engine 5.6
winHide(2)=TSearch

[Dll Hider Options]
// CompareOption can be (0 = Partial Compare using FindString) or (1 = Full Compare)
CompareOption=0
dllHide(1)=BEBypass
dllHide(2)=Kernel32
2- In this file you can edit or add the Process/Window/Dll Name to hide, before continuing take a carefull look at the file.

3- To add new Process to Hide you just need to add a line to the ini file, look:

Quote:
[Process Hider Options]
// CompareOption can be (0 = Partial Compare using FindString) or (1 = Full Compare)
CompareOption=0
proHide(1)=Cheat Engine
proHide(2)=TSearch
proHide(3)=ARMA Trainer XX
proHide(4)=My Process Name XXX
4- Dont forget to increase the number between the brackets.

5 - Start the game and use Winject or any other to inject the BEBypass.dll into the mygame.exe.

Tested on:
  • Windows 7 - 32bit
  • Arma 2 OA - 1.52 - Steam Version

Note: BEBypass.dll is packed.

Note: This can also bypass other anti-cheats.

Download: http://www.ucdownloads.com/downloads...o=file&id=5408 ]]> Anti-Cheat Bypass darky.hax http://www.uc-forum.com/forum/anti-cheat-bypass/64887-darky-battleeye-bypass.html <![CDATA[[Question] Stealth Injector Question.]]> http://www.uc-forum.com/forum/anti-cheat-bypass/64798-stealth-injector-question.html Sun, 15 Aug 2010 06:42:11 GMT I was just trying to utilize the stealth option of DrunkenCheetah's Stealth Injector to see if I could attach either freaim or another public aimbot I recently found online, when I was met with a slight problem. Everytime I would attempt to inject using the stealth settings, BFH would immediately crash, followed by a message telling me about memory location. I thought that it could possibly be related to the random injection location I had selected, so I turned off that setting, and yet when I tried to inject again, BFH crashed. I was wondering if it were something specifically with my download, so I tried injecting normally with the injector, but freaim injected fine. Could someone possibly shed ssome light as to why the stealth option causes BFH to crash? :thinking: ]]> Anti-Cheat Bypass jgpg http://www.uc-forum.com/forum/anti-cheat-bypass/64798-stealth-injector-question.html