[Release] Unpacked XignCode Files

HellSpider · 11/13/2010, 15:15

Hi.

I've unpacked the XignCode anti-cheat files in order to understand better how the anti-cheat works. These files wont work in runtime (because of the security certificate and stripped VirtualMachines), so you can't substitute the original files with these

.

Note! This is not a XignCode bypass! These files are just for analyzing purposes!

List of files:

Code:

splash.xem		--> splash.bmp		--> XIGNCODE Splash Bitmap
tray.xem		--> tray.ico		--> XIGNCODE Tray Icon
x3.xem			--> x3.dll		--> XIGNCODE System
xm.exe			--> xm.exe		--> XIGNCODE Message Printer
xmag.xem		--> xmag.xem		--> XIGNCODE File Archive
xsg.xem			--> xsg.dll		--> XIGNCODE System Guard
xxd.xem			--> xxd.dll		--> XIGNCODE WatchDog Process

The file x3.dll was protected by Themida (one of the newest versions), and it had a part of its code virtualized. As I am not able to devirtualize Themida VMs I have stripped it from the file.

This thread is supposed to be a research thread of XignCode. If you have made some research you can post it in this thread and I will add it to the main post (with your approval of course)

.

Loading of x3.xem:

Spoiler

XignCode packet structure:

Spoiler

XignCode kernel-mode hooks:

Spoiler

-Update Log-

~13.11.2010~

+ Initial release (XIGNCODE 3.1)

~19.01.2011~

+ Detailed file information
+ Basic packet structure

Archive password (without spaces):

Code:

w w w . e l i t e p v p e r s . d e

iamlegend93 · 11/13/2010, 15:18

I willl have a check on that.

4the · 11/13/2010, 15:42

Thanks for sharing
Good stuff.

1tamer1 · 11/13/2010, 17:43

so i can hack with that

?

elfulll · 11/13/2010, 18:24

so hell what we do with that ? cant make bypass xign from his files ?

Redis · 11/13/2010, 21:05

Quote:

Originally Posted by HellSpider

Note! This is not a XignCode bypass! These files are just for analyzing purposes!

This thread is supposed to be a research thread of XignCode. If you have made some research you can post it in this thread and I will add it to the main post (with your approval of course) .

No you CANNOT hack with that...
Read what is written, don't just cry all day "omg i want hacks"

~~EliteDKTrader~~ · 11/13/2010, 22:19

Tnx Instant. I'm going to look into it later.

lord17 · 11/14/2010, 06:05

well i hope bypass will be created soon

Apocalisse · 11/14/2010, 10:03

Thank you, i'm gonna check this out

GooniGooGoo · 11/14/2010, 11:33

Cheers

1tamer1 · 11/15/2010, 12:37

hey man i wanna ask what we can do with this?
what help us with?

HellSpider · 11/15/2010, 19:26

I added some base info of loadup regarding x3.xem in a spoiler tag in the first post

.

huquinho · 11/16/2010, 17:09

Celebrities I was tinkering with Charles Proxy, was playing Dekaron and seen it this, I thought I can help in any way concerned
bypass.

HellSpider · 11/16/2010, 19:16

Quote:

Originally Posted by huquinho

Celebrities I was tinkering with Charles Proxy, was playing Dekaron and seen it this, I thought I can help in any way concerned
bypass.

Quite interesting, didn't know that there was whole directories of XignCode stuff on the same domain with the Dekaron updates

.

ChinkyTinky · 11/25/2010, 16:04

i think this just became really really interesting

hey xigncode uses this to load/dl xxd.xem