Simple guid for avoiding Hackshield

05/21/2011 23:35 Hundkuk#1
I was looking through the forums when i found this.

[Only registered and activated users can see links. Click Here To Register...]


Should this be a solution for removing the hackshield permanently or temporary?

I haven't tried it out yet so maybe someone could tell me if he or she have tried it out :)
05/21/2011 23:50 pushedx#2
It's helpful to get around applications that have been blacklisted, but that's about it.

To completely avoid signature scanning identification, you'd need to use something like Themida and recompile your programs with their macros for VM and runtime Encryption. This way, when the code is in memory, it won't carry the same signature that HackShield is looking for, so it remains "undetected".

The biggest problem with most of anything else is, once the program has been unpacked in memory and are ran, it's as if you didn't have any protection on it in the first place, so that's why detection can still occur. This is also why most packets are pretty easy to get unpacked.

Either way though, Hackshield will still be running, so it needs to be emulated to permanently remove it. Then, you don't have to worry about any signature scanning. Alternatively, it might be possible to come up with enough patches to their code in memory (a bypass) so it never detects anything, but it'll still be running.
05/22/2011 00:16 DULAU#3
Quote:
Originally Posted by pushedx View Post
It's helpful to get around applications that have been blacklisted, but that's about it.

To completely avoid signature scanning identification, you'd need to use something like Themida and recompile your programs with their macros for VM and runtime Encryption. This way, when the code is in memory, it won't carry the same signature that HackShield is looking for, so it remains "undetected".

The biggest problem with most of anything else is, once the program has been unpacked in memory and are ran, it's as if you didn't have any protection on it in the first place, so that's why detection can still occur. This is also why most packets are pretty easy to get unpacked.

Either way though, Hackshield will still be running, so it needs to be emulated to permanently remove it. Then, you don't have to worry about any signature scanning. Alternatively, it might be possible to come up with enough patches to their code in memory (a bypass) so it never detects anything, but it'll still be running.
ok now in english ?xD
~alot of work~
btw arent you milkyway from old tsro?
05/22/2011 00:37 stefsika#4
Quote:
Originally Posted by pushedx View Post
It's helpful to get around applications that have been blacklisted, but that's about it.

To completely avoid signature scanning identification, you'd need to use something like Themida and recompile your programs with their macros for VM and runtime Encryption. This way, when the code is in memory, it won't carry the same signature that HackShield is looking for, so it remains "undetected".

The biggest problem with most of anything else is, once the program has been unpacked in memory and are ran, it's as if you didn't have any protection on it in the first place, so that's why detection can still occur. This is also why most packets are pretty easy to get unpacked.

Either way though, Hackshield will still be running, so it needs to be emulated to permanently remove it. Then, you don't have to worry about any signature scanning. Alternatively, it might be possible to come up with enough patches to their code in memory (a bypass) so it never detects anything, but it'll still be running.
damn :handsdown:
05/22/2011 01:15 Hundkuk#5
Quote:
Originally Posted by pushedx View Post
It's helpful to get around applications that have been blacklisted, but that's about it.

To completely avoid signature scanning identification, you'd need to use something like Themida and recompile your programs with their macros for VM and runtime Encryption. This way, when the code is in memory, it won't carry the same signature that HackShield is looking for, so it remains "undetected".

The biggest problem with most of anything else is, once the program has been unpacked in memory and are ran, it's as if you didn't have any protection on it in the first place, so that's why detection can still occur. This is also why most packets are pretty easy to get unpacked.

Either way though, Hackshield will still be running, so it needs to be emulated to permanently remove it. Then, you don't have to worry about any signature scanning. Alternatively, it might be possible to come up with enough patches to their code in memory (a bypass) so it never detects anything, but it'll still be running.
You seems to know this really good.
Would it be too much work for asking you to help us out with this ? :)

Removing the hackshield from elitesro
05/22/2011 02:17 Boat#6
Quote:
Originally Posted by pushedx View Post
It's helpful to get around applications that have been blacklisted, but that's about it.

To completely avoid signature scanning identification, you'd need to use something like Themida and recompile your programs with their macros for VM and runtime Encryption. This way, when the code is in memory, it won't carry the same signature that HackShield is looking for, so it remains "undetected".

The biggest problem with most of anything else is, once the program has been unpacked in memory and are ran, it's as if you didn't have any protection on it in the first place, so that's why detection can still occur. This is also why most packets are pretty easy to get unpacked.

Either way though, Hackshield will still be running, so it needs to be emulated to permanently remove it. Then, you don't have to worry about any signature scanning. Alternatively, it might be possible to come up with enough patches to their code in memory (a bypass) so it never detects anything, but it'll still be running.
You can still hide the code or virtualize it and you dont need emulation ;)