Bypassing Hackshield...

05/06/2014 19:05 BalBlaBlub6#1
I want to play Kal-Private Server on linux using WINE. The thing is, while Kal would most likely run fine, the hackshield doesn't. Because it doesn't like WINE or something. So the solution is to bypass the hackshield. My idea was to simply NOP out the load library calls, and then see what happens. Like, if it uses a heartbeat to detect a disabled hackshield. But the engine will notice that ollydbg is running, using a division by 0 and/or call to ud2. Not entirely sure how that works, yet, since I am fairly new to all this.

Everthing else I know:
PEiD output for engine.exe: Microsoft Visual C++ 7.0
client.dll was packed with Enigma Protector

Also, I think Client.dll does some of the hackshield loading, because on WINE, it gives me the error.

So my question is, how to proceed?
This is my first attempt at doing something like this, so please be gentle. Also first time using ollydbg. I know a fair amount of c and assambly. Also java, but that is irrelevant regarding this issue ^.^

Antworten gehen auch in Deutsch ;)
05/07/2014 16:53 meak1#2
Kal Private Server hackshield dont using any Heartbeat protocole i guess, idk
so yes u could nop it.

-> bypass means, killing <> bypass (block some Calls where he find your WINE)
some other software exist from WINE ? maybe some other software is not detected..
05/07/2014 21:56 BalBlaBlub6#3
Well, the problem is, how do I proceed if Kal detects my debugger, before any of the libraries are loaded and then quits. I have found various addons, from which only one showed some results. It was a pluging to work around the zwQueryInformationProcess. But the result was an access violation and a stack overflow. So not too helpful xD
05/08/2014 14:44 meak1#4
u need undetected olly(; or u need to attach it when Hackshield Logo Pop Up, between engine start and Hackshield PopUp - when Hackshield initiate

No similar programm exist like 'WINE'?
05/09/2014 21:18 BalBlaBlub6#5
I'll try that and post results. While there are alternatives to WINE, WINE is by far the simplest solution. Running it in a virtual machine is not an option, since I only have Oracle Virtual Box on our University Computers, and it does not support directx.
Cross Over Linux is similar to WINE, but not free -> not available in University.
Can't think of much other good solutions. Also, trying to bypass it is fun xD