Wolfteam Bypass

10/19/2016 01:22 Bulljason#1
Hat jemand vielleicht ein Bypass für Wolfteam oder direct ein Hack ?:)
10/20/2016 21:30 DrunkenHamsta#2
If you found bypass public, it will be patched as fast.

Make your own bypass, it's better. ;)
10/20/2016 22:09 'iksde#3
Easily said if you've never done it and don't know how to do it.
10/20/2016 22:14 DrunkenHamsta#4
As for everything. You need to learn about Xigncode, c++ ect. Like when you don't know how to find a addys, you learn and after learning, you know how to find addys with a memory scanner.
10/20/2016 22:36 'iksde#5
In my view learning how to use CE e.g. for pointer scanning is also for newbies to this topic feasible.
But I think for bypassing (good) anti cheat systems, it's a longer way.

Since the change from apex (new bypass methods were coming out fast if I remember correctly and GameGuard was the easiest thing) to xigncode and the significance of cshell I've lost sight for wolfteam game hacking because I stopped myself playing it.

From what I see today, is that xigncode seems to be a hard one.
GZN is offline (sadly and it seems that b6ooy never wants to reopen it) and I don't really find many information about it. I'm not talking about C&P code, but at the older times there were more interesting things about that released.

I've never done anything with bypassing and have only used finished releases and done my memory scanning and coding in vc++ at myself, so yea - for somebody who doesn't know much about that topic it seems to be hard.
And I think one problem to learn it is how I mentioned the less becoming information and harder tasks like bypassing xigncode (and as a logical consequence, not everybody wants to release their findings).
If you've got some tipps on how to start on it - and yea, no C&P shit but just something/specific topics related to it - to start on, I would look forward if you can tell me/us about it.
10/21/2016 00:26 M4L1F1C#6
Quote:
Originally Posted by 'iksde View Post
In my view learning how to use CE e.g. for pointer scanning is also for newbies to this topic feasible.
But I think for bypassing (good) anti cheat systems, it's a longer way.

Since the change from apex (new bypass methods were coming out fast if I remember correctly and GameGuard was the easiest thing) to xigncode and the significance of cshell I've lost sight for wolfteam game hacking because I stopped myself playing it.

From what I see today, is that xigncode seems to be a hard one.
GZN is offline (sadly and it seems that b6ooy never wants to reopen it) and I don't really find many information about it. I'm not talking about C&P code, but at the older times there were more interesting things about that released.

I've never done anything with bypassing and have only used finished releases and done my memory scanning and coding in vc++ at myself, so yea - for somebody who doesn't know much about that topic it seems to be hard.
And I think one problem to learn it is how I mentioned the less becoming information and harder tasks like bypassing xigncode (and as a logical consequence, not everybody wants to release their findings).
If you've got some tipps on how to start on it - and yea, no C&P shit but just something/specific topics related to it - to start on, I would look forward if you can tell me/us about it.
Option 1.
If you want to make CE undetected without touching XignCode, your only option is to grab the CE source from [Only registered and activated users can see links. Click Here To Register...] and modify it ALLOT, for instance they detect the layout of CE, change it, they detect Window name, process name and allot more.

Option 2.
If you simply want to prevent them from minimizing CE window, all you have to do is hook 'ShowWindow' in user32.dll and if param 1 (HWND) is CE's HWND you simply return TRUE; However after a few minutes (if not instantly) you will still get kicked since you triggered their detection.

Option 3.
This is what I call the 'Half-Bypass' as it's not a full one.
Follow steps in Option 1, now if it's undetected you'll notice you can't view the process at all. Well, this is because of their driver, it's fairly easy to bypass this limitation.
For this we need to hook 'StartService' in their x3.xem, getting the StartService address, is not the easy part, since they use Themida which relocates the IAT and thus StartService.
Best way to grab it is when you see the XignCode loading screen on the right is to pause the process and open CE and then Memory Viewer and CTRL+G and type in StartService, if nothing happens, resume the process for about 2 seconds then pause it again and you now should get the StartService address in CE. Grab it, hook it there and return TRUE; We don't need to check the handle here because only xigncode uses this and we don't want their drivers running.
That's it, you can now hack for a (un)limited amount of time (depending if they check their driver)

Option 4.
Use your own internal memory scanner.
This is what I do.

Hope I helped :)
10/21/2016 00:45 Ⓜiku Ⓗatsune#7
Sempai, how to Bypass multiclient detection?
10/21/2016 00:56 M4L1F1C#8
Quote:
Originally Posted by Ⓜiku Ⓗatsune View Post
Sempai, how to Bypass multiclient detection?
Easy, first we need to understand HOW they detect it.
From my time reversing them they use 'CreateMutex'

An example of CreateMutex;
Code:
auto h_Mutex = CreateMutexA(NULL, TRUE, "YOUR_MUTEX_NAME");
	if (GetLastError() == ERROR_ALREADY_EXISTS)
		cout << "MULTI CLIENT DETECTED!" << endl;
This example means, once the first application starts it creates the mutex: YOUR_MUTEX_NAME, now if you start the application again whilst the first one is running and it calls CreateMutex again it will prompt error ERROR_ALREADY_EXISTS, because it tries to create the mutex again, but it already exists. (LIVE EXAMPLE: [Only registered and activated users can see links. Click Here To Register...])

Now to answer your question, there are 2 ways to bypass this.
Either find where it checks the ERROR_ALREADY_EXISTS and simply JMP the check OR find the address that contains the mutex name and simply generate something unique for each instance of the game :)
10/21/2016 01:15 Ⓜiku Ⓗatsune#9
Yeah but xigncode gives a detection If you Bypass the Mutex check of the gameclient I Mean or im wrong?
Also an Idea how bypass the VPN Detection. Bypass the Country Check?
Do I Need a Full Bypass for it?
10/21/2016 01:22 M4L1F1C#10
Quote:
Originally Posted by Ⓜiku Ⓗatsune View Post
Yeah but xigncode gives a detection If you Bypass the Mutex check of the gameclient I Mean or im wrong?
Also an Idea how bypass the VPN Detection. Bypass the Country Check?
Do I Need a Full Bypass for it?

No, you should be fine :)
This XC version is the cheapest XC version, all this version does from the list u posted:
1. Detect DLL injection
2. Check game client hash
3. Reject game process memory accessing
4. Reject game process handle accessing
5. Reject game process message transmission
6. Reject game process keyboard/mouse input transmission
7. Reject game window GDI accessing
8. Reject debug interrupt handler modification
9. Reject calling kernel function directly
10. Reject stealth process/module/driver
11. Reject kernel/user mode debugging
12. Detect executed on virtual environment
(13. They detect my site name if it's open in your browser)

And that's it
10/21/2016 01:40 Ⓜiku Ⓗatsune#11
Thanks for the in deep Information you provides.
We Need more Guys like you on epvp.