9Dragons Hackshield/GG Bypass for BOT

04/26/2022 11:09 Prizzle#1
Hey all,

I started messing around with developing a simple bot for 9Dragons.

Im using Java and robots api. (I know other languages matching better but this is my favourite :D )

My problem is Hackshield/GameGuard is blocking any input to the game. My testRobot works fine on private servers.
What I found out after some research:

Code:
Assuming you are on a Windows machine, the call to java.awt.Robot calls are redirected to sun.awt.windows.WRobotPeer, which in turn calls native code in awt_Robot.cpp. You can check the source code of the awt_Robot.cpp here : http://www.koders.com/cpp/fidFFE004659A9CAB3DA2B3302C457E624AF6F3EEDF.aspx?s=GetDIBits#L232

Here you can see that the mouse events are realized with win32 call mouse_event(...) (defined in winuser.h)

So your Robot mouse click calls are limited by the limitations of mouse_event(...).

Then a little googling on this, reveals that some games have some sort of macro protection mechanism. They ignore mouse_event(...) routed methods and talk directly with the driver. Hackshield, for instance, provides such protection mechanisms to a number of games. So this is the reason why some games do not receive your Robot mouse clicks.

Anyone ever put effort and time into this and found a way to bypass this ?


Greetz,
Prizzle
04/26/2022 12:58 Adek#2
Quote:
Originally Posted by Prizzle View Post
Hey all,

I started messing around with developing a simple bot for 9Dragons.

Im using Java and robots api. (I know other languages matching better but this is my favourite :D )

My problem is Hackshield/GameGuard is blocking any input to the game. My testRobot works fine on private servers.
What I found out after some research:

Code:
Assuming you are on a Windows machine, the call to java.awt.Robot calls are redirected to sun.awt.windows.WRobotPeer, which in turn calls native code in awt_Robot.cpp. You can check the source code of the awt_Robot.cpp here : http://www.koders.com/cpp/fidFFE004659A9CAB3DA2B3302C457E624AF6F3EEDF.aspx?s=GetDIBits#L232

Here you can see that the mouse events are realized with win32 call mouse_event(...) (defined in winuser.h)

So your Robot mouse click calls are limited by the limitations of mouse_event(...).

Then a little googling on this, reveals that some games have some sort of macro protection mechanism. They ignore mouse_event(...) routed methods and talk directly with the driver. Hackshield, for instance, provides such protection mechanisms to a number of games. So this is the reason why some games do not receive your Robot mouse clicks.

Anyone ever put effort and time into this and found a way to bypass this ?


Greetz,
Prizzle
I doubt that's the answer you look for, but don't bother with automating stuff that way. Fuck keyboard inputs, fuck mouse inputs, get some help into RE and make your character move by using in-game functions. Set your skills with in-game functions. Attack the same way. Or use packets. That's probably the easiest way to deal with it. But then, I can't really recommend Java, to be honest. Either C++ or C# with unsafe context is the way to go for me.

Or write a driver that simulates a keyboard. Or read about ring0 things, but that's an overkill in this case.

tl;dr: using keyboard/mouse inputs is limited, easily detected, and annoying to deal with.

PS. It works on privs, because most of them stripped the GG layer from the game. IIRC they always hooked these functions.
04/26/2022 20:28 Prizzle#3
Quote:
Originally Posted by adek1994 View Post
I doubt that's the answer you look for, but don't bother with automating stuff that way. Fuck keyboard inputs, fuck mouse inputs, get some help into RE and make your character move by using in-game functions. Set your skills with in-game functions. Attack the same way. Or use packets. That's probably the easiest way to deal with it. But then, I can't really recommend Java, to be honest. Either C++ or C# with unsafe context is the way to go for me.

Or write a driver that simulates a keyboard. Or read about ring0 things, but that's an overkill in this case.

tl;dr: using keyboard/mouse inputs is limited, easily detected, and annoying to deal with.

PS. It works on privs, because most of them stripped the GG layer from the game. IIRC they always hooked these functions.
Thhanks for your input!

Im gonna research more on this topic and will go for the RE / by using in-game functions / PE.
Basically this is the way we did it on MapleStory like 15/20 years ago and it is still the way it works, crazy.

Interesting video from Defcon:
Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits



Greetz,
Prizzle
04/26/2022 22:04 Adek#4
Quote:
Originally Posted by Prizzle View Post
Thhanks for your input!

Im gonna research more on this topic and will go for the RE / by using in-game functions / PE.
Basically this is the way we did it on MapleStory like 15/20 years ago and it is still the way it works, crazy.

Interesting video from Defcon:
Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits
[Only registered and activated users can see links. Click Here To Register...]



Greetz,
Prizzle
Of course, these methods will work as long as the architecture won't change. You can't really prevent it 100%.

Also I watched this video, that's a great one.