[Release] Unpacked XignCode Files

Page 1 of 6 1 23 Last »
11/13/2010 15:15 HellSpider#1
Hi.

I've unpacked the XignCode anti-cheat files in order to understand better how the anti-cheat works. These files wont work in runtime (because of the security certificate and stripped VirtualMachines), so you can't substitute the original files with these :).

Note! This is not a XignCode bypass! These files are just for analyzing purposes!


List of files:

Code:
splash.xem		--> splash.bmp		--> XIGNCODE Splash Bitmap
tray.xem		--> tray.ico		--> XIGNCODE Tray Icon
x3.xem			--> x3.dll		--> XIGNCODE System
xm.exe			--> xm.exe		--> XIGNCODE Message Printer
xmag.xem		--> xmag.xem		--> XIGNCODE File Archive
xsg.xem			--> xsg.dll		--> XIGNCODE System Guard
xxd.xem			--> xxd.dll		--> XIGNCODE WatchDog Process

The file x3.dll was protected by Themida (one of the newest versions), and it had a part of its code virtualized. As I am not able to devirtualize Themida VMs I have stripped it from the file.

This thread is supposed to be a research thread of XignCode. If you have made some research you can post it in this thread and I will add it to the main post (with your approval of course) :).


Loading of x3.xem:

XignCode packet structure:

XignCode kernel-mode hooks:





-Update Log-

~13.11.2010~

+ Initial release (XIGNCODE 3.1)

~19.01.2011~

+ Detailed file information
+ Basic packet structure


Archive password (without spaces):
Code:
w w w . e l i t e p v p e r s . d e
11/13/2010 15:18 iamlegend93#2
I willl have a check on that. :)
11/13/2010 15:42 4the#3
Thanks for sharing
Good stuff.
11/13/2010 17:43 1tamer1#4
so i can hack with that :D?
11/13/2010 18:24 elfulll#5
so hell what we do with that ? cant make bypass xign from his files ?
11/13/2010 21:05 Redis#6
Quote:
Originally Posted by HellSpider View Post
Note! This is not a XignCode bypass! These files are just for analyzing purposes!


This thread is supposed to be a research thread of XignCode. If you have made some research you can post it in this thread and I will add it to the main post (with your approval of course) :).
No you CANNOT hack with that...
Read what is written, don't just cry all day "omg i want hacks"
11/13/2010 22:19 EliteDKTrader#7
Tnx Instant. I'm going to look into it later.
11/14/2010 06:05 lord17#8
well i hope bypass will be created soon :)
11/14/2010 10:03 Apocalisse#9
Thank you, i'm gonna check this out :)
11/14/2010 11:33 GooniGooGoo#10
Cheers
11/15/2010 12:37 1tamer1#11
hey man i wanna ask what we can do with this?
what help us with?
11/15/2010 19:26 HellSpider#12
I added some base info of loadup regarding x3.xem in a spoiler tag in the first post :).
11/16/2010 17:09 huquinho#13
Celebrities I was tinkering with Charles Proxy, was playing Dekaron and seen it this, I thought I can help in any way concerned
bypass.

[Only registered and activated users can see links. Click Here To Register...]
11/16/2010 19:16 HellSpider#14
Quote:
Originally Posted by huquinho View Post
Celebrities I was tinkering with Charles Proxy, was playing Dekaron and seen it this, I thought I can help in any way concerned
bypass.
Quite interesting, didn't know that there was whole directories of XignCode stuff on the same domain with the Dekaron updates :).
11/25/2010 16:04 ChinkyTinky#15
i think this just became really really interesting


hey xigncode uses this to load/dl xxd.xem


[Only registered and activated users can see links. Click Here To Register...]
Page 1 of 6 1 23 Last »