About banwaves.

Daiisama · 09/20/2012, 08:12

It's been stated like 6 times that it logs ANY injection, not just the ones listed in the enc. Renaming isn't going to do ****. Please reread the opening post of this thread.

кev · 09/20/2012, 09:13

Quote:

Originally Posted by Daiisama

It's been stated like 6 times that it logs ANY injection, not just the ones listed in the enc. Renaming isn't going to do shit. What's in the ENC is just a compilation of dlls, everyone who gets banned using w/e dll regardless of if it's one you made yourself, will likely get added to that file at a later date. Please reread the opening post of the thread. Someone is going to just have to break the send function or alternately, send false reports that all is well, which would mean breaking the injection detection. Likely, someone will first make one that doesn't send the report at all, then Cabal will make it so one has to be sent, at which point someone will make the second. The first one, you guys might have hacks again pretty soon, but eventually it'll get patched then the public hacking scene for cabal is going to be dead, aside from 5 minute bypasses. Eventually, someone will make a full bypass for GG, and enable the other method for getting around it. Thus solving the problem for the private hacking community. So at some point, the public hacking scene will be screwed.

CabalPocalypse 2013!

I could be wrong too. I'm pretty new to Cabal.

GG has nothing to do with this, the reason why ESTsoft went with this crap approach is because GG itself doesn't cut it since it doesn't have any of the finer feats of the modern anticheats. It just basically relies on it's aggressive hooking and prevention of monkeypatching. It does a decent job protecting the executable while it's running but it's all in vain since there's a small window to do whatever you wish with the the game before the GG boots up.

All in all, this is a really half-assed solution and it doesn't require much effort to get under the radar again. I won't go public with it though since the recent releases are the very reason why we are in this point in the first place but I'm pretty confident there's at least few other people on this forum who can think of multitude of ways to get past this.

xHitmanReborn · 09/20/2012, 09:26

well if you are using cheat don't expect that your account don't get banned there goes the saying "use it on youre own risk"

and i think the solution for you so you don't get banned is account transfer cause when they release before the list of the user of DP hack that get banned i transfer my account cause im on the list then im free as a bird

PoiSonTouch · 09/20/2012, 11:58

i already know this coz one of my account ban, one thing i know not to ban is when your game client autoclosed 2 times using with cheat , check your Gameguard folder if you see there's is zip/rar files of gameguard including date (ex. gameguard9-20-12.rar) DELETE it, or else you will ban within a certain days.... good luck..... hope it help....

~~drax189~~ · 09/20/2012, 14:18

deleting that rar 100% helps?

testtestOO1 · 09/20/2012, 15:28

Quote:

Originally Posted by PoiSonTouch

i already know this coz one of my account ban, one thing i know not to ban is when your game client autoclosed 2 times using with cheat , check your Gameguard folder if you see there's is zip/rar files of gameguard including date (ex. gameguard9-20-12.rar) DELETE it, or else you will ban within a certain days.... good luck..... hope it help....

i xtractd it b4 i delete d ncriptd folder & found .erl files, 1st time to do this... iv been using hacks for quite sometime & all accounts still kicking as of now...

(off topic?) could anyone teach how to decode *.erl files, i want to learn more about these GG files... tnx.

feliz009 · 09/20/2012, 19:32

Quote:

Originally Posted by testtestOO1

i xtractd it b4 i delete d ncriptd folder & found .erl files, 1st time to do this... iv been using hacks for quite sometime & all accounts still kicking as of now...

(off topic?) could anyone teach how to decode *.erl files, i want to learn more about these GG files... tnx.

this could help.. its not easy to reverse something .... Reverse engineering - Wikipedia, the free encyclopedia

Daiisama · 09/20/2012, 19:46

Quote:

Originally Posted by кev

GG has nothing to do with this, the reason why ESTsoft went with this **** approach is because GG itself doesn't cut it since it doesn't have any of the finer feats of the modern anticheats. It just basically relies on it's aggressive hooking and prevention of monkeypatching. It does a decent job protecting the executable while it's running but it's all in vain since there's a small window to do whatever you wish with the the game before the GG boots up.

All in all, this is a really half-assed solution and it doesn't require much effort to get under the radar again. I won't go public with it though since the recent releases are the very reason why we are in this point in the first place but I'm pretty confident there's at least few other people on this forum who can think of multitude of ways to get past this.

Ah. I didn't know about the small window.

кev · 09/20/2012, 21:23

Quote:

Originally Posted by testtestOO1

(off topic?) could anyone teach how to decode *.erl files, i want to learn more about these GG files... tnx.

I don't think there's a public tool for decrypting the erls, at least not one that I know of. And reverse engineering GG is a pretty tedious task; Themida is a ***** to work with and the important parts of GG are neatly protected in one way or another (heavily obfuscated, virtualized, etc).

No offense but it's not a task for you unless you've got extensive RE background.

feliz009 · 09/20/2012, 21:51

Quote:

Originally Posted by PoiSonTouch

i already know this coz one of my account ban, one thing i know not to ban is when your game client autoclosed 2 times using with cheat , check your Gameguard folder if you see there's is zip/rar files of gameguard including date (ex. gameguard9-20-12.rar) DELETE it, or else you will ban within a certain days.... good luck..... hope it help....

why dont i have any zip or rar file in mine? and still got banned

WinXP sp3 cabal EU

inssider · 09/20/2012, 22:35

From what I've read so far, I understand that renaming dll is not a solution.
This makes me think that,they can detect every injected dll and take a hash of it,comparing that hash with the blacklisted dlls hash.
if there is a match....
Even if it were so, I am sure it is a way to solve this.

Investigation in progress...

joxof · 09/21/2012, 00:00

1. maybe cabalmain scans all injected .dll's (to take a hash of it) and sends log files to them ,comparing that hash with the blacklisted [below /B/;] dlls hash

2. maybe this solution works --> xxxxxxxxxxxxxxx

3. i really hope old Cabal closed and then Cabal 2 released

inssider · 09/21/2012, 00:11

Or maybe change up some data within the .dll so that the hash of the file changes?

кev · 09/21/2012, 00:56

Quote:

Originally Posted by joxof

2. maybe this solution works --> read-only dl.enc + .erl auto remover via cmd prompt + disable prefetch + GameGuard detour usermode hook for Anti Log (Anti Banned)

Wat? You are still speaking as if Gameguard has something to do with the newfound antihack measures of the cabalmain. Do people pay any attention on what's been previously discussed in this thread?

And dl.enc's still NOT a log file so what's the point of ro?

pptJR · 09/21/2012, 02:27

Is this banwave already affecting ph version? I have a lot of dlls under /B/ and still my accounts are active. Not that I want to be banned, just curious if there is still enough time to save those accounts from being banned.