Register for your free account! | Forgot your password?
crediti fifa 23

Go Back   elitepvpers > Popular Games > Counter-Strike
You last visited: Today at 00:39

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



[Security Analysis] status0's ESEA SoundESP

Discussion on [Security Analysis] status0's ESEA SoundESP within the Counter-Strike forum part of the Popular Games category.

Reply
 
Old 11/30/2022, 12:04   #16


 
Ezechiel88's Avatar
 
elite*gold: 220
Join Date: Feb 2019
Posts: 194
Received Thanks: 18
Quote:
Originally Posted by imi-tat0r View Post


1. General

Today we want to show you our analysis of .
The provider also offers an which probably uses the exact same bypass, so this analysis is suitable for both his products.

status0 didn't want to hand out a vouch copy to us, even though we agreed on signing anything that would prevent us from leaking his cheat and said he doesn't trust us.
This was the first sign that the cheat is a scam, as a proper analysis would only benefit him if the product was well made.

Shortly after this discussion, one of his SoundESP customers contacted us, providing us with all the information and files he received.


In the next paragraphs we're going to analyze the ESEA Bypass he is offering and point out why his cheat is not worth any money.

2. Protection

The whole thing is barely protected at all.
DreamBoard.exe, which is the cheat loader, is protected with a simple password check which can easily be patched.


helper.dll, which is the actual cheat itself, is protected with VMProtect but the coder didn't use the VMProtect SDK, resulting in a generally unprotected dll with only a mutated Entrypoint.
This can be "undone" by simply performing a runtime dump.


3. Security

The provider claims to have a lot of security features in his cheat and lists a few examples:
Code:
Security

Unique signatures
String encryption
Code mutation
ring0
& many undisclosed ones
- We can't verify the unique signatures as we only have one build available, but it is highly unlikely that anything in here is unique per customer.
- String encryption is not present in the cheat loader, only in the cheat itself.

- Code mutation does not exist.
- The ring0 part is actually performed from ring3 (read 4. Bypass)
- After looking for the many undisclosed ones we were unable able to find anything except VMProtect and the Launcher.exe being removed from the Windows prefetch folders, which should not be counted as proper Security.


4. Bypass

4.1. General

This is from Readme-lg.txt:
Code:
- Start Netlimiter and make sure its minimized into tray
- Start Lauchner.exe as ADMIN (important)
- Follow the instructions in the command prompt
- A Message Box should appear that indicates Success, press ok(else contact the support with provided error code)
- Disconnect the usb stick
- Start the Anti-Cheat + Game
- Enjoy and dont play obvious ;)
The first thing that got us suspicious was the fact that a user needs to install and run thirdparty software in order to use the hack. The next thing that we noticed was, Netlimiter is using a driver.
Why this is so suspicious is the fact, that earlier this year an exploit was released on *************, which lets you in order to inject into processes like csrss.exe.

4.2. Magic (not really)

The creator of the UC post also mentioned the following:
Code:
Keep stealth in mind
[...]
- Rename the genuine driver as *.sys.tmp
- Move & rename MalwareFox driver to be at the exact location of the genuine driver that we just moved
- Load driver, get your handle, unload driver
- Delete MalwareFox driver from where we copied it
- Rename the genuine driver back to its original name
Here's where Netlimiter gets interesting, because their driver could potentially be used for the above.

In the ************* thread, you can find some sample code to get a Handle.

and after a quick look we found the exact same code inside DreamBoard.exe.

With this information, it was obvious that the hack simply exploits a public vulnerability to hide itself.
The fact that the bypass is public and the cheat got released way after the exploit, clearly shows the sketchy mentality of the provider and makes this product basically worthless.

5. Hack

This will be very short, as the hack itself is very basic and nothing that we found was worth mentioning.
The hack does what it's supposed to do. It uses OpenAL, which is the Audio Library counterpart of OpenGL, to properly position the sounds in 3D space.

6. Conclusion

Even though the cheat itself works and is doing what it's supposed to do, the bypass used is public since early 2018 and the provider is blatantly lying about the security.
The product appears to be written by someone with little to no knowledge about what he/she does while still trying to look somewhat legit to the naked eye.

Due to the fact that all the valuable parts of the cheat are public, this is not worth a single cent in our opinion, but definitely not worth 150 per month.

greetings,
imi-tat0r, aequabit and the ev0lve.xyz Team
Damn thats crazy, asking for a vouch copy to crack shit is very bad and you are nasty for that but the goal is fine you provided real proofs that this hardware cheat use public shit

guys you should have sex with ur dma cards if you have one at home
Ezechiel88 is offline  
Reply


Similar Threads Similar Threads
[Selling] Vindicator - CSGO External [Aim|RCS|ESP|Glow|SoundESP|Trigger|Misc]
12/21/2022 - Counter-Strike Trading - 133 Replies
http://i.imgur.com/ZSCbAgC.jpg?1 Product Link => Vindicator | CSGO External Pricing: 1 Month - 13.99€ Our site is an autobuy, PayPal is done usually within 5 minutes, BitCoin can take up to one hour as it waits for confirmations. Payment options are PayPal & Bitcoin, whereas Bitcoin has 15% discount on every sub and every product on our page.
[Selling] ★ status0 - FACEIT/ESEA/EAC++ Undetected CS GO League 3D Sound ESP Hack
04/26/2019 - Counter-Strike Trading - 81 Replies
https://i.imgur.com/KJZUO9N.jpg Announcement Selling Hardware Aimbot Because of a leaking user i will temporarly stop selling this for the safety of the other users until everything is clarified Security: Every league user needs to verify himself
[Selling] status0 - CSGO Hardware Aimbot - FACEIT/ESEA/EAC++ Hack/Cheat
01/29/2019 - Counter-Strike Trading - 36 Replies
http://fs1.directupload.net/images/181016/tjjgt2rk .jpg Preview https://www.youtube.com/watch?v=0d6-cPcFYLQ Announcement Because of a leaking user i will temporarly stop selling this for the safety of the other users until everything is clarified



All times are GMT +1. The time now is 00:39.


Powered by vBulletin®
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2023 elitepvpers All Rights Reserved.