[Release] Bypassing most servers hardware limit

~~XinEkorn~~ · 09/13/2017, 22:21

I saw so many servers using methods of HWID protection which can be bypassed redicolously easy.

Here is source code I would like to share with you.

* Requirements *

Little bit of brain.
A computer, or a high-performance toaster.

And... something that can compile this.

common.h:

Code:

#ifndef HG_COMMON
#define HG_COMMON

#pragma comment(lib, "detours.lib")

#define _CRT_SECURE_NO_WARNINGS

#include <Windows.h>
#include <iostream>

#endif

apihook.h:

Code:

#ifndef HG_APIHOOK
#define HG_APIHOOK
#include "common.h"


class apihook
{
public:
	static void Init(bool randomVolSerial, bool randomMac);
private:
	static void SetupVolumeSerialHook();
	static void SetupMacAddrHook();
};
#endif

apihook.cpp:

Code:

#include "apihook.h"
#include "detours\detours.h"
#include <IPHlpApi.h>

#pragma comment(lib, "iphlpapi.lib")

//-----------------------------------

typedef BOOL (WINAPI * pGetVolumeInformationA)(
	LPCSTR lpRootPathName,
	LPSTR lpVolumeNameBuffer,
	DWORD nVolumeNameSize,
	LPDWORD lpVolumeSerialNumber,
	LPDWORD lpMaximumComponentLength,
	LPDWORD lpFileSystemFlags,
	LPSTR lpFileSystemNameBuffer,
	DWORD nFileSystemNameSize);

typedef BOOL (WINAPI* pGetVolumeInformationW)(
	LPCTSTR lpRootPathName,
	LPTSTR lpVolumeNameBuffer,
	DWORD nVolumeNameSize,
	LPDWORD lpVolumeSerialNumber,
	LPDWORD lpMaximumComponentLength,
	LPDWORD lpFileSystemFlags,
	LPTSTR lpFileSystemNameBuffer,
	DWORD nFileSystemNameSize);

typedef DWORD (WINAPI* pGetAdaptersInfo)(
	PIP_ADAPTER_INFO pAdapterInfo,
	PULONG pOutBufLen);


//-----------------------------------
//Handles etc

HMODULE hKernel32;
HMODULE hIphlpapi;

pGetVolumeInformationA p_origGetVolumeInformationA;
pGetVolumeInformationW p_origGetVolumeInformationW;
pGetAdaptersInfo p_origGetAdaptersInfo;


void apihook::Init(bool randomVolSerial, bool randomMac)
{
	srand(time(NULL));

	hKernel32 = GetModuleHandleA("Kernel32.dll");
	hIphlpapi = GetModuleHandleA("Iphlpapi.dll");

	if(randomVolSerial) apihook::SetupVolumeSerialHook();
	if(randomMac) apihook::SetupMacAddrHook();
}

//-----------------------------------
//Volume serial hooks
//Just see typedef 
BOOL WINAPI MyGetVolumeInformationA(LPCTSTR lpRootPathName,LPTSTR lpVolumeNameBuffer,DWORD nVolumeNameSize,LPDWORD lpVolumeSerialNumber,LPDWORD lpMaximumComponentLength,LPDWORD lpFileSystemFlags,LPTSTR lpFileSystemNameBuffer,DWORD nFileSystemNameSize)
{
	BOOL res = p_origGetVolumeInformationA(lpRootPathName, lpVolumeNameBuffer, nVolumeNameSize, lpVolumeSerialNumber, lpMaximumComponentLength, lpFileSystemFlags, lpFileSystemNameBuffer, nFileSystemNameSize);
	std::cout << "MyGetVolumeInformationA -> Old serial " << *lpVolumeSerialNumber << std::endl;

	DWORD newSerial = GetTickCount() + rand();

	std::cout << "MyGetVolumeInformationA -> New serial " << newSerial << std::endl;

	*lpVolumeSerialNumber = newSerial;
	return res;
}

//-----------------------------------
//Volume serial hooks
//Just see typedef 
BOOL WINAPI MyGetVolumeInformationW(LPCTSTR lpRootPathName, LPTSTR lpVolumeNameBuffer, DWORD nVolumeNameSize, LPDWORD lpVolumeSerialNumber, LPDWORD lpMaximumComponentLength, LPDWORD lpFileSystemFlags, LPTSTR lpFileSystemNameBuffer, DWORD nFileSystemNameSize)
{
	BOOL res = p_origGetVolumeInformationW(lpRootPathName, lpVolumeNameBuffer, nVolumeNameSize, lpVolumeSerialNumber, lpMaximumComponentLength, lpFileSystemFlags, lpFileSystemNameBuffer, nFileSystemNameSize);
	
	std::cout << "MyGetVolumeInformationW -> Old serial " << *lpVolumeSerialNumber << std::endl;

	//Override
	DWORD newSerial = GetTickCount() + rand();

	std::cout << "MyGetVolumeInformationW -> New serial " << newSerial << std::endl;

	*lpVolumeSerialNumber = newSerial;
	return res;
}

void apihook::SetupVolumeSerialHook()
{
	p_origGetVolumeInformationA = (pGetVolumeInformationA)GetProcAddress(hKernel32, "GetVolumeInformationA");
	p_origGetVolumeInformationW = (pGetVolumeInformationW)GetProcAddress(hKernel32, "GetVolumeInformationW");

	DetourTransactionBegin();
	DetourAttach(&(PVOID&)p_origGetVolumeInformationA, MyGetVolumeInformationA);
	DetourTransactionCommit();

	DetourTransactionBegin();
	DetourAttach(&(PVOID&)p_origGetVolumeInformationW, MyGetVolumeInformationW);
	DetourTransactionCommit();

	
	std::cout << "Volume serial number hook initialized" << std::endl;
}

DWORD WINAPI MyGetAdaptersInfo(PIP_ADAPTER_INFO pAdapterInfo, PULONG pOutBufLen)
{
	DWORD res = p_origGetAdaptersInfo(pAdapterInfo, pOutBufLen);
	
	//BYTE_IP_ADAPTER_INFO::Address
	for(int i = 0; i < 8; i++)
		pAdapterInfo->Address[i] = rand() % 0xFF;

	std::cout << "MyGetAdaptersInfo -> Address override" << std::endl;
	return res;
}


void apihook::SetupMacAddrHook()
{
	p_origGetAdaptersInfo = (pGetAdaptersInfo)GetProcAddress(hIphlpapi, "GetAdaptersInfo");

	DetourTransactionBegin();
	DetourAttach(&(PVOID&)p_origGetAdaptersInfo, MyGetAdaptersInfo);
	DetourTransactionCommit();

	std::cout << "MAC address hook initialized" << std::endl;
}

hwfck.cpp:

Code:

#include "common.h"
#include "apihook.h"

BOOL WINAPI DllMain(HMODULE module, DWORD callReason, LPVOID reserved)
{
	switch(callReason)
	{
		case DLL_PROCESS_ATTACH:
			{
				DisableThreadLibraryCalls(module);

				AllocConsole();
				freopen("CONOUT$", "w", stdout);

				std::cout << "hwfck init" << std::endl;
				
				apihook::Init(true, true);
			}
			break;
	}

	return TRUE;
}

The point of this is to demonstrate how hooking those commonly used WinAPI functions is.

Good luck.

#27.09.2017
Added hook on GetVolumeInformationA

SubZero** · 09/15/2017, 22:31

nice

GMDarkNight · 09/15/2017, 22:40

looks good

~~XinEkorn~~ · 09/15/2017, 23:55

I will release compiled dll once my IDE setup is done.

Quote:

Originally Posted by ZΞDStorm

I Smell that someone get banned from elitepvpers & He backs again
@Thread, Good job

Interesting. Why would anyone do that ? That sounds strange to me.

megatronx1 · 09/16/2017, 14:55

Futuristic liked it

slaintrax200 · 09/17/2017, 01:50

i wish i could understand all i see is codes xD

sigel123456789 · 09/17/2017, 07:53

Quote:

Originally Posted by slaintrax200

i wish i could understand all i see is codes xD

+1

any video tut ?

slaintrax200 · 09/17/2017, 12:10

yeah would be nice for video tut

xxnukertube · 09/17/2017, 18:24

Quote:

Originally Posted by slaintrax200

yeah would be nice for video tut

must u use brain.exe

slaintrax200 · 09/17/2017, 19:12

Quote:

Originally Posted by xxnukertube

must u use brain.exe

u got one?

sigel123456789 · 09/17/2017, 19:47

Quote:

Originally Posted by xxnukertube

must u use brain.exe

i hate those guys who act like prof,,, retarded

xxnukertube · 09/17/2017, 21:05

Quote:

Originally Posted by sigel123456789

i hate those guys who act like prof,,, retarded

I too

I have my motivation for say it to him.

slaintrax200 · 09/17/2017, 21:40

Quote:

Originally Posted by xxnukertube

I too
I have my motivation for say it to him.

runing server on vps baning people for nothing also +100 fake number good brain.exe

MeGaMaX · 09/18/2017, 00:09

Here, i made vs2010 project extract and compile or use the per-compiled dll located in the release folder.

bandit100 · 09/18/2017, 15:07

Quote:

Originally Posted by MeGaMaX.

Here, i made vs2010 project extract and compile or use the per-compiled dll located in the release folder.

Is this the DLL to bypass the hwid limit?