Wolfteam Bypass

[Bulljason]

Hat jemand vielleicht ein Bypass für Wolfteam oder direct ein Hack ?

[DrunkenHamsta]

If you found bypass public, it will be patched as fast.

Make your own bypass, it's better.

['iksde]

Easily said if you've never done it and don't know how to do it.

[DrunkenHamsta]

As for everything. You need to learn about Xigncode, c++ ect. Like when you don't know how to find a addys, you learn and after learning, you know how to find addys with a memory scanner.

['iksde]

In my view learning how to use CE e.g. for pointer scanning is also for newbies to this topic feasible.
But I think for bypassing (good) anti cheat systems, it's a longer way.

Since the change from apex (new bypass methods were coming out fast if I remember correctly and GameGuard was the easiest thing) to xigncode and the significance of cshell I've lost sight for wolfteam game hacking because I stopped myself playing it.

From what I see today, is that xigncode seems to be a hard one.
GZN is offline (sadly and it seems that b6ooy never wants to reopen it) and I don't really find many information about it. I'm not talking about C&P code, but at the older times there were more interesting things about that released.

I've never done anything with bypassing and have only used finished releases and done my memory scanning and coding in vc++ at myself, so yea - for somebody who doesn't know much about that topic it seems to be hard.
And I think one problem to learn it is how I mentioned the less becoming information and harder tasks like bypassing xigncode (and as a logical consequence, not everybody wants to release their findings).
If you've got some tipps on how to start on it - and yea, no C&P **** but just something/specific topics related to it - to start on, I would look forward if you can tell me/us about it.

[M4L1F1C]

Quote:

Originally Posted by 'iksde

In my view learning how to use CE e.g. for pointer scanning is also for newbies to this topic feasible.
But I think for bypassing (good) anti cheat systems, it's a longer way.

Since the change from apex (new bypass methods were coming out fast if I remember correctly and GameGuard was the easiest thing) to xigncode and the significance of cshell I've lost sight for wolfteam game hacking because I stopped myself playing it.

From what I see today, is that xigncode seems to be a hard one.
GZN is offline (sadly and it seems that b6ooy never wants to reopen it) and I don't really find many information about it. I'm not talking about C&P code, but at the older times there were more interesting things about that released.

I've never done anything with bypassing and have only used finished releases and done my memory scanning and coding in vc++ at myself, so yea - for somebody who doesn't know much about that topic it seems to be hard.
And I think one problem to learn it is how I mentioned the less becoming information and harder tasks like bypassing xigncode (and as a logical consequence, not everybody wants to release their findings).
If you've got some tipps on how to start on it - and yea, no C&P shit but just something/specific topics related to it - to start on, I would look forward if you can tell me/us about it.

Option 1.
If you want to make CE undetected without touching XignCode, your only option is to grab the CE source from and modify it ALLOT, for instance they detect the layout of CE, change it, they detect Window name, process name and allot more.

Option 2.
If you simply want to prevent them from minimizing CE window, all you have to do is hook 'ShowWindow' in user32.dll and if param 1 (HWND) is CE's HWND you simply return TRUE; However after a few minutes (if not instantly) you will still get kicked since you triggered their detection.

Option 3.
This is what I call the 'Half-Bypass' as it's not a full one.
Follow steps in Option 1, now if it's undetected you'll notice you can't view the process at all. Well, this is because of their driver, it's fairly easy to bypass this limitation.
For this we need to hook 'StartService' in their x3.xem, getting the StartService address, is not the easy part, since they use Themida which relocates the IAT and thus StartService.
Best way to grab it is when you see the XignCode loading screen on the right is to pause the process and open CE and then Memory Viewer and CTRL+G and type in StartService, if nothing happens, resume the process for about 2 seconds then pause it again and you now should get the StartService address in CE. Grab it, hook it there and return TRUE; We don't need to check the handle here because only xigncode uses this and we don't want their drivers running.
That's it, you can now hack for a (un)limited amount of time (depending if they check their driver)

Option 4.
Use your own internal memory scanner.
This is what I do.

Hope I helped

[Ⓜiku Ⓗatsune]

Sempai, how to Bypass multiclient detection?

[M4L1F1C]

Quote:

Originally Posted by Ⓜiku Ⓗatsune

Sempai, how to Bypass multiclient detection?

Easy, first we need to understand HOW they detect it.
From my time reversing them they use 'CreateMutex'

An example of CreateMutex;

Code:

auto h_Mutex = CreateMutexA(NULL, TRUE, "YOUR_MUTEX_NAME");
	if (GetLastError() == ERROR_ALREADY_EXISTS)
		cout << "MULTI CLIENT DETECTED!" << endl;

This example means, once the first application starts it creates the mutex: YOUR_MUTEX_NAME, now if you start the application again whilst the first one is running and it calls CreateMutex again it will prompt error ERROR_ALREADY_EXISTS, because it tries to create the mutex again, but it already exists. (LIVE EXAMPLE: )

Now to answer your question, there are 2 ways to bypass this.
Either find where it checks the ERROR_ALREADY_EXISTS and simply JMP the check OR find the address that contains the mutex name and simply generate something unique for each instance of the game

[Ⓜiku Ⓗatsune]

Yeah but xigncode gives a detection If you Bypass the Mutex check of the gameclient I Mean or im wrong?
Also an Idea how bypass the VPN Detection. Bypass the Country Check?
Do I Need a Full Bypass for it?

 Spoiler

Detect and reject VPN access (Game management company is able to handle it)
Detect of DirectX modulation and illegal call
Detect of WDDM driver modulation
Detect modified of function about time
Detect time modified via using time server
Detect of game client local time modification
Detect of major kernel function modification
Detect DLL injection
Detect virtual memory code injection
Detect harmful thread
Detect harmful window creation in game
Detect keyboard highjack in game
Detect illegal control of DHCP
Detect Nuking/drop hack
Detect auto click
Detect software/hardware macro
Detect message hook
Detect multi-client
Detect VEH/SEH modify and register
Check game client hash
Detect call specific function in game
Detect game resource modification
Reject game process memory accessing
Reject game process handle accessing
Reject game process message transmission
Reject game process keyboard/mouse input transmission
Reject game window GDI accessing
Reject debug interrupt handler modification
Reject calling kernel function directly
Reject stealth process/module/driver
Reject kernel/user mode debugging
Detect executed on virtual environment

[M4L1F1C]

Quote:

Originally Posted by Ⓜiku Ⓗatsune

Yeah but xigncode gives a detection If you Bypass the Mutex check of the gameclient I Mean or im wrong?
Also an Idea how bypass the VPN Detection. Bypass the Country Check?
Do I Need a Full Bypass for it?

 Spoiler

Detect and reject VPN access (Game management company is able to handle it)
Detect of DirectX modulation and illegal call
Detect of WDDM driver modulation
Detect modified of function about time
Detect time modified via using time server
Detect of game client local time modification
Detect of major kernel function modification
Detect DLL injection
Detect virtual memory code injection
Detect harmful thread
Detect harmful window creation in game
Detect keyboard highjack in game
Detect illegal control of DHCP
Detect Nuking/drop hack
Detect auto click
Detect software/hardware macro
Detect message hook
Detect multi-client
Detect VEH/SEH modify and register
Check game client hash
Detect call specific function in game
Detect game resource modification
Reject game process memory accessing
Reject game process handle accessing
Reject game process message transmission
Reject game process keyboard/mouse input transmission
Reject game window GDI accessing
Reject debug interrupt handler modification
Reject calling kernel function directly
Reject stealth process/module/driver
Reject kernel/user mode debugging
Detect executed on virtual environment

No, you should be fine
This XC version is the cheapest XC version, all this version does from the list u posted:
1. Detect DLL injection
2. Check game client hash
3. Reject game process memory accessing
4. Reject game process handle accessing
5. Reject game process message transmission
6. Reject game process keyboard/mouse input transmission
7. Reject game window GDI accessing
8. Reject debug interrupt handler modification
9. Reject calling kernel function directly
10. Reject stealth process/module/driver
11. Reject kernel/user mode debugging
12. Detect executed on virtual environment
(13. They detect my site name if it's open in your browser)

And that's it

[Ⓜiku Ⓗatsune]

Thanks for the in deep Information you provides.
We Need more Guys like you on epvp.