Register for your free account! | Forgot your password?

Go Back   elitepvpers > Shooter > Wolfteam > Wolfteam Hacks, Bots, Cheats & Exploits
You last visited: Today at 17:25

  • Please register to post and access all features, it's quick, easy and FREE!


[Tutorial] Multi-Client Bypass

Discussion on [Tutorial] Multi-Client Bypass within the Wolfteam Hacks, Bots, Cheats & Exploits forum part of the Wolfteam category.

Reply
 
Old   #1
 
elite*gold: 156
Join Date: Feb 2015
Posts: 95
Received Thanks: 100
[Tutorial] Multi-Client Bypass

The cause
I was asked in a post how to bypass the WT multi-client check (to run more than 1 WT client), and I explained how it can be done here: .

The information
However, let's go more in-depth.
Again multi-client checks are fairly easy to bypass as they rely on mutex object (I'm not saying ALL software do this).
How does it work? Usually the application uses the 'CreateMutex' API with 3 parameters (lpMutexAttributes, bInitialOwner, lpName) upon loading, so the next time when the application starts and it creates mutex it will fail because it already exists.

The looking back at my code:
Code:
auto h_Mutex = CreateMutexA(NULL, TRUE, "YOUR_MUTEX_NAME");
	if (GetLastError() == ERROR_ALREADY_EXISTS)
		TerminateProcess(GetCurrentProcess(), NULL);
So how does WolfTeam do it?
Exactly what I just did.

The Reversing:
Here is from what I reversed in Wolfteam:


As you can see EBX = lpMutexAttributes, reversing back we see "xor ebx, ebx" which means EBX is now 0, so our first param is NULL.
Next they push in 1 aka TRUE, which I also do in my code.
Finally they push the lpName of the mutex which is "SoftnyxWolfTeam.gme" and call CreateMutexA.
Next they call GetLastError() and check for ERROR_ALREADY_EXISTS which is 183L and in asm it is "cmp eax, 0B7h", (0B7h = 183), if you know basic ASM you'd understand that if EAX == 0B7h they JMP back and terminate the process.

The Bypassing:
There are ALLOT of ways to bypass this, to name a few:
- Change string from "SoftnyxWolfTeam.gme" to anything random on first instance of game
- Change 0B7h to anything else
- Nop the jump (Do NOT change it to jnz as the first instance will fail to load then)
- Hook CreateMutex and "if (strcmp(lpName, "SoftnyxWolfTeam.gme") == 0) ... modify lpName"
And many more.
I suggest to select one of these methods and apply to the first instance of the game (you must be fast, direct after you login to launcher inject)

The Credits:
- M4L1F1C (Me)



M4L1F1C is offline  
Thanks
6 Users
Old 12/16/2016, 11:52   #2
 
elite*gold: 0
Join Date: Jul 2012
Posts: 949
Received Thanks: 699
Nice work


nader11ndeu is offline  
Old 12/16/2016, 14:31   #3
 
elite*gold: 0
Join Date: Sep 2016
Posts: 98
Received Thanks: 27
Hey @ @, is there a way to contact you ?
Skype ? TeamSpeak ? Discord ? Signal ?
I'd like to ask you guys something.
sleek_ is offline  
Old 12/16/2016, 14:42   #4
 
elite*gold: 0
Join Date: Jul 2012
Posts: 949
Received Thanks: 699
Quote:
Originally Posted by sleek_ View Post
Hey @ @, is there a way to contact you ?
Skype ? TeamSpeak ? Discord ? Signal ?
I'd like to ask you guys something.
Skype: facebook:nader.furkan
Facebook: facebook.com/nader.furkan
TeamSpeak:MH.TS3SELF.COM


nader11ndeu is offline  
Old 12/22/2016, 17:34   #5
 
elite*gold: 0
Join Date: Feb 2016
Posts: 14
Received Thanks: 0
nice work bro!


bydesing2 is offline  
Reply


Similar Threads
[TUTORIAL] Multi-Client with Bypass
10/30/2011 - Dekaron Exploits, Hacks, Bots, Tools & Macros - 1 Replies
Okay.. i didn't see any tutorial about that around so here it is.. loading more clients with bypass is simple.. the first client you should load normally and login.. then when you want to launch more client just run the bypass untick the Autoclose in the bottom left corner then click Launch and quickly close the bypass.. now a new client will pop-up thats all! if you want to launch more clients just repeat the process..
[Perfect World] Multi Client + bypass autopatcher tutorial
05/10/2011 - PW Hacks, Bots, Cheats, Exploits - 72 Replies
My english is poor:( Download OllyDBG from OllyDbg v1.10 --------------* Open OllyDBG --------------* File -> Open -> Choose your elementclient.exe Right click -> Search for -> All referenced text strings(#pic1) In the Text strings window *Scroll to top & left click any line(#pic2)



All times are GMT +2. The time now is 17:25.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

BTC: 3KeUpz52VCbhmLwuwydqxu6U1xsgbT8YT5
ETH: 0xc6ec801B7563A4376751F33b0573308aDa611E05

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2019 elitepvpers All Rights Reserved.