Results 1 to 7 of 7
  1. #1
    khaozizleet's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Posts
    40
    Reputation
    10
    Thanks
    0
    My Mood
    Blah

    How does hack detection work?

    How does "hack detection" work? I see public hacks getting "patched" left and right, what exactly is getting patched..?

    Yes I know how to C++ program, I do not (obviously) know how to create hacks yet, and just starting right now, and at the point in creating hack DLLs.

  2. #2
    User1's Avatar
    Join Date
    Jul 2009
    Gender
    female
    Location
    Above the influence
    Posts
    4,085
    Reputation
    61
    Thanks
    4,294,967,295
    My Mood
    Crappy
    You should research more into game hacking. Addies change with every release or patch. So each time they patch, people have to find new addresses. The old address would do nothing to affect game play. Nexon also does a string detection, they just search for suspicious strings within itself like "hack" or some popular hacking websites...

    They check their own vtable to ensure that it has not be tampered with, and they include A LOT more protection... I don't know that much but thats basically some stuff HSheild and Nexon do.
    Any donations would help


    Quote Originally Posted by Bombsaway707

    HOLY SHIT ITS USER1
    Quote Originally Posted by Blood

    HOLY SHIT ITS USER1
    Quote Originally Posted by Alby-kun


    HOLY SHIT ITS USER1
    Quote Originally Posted by Ali

    HOLY SHIT ITS USER1
    Quote Originally Posted by CodeDemon
    HOLY SHIT ITS USER1
    Quote Originally Posted by Jussofresh View Post
    HOLY SHIT ITS USER1!
    [21:13] CoderNever: HOLY SHIT ITS USER1!
    Yes it is me... Yup Yup




  3. The Following User Says Thank You to User1 For This Useful Post:

    khaozizleet (12-08-2010)

  4. #3
    khaozizleet's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Posts
    40
    Reputation
    10
    Thanks
    0
    My Mood
    Blah
    Quote Originally Posted by User1 View Post
    You should research more into game hacking. Addies change with every release or patch. So each time they patch, people have to find new addresses. The old address would do nothing to affect game play. Nexon also does a string detection, they just search for suspicious strings within itself like "hack" or some popular hacking websites...

    They check their own vtable to ensure that it has not be tampered with, and they include A LOT more protection... I don't know that much but thats basically some stuff HSheild and Nexon do.
    Thanks...That's all I needed. I didn't want to be missing something I'm supposed to be doing in the dll.

  5. #4
    Stevenom's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Location
    Summoner's Rift
    Posts
    17,746
    Reputation
    1087
    Thanks
    1,916
    My Mood
    Doubtful
    Quote Originally Posted by User1 View Post
    You should research more into game hacking. Addies change with every release or patch. So each time they patch, people have to find new addresses. The old address would do nothing to affect game play. Nexon also does a string detection, they just search for suspicious strings within itself like "hack" or some popular hacking websites...

    They check their own vtable to ensure that it has not be tampered with, and they include A LOT more protection... I don't know that much but thats basically some stuff HSheild and Nexon do.
    There's also a thing called "Signature scan" to find the updated addresses.

  6. #5
    Mouzie's Avatar
    Join Date
    Apr 2009
    Gender
    male
    Location
    Saegertown
    Posts
    9,151
    Reputation
    520
    Thanks
    2,036
    My Mood
    Happy
    How does it detect?
    It does this by scanning the memory contents of the local machine. A computer identified as using cheats may be banned from connecting to protected servers or in Combat Arms cases, removed the players and force crashes the game or banning the account.

    Why is it so slow?
    Simply, the antihack is a bot, unless the security company place the a dresses into the server files, the hack can't be 'detected' unless the bot changes the address/source coding.

    * Real-time scanning of memory, a feature also prominent in many spyware programs, by placing a Hackshield Client on players' computers searching for known hacks/cheats using a built-in database.
    * Throttled two-tiered background auto-update system using multiple Internet Master Servers to provide end-user security ensuring that no false or corrupted updates can be installed on players' computers.
    * Frequent status reports (encrypted) are sent to the Hackshield Server by all players. When necessary, the server raises a violation which (depending upon settings) will cause the offending player to be removed from the game.
    * Admins (GM) can also manually remove players from the game for a specified number of minutes or permanently ban if desired.
    * Servers can optionally be configured to randomly check player settings looking for known exploits of the game engine.
    *Servers can be configured to instruct clients to calculate partial MD5 hashes of files inside the game installation directory. The results are compared against a set configuration and differences logged, and optionally, the client removed from the server.
    Admins can request actual screenshot samples from specific players and/or can configure the server to randomly grab screenshot samples from players during gameplay. However, it is possible for a game hack to block screenshots (producing a black screenshot) or remove all visual features of a hack (cleaning the screenshot) to remain undetected, leaving the effectiveness of this feature diminished.
    An optional "bad name" facility is provided so that Admins can prevent players from using offensive player names containing unwanted profanity or racial slurs.
    * Search functions are provided for Admins who wish to search player's keybindings and scripts for anything that may be known to exploit the game.
    *Player Power facility (Elites) can be configured to allow players to self-administer game servers when the Server Administrator is not present entirely without the need for passwords, in which the players can call votes to have a player removed from the server for a certain amount of time.
    *Servers have an optional built-in mini HTTP web server interface that allows the game server to be remotely administered via a web browser from anywhere over the Internet.
    Admins can stream their server logs in real time to another location. Non-profit organizations like Anti-Cheat Inc, Community Ban List.

  7. #6
    User1's Avatar
    Join Date
    Jul 2009
    Gender
    female
    Location
    Above the influence
    Posts
    4,085
    Reputation
    61
    Thanks
    4,294,967,295
    My Mood
    Crappy
    Quote Originally Posted by ~HeartLessKid~ View Post
    There's also a thing called "Signature scan" to find the updated addresses.
    Yes, those scan the memory for the function "signatures", once found it'll use that address.

    Quote Originally Posted by Mouzie View Post
    How does it detect?
    It does this by scanning the memory contents of the local machine. A computer identified as using cheats may be banned from connecting to protected servers or in Combat Arms cases, removed the players and force crashes the game or banning the account.

    ...

    *Servers have an optional built-in mini HTTP web server interface that allows the game server to be remotely administered via a web browser from anywhere over the Internet.
    Admins can stream their server logs in real time to another location. Non-profit organizations like Anti-Cheat Inc, Community Ban List.
    After reading it twice... most of those things are kinda a no-shit fact...
    Any donations would help


    Quote Originally Posted by Bombsaway707

    HOLY SHIT ITS USER1
    Quote Originally Posted by Blood

    HOLY SHIT ITS USER1
    Quote Originally Posted by Alby-kun


    HOLY SHIT ITS USER1
    Quote Originally Posted by Ali

    HOLY SHIT ITS USER1
    Quote Originally Posted by CodeDemon
    HOLY SHIT ITS USER1
    Quote Originally Posted by Jussofresh View Post
    HOLY SHIT ITS USER1!
    [21:13] CoderNever: HOLY SHIT ITS USER1!
    Yes it is me... Yup Yup




  8. #7
    freedompeace's Avatar
    Join Date
    Jul 2010
    Gender
    female
    Posts
    3,035
    Reputation
    340
    Thanks
    2,784
    My Mood
    Sad
    There are so many ways I'd never be able to explain them all.

    Some methods include
    - blacklist signature scanning
    - blacklist string detection
    - hooking and detecting other hooks on critical functions
    - detecting detours of internal functions
    - detecting memory modifications and abnormal values
    - checking originating caller addresses