Results 1 to 13 of 13
  1. #1
    scriptkiddy's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    Canada
    Posts
    67
    Reputation
    12
    Thanks
    63

    [Working] Bypass Update Idea( working for me atm) (I have Vista 32bit)

    Well, here is an idea that is working for me. This idea just came to me, I like to play around and try new things, even when I use to be a black hat, so when I spread my coded trojans around I would always encrypt them with my own crypter that I made in C#.


    Step 1: Obfuscate your DLL, or encrypt it or change values . (I just changed a few values, here is how I did it.)
    Step 2: Download gimp photo editor
    Step 3: Name your D3D hack "gimp.dll"
    Step 4: GO BACK TO YOUR DLL IN C++, NOW, RENAME VALUES TO GIMP VALUES. LIKE GIMP, CONTRAST etc.. values that gimp uses.
    Step 5: Go in windows guest mode.
    Step 6: Inject your hack
    Step 7: Hack.

    So the key things are: rename your hack gimp.dll, obfuscate it and change the strings, chars, DWORDS, HWNDS to stuff like "gimp", "contrast", "color"
    , "gradient"

    Rename your hack gimp.dll

    MAKE SURE GIMP IS OPEN. (photo editor)

    MAKE SURE YOUR IN GUEST MODE.


    Profit.


    My bypass was patched, I did this and now its working. (You need the source of your bypass, not just the file)
    Last edited by scriptkiddy; 10-07-2009 at 11:28 AM.

  2. #2
    XGelite's Avatar
    Join Date
    Mar 2009
    Gender
    male
    Location
    Enter text here
    Posts
    1,347
    Reputation
    12
    Thanks
    274
    hmm ineresting

  3. #3
    prefire420's Avatar
    Join Date
    Oct 2009
    Gender
    male
    Location
    Under Ground!
    Posts
    102
    Reputation
    11
    Thanks
    17
    My Mood
    Angry
    wtf r u talking about???

  4. #4
    why06jz's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    299
    Reputation
    14
    Thanks
    54
    scriptkiddy you confuse me greatly. You seem like you know a lot, but it's... idk how to put this. Bits and pieces all over the place so it's really hard for me to get any idea about you :/

    K questions:
    1. Where did you get source for a bypass?
    2. How would renaming it to GIMP stuff help. I'm confused. The names of variables are arbitrary, it all gets destroyed when it's assembled. Right?
    3. You use to be a black hat hacker? Like what? Please explain...
    4. A bunch of other questions that I'm not really sure how to ask... o_O

  5. #5
    j0elself's Avatar
    Join Date
    Oct 2008
    Gender
    male
    Location
    detroit
    Posts
    437
    Reputation
    10
    Thanks
    39
    My Mood
    Yeehaw
    im not an expert or anything, but it looks like it wouldnt reassamble correctly
    http://joelself.myminicity.com
    Please click that its like a habbo

  6. #6
    Ryan's Avatar
    Join Date
    Jan 2009
    Gender
    male
    Posts
    7,924
    Reputation
    411
    Thanks
    998
    My Mood
    Relaxed
    I see how this could work, but wouldn't changing the names in the script cause bugs when you try to compile?

  7. #7
    linuxandmegasrulz's Avatar
    Join Date
    Nov 2008
    Gender
    male
    Posts
    374
    Reputation
    11
    Thanks
    54
    My Mood
    Amused
    also changing names or binary value would leave some logical gates open or closed and not work

    Mr.Anderson.................

  8. #8
    why06jz's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    299
    Reputation
    14
    Thanks
    54
    Quote Originally Posted by RPB93 View Post
    I see how this could work, but wouldn't changing the names in the script cause bugs when you try to compile?
    Nope.

    Quote Originally Posted by linuxandmegasrulz
    also changing names or binary value would leave some logical gates open or closed and not work
    Definitely nope. Haha logical gates... that's one thing to call a boolean. Maybe people would actually think I'm smart if I started calling every variable neat names. o_O.... hmmm...must give this a try sometime.


    All I really want to know is which one of the things he did is absolutely necessary. and right now I think it's something to do with gimp.dll, but idk. I do believe doing only one of those things are really necessary.


    I need more information on:

    1. How the bypass was made
    2. The importance of gimp
    3. How the bypass was tested.

    .... to come up with a verdict.
    Last edited by why06jz; 10-07-2009 at 05:59 PM.

  9. #9
    scriptkiddy's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    Canada
    Posts
    67
    Reputation
    12
    Thanks
    63
    Quote Originally Posted by why06jz View Post
    scriptkiddy you confuse me greatly. You seem like you know a lot, but it's... idk how to put this. Bits and pieces all over the place so it's really hard for me to get any idea about you :/

    K questions:
    1. Where did you get source for a bypass?
    2. How would renaming it to GIMP stuff help. I'm confused. The names of variables are arbitrary, it all gets destroyed when it's assembled. Right?
    3. You use to be a black hat hacker? Like what? Please explain...
    4. A bunch of other questions that I'm not really sure how to ask... o_O
    1. I made it.
    2. Not true, depends on the language in which it was coded in. For example, C# is totally visible and can easily be disassembled with a net reflector. Assuming a hack-shield works the same as a virus scanner, it would pick up certain hex values in the program and mark those as malware. For example, if a virus scanner finds "stub" in its hex value, it is marked as a virus.

    Encrypting and decrypting is extremely important too, I use to do it all the time, extremely helpful.

    As you know, sometimes DLL's and executable files are detected, because of their icons and file names. Changing this is helpful, same with changing assembly information.

    3. Malicious files, rats, activeX startup, trojans, keyloggers. I never really infected anybody with my files. I just tested them on my own virtual machine. ActiveX startup, and runPE injection.


    If you encrypt a DLL, or any executable file, it will be much harder for any software to detect it.

    For EXE files, you would pack its data into a stub file, encrypt it with RC4, and blowfish, or some more advanced methods. You would then make it run in memory, so it would be virtually undetectable (Never tested this on hack shields)

    For DLL files, you would basically do the same as an EXE file, but of course, it would be very different.

    In other situations, if you download a file named Gimp.exe, then you run a virus named Gimp.exe, assuming the hack shield detects a file the same way that the virus scanner does, it would get confused, and sometimes (if it is a crappy scanner) it would be less detectable.

    If you scan something on a virus scanner, and it is 23/23, by simply changing the icon, changing strings, assembly information, and other small things, it will drop to 15/23 easily. Of course, this is what an encrypter does (basically, it takes the file info and stores it into the stub, encrypts the data, then decrypts it and runs it in memory)

    Also, this next part has nothing to do with game hacking but:

    As my experience as a black hat, never download anything you are unsure of. Even if its 0/41. It can easily be encrypted, or even remade so that it is FUD.

    Don't always trust something because the virus scanner says it is safe. Bypassing scanners is a very easy task.

    Good luck guys, hopefully my advice can help people in security, and in game hacking
    Last edited by scriptkiddy; 10-07-2009 at 10:22 PM.

  10. #10
    why06jz's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    299
    Reputation
    14
    Thanks
    54
    Quote Originally Posted by scriptkiddy View Post
    1. I made it.
    Well your first response already got my respect, but the later ones only helped to humble me further. You seem to know a lot about reversing. I know in languages that use a runtime enviroment such as Java with JVM and C# with CLR, that the bytecode for that runtime is apparently very easy to reverse... though I have had no experience doing so. I'm still learning ASM.

    Also so let me get this straight. The gimp.exe is running at the same time as the gimp.dll ... So the scanner might get confused when it locates the gimp.dll?

    Also did you code the bypass in C#? since you were talking about how the variable names still exist in the byte code?

  11. #11
    scriptkiddy's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    Canada
    Posts
    67
    Reputation
    12
    Thanks
    63
    Quote Originally Posted by why06jz View Post
    Well your first response already got my respect, but the later ones only helped to humble me further. You seem to know a lot about reversing. I know in languages that use a runtime enviroment such as Java with JVM and C# with CLR, that the bytecode for that runtime is apparently very easy to reverse... though I have had no experience doing so. I'm still learning ASM.

    Also so let me get this straight. The gimp.exe is running at the same time as the gimp.dll ... So the scanner might get confused when it locates the gimp.dll?

    Also did you code the bypass in C#? since you were talking about how the variable names still exist in the byte code?
    1. Not really, I can't actually prove it, but I find that renaming things to processes that you already have open always help me. I can't actually prove that it will confuse the scanner, but it may reduce the change of detection if a bug occurs.

    2. Yeah, I am good at C#, but learning C++ so I can be even better.

  12. #12
    Roooty's Avatar
    Join Date
    Oct 2009
    Gender
    male
    Posts
    391
    Reputation
    13
    Thanks
    19
    My Mood
    Flirty
    soz i am not really getting what u guys are trying too say

  13. #13
    why06jz's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    299
    Reputation
    14
    Thanks
    54
    Quote Originally Posted by scriptkiddy View Post
    1. Not really, I can't actually prove it, but I find that renaming things to processes that you already have open always help me. I can't actually prove that it will confuse the scanner, but it may reduce the change of detection if a bug occurs.

    2. Yeah, I am good at C#, but learning C++ so I can be even better.
    Oh. Cool!
    I started off in Java, which is kind of like C# and now I'm learning C++ as well.

Similar Threads

  1. [Tutorial] The Working Cham and Speed (Works For Me I'm On Vista Ulitmate 32bit)
    By Resaun in forum Combat Arms Hacks & Cheats
    Replies: 32
    Last Post: 09-20-2009, 09:24 PM
  2. since bypass doesnt work for everyone
    By nighthawk3 in forum Combat Arms Hacks & Cheats
    Replies: 10
    Last Post: 08-20-2008, 04:28 PM
  3. New bypass 100 % working for lvl 11 account
    By hoƩlozabimaru in forum WarRock - International Hacks
    Replies: 4
    Last Post: 09-23-2007, 10:35 AM
  4. invis stilll works for me after update!@@!
    By ~claw~ in forum WarRock - International Hacks
    Replies: 7
    Last Post: 05-30-2007, 03:54 PM
  5. [Trading] very new bypass that works for lvl 16 + wr
    By englishpom in forum Trade Accounts/Keys/Items
    Replies: 0
    Last Post: 05-20-2007, 10:16 AM

Tags for this Thread