Results 1 to 4 of 4
  1. #1
    demtrios's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Location
    MPGH.Net
    Posts
    870
    Reputation
    10
    Thanks
    1,053
    My Mood
    Amused

    CRC CShell Bypass

    Code:
    #ifdef CAEU
    DWORD dwCRCCheckCShell_HookStart = 0x379C1F85;
    DWORD dwCRCCheckCShell_JMPBack = 0x379C1F8E;
    #else
    DWORD dwCRCCheckCShell_HookStart = 0x379CE928;
    DWORD dwCRCCheckCShell_JMPBack = 0x379CE93D;
    #endif
    
    //example : nametags
    BYTE NAMETAGS1BYTES[2], NAMETAGS2BYTES[2];
    
    some where Im doing this, for save in those array of bytes original bytes.
    memcpy((void *)NAMETAGS1BYTES, (void *)dwNameTags1, 2);
    memcpy((void *)NAMETAGS2BYTES, (void *)dwNameTags2, 2);
    
    .. then :
    
    BYTE CRCBYTE_CSHELL;
    DWORD addressToPass_CShell;
    
    __declspec(naked) void __cdecl hkCRCCheck()
    {
    __asm mov ebx, 0; //same for ca eu / na
    __asm add ebx, edx; //same for ca eu / na -> ebx now contain the address which is getting scanned
    __asm pushad; //savin stack
    __asm pushfd; //savin also falgs since we are in a strange part of code, we are in the middle of themida / winlicense code mutation.
    
    __asm mov addressToPass_CShell, ebx; //moving ebx into my dword.
    
    if(addressToPass_CShell == dwNameTags1) //our nametags1 address is getting scanned
    {
    CRCBYTE_CSHELL = NAMETAGS1BYTES[0]; //im setting my own byte which ca should read to original byte.
    goto JMPPoint;
    }
    
    if(addressToPass_CShell == (dwNameTags1 + 0x1)) //doing same for 2nd byte
    {
    CRCBYTE_CSHELL = NAMETAGS1BYTES[1];
    goto JmpPoint;
    }
    
    if(addressToPass_CShell == dwNameTags2) //doing same for 2nd address of nametag etc etc
    {
    CRCBYTE_CSHELL = NAMETAGS2BYTES[0];
    goto JmpPoint;
    }
    if(addressToPass_CShell == (dwNameTags2 + 0x1))
    {
    CRCBYTE_CSHELL = NAMETAGS2BYTES[1];
    goto JmpPoint;
    }
    
    __asm popfd; //restorin stack
    __asm popad; //restorin flags
    __asm add al, byte ptr ds:[ebx]; //allright, no one address which we are modifyng is getting scanned so we can execute function normally.
    __asm jmp dwCRCCheckCShell_JMPBack; //jmping back.
    
    JmpPoint: 
    //one of our address is getting scanned so lets trick the crc
    __asm popfd;
    __asm popad;
    __asm add al, CRCBYTE_CSHELL; //let's put in AL our original byte.
    __asm jmp dwCRCCheckCShell_JMPBack; //Jmping back
    }
    ...
    
     DetourCreate((BYTE *)dwCRCCheckCShell_HookStart, (BYTE *)hkCRCCheck, 5);

    Credits

    @donoob

  2. #2
    disav0w_'s Avatar
    Join Date
    Oct 2012
    Gender
    male
    Posts
    13
    Reputation
    10
    Thanks
    60
    lol, posted that earlier on another forum which for sure you know , donoob it's me.
    and i posted this just because someone else posted another way of how bypass this check

  3. The Following User Says Thank You to disav0w_ For This Useful Post:

    Ch40zz-C0d3r (10-21-2012)

  4. #3
    demtrios's Avatar
    Join Date
    Jan 2010
    Gender
    male
    Location
    MPGH.Net
    Posts
    870
    Reputation
    10
    Thanks
    1,053
    My Mood
    Amused
    Quote Originally Posted by disav0w_ View Post
    lol, posted that earlier on another forum which for sure you know , donoob it's me.
    and i posted this just because someone else posted another way of how bypass this check
    I found it interesting so I decided to share here

  5. #4
    BadBurrito's Avatar
    Join Date
    Jan 2012
    Gender
    male
    Posts
    32
    Reputation
    21
    Thanks
    225
    haha that is so much code and I think it is not comfortable you restore the bytes when they access the address ...check out my release it is far better just patching 6 bytes

  6. The Following User Says Thank You to BadBurrito For This Useful Post:

    SNIPdetta (10-21-2012)

Similar Threads

  1. [Release] [gMS v0.89]Crc Bypass
    By Slice- in forum MapleStory Hacks, Cheats & Trainers
    Replies: 24
    Last Post: 09-11-2010, 03:48 PM
  2. [Release] [GMS 0.88] XPlorer CRC Bypass
    By 4ce in forum MapleStory Hacks, Cheats & Trainers
    Replies: 0
    Last Post: 08-14-2010, 05:29 PM
  3. CRC Bypass made by me!
    By filthyyou in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 53
    Last Post: 06-10-2010, 04:13 PM
  4. [Announcement] Exteel CRC Bypass
    By Agony in forum General Game Hacking
    Replies: 5
    Last Post: 04-03-2009, 01:32 PM
  5. gMs/OMS Crc Bypass
    By Doctrine in forum MapleStory Hacks, Cheats & Trainers
    Replies: 10
    Last Post: 04-17-2007, 12:13 PM