Hacksheild bypass stuff

[i7vSa7vi7y]

ok i got this from another site. i will not name but maybe this can help some ppl bypass the hacksheild. i havnt tried this but I DID NOT MAKE THIS OR WAS IN ANY PART!! BTW HIT THE THANKS BUTOON XD
This will work on the newest update, just got to do a bit of work..

Alright so you want to bypass Hackshield, First Get a clean install of Combat Arms updated to the latest version [Ver_US_0.5.2423(18)]-[20080820_131138]. Now Fyyre states that the easiest way to bypass hackshield, is to just stop it from loading in the first place. I can't argue with that. So rename your HShield folder to something else, in this case I rename it to zzzHshield. Now that the Hackshield files can't be found by the game, they won't be able to be loaded. But now when you run the game you will get an error saying that the protection modules failed to update. We need to get rid of this error. Now the engine for combat arms is packed with upx, but when trying to use the standard unpacker upx provides, it gives an error saying that can't unpack. So the tool I used was PE explorer. Just open engine.exe with PE explorer and then save it as something other then the original. I will refer to it as zzzEngine.exe. (At this point I renamed my original engine to OriginalEngine.exe and zzzEngine to Engine.exe). Now load up the unpacked engine into ollydbg. The string we will be searching for is "Fail to update". The result should be
Code:

00505EF1 . 68 A8C06600 PUSH Engine.0066C0A8

; |format = "Fail to update protection modules! - ErrorCode [0x%08X]"

Basically we want this box not to pop up. Scrolling up a bit you see
Code:

00505EEA . 74 2F JE SHORT

Engine.00505F1B

Which makes the message box pop up. Changeing the JE to JNZ though will prevent it from popping up!

So now get your favorite hex editor (I use ollydbg) and search for 74 2F and change it to 75 2F and save the result. Now fireup combat arms. AH! An invalid file has been installed. Once again same method, lets search. The result of your search

should be
Code:

00505FF0 . 68 28C06600 PUSH Engine.0066C028 ; |Text = "An invalid file has been

installed.
Please reinstall the file."

Once again same method will be used, find the JE and change it to JNZ. The offset is 00505FE0 . 74 22 JE SHORT Engine.00506004. Now try running again. Compatibility mode!?! Once again

search, & result
Code:

0050600B . 68 D8BF6600 PUSH Engine.0066BFD8 ; |Text = "The program is

running on compatibility mode.
The program is shutting down."

Once again JE to JNZ. This is the offset 00505FDB

. 74 42 JE SHORT Engine.0050601F. JE TO JNZ TIME! Now run once again. Another instance is running (liars). Now I'm going to save us a lot of time and just tell you everything to nop because you end up going through this process like 10

times.
Code:

00505FDB . 74 42 JE SHORT Engine.0050601F
00505FD9 7F 5F JG SHORT Engine.0050603A
00505FD9 7F 5F JG SHORT Engine.0050603A
0050603F . 74 4B JE SHORT Engine.0050608C
00506044 . 74 2E JE SHORT Engine.00506074
005060BA . 74 2E JE SHORT Engine.005060EA
00505FCE . 0F84 D0000000 JE Engine.005060A4

IT starts up now! But now it says that the file is corrupt. Now searching for this string will be futile because its somehow hidden. So the next best thing is to get the crc32 of the first file and subsitute it for the modified version so that the game thinks were using an unmodified version. Using PEiD and the crc32 plugin you can see the original crc32 is BBAF654E, Now change the crc32 of the modified engine to that. Now hopefully if you've done everything right, you will be able to start combat arms without hacksheild starting =p

Credits:
Zephyrous
DeadlyData
Fyyre
pooping99
King-Orgy

Tools used:
OllyDbg 1.10
PE Explorer
Download PE Explorer/Editor application, DLL Viewer, EXE Ressource Editor and Disassembler, Borland Delphi EXE Editor.

[ezjpimp]

Lol. Just pass on any useful info that you find cuz we need a working bypass for this new patch. We all need to work together and we'll get one.

[TinyWeeWee]

Lol. Just pass on any useful info that you find cuz we need a working bypass for this new patch. We all need to work together and we'll get one.

Hope all of you fail. I love being the only guy with chams in game.

[deadnesser]

I wrote this tutorial before the update, and if you follow it exactly all of the offsets will be a little wrong but the exact same concept still applies. If you do manage to complete the tutorial though, you will receive an error saying something about directx, so to make it work you need to be a little creative =p

[crazyfool]

I do not see a JE command being fired above the line I think I should be at for the first popup

push SSZ0066C0B0_Fail_to_update_protection_module

I went to the sub that was being called. I saw that I am close because thats where its loading hsupdate.exe ....
no JE commands being called anywhere :/

can somone help me a bit?

[Marsicano]

Trying to do this right now, but the codes you posted have been modified... they are near of what you posted... but... I will figure it out..

[lemonadez]

I wrote this tutorial before the update, and if you follow it exactly all of the offsets will be a little wrong but the exact same concept still applies. If you do manage to complete the tutorial though, you will receive an error saying something about directx, so to make it work you need to be a little creative =p

lol, even if they all follow it. the hard part come with the "fill with NOP's". the offset is wrong because it change, So people will have hard time how to find those filling NOP's address. <- I got my ass stuck there and I give up cuz it take more than 10x LOL.

[stonie]

[strike]I'm stuck. I filled with NOPs, but I can't figure out how to compile it back or even save it as .exe. (using Olly)[/strike]
WTF, I can't Strike Thru...!!!

I was also thinking. Find the address that shuts down the game. NOP it and ignore the errors. =)

I figured out how to save it back into .exe!

Now I need to get around that damn CRC bs. FUN!

[dkzeria]

Hope all of you fail. I love being the only guy with chams in game.

Lol want ppl to buy VIP much? tempting them and shit...

[penguinzrock]

Just wait until Nexon starts packing Combat Arms's client. Haha.

By the way, this was very useful.

[CoMPMStR]

There is a bit of an easier way than going through those 10 or so errors before you get to the directx error. You only have to change 3 locations.

000A5FCA - 742E -> 752E
000A60B1 - 0F84C5000000 -> 0F85C5000000
000A6194 - 742C -> 752C

After you change those locations, you will get that damn DirectX error. I never got anything about a crc32 error though.

[SomeDude123]

any proof that this works/ Like u using the trainer in Game?
Picture would benice

lets hoep so

[Ryguy]

ok i got this from another site. i will not name but maybe this can help some ppl bypass the hacksheild. i havnt tried this but I DID NOT MAKE THIS OR WAS IN ANY PART!! BTW HIT THE THANKS BUTOON XD
This will work on the newest update, just got to do a bit of work..

Alright so you want to bypass Hackshield, First Get a clean install of Combat Arms updated to the latest version [Ver_US_0.5.2423(18)]-[20080820_131138]. Now Fyyre states that the easiest way to bypass hackshield, is to just stop it from loading in the first place. I can't argue with that. So rename your HShield folder to something else, in this case I rename it to zzzHshield. Now that the Hackshield files can't be found by the game, they won't be able to be loaded. But now when you run the game you will get an error saying that the protection modules failed to update. We need to get rid of this error. Now the engine for combat arms is packed with upx, but when trying to use the standard unpacker upx provides, it gives an error saying that can't unpack. So the tool I used was PE explorer. Just open engine.exe with PE explorer and then save it as something other then the original. I will refer to it as zzzEngine.exe. (At this point I renamed my original engine to OriginalEngine.exe and zzzEngine to Engine.exe). Now load up the unpacked engine into ollydbg. The string we will be searching for is "Fail to update". The result should be
Code:

00505EF1 . 68 A8C06600 PUSH Engine.0066C0A8

; |format = "Fail to update protection modules! - ErrorCode [0x%08X]"

Basically we want this box not to pop up. Scrolling up a bit you see
Code:

00505EEA . 74 2F JE SHORT

Engine.00505F1B

Which makes the message box pop up. Changeing the JE to JNZ though will prevent it from popping up!

So now get your favorite hex editor (I use ollydbg) and search for 74 2F and change it to 75 2F and save the result. Now fireup combat arms. AH! An invalid file has been installed. Once again same method, lets search. The result of your search

should be
Code:

00505FF0 . 68 28C06600 PUSH Engine.0066C028 ; |Text = "An invalid file has been

installed.
Please reinstall the file."

Once again same method will be used, find the JE and change it to JNZ. The offset is 00505FE0 . 74 22 JE SHORT Engine.00506004. Now try running again. Compatibility mode!?! Once again

search, & result
Code:

0050600B . 68 D8BF6600 PUSH Engine.0066BFD8 ; |Text = "The program is

running on compatibility mode.
The program is shutting down."

Once again JE to JNZ. This is the offset 00505FDB

. 74 42 JE SHORT Engine.0050601F. JE TO JNZ TIME! Now run once again. Another instance is running (liars). Now I'm going to save us a lot of time and just tell you everything to nop because you end up going through this process like 10

times.
Code:

00505FDB . 74 42 JE SHORT Engine.0050601F
00505FD9 7F 5F JG SHORT Engine.0050603A
00505FD9 7F 5F JG SHORT Engine.0050603A
0050603F . 74 4B JE SHORT Engine.0050608C
00506044 . 74 2E JE SHORT Engine.00506074
005060BA . 74 2E JE SHORT Engine.005060EA
00505FCE . 0F84 D0000000 JE Engine.005060A4

IT starts up now! But now it says that the file is corrupt. Now searching for this string will be futile because its somehow hidden. So the next best thing is to get the crc32 of the first file and subsitute it for the modified version so that the game thinks were using an unmodified version. Using PEiD and the crc32 plugin you can see the original crc32 is BBAF654E, Now change the crc32 of the modified engine to that. Now hopefully if you've done everything right, you will be able to start combat arms without hacksheild starting =p

Credits:
Zephyrous
DeadlyData
Fyyre
pooping99
King-Orgy

Tools used:
OllyDbg 1.10
PE Explorer
Download PE Explorer/Editor application, DLL Viewer, EXE Ressource Editor and Disassembler, Borland Delphi EXE Editor.

very confusing lol im nub when it comes to coding

[elitetech]

I have went through this and I do not get any errors but the game does not start up.

The Last thing I changed was

00506194 75 2C JNZ SHORT ETEngine.005061C2

which with that at 74 2C I would get the An error has occurred with the hack prevention function

Any Ideas?


EDIT: Nevermind I am getting the Directx error when I use the CombatArm.exe to launch the game.

[penguinzrock]

It sucks that all the addresses in this tut are different in the client.
I got to the instance part, then I got stuck since I couldn't find any other address that accessed the "Instance" case.

[c0mbatarms28]

huh, lol, i got confused... i guess it is best to just look for new bypasses....