hanli1995 (08-28-2008),Hautkopf1488 (08-27-2008),Iwin (08-27-2008),ModaFoca (08-28-2008),schmegma1488 (08-27-2008),wrenbb (08-27-2008)
So you want to make another bypass? Well at least read through my previous tutorial first so I can just cut straight to the goodies. Basically, just getting rid of hackshield and preventing it from even starting isn't the easiest way to make a bypass. But it is possible. This tutorial will show you how to make an engine that is compatible with something like MHS by L.Spiro.
First step, unpack the newest engine.
Now fix the crc32 (0954F8BC) and start up combat arms.
Start up MHS and join a server and see what your problem is.
The error is, "A hacking tool has been discovered..."
So open the engine in ollydbg and search for all refrenced text strings.
Now make a search for "A hacking tool"
Your result should beScrolling up you should seeCode:00505D55 |. 68 D0BD6600 PUSH Engine.0066BDD0 ; ASCII "A hacking tool has been discovered in the following location so the program has been shut down. (%s)"Now open up engine.exe in a hex editor and changeCode:00505D3A |.^74 BA JE SHORT Engine.00505CF6toCode:74 BA(Make sure its the right binary string)Code:75 BA
Now fix the crc32, run combat arms, open MHS, and join a server.
Congrats everything is running golden!
Credits:
*************.net
Zephyrous
DeadlyData
Fyyre
pooping99
King-Orgy
Tools used:
OllyDbg 1.10
https://www.ollydbg.de/odbg110.zip
PE Explorer
Download PE Explorer/Editor application, DLL Viewer, EXE Ressource Editor and Disassembler, Borland Delphi EXE Editor.
PEiD
https://www.peid.info/files/PEiD-0.94-20060510.zip
crc32 plugin
https://www.peid.info/plugins/crc32-gelios.zip
MHS
L. Spiro's Memory Hacking Software
To use the bypassed engine overwrite your current engine in your combat arms folder.
Last edited by deadnesser; 08-27-2008 at 08:20 PM.
hanli1995 (08-28-2008),Hautkopf1488 (08-27-2008),Iwin (08-27-2008),ModaFoca (08-28-2008),schmegma1488 (08-27-2008),wrenbb (08-27-2008)
Thats hardly conseried a bypass.
And its been patched.
For the people who are afraid of downloading the attachment.
Antivirus Version Last Update Result
AhnLab-V3 2008.8.27.1 2008.08.27 -
AntiVir 7.8.1.23 2008.08.27 -
Authentium 5.1.0.4 2008.08.28 -
Avast 4.8.1195.0 2008.08.27 -
AVG 8.0.0.161 2008.08.27 -
BitDefender 7.2 2008.08.28 -
CAT-QuickHeal 9.50 2008.08.26 -
ClamAV 0.93.1 2008.08.28 -
DrWeb 4.44.0.09170 2008.08.27 -
eSafe 7.0.17.0 2008.08.27 -
eTrust-Vet 31.6.6050 2008.08.26 -
Ewido 4.0 2008.08.27 -
F-Prot 4.4.4.56 2008.08.28 -
F-Secure 7.60.13501.0 2008.08.27 -
Fortinet 3.14.0.0 2008.08.27 -
GData 2.0.7306.1023 2008.08.28 -
Ikarus T3.1.1.34.0 2008.08.28 -
K7AntiVirus 7.10.428 2008.08.25 -
Kaspersky 7.0.0.125 2008.08.28 -
McAfee 5371 2008.08.27 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3394 2008.08.27 -
Norman 5.80.02 2008.08.27 -
Panda 9.0.0.4 2008.08.27 -
PCTools 4.4.2.0 2008.08.27 -
Prevx1 V2 2008.08.28 -
Rising 20.59.21.00 2008.08.27 -
Sophos 4.33.0 2008.08.28 -
Sunbelt 3.1.1582.1 2008.08.26 -
Symantec 10 2008.08.28 -
TheHacker 6.3.0.6.064 2008.08.27 -
TrendMicro 8.700.0.1004 2008.08.27 -
VBA32 3.12.8.4 2008.08.27 -
ViRobot 2008.8.27.1352 2008.08.27 -
VirusBuster 4.5.11.0 2008.08.27 -
Webwasher-Gateway 6.6.2 2008.08.27 -
Additional information
File size: 719354 bytes
MD5...: 7655fec032711c54900496e016973f66
SHA1..: ef5e9c2cb38227cf1b6a865102d389149c758ae8
SHA256: 60eb26b68d09afa29cfa8a03c15ce8af4b6a26939022955e32 02ab3dfcfae702
SHA512: 23204a67645846fd909aa017a03bff30b2cb3f0512a6a49384 a9fa5e6abcb30b
4b672e7a6b57ceca7281793c1c5899a67e9d8a9ded43e2927d c818de8df4f0ae
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
Virustotal. MD5: 7655fec032711c54900496e016973f66
Hautkopf1488 (08-27-2008),lolekBolek (02-09-2009),shelbyblue96 (09-03-2008),wrenbb (08-27-2008)
I am making a bypass with this method; it will most likely NOT get patched this this is like the one of the only methods to make one.
georgekappa (08-28-2008),wrenbb (08-27-2008)
Hahaha, wow noobs. Have fun with your shit.
nice one man imma try it soon
wrenbb (08-27-2008)
Wow noob nice c/p from gamingdecption.
Great job! Also what the hell is wrong with you? Just nop the address you noob!
u all go aheaad and try that...
A mod wouldn't delete something like that. Mods here are actually quite nice compared to other forums.