Combat Arms North America - Bypass Addies [NOT TESTED]

[Caezer99]

Ok, it's my first time running CA NA and I just got Olly working for it.
I went searching around and found some strings!

Started browsing around and managed to come out with these.
The comments are the bytes.
Just patch the memory.
I also saw something regarding about Sending Heartbeat in the referenced strings.

You can close NexonGuard and HackShield with my addies I think (?)
But you will get Force Crash because of the heartbeat and also I place a JMP over the hack detected messages...

#define HackDetect 0x52DED0 //EB 63 JMP SHORT 0052DF35
#define HackDetect2 0x52DF3A //E9 B5000000 JMP 0052DFF4
#define HackDetect3 0x52E057 //E9 FA040000 JMP 0052E556
#define HackDetect4 0x52E6D6 //E9 12010000 JMP 0052E7ED
#define HackDetect5 0x530839 //EB 06 JMP SHORT 00530841

The memory region...
NOTE: Image might be small

And don't flame me please
I'm new to CA
Tell me if there's anything wrong.

BTW the last addie is not by me, @zikox sent me it.
https://imgur.com/gEMIV8V

How to use

This function to patch

void WriteMemory(void *address, void *bytes, int byteSize)
{
DWORD NewProtection;
VirtualProtect(address, byteSize, PAGE_EXECUTE_READWRITE, &NewProtection);
memcpy(address, bytes, byteSize);
VirtualProtect(address, byteSize, NewProtection, &NewProtection);
}

The patching

WriteMemory((void*)HackDetect, (PBYTE*) "\xEB\x63", 2);
WriteMemory((void*)HackDetect2, (PBYTE*) "\xE9\xB5\x00\x00\x00", 5);
WriteMemory((void*)HackDetect3, (PBYTE*) "\xE9\xFA\x04\x00\x00", 5);
WriteMemory((void*)HackDetect4, (PBYTE*) "\xE9\x12\x01\x00\x00", 5);
WriteMemory((void*)HackDetect5, (PBYTE*) "\xEB\x06", 2);

[DisOwned]

Ok, it's my first time running CA NA and I just got Olly working for it.
I went searching around and found some strings!

Started browsing around and managed to come out with these.
The comments are the bytes.
Just patch the memory.
I also saw something regarding about Sending Heartbeat in the referenced strings.

You can close NexonGuard and HackShield with my addies I think (?)
But you will get Force Crash because of the heartbeat and also I place a JMP over the hack detected messages...


The memory region...
NOTE: Image might be small

And don't flame me please
I'm new to CA
Tell me if there's anything wrong.

BTW the last addie is not by me, @zikox sent me it.
https://imgur.com/gEMIV8V

How to use

This function to patch


The patching

if it works nexon is very stupid and should stop making games

but here

Code:

#define HackDetect 0x52DED0 //sigscan \x75\x63\xB9\x00\x00\x00\x00\xBE\x00\x00\x00\x00\x 8D\x7C\x24\x10 xxx????x????xxxx ///	 //EB 63 JMP SHORT 0052DF35
#define HackDetect2 0x52DF3A //Sigscan \x0F\x84\x00\x00\x00\x00\x3D\x00\x00\x00\x00\x0F\x 84\x00\x00\x00\x00\x3D\x00\x00\x00\x00\x75\x13 xx????x????xx????x????xx //E9 B5000000 JMP 0052DFF4
#define HackDetect3 0x52E057 //E9 FA040000 JMP 0052E556 // sigscan \x0F\x85\x00\x00\x00\x00\x68\x00\x00\x00\x00\xE8\x 00\x00\x00\x00\x50 xx????x????x????x ///////
#define HackDetect4 0x52E6D6 //E9 12010000 JMP 0052E7ED // \xE8\x00\x00\x00\x00\x50\xE8\x00\x00\x00\x00\xB0\x 42\xB1\x32 x????xx????xxxx//
#define HackDetect5 0x530839 //EB 06 JMP SHORT 00530841 // \x75\x06\x8B\x52\x04\x89\x51\x04\x8B\x10\x56\x8B\x 70\x04\x89\x72\x04\x8B\x30\x8B\x50\x04\x89\x32\x89 \x00\x89\x40\x04\x83\x01\xFF\x5E\x75\x07\xC7\x41\x 00\x00\x00\x00\x00\xC2\x04\x00\xCC\xCC\xCC\xCC\xCC \xCC\xCC\xCC\xCC\xCC\x8B\x44\x24\x04\x8B\x4C\x24\x 08\x3B\xC1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx?????xxxxxxxx xxxxxxxxxxxxxxx

added sig scans for you cuz i was bored

[diegosarria12]

Good job man

[_ReturnsBR_]

Good Job

[zikox]

Good Job
O.o

[zikox]

0052DEC9 /74 4C JE SHORT 0052DF17 // Here for Make fail to Unsilled HackShiled
0052DECB |8B50 04 MOV EDX,[EAX+4]
0052DECE |52 PUSH EDX
0052DECF |68 F0A87300 PUSH 0073A8F0 ; ASCII "Failed to _AhnHS_StartService [%d]"
0052DED4 |E8 C70A1700 CALL 0069E9A0
0052DED9 |50 PUSH EAX
0052DEDA |E8 C10B1700 CALL 0069EAA0
0052DEDF |A1 B4647D00 MOV EAX,[7D64B4]
0052DEE4 |8B48 04 MOV ECX,[EAX+4]
0052DEE7 |51 PUSH ECX
0052DEE8 |8D9424 2C030000 LEA EDX,[ESP+32C]
0052DEEF |68 38A97300 PUSH 0073A938 ; ASCII "An error has occurred with the hack prevention function. (Error Code = %x)",LF,"The program is shutting down."
0052DEF4 |52 PUSH EDX
0052DEF5 |FF15 D8B47200 CALL [72B4D8] ; Engine.00B4579C
0052DEFB |83C4 18 ADD ESP,18
0052DEFE |53 PUSH EBX
0052DEFF |68 D0AB7300 PUSH 0073ABD0 ; ASCII "CombatArms"
0052DF04 |8D8424 24030000 LEA EAX,[ESP+324]
0052DF0B |50 PUSH EAX
0052DF0C |53 PUSH EBX
0052DF0D |FF15 C4B47200 CALL [72B4C4]
0052DF13 |32C0 XOR AL,AL
0052DF15 |EB 21 JMP SHORT 0052DF38
0052DF17 \E8 03481B00 CALL 006E271F // Jump Here

Enjoy Hope Give Crides but you Still Need to Find HeartBeat but look like he shared it

[Coder.DiasII]

Thanks For Sharing K

[COD3RIN]

So you play CA now

[zikox]

So you play CA now

No But he Just Wanted To Know W2S Stuff

[Caezer99]

Can anybody test If it works?

[DisOwned]

Can anybody test If it works?

0052F944 68 50D17300 PUSH 0073D150 ; ASCII "UDP: Sending heartbeat %d %s" ca na
005341C4 68 ACD37300 PUSH 0073D3AC ; ASCII "UDP: Received heartbeat %d %s"

[Caezer99]

0052F944 68 50D17300 PUSH 0073D150 ; ASCII "UDP: Sending heartbeat %d %s" ca na
005341C4 68 ACD37300 PUSH 0073D3AC ; ASCII "UDP: Received heartbeat %d %s"

I know. Lol... Which means probably the bypass didn't work since there is heartbeat.