[TUT] CA bypass

[scimmyboy]

Alright so you want to bypass Hackshield. So rename your HShield folder to something like zzzHshield, in this case I rename it to zzzHshield. Now that the Hackshield files can't be found by the game, they won't be able to be loaded. But now when you run the game you will get an error saying that the protection modules failed to update. We need to get rid of this error. Now the engine for combat arms is packed with upx, but when trying to use the standard unpacker upx provides, it gives an error saying that can't unpack. So the tool I used was PE explorer. Just open engine.exe with PE explorer and then save it as something other then the original. I will refer to it as zzzEngine.exe. (At this point I renamed my original engine to OriginalEngine.exe and zzzEngine to Engine.exe). Now load up the unpacked engine into ollydbg. The string we will be searching for is "Fail to update". The result should be Reason why you get Fail to update means You are not using a bypass,either its out of date.
Code:

00505EF1 . 68 A8C06600 PUSH Engine.0066C0A8

; |format = "Fail to update protection modules! - ErrorCode [0x%08X]"

Basically we want this box not to pop up. Scrolling up a bit you see
Code:

00505EEA . 74 2F JE SHORT

Engine.00505F1B

Which makes the message box pop up. Changeing the JE to JNZ though will prevent it from popping up!

So now get your favorite hex editor (I use ollydbg) and search for 74 2F and change it to 75 2F and save the result. Now fireup combat arms. AH! An invalid file has been installed. Once again same method, lets search. The result of your search

should be
Code:

00505FF0 . 68 28C06600 PUSH Engine.0066C028 ; |Text = "An invalid file has been

installed.
Please reinstall the file."

Once again same method will be used, find the JE and change it to JNZ. The offset is 00505FE0 . 74 22 JE SHORT Engine.00506004. Now try running again. Compatibility mode!?! Once again

search, & result
Code:

0050600B . 68 D8BF6600 PUSH Engine.0066BFD8 ; |Text = "The program is

running on compatibility mode.
The program is shutting down."

Once again JE to JNZ. This is the offset 00505FDB

. 74 42 JE SHORT Engine.0050601F. JE TO JNZ TIME! Now run once again. Another instance is running (liars). Now I'm going to save us a lot of time and just tell you everything to nop because you end up going through this process like 10

times.
Code:

00505FDB . 74 42 JE SHORT Engine.0050601F
00505FD9 7F 5F JG SHORT Engine.0050603A
00505FD9 7F 5F JG SHORT Engine.0050603A
0050603F . 74 4B JE SHORT Engine.0050608C
00506044 . 74 2E JE SHORT Engine.00506074
005060BA . 74 2E JE SHORT Engine.005060EA
00505FCE . 0F84 D0000000 JE Engine.005060A4

IT starts up now! But now it says that the file is corrupt. Now searching for this string will be futile because its somehow hidden. So the next best thing is to get the crc32 of the first file and subsitute it for the modified version so that the game thinks were using an unmodified version. Using PEiD and the crc32 plugin you can see the original crc32 is BBAF654E, Now change the crc32 of the modified engine to that. Now hopefully if you've done everything right, you will be able to start combat arms without hacksheild starting

Tools used:
OllyDbg 1.10
PE Explorer
Download PE Explorer/Editor application, DLL Viewer, EXE Ressource Editor and Disassembler, Borland Delphi EXE Editor.


If this helped, dont forget to thank me!

[Iwin]

Wasn't this posted already?

But thanks I guess, and I doubt anyone will actually do this.

[Javlin]

This should be in the Tutorial section.. Not the Combat Arms section.. But if it works, Kudos.

[Gotchuthief]

yeah this was posted already

[HackTheGame]

Nice Post..'
Could Help Some People...

[tzie13]

Scimmy, i thought you would know better, this was already posted. + this isnt an exact TUT. + Dave is our saviour and is releasing a publik bypass!

[scimmyboy]

sorry if this was posted already. just to take some time off people's minds while waiting for dave

[whitechocolate]

The thing with this tutorial is the addresses aren't correct >.> tried it yesterday and gave up.

[KuRRVeD]

Thanks, I will try it.

[Endur]

I'm pretty sure this will not work anymore. Correct me if I am wrong, but recently something as simple as this won't work simply because they use SynAck now. Hooking is the way to go. I may be wrong, but I'm sure I'm not, or else they have a reallllly good sum check now. So yeah...

[scimmyboy]

this was posted already so ya.....

[FatEmoLLaMa]

<3 olly

Thanks scimmy, I might release that engine.exe in a few days if Dave's bypass is a some what "Too complicated" for noobs lol...

[Kevinnqc]

good TuT ! i hope its gonna help some 1 !

[scimmyboy]

hope this will shut some ppl up

[KuRRVeD]

Thanks, I am gonna try this.

And woah, grats on having 807 posts. Thats impressive.