Headsup's Article about hackshield

[headsup]

Sorry for the misunderstanding!!!

Obama thank you for pointing it out.

I have seen a few posts lately About the old thread with some of this info. People where asking and Pming if they could find this info again..

After about an hour and a half of Googling and typing, I came across this guide. I do not Take credits for typing this up, But i do deserve it for finding and rewriting and editing Threw out The days it will be up.

This post will be updated as fast as i get new info, So be sure to check back every ounce in a while.
Anyway.
Half credits go to ImNonexsitant::

And half to Headsup for finding / adding extras..

MPGH Mouzie
For letting me add his Thread With Evan more Hackshield info..
Look at bottom of post For his info.. This thread has been updated

Table of Contents
\
1. Introduction


2. AhnLab and Hackshield
a. features of Hackshield
b. AhnLab and Hackshield
c. Versions of Hackshield.


3. Hackshields Role in Patching/Details on how it works
a. how it works
b. Q&A/FAQ

4. Patched and Detected?!

a. how to know if it's patched or detected
b. what is a bypass

5. Extras
a. if hackshield does all that's listed, how do people make hacks?
b. is it true nexon monitors hack sites?

Introduction

As many of you may know, Nexon chooses to use a hack protection program by AhnLab, known as hackshield pro.
Most people(Legitimate players and Hackers alike)Believe hacks are patched by Nexon America, we shall call them Nexon even if that's not completely accurate, when in reality, Nexon has a hired company (AhnLab) who does the work.
I may not have all the details on how it works exactly, but I have great reason to believe it goes about as follows:


PART ONE:

1. Someone (Mpgh`, VIPs, etc.) codes and releases a hacking program,
2. one of the following happens, both of which leads to Nexon discovering the hack.

a. People begin to use the hack more and more, Nexon becomes aware of it's existantance and does enough digging around and research to locate it's source and creator.

b. The hack is released on a popular hacking site that is monitored by Nexon regularly, this includes mpgh.net, and most other hacking sites, and Nexon is immediately aware of the hacks existance.



PART TWO:

1. Nexon gathers details on the hacking program. That information is sent off to AhnLab, AhnLab then works towards patching of the hacks. (for farther details of Ahnlab's part scroll down to the green section below)
2. Either new updates are employed during the next hackshield update, or a private update is made for Nexon's games only for Nexon to use.
3.
The new hackshield in employed and the hack is no longer useful without a working bypass being used.
[/SIZE]


AhnLab and Hackshield Pro

Features of Hackshield pro.

Memory Hacking Protection
Prevents memory excess of game hacking

Speed Hack Protection
Detects and blocks speed hack programs that tempers with system timer

Debugger Protection
Blocks hacker's debugging tools for auditing and analysis of code

Message Hook Protection
Makes message hooking function of game hacking tools useless and obsolete

Auto-mouse Protection
Blocks auto mouse operation, making it ineffective in games

File Change and Forgery Protection
Detects and blocks changes or forgery of files

Hacking tools and blocking detection
Detects hacking tools and terminates client game connection from server

Run-time Forgery Protection
Prevents from forging runtime modules of HackShield

Executable File Packing
Protects HackShield, hacking protection functions, itself from hacking

Network Packet Encryption
Encrypts network packet in NIST Rijndael AES format

Data File Encryption
Encrypts data files passed between client and server

Server-side Crack Protection
Regularly checks for changes or forges of executable file at client

Executable File Encryption
Encrypts game executables in real-time

Consistent and Continuous Update
Updates with new hacking tool pattern files and protection modules

AhnLab and Hackshield?

Just in case you want the details, Ahnlab is a company (i generally refer to them as 'hackshield company' in my posts) and hackshield is the product they sell.

Versions of Hackshield?\


here are three versions, basic, plus+, and pro.

i am 95% certain Nexon uses Hackshield pro.

for a full list of features of all versions go Here

Hackshield's Role in Patching/Details on how it works

Let's get something clear, Nexon has no role in the actual patching of hacks, none of their files have any affect on our hacks being detected and patched, all the files that cause our hacks to be patched and detected are located in the HShield file located in the CA directory.


Can i edit/remove hackshield and play with patched hacks?


CA has a backup function that causes the game not to run if the hackshield folder has an error or is missing. so removing it will solve nothing.


as far as editing the hackshield, well, it's certainly NOT very easy. but is certainly possible if you know what you're doing, though it's rarely been done.

if you remember the case of Gorfags 1.2.6, it was patched almost immediately, about a day and half after it was released, you might say we got "nexowned" but

you see, a certain someone (i have know clue who) had an old hackshield client lieing around, and decided to replace the current one with the old one, and by a stroke of genius all the old hacks worked again! unfortunately Nexon/AhnLab has made this method impossible now, it wont work anymore, -_-"


How often does Hackshield update?

"Engine updates are scheduled weekly and modules updates are done as it requires."

↑↑↑ quote from Hackshield website.

UPDATE: Patched and Detected?!




Patched and Detected are two different things.

patched means it doesn't work at all anymore

and detected means it doesn't work, but with a bypass it works.


however, generally if something, whether it's glitch, hack, anything, doesn't work, most people refer to it as patched. even i do, so it's no biggie. but for future reference it's good to know the difference.


how to know if it's patched or detected

there is a basic and easy test to tell,

start the .exe or inject a .dll, and start CA.


if the hack is patched and you try to run it, CA will not start, and you will get a hackshield error.

if it's detected the hack will run, CA will start, and anywhere from 5 seconds to 3 minutes(approximately) you will disconnect from CA, most likely getting a windows error message saying "Combat Arms.exe has stopped working..."

sometimes detection/disconnection may be based on games, for example, if you run a patched hack, you can stay in one game for hours and not get disconnected, but if you leave and join another game it will disconnect you. this is more rare then timed detection, but does in fact happen sometimes.




What is a bypass?

The way i think of a bypass, is it's anything that is an abnormal way to use the hack that makes it work if it's detected.

it could be anything from downloading a file to be injected with the hack to make it work, to turning the hack on at a specific time after going in game, or maybe starting combat arms, quitting, and then starting with the hack again.

in my opinion all of the above are valid bypasses, but some may have different thoughts on this.


2. Is it true Nexon monitors hack sites? (as i stated in the introduction "...on a popular hacking site that is monitored by Nexon regularly...."

yes, it's very common, happens all the time.

They aren't 'spys' they dont infiltrate the staff and all that crap.


They simply watch over the forums, and sometimes make accounts to avoid post count restrictions.

This is old news, dont freak out about it.

*notes
*ugh....wow....that took alot...<,< i didn't realize what i was getting into when i started this guide...but i think i did okay, i'll do some more searching and maybe edit the guide with some fixes and more details,

Most of the information is from the hackshield site, the ahnlab site, and google with some Common sense

*Before criticizing this guide, please note, i'm 22, And not a tech wiz, I don't have flawless grammar. and most 'guides' would be more like this:


"Nexon doesn't patch hacks hackshield does!! "

Dont thank me unless you like the guide and it was useful, and make sure you DO thank me if you do like it and it was useful.


If any1 else has anymore missing info about this subject please. Pm me with it, So i can edit the post and add it with full credits..

Hope you like it..





__________________________________________________ ___________

Thank you Mouzie for the following Information!!!!

This is Mouzie's guide On Hack Shield Information..
Please read fully and thank him for this Info!!




Mouzie's

100% Credits to him..

This is an in-depth guide of how HS works, the antihack works very similar like PunkBuster. This is just a quick guide for those who does not what Hackshield does and how it protects hackers (poorly)

How does it detect?

It does this by scanning the memory contents of the local machine. A computer identified as using cheats may be banned from connecting to protected servers or in Combat Arms cases, removed the players and force crashes the game or banning the account.

Why is it so slow?

Simply, the antihack is a bot, unless the security company place the a dresses into the server files, the hack can't be 'detected' unless the bot changes the address/source coding.

* Real-time scanning of memory, a feature also prominent in many spyware programs, by placing a Hackshield Client on players' computers searching for known hacks/cheats using a built-in database.

* Throttled two-tiered background auto-update system using multiple Internet Master Servers to provide end-user security ensuring that no false or corrupted updates can be installed on players' computers.

* Frequent status reports (encrypted) are sent to the Hackshield Server by all players. When necessary, the server raises a violation which (depending upon settings) will cause the offending player to be removed from the game.

* Admins ( GM ) can also manually remove players from the game for a specified number of minutes or permanently ban if desired.

* Servers can optionally be configured to randomly check player settings looking for known exploits of the game engine.

*Servers can be configured to instruct clients to calculate partial MD5 hashes of files inside the game installation directory. The results are compared against a set configuration and differences logged, and optionally, the client removed from the server.
Admins can request actual screenshot samples from specific players and/or can configure the server to randomly grab screenshot samples from players during gameplay. However, it is possible for a game hack to block screenshots (producing a black screenshot) or remove all visual features of a hack (cleaning the screenshot) to remain undetected, leaving the effectiveness of this feature diminished.
An optional "bad name" facility is provided so that Admins can prevent players from using offensive player names containing unwanted profanity or racial slurs.

* Search functions are provided for Admins who wish to search player's keybindings and scripts for anything that may be known to exploit the game.

*Player Power facility (Elites) can be configured to allow players to self-administer game servers when the Server Administrator is not present entirely without the need for passwords, in which the players can call votes to have a player removed from the server for a certain amount of time.

*Servers have an optional built-in mini HTTP web server interface that allows the game server to be remotely administered via a web browser from anywhere over the Internet.
Admins can stream their server logs in real time to another location. Non-profit organizations like Anti-Cheat Inc, Community Ban List.

[Obama]

Give credits to "ImNonExistant" or im closing this.

[headsup]

Sorry forgot I didn't add them.. They are there now though so sue mah ass.....
I thought i did place correct creditz in it but thanks to obama for pointing that out..

[gtfo]

Uber LONG guide took me 3-4 mins to read BUT I has learned.

Thanks for the pro guide!! I think this should be stickied.

[BARON]

Wow It Is Long....Well It's Stickied!

[Mouzie]

So, my Hackshield information I posted a short while ago is not good?

Bah.

[Alby-kun]

hackshield is not pro >.>
I learned that patched and detected are 2 different things now

[Dested]

Good find.............

[durango]

Wow thats quite amazing, all of that information was helpful, giving my thanks to you headsup

[Kevin Rudd]

lol, this means that tnt even isnt patched, theyre all just detected

[devellis]

thanks, great info btw. a while ago i was reading a tut on how to make a bypass. it turns out it is a file that replaces/changes the EHSvc.dll in the combat arms folder. i had no idea what the tut was talking about so i completely gave up. but if someone were to release a working bypass on mpgh.... we could stretch out the life times of hacks if any coders see this, you may want to give it a shot.

[zkilla12]

like the pictures lol

[NuB_GhOsT]

So much information. But so useful...

Nice

[Shocking]

Can someone read this to me? *angel eyes

[Samueldo]

Really good guide, thanks for finding it. You deserve a .