Home › Forum › MultiPlayer Game Hacks & Cheats › Other MMORPG Hacks › Piercing Blow Hacks & Cheats › Piercing Blow Help › Bypass Ahnlab HACKSHIELD
Bypass Ahnlab HACKSHIELD
Bypass Ahnlab HACKSHIELD
Hello wise guys
Because thread:
http://www.mpgh.net/forum/366-projec...ackshield.html
is closed, i must open new one.
Time is goin on and the HackShiled made some upgrades.
Using advices from thread above, step by step (WinXP 32bit) cannot bypass HackShiled any more. HackShiled refresh hooks on keyboard and mouse after cca 10 seconds also openning AntiRootkit.exe or KernelDetective.exe cause sometimes alert "DETECT_GAME_HACK".
During experiments with both utilities and trying disable HackShiled tentacles i put HackShiled to state look like bypassed.
AntiRootkit.exe Ring0 Hooks still have Hooks on Keyboard and mouse, but Hackshiled not blocked input from extarnal programs, also message "DETECT_GAME_HACK" was not appear. So, must exist way how to bypass it. Unfortunatelly repeat that solution is out of my ability now.
So please, if somebody know solution how to bypass HackShiled or find new solution, poste it here, or give valuable link.
I would like to use special keyboard and mouse buttons also macros, and this piece of crap software try command me what I can do with my own computer.
I think, any good writen online game with external server does not need such a "anti hackshiled" to persecute its gamers.
Because thread:
http://www.mpgh.net/forum/366-projec...ackshield.html
is closed, i must open new one.
Time is goin on and the HackShiled made some upgrades.
Using advices from thread above, step by step (WinXP 32bit) cannot bypass HackShiled any more. HackShiled refresh hooks on keyboard and mouse after cca 10 seconds also openning AntiRootkit.exe or KernelDetective.exe cause sometimes alert "DETECT_GAME_HACK".
During experiments with both utilities and trying disable HackShiled tentacles i put HackShiled to state look like bypassed.
AntiRootkit.exe Ring0 Hooks still have Hooks on Keyboard and mouse, but Hackshiled not blocked input from extarnal programs, also message "DETECT_GAME_HACK" was not appear. So, must exist way how to bypass it. Unfortunatelly repeat that solution is out of my ability now.
So please, if somebody know solution how to bypass HackShiled or find new solution, poste it here, or give valuable link.
I would like to use special keyboard and mouse buttons also macros, and this piece of crap software try command me what I can do with my own computer.
I think, any good writen online game with external server does not need such a "anti hackshiled" to persecute its gamers.
[notice]Thread Moved[/notice]
I don't think there is any bypass available as of now but ill let this be open for a while . In case lannyboy has something to offer.
I don't think there is any bypass available as of now but ill let this be open for a while . In case lannyboy has something to offer.
well, i am using bypassing hackshield technology to make project blackout works. but different games have different hackshield offsets to patch. it is better you get a proper method to bypass.
---------- Post added at 10:44 PM ---------- Previous post was at 10:42 PM ----------
btw, hackshield SSTD inline hook can be easily unhooked
just make a driver and overwrite the offset that they hooked at. but don't play with driver if you don't know anything. you may destroy you pc. BSOD, scary?
---------- Post added at 11:07 PM ---------- Previous post was at 10:44 PM ----------
in case you want to play with driver, this is the current project blackout hackshield's SSDT inline hook offsets that i found:
---------- Post added at 10:44 PM ---------- Previous post was at 10:42 PM ----------
btw, hackshield SSTD inline hook can be easily unhooked
just make a driver and overwrite the offset that they hooked at. but don't play with driver if you don't know anything. you may destroy you pc. BSOD, scary? ---------- Post added at 11:07 PM ---------- Previous post was at 10:44 PM ----------
in case you want to play with driver, this is the current project blackout hackshield's SSDT inline hook offsets that i found:
Code:
#define ZwSetContextThread 0x805D2C45 #define ZwWriteVirtualMemory 0x805B43DC #define ZwSetLtdEntries 0x805D482C #define NtDeviceIoControlFile 0x8057928E #define ZwGetContextThread1 0x805D2A64 #define NtOpenProcess 0x805CB461 #define KeUnstackDetachProcess 0x804F8A3E #define ZwWriteFileGather 0x8058085A #define ZwProtectVirtualMemory 0x805B842E #define ZwQueryPerformanceCounter 0x80617F9D #define NtClose 0x805BC551 #define ZwReadVirtualMemory 0x805B42D2 #define ZwGetContextThread2 0x805D2A35
Hello and thanks for response
Mayby it is like lannyboy said "just make a driver and overwrite the offset that they hooked at". Have the ability to do that, I will made it. Long time ago I played with assembler and CPU Z80, so I understand a little bit the mechanisms of memory adress, but don´t know many other thinks to do this kind of task.
The game I would like free from HackShiled is Metin2. Here is listed some SSDT informations.
[XueTr][SSDT]: 4
Index; Fun Name; Current Entry; Hook; Original Entry; Module[*]122; NtOpenProcess; 0x8204E0A8->0xEEB9D160; inline hook; 0x805719AC;C:\WINDOWS\system32\drivers\EagleXNt.sy s[*]137; NtProtectVirtualMemory; 0x822D64C0->0xEEB9C970; inline hook; 0x80571E96; C:\WINDOWS\system32\drivers\EagleXNt.sys[*]186; NtReadVirtualMemory; 0x82128F20->0xEEB9D450; inline hook; 0x8057E4B8; C:\WINDOWS\system32\drivers\EagleXNt.sys[*]277; NtWriteVirtualMemory ; 0x82056618->0xEEB9D5C0; inline hook; 0x8057E60A; C:\WINDOWS\system32\drivers\EagleXNt.sys
On another computer the Index is same and second value of Current Entry is also same.
When wipe this hooks, they are restored some second after.
Probably another way how to bypass HackShield is:
When the game started by open Metin2.exe
At first time patcher is run, it update game and replace files with bad CRC
It also update and repair HackShiled
Then it run program ./hshield/hsupdate.exe
And hsupdate.exe made check and run HackShiled, then it return somethink like "OK" signal back to game and the game started.
Game can by started by command "start metin2client.bin" which bypass update and run ./hshield/hsupdate.exe
If I rename for example calc.exe and put it as hsupdate.exe to hshield folder, game start calculator instead real hsupdate.exe
But game end with message HACK_SHIELD_UPDATE_ERROR
So my speculation is, that Metin2 and HackShiled are very separated programs.
metin2client.bin run /hshield/hsupdate.exe and expect some returned value that everythink is OK.
Have utility to monitoring comunication between ./hshield/hsupdate.exe and metin2client.bin, probably I can make own application that only return value "everythink is ok", and finaly the game start withnout HackShiled.
In that case Metin2 can be started under unprivileged user account and any other fucking rootkit cannot fuck my virgin system.
Which application can be used to monitoring communication between programs?
Mayby it is like lannyboy said "just make a driver and overwrite the offset that they hooked at". Have the ability to do that, I will made it. Long time ago I played with assembler and CPU Z80, so I understand a little bit the mechanisms of memory adress, but don´t know many other thinks to do this kind of task.
The game I would like free from HackShiled is Metin2. Here is listed some SSDT informations.
[XueTr][SSDT]: 4
Index; Fun Name; Current Entry; Hook; Original Entry; Module[*]122; NtOpenProcess; 0x8204E0A8->0xEEB9D160; inline hook; 0x805719AC;C:\WINDOWS\system32\drivers\EagleXNt.sy s[*]137; NtProtectVirtualMemory; 0x822D64C0->0xEEB9C970; inline hook; 0x80571E96; C:\WINDOWS\system32\drivers\EagleXNt.sys[*]186; NtReadVirtualMemory; 0x82128F20->0xEEB9D450; inline hook; 0x8057E4B8; C:\WINDOWS\system32\drivers\EagleXNt.sys[*]277; NtWriteVirtualMemory ; 0x82056618->0xEEB9D5C0; inline hook; 0x8057E60A; C:\WINDOWS\system32\drivers\EagleXNt.sys
On another computer the Index is same and second value of Current Entry is also same.
When wipe this hooks, they are restored some second after.
Probably another way how to bypass HackShield is:
When the game started by open Metin2.exe
At first time patcher is run, it update game and replace files with bad CRC
It also update and repair HackShiled
Then it run program ./hshield/hsupdate.exe
And hsupdate.exe made check and run HackShiled, then it return somethink like "OK" signal back to game and the game started.
Game can by started by command "start metin2client.bin" which bypass update and run ./hshield/hsupdate.exe
If I rename for example calc.exe and put it as hsupdate.exe to hshield folder, game start calculator instead real hsupdate.exe
But game end with message HACK_SHIELD_UPDATE_ERROR
So my speculation is, that Metin2 and HackShiled are very separated programs.
metin2client.bin run /hshield/hsupdate.exe and expect some returned value that everythink is OK.
Have utility to monitoring comunication between ./hshield/hsupdate.exe and metin2client.bin, probably I can make own application that only return value "everythink is ok", and finaly the game start withnout HackShiled.
In that case Metin2 can be started under unprivileged user account and any other fucking rootkit cannot fuck my virgin system.
Which application can be used to monitoring communication between programs?
Originally Posted by almich159
Hello and thanks for response
Mayby it is like lannyboy said "just make a driver and overwrite the offset that they hooked at". Have the ability to do that, I will made it. Long time ago I played with assembler and CPU Z80, so I understand a little bit the mechanisms of memory adress, but don´t know many other thinks to do this kind of task.
The game I would like free from HackShiled is Metin2. Here is listed some SSDT informations.
[XueTr][SSDT]: 4
Index; Fun Name; Current Entry; Hook; Original Entry; Module[*]122; NtOpenProcess; 0x8204E0A8->0xEEB9D160; inline hook; 0x805719AC;C:\WINDOWS\system32\drivers\EagleXNt.sy s[*]137; NtProtectVirtualMemory; 0x822D64C0->0xEEB9C970; inline hook; 0x80571E96; C:\WINDOWS\system32\drivers\EagleXNt.sys[*]186; NtReadVirtualMemory; 0x82128F20->0xEEB9D450; inline hook; 0x8057E4B8; C:\WINDOWS\system32\drivers\EagleXNt.sys[*]277; NtWriteVirtualMemory ; 0x82056618->0xEEB9D5C0; inline hook; 0x8057E60A; C:\WINDOWS\system32\drivers\EagleXNt.sys
On another computer the Index is same and second value of Current Entry is also same.
When wipe this hooks, they are restored some second after.
Probably another way how to bypass HackShield is:
When the game started by open Metin2.exe
At first time patcher is run, it update game and replace files with bad CRC
It also update and repair HackShiled
Then it run program ./hshield/hsupdate.exe
And hsupdate.exe made check and run HackShiled, then it return somethink like "OK" signal back to game and the game started.
Game can by started by command "start metin2client.bin" which bypass update and run ./hshield/hsupdate.exe
If I rename for example calc.exe and put it as hsupdate.exe to hshield folder, game start calculator instead real hsupdate.exe
But game end with message HACK_SHIELD_UPDATE_ERROR
So my speculation is, that Metin2 and HackShiled are very separated programs.
metin2client.bin run /hshield/hsupdate.exe and expect some returned value that everythink is OK.
Have utility to monitoring comunication between ./hshield/hsupdate.exe and metin2client.bin, probably I can make own application that only return value "everythink is ok", and finaly the game start withnout HackShiled.
In that case Metin2 can be started under unprivileged user account and any other fucking rootkit cannot fuck my virgin system.
Which application can be used to monitoring communication between programs?
Mayby it is like lannyboy said "just make a driver and overwrite the offset that they hooked at". Have the ability to do that, I will made it. Long time ago I played with assembler and CPU Z80, so I understand a little bit the mechanisms of memory adress, but don´t know many other thinks to do this kind of task.
The game I would like free from HackShiled is Metin2. Here is listed some SSDT informations.
[XueTr][SSDT]: 4
Index; Fun Name; Current Entry; Hook; Original Entry; Module[*]122; NtOpenProcess; 0x8204E0A8->0xEEB9D160; inline hook; 0x805719AC;C:\WINDOWS\system32\drivers\EagleXNt.sy s[*]137; NtProtectVirtualMemory; 0x822D64C0->0xEEB9C970; inline hook; 0x80571E96; C:\WINDOWS\system32\drivers\EagleXNt.sys[*]186; NtReadVirtualMemory; 0x82128F20->0xEEB9D450; inline hook; 0x8057E4B8; C:\WINDOWS\system32\drivers\EagleXNt.sys[*]277; NtWriteVirtualMemory ; 0x82056618->0xEEB9D5C0; inline hook; 0x8057E60A; C:\WINDOWS\system32\drivers\EagleXNt.sys
On another computer the Index is same and second value of Current Entry is also same.
When wipe this hooks, they are restored some second after.
Probably another way how to bypass HackShield is:
When the game started by open Metin2.exe
At first time patcher is run, it update game and replace files with bad CRC
It also update and repair HackShiled
Then it run program ./hshield/hsupdate.exe
And hsupdate.exe made check and run HackShiled, then it return somethink like "OK" signal back to game and the game started.
Game can by started by command "start metin2client.bin" which bypass update and run ./hshield/hsupdate.exe
If I rename for example calc.exe and put it as hsupdate.exe to hshield folder, game start calculator instead real hsupdate.exe
But game end with message HACK_SHIELD_UPDATE_ERROR
So my speculation is, that Metin2 and HackShiled are very separated programs.
metin2client.bin run /hshield/hsupdate.exe and expect some returned value that everythink is OK.
Have utility to monitoring comunication between ./hshield/hsupdate.exe and metin2client.bin, probably I can make own application that only return value "everythink is ok", and finaly the game start withnout HackShiled.
In that case Metin2 can be started under unprivileged user account and any other fucking rootkit cannot fuck my virgin system.
Which application can be used to monitoring communication between programs?
you must know what has it done inside (its architecture) the anti-cheat program before you really try on something. otherwise, you could only wasting your time. like i mentioned up there. disable the hackshield crcselfcheck, then only change the hackshield behaviours. it will become pointless if you never disable those checking and try your stuffs on it.
now does this make sense for you?
Yes thanks.
Must say that few weeks ago was bypassing HackShiled very easy.
Just run metin by comand "start metin2client.bin" under unprivileged user.
Nothin else. HackShiled was not started and game work fine.
Disassemble program and understand it on assembler level is out of my possibilities now. So all I can try is to putting system to state when HackShiled is out of function.
Once a time it happend, but I can't reproduce unfortunately.
I feel that bypassing HackShil will by very easy, just to KNOW HOW.
Must say that few weeks ago was bypassing HackShiled very easy.
Just run metin by comand "start metin2client.bin" under unprivileged user.
Nothin else. HackShiled was not started and game work fine.
Disassemble program and understand it on assembler level is out of my possibilities now. So all I can try is to putting system to state when HackShiled is out of function.
Once a time it happend, but I can't reproduce unfortunately.
I feel that bypassing HackShil will by very easy, just to KNOW HOW.
Originally Posted by almich159
Yes thanks.
Must say that few weeks ago was bypassing HackShiled very easy.
Just run metin by comand "start metin2client.bin" under unprivileged user.
Nothin else. HackShiled was not started and game work fine.
Disassemble program and understand it on assembler level is out of my possibilities now. So all I can try is to putting system to state when HackShiled is out of function.
Once a time it happend, but I can't reproduce unfortunately.
I feel that bypassing HackShil will by very easy, just to KNOW HOW.
Must say that few weeks ago was bypassing HackShiled very easy.
Just run metin by comand "start metin2client.bin" under unprivileged user.
Nothin else. HackShiled was not started and game work fine.
Disassemble program and understand it on assembler level is out of my possibilities now. So all I can try is to putting system to state when HackShiled is out of function.
Once a time it happend, but I can't reproduce unfortunately.
I feel that bypassing HackShil will by very easy, just to KNOW HOW.
Truly this bypassed HackShiled.
Using that command was official advice from game masters, for reason that HackShiled made problems. I don't use any hack which nonstandartly manipulate with game, I only use the keyboard and mouse macros for special keys, so maby there was another level of check which I don´t touch.
This bypass is still function with game client 2 months old. But into game was added some new thinks and playing with old client cause game crash very often.
Metin2 have fixed keys for all game actions, like movement and using thinks. Very stupid cause for basic actions you must also use SHIFT CTRL and ALT shifters. So all I need is using my keyboard and mouse with my layout which is much more user friendly.
Using that command was official advice from game masters, for reason that HackShiled made problems. I don't use any hack which nonstandartly manipulate with game, I only use the keyboard and mouse macros for special keys, so maby there was another level of check which I don´t touch.
This bypass is still function with game client 2 months old. But into game was added some new thinks and playing with old client cause game crash very often.
Metin2 have fixed keys for all game actions, like movement and using thinks. Very stupid cause for basic actions you must also use SHIFT CTRL and ALT shifters. So all I need is using my keyboard and mouse with my layout which is much more user friendly.
hahahaha xDDDDDD
Hackshield: GameHack detected
Hackshield: GameHack detected
haha?
Still working with OLD CLIENT.
Still working with OLD CLIENT.
Similar Threads
- 10Last post
- 18Last post
- 8Last post
- 12Last post
- 6Last post