Collaborative EAC Bypass Thread
I wanted to create a thread to let people discuss on their progress on bypassing the exe.
If you have already bypassed eac any pointers you have would be helpful even if its telling us the dll which has the key to unlocking it.
I have so far setup net reflector with reflexil and have been scanning the code to find where you can bypass eac. So far i see the Initialize method in the runtime class within EasyAntiCheat as being a place which might be the key to bypass it. The Initialize Method can be referenced here: public static void Initialize(int gameId, EventHandler<LoadCompletedEventArgs> onCompleted = null, EventHandler<LoadProgressEventArgs> onProgress = null)
{
WaitCallback callBack = null;
EventHandler<LoadProgressEventArgs> handler = null;
if ((gameInfo != null) || (Interlocked.Exchange<GameInfo>(ref gameInfo, new GameInfo(gameId)) != null))
{
throw new ApplicationException("Anti-cheat module can be initialized only once.");
}
EventHandler<LoadCompletedEventArgs> onCompletedHandler = delegate (object s, LoadCompletedEventArgs args) {
Initialized = args.Status == LoadExitCode.Success;
if (loader != null)
{
loader.Dispose();
loader = null;
}
if (Initialized)
{
UpdateUserToken();
}
onCompleted.Raise<LoadCompletedEventArgs>(null, args);
};
if (NativeModule.IsWindows())
{
if (callBack == null)
{
callBack = state => onCompletedHandler(null, new LoadCompletedEventArgs(LoadExitCode.Success, "Initialization completed."));
}
ThreadPool.QueueUserWorkItem(callBack);
}
else
{
loader = new Loader(gameId, null, null);
loader.Completed += onCompletedHandler;
if (onProgress != null)
{
if (handler == null)
{
handler = (sender, args) => onProgress(null, args);
}
loader.Progress += handler;
}
loader.BeginLoad();
}
}
and the entire class Runtime here:
pastebin dot com/KsA6rLy7
I have tried to make it so it doesn't throw an exception and just pretty much lets everything pass but trying to use reflexil to do it is nothing like coding in c++. I am afraid i'm in the wrong place and think the key is inside of the EAC exe but its impossible to understand in a hex editor. How did Hoskins create his own exe? Did he recode it himself? This whole thing has my head spinning.