Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Anti-Cheat development challenge
Goto page Previous  1, 2
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
Burningmace
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 520
Location: Inside the Intel CET shadow stack

PostPosted: Tue Sep 16, 2008 6:30 pm    Post subject: Reply with quote

I still don't understand how this bypassed the hash checks. If you alter the variable the checks should fail.
Back to top
View user's profile Send private message
Noz3001
I'm a spammer
Reputation: 26

Joined: 29 May 2006
Posts: 6220
Location: /dev/null

PostPosted: Tue Sep 16, 2008 6:32 pm    Post subject: Reply with quote

Hehe, go re-check your checks and ill look out for another revision tomorrow.
Back to top
View user's profile Send private message MSN Messenger
Burningmace
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 520
Location: Inside the Intel CET shadow stack

PostPosted: Tue Sep 16, 2008 7:24 pm    Post subject: Reply with quote

I've updated the code and I'm now doing some funky stuff with the value. I attempted your method and I can't get it to work now (whereas I did in the old version). Test it out Smile
Back to top
View user's profile Send private message
rapion124
Grandmaster Cheater Supreme
Reputation: 0

Joined: 25 Mar 2007
Posts: 1095

PostPosted: Tue Sep 16, 2008 8:05 pm    Post subject: Reply with quote

Wow. All these things fail. As long as people have access to the assembly code of your program, they can defeat any protection. All they need to do is trace onto your decryption routine and either recreate it or call it.

You should do some integrity checking on each instance of your class. Even that can be patched with a simple CreateThread() hook.

Also, why go through all this trouble? Why not just use the Crypto APIs and encrypt/decrypt the value? The advantage of using them is it is very hard to crack the algorithm as they are usuallly very complex. But, a simple hook will defeat this too.

Easiest way is to get a very powerful PE packer. That will stop people from debugging your code.
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1887
Location: Canada

PostPosted: Tue Sep 16, 2008 11:20 pm    Post subject: Reply with quote

rapion124 wrote:
Easiest way is to get a very powerful PE packer. That will stop people from debugging your code.


Which are less useful than you may think.
Back to top
View user's profile Send private message
Noz3001
I'm a spammer
Reputation: 26

Joined: 29 May 2006
Posts: 6220
Location: /dev/null

PostPosted: Wed Sep 17, 2008 3:35 am    Post subject: Reply with quote

Burningmace wrote:
I've updated the code and I'm now doing some funky stuff with the value. I attempted your method and I can't get it to work now (whereas I did in the old version). Test it out Smile


Exactly the same =|.

Code:
695A4615:
 mov ecx,32000000
Back to top
View user's profile Send private message MSN Messenger
Burningmace
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 520
Location: Inside the Intel CET shadow stack

PostPosted: Wed Sep 17, 2008 6:43 am    Post subject: Reply with quote

Ok, now I'm really lost.

Also, what's with that 32000000 value? I don't get how that makes it 5000.
Back to top
View user's profile Send private message
Noz3001
I'm a spammer
Reputation: 26

Joined: 29 May 2006
Posts: 6220
Location: /dev/null

PostPosted: Wed Sep 17, 2008 8:38 am    Post subject: Reply with quote

Burningmace wrote:
Ok, now I'm really lost.

Also, what's with that 32000000 value? I don't get how that makes it 5000.


I got the value by testing them in one of the registers.

I ended up making this one of my daily projects XD. http://forum.cheatengine.org/viewtopic.php?p=2857542#2857542


Last edited by Noz3001 on Wed Sep 17, 2008 3:39 pm; edited 2 times in total
Back to top
View user's profile Send private message MSN Messenger
G0DFATHER
How do I cheat?
Reputation: 0

Joined: 14 May 2008
Posts: 0
Location: C:/Nexon/Maplestory

PostPosted: Wed Sep 17, 2008 1:14 pm    Post subject: Reply with quote

wow noz3001 ur smart anyways how do that with ollydbg mind posting me a lnk to a tut.
_________________

GROOT FTW!!!
Back to top
View user's profile Send private message
Burningmace
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 520
Location: Inside the Intel CET shadow stack

PostPosted: Wed Sep 17, 2008 6:50 pm    Post subject: Reply with quote

I've added a serialization integrity check. I'm not sure if this will get round your modification but have a go.
Back to top
View user's profile Send private message
Noz3001
I'm a spammer
Reputation: 26

Joined: 29 May 2006
Posts: 6220
Location: /dev/null

PostPosted: Thu Sep 18, 2008 2:16 am    Post subject: Reply with quote

Burningmace wrote:
I've added a serialization integrity check. I'm not sure if this will get round your modification but have a go.


Same, address is now 69B34617.
Back to top
View user's profile Send private message MSN Messenger
Burningmace
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 520
Location: Inside the Intel CET shadow stack

PostPosted: Thu Sep 18, 2008 6:11 am    Post subject: Reply with quote

I don't know how you're managing that... are you sure you're not just tripping out one of the jump operations or something? Setting the internal value to 32000000 every time makes no sense whatsoever - when it's xor'ed with the random value it'll come out with something completely different every single time you run it.

For example:
internalValue = 32000000
randomValue = -134905492
realValue = -165820052

You don't need me to tell you that -165820052 isn't 5000.

Not only that, but there are six separate checks (things like checking internalValue % 8 against a stored value) for integrity and the entire class is serialised and hashed. If the memory changes, shouldn't the serialised data change too?
Back to top
View user's profile Send private message
Trucido
Moderator
Reputation: 6

Joined: 08 Sep 2007
Posts: 2792

PostPosted: Thu Sep 18, 2008 6:30 am    Post subject: Reply with quote

Burningmace, you might wanna check out the CrackMe subsection of general programming.

And SF or Safcow Might wanna bump this over there.

_________________
I'm out.
Back to top
View user's profile Send private message
SFP+
Comp. talk moderator
Reputation: 26

Joined: 02 May 2007
Posts: 1228
Location: Sweden

PostPosted: Thu Sep 18, 2008 8:39 am    Post subject: Reply with quote

Trucido wrote:
Burningmace, you might wanna check out the CrackMe subsection of general programming.

And SF or Safcow Might wanna bump this over there.


Done.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites