| View previous topic :: View next topic |
| Author |
Message |
Corroder
Grandmaster Cheater Supreme
 Reputation: 75
Joined: 10 Apr 2015
Posts: 1668
|
 Posted: Wed Nov 04, 2015 10:05 am Post subject: |
 |
|
I think to protect the script (more correct to say as making harder to read the script with human language), we should do it step by step :
1. Use obfuscating, decoding or encrypting (Huh...what are them all ?)
2. Make them all (no.1) with own function
3. Use external obfuscating, decoding, encrypting software (if any)
on my side i did like this (for CE Trainer)
- Make form using form designer or CE Lua command
- Writing functions and other stuff using Notepad (or other text editor)
- Encoding script texts and save as a Lua file (or other format)
- Add this file as stream file to CE Trainer (or as local file)
- LoadString ?? How if someone use RunString to get his point ??
- Decoding encrypted text store in stream file with a function in CE Trainer
- Add some function for password, trial, self destruction in CE Trainer
- Test run, if work fine next save it as stand alone exe CE Trainer
Now, just find out what is a obf, enco or encrypt function work good.
Use Lua library such as LuaEncrypt, SHA1.Lua and many other's also an optional, but not sure it work with CE Lua (Cause they need "require" to iimplement them).
I think the important thing, even we can do this obf, enco or encrypt, we need make sure the script has not return to their original and stay in memory while we run the trainer and deobf, deco and decrypt function has ran.
Regard
|
|
| Back to top |
|
 |
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Wed Nov 04, 2015 11:13 am Post subject: |
|
|
| Shrooms wrote: | | atom0s wrote: |
C# is just as bad given that it is a managed language. CE does a better job protecting trainers then a stock C# file would. |
use c# with embedded .dll that is coded in c++.
encrypt it.
never write .dll to disk in terms of once embedded access through memory.
even if managed means nothing.
ce does shit.
put stub so even if they somehow to manage a broken .dll, u h3ck their system so its a win win |
Why, just why  Why use c# if you are coding a dll in c++ anyway.
Also you have to inject that dll to game memory, its easy pickings there. Just attach to the game and spy away. I have used dll injection for years and its probably the easiest way to steal than just using WPM, all you have to do is just select the dll in game memory and the code is there. Even if it is encrypted, you can still easily find out where the game code is modified.
_________________
|
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
 Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Wed Nov 04, 2015 12:58 pm Post subject: |
|
|
1 - Attach to game.
2 - Initial scan.
3 - Toggle something in the trainer.
4 - Changed scan.
Repeat 3 and 4 until you find what was done.
Doesn't matter what you wrote the trainer in or how obfuscated it is.
_________________
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Wed Nov 04, 2015 1:15 pm Post subject: |
|
|
| Shrooms wrote: | | atom0s wrote: | | Shrooms wrote: | this got to be a joke.
use c# AND c++.
good day
u ain't protecting shit with lua and ce LMFAO |
C# is just as bad given that it is a managed language. CE does a better job protecting trainers then a stock C# file would. |
use c# with embedded .dll that is coded in c++.
encrypt it.
never write .dll to disk in terms of once embedded access through memory.
even if managed means nothing.
ce does shit.
put stub so even if they somehow to manage a broken .dll, u h3ck their system so its a win win |
Doesn't matter how much you do to the C++ dll, if the C# program is just raw, you can tell exactly what it is doing. And all the current protectors for C# (.NET in general) do nothing to help with protection in most cases.
I would not recommend writing anything in a managed language like C#, Vb.NET, Java, etc. at all if you are looking for protection.
And like STN said, if you are capable of writing the major backend of the code in C/C++, there is no reason to put insecurity layers into your project at all with a managed language front end.
_________________
- Retired. |
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Wed Nov 04, 2015 1:28 pm Post subject: |
|
|
| Shrooms wrote: | | Rydian wrote: | 1 - Attach to game.
2 - Initial scan.
3 - Toggle something in the trainer.
4 - Changed scan.
Repeat 3 and 4 until you find what was done.
Doesn't matter what you wrote the trainer in or how obfuscated it is. |
if you look at the snippet of code above, even if you do this, yes u will find WHAT address the hook is at, but the bytes will be protected. |
Uh, no, because you can just see what, in the game, was changed, by looking at the game.
So you can see what the trainer does to the game, which is the part that actually matters.
_________________
|
|
| Back to top |
|
|
STN
I post too much
Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Wed Nov 04, 2015 2:28 pm Post subject: |
|
|
| Quote: | by now launching a encrypted c#.exe...little does the user know its the .dll that is being used in memory into a game via injection...an illusion.
u can protect ur code in memory too...
|
I can not really tell if you are trolling or just clueless. I laughed though 
I am going to assume its the latter and what i would like to see is you make a trainer with your method and let us exercise our reversing muscles.
_________________
|
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Wed Nov 04, 2015 2:57 pm Post subject: |
|
|
Then do it, prove us wrong.
_________________
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Wed Nov 04, 2015 5:11 pm Post subject: |
|
|
| Shrooms wrote: | ugh if ur accessing the .dll in memory from c#, it can be unprotected.
if you even then pipe to the client for extra security, the .dll won't be able to even start without spoofing pipe.
now, fuck all this, i shown code above to protect the bytes, so screw all this anyways, lel |
Regardless of how you access the dll, if its embedded into a .NET (managed) application it can be obtained easily. Same reason why major commercial protectors for .NET fail to protect anything because they can be dumped at runtime without issue.
As for the assumption that a usermode API is going to protect your stuff, that is laughable at best as well. VirtualProtect/VirtualProtectEx can be easily hooked and forced to do other protections, dump call information such as the address, as well as dump regions based on the address given. Entirely making your claim useless that it will protect anything.
_________________
- Retired. |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Wed Nov 04, 2015 7:33 pm Post subject: |
|
|
| Shrooms wrote: | IF I USE VIRTUALPROTECT TO CHANGE THE BYTES AND YOU DECIDE TO REVERSE ENGINER BY FOLLOWING HIS SHITTY TUT, ALL U WILL FIND IS THE ADDRESSES NOT THE TRUE SCRIPT.
yes or no?
teach |
If I hook VirtualProtect, your call to it does nothing.
_________________
- Retired. |
|
| Back to top |
|
|
Corroder
Grandmaster Cheater Supreme
Reputation: 75
Joined: 10 Apr 2015
Posts: 1668
|
| Posted: Thu Nov 05, 2015 1:29 am Post subject: |
|
|
Dear #..Zanzer..#
| Code: |
n={7946918697735711062,2406159617271886963}
t=''
for i=1,2 do
q=qwordToByteTable(n[i])
for j=1,8 do
t=t..string.char(q[j])
end
end
showMessage(t)
|
would you to help writing this short VBS script to lua ?
| Code: |
function textcode(s)
For i = 1 To Len(s)
newtxt = Mid(s, i, 1)
newtxt = Chr(Asc(newtxt)+3)
coded = coded & newtxt
Next
textcode = coded
End Function
|
Thank you and regards
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Thu Nov 05, 2015 2:16 am Post subject: |
|
|
| Shrooms wrote: | | atom0s wrote: | | Shrooms wrote: | IF I USE VIRTUALPROTECT TO CHANGE THE BYTES AND YOU DECIDE TO REVERSE ENGINER BY FOLLOWING HIS SHITTY TUT, ALL U WILL FIND IS THE ADDRESSES NOT THE TRUE SCRIPT.
yes or no?
teach |
If I hook VirtualProtect, your call to it does nothing. |
when you inject my .dll into the process it is made for, you have started a process within said injected applications memory.
my trainer then would have already hooked vprotect (vmp?) and hide the bytes (replacing to nop per se).
now, are you saying you can hook my virtualprotect and un change edits? what if i put a counter-measurement via assembly? idk man! |
I can prevent your hook from ever happening.
_________________
- Retired. |
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Thu Nov 05, 2015 6:42 am Post subject: |
|
|
| Shrooms wrote: | | Rydian wrote: | | Then do it, prove us wrong. |
coding sumthin differen't, why don't u do it urself. |
'Cause I know it's a waste of time and you don't know what you're talking about.
Make a trainer that cheats something for Terraria and see if we can't find out what it does.
_________________
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Thu Nov 05, 2015 9:21 am Post subject: |
|
|
| Corroder wrote: | Dear #..Zanzer..#
would you to help writing this short VBS script to lua ?
Thank you and regards |
Are you trying to get me to do your homework? 
| Code: | function textcode(s)
local coded = ""
for i=1,#s do
coded = coded .. string.char(s:byte(i) + 3)
end
return coded
end |
|
|
| Back to top |
|
|
kostya555
Advanced Cheater
![]() Reputation: 0
Joined: 04 Apr 2013
Posts: 55
|
| Posted: Thu Nov 05, 2015 9:42 am Post subject: Re: |
|
|
| Dear friends, can you help me to protect the trainers table? Please respond to my request, be so kind as to help me with protection...
|
|
| Back to top |
|
|
STN
I post too much
Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Thu Nov 05, 2015 10:51 am Post subject: Re: |
|
|
| kostya555 wrote: | | Dear friends, can you help me to protect the trainers table? Please respond to my request, be so kind as to help me with protection... |
Did you just ignore the whole thread ?. Here is a recap, Zanzer and Corroder already posted pretty viable solutions, no spoon-feeding though.
@Shrooms: The workaround is don't use managed code. Go with c++ or assembly and use protections like themida but that is just slowing them down and i don't think you can stop spying on WPM even then.
If it was possible to stop someone completely, don't you think thats what all the big companies would have done to prevent piracy ? when they have more money than they know what to do with.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
