| View previous topic :: View next topic |
| Author |
Message |
ThexProdige
How do I cheat?
![]() Reputation: 0
Joined: 05 Jan 2020
Posts: 2
|
 Posted: Sun Jan 05, 2020 4:14 pm Post subject: Create anti-cheat |
 |
|
Hello,
I have returned to join you! I am a novice user of Cheat Engine but I have a project in mind.I will develop an anti-cheat for a game that I love. I have already carried out my project but I would like to go further.Indeed my anti-cheat is just looking for a pattern corresponding to strings. It works but it consumes a lot of resources to my liking (about 300 MO RAM). I can analyze the behavior of the cheat since I use it to detect. The cheat uses the injection DLL and to use it, have pressed a key that opens a menu overlay to the game.Do you have any detection ideas?
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 199
Joined: 25 Jan 2006
Posts: 8518
Location: 127.0.0.1
|
| Posted: Sun Jan 05, 2020 6:45 pm Post subject: |
|
|
Would strongly recommend if you actually plan to make something useful in terms of an anti-cheat that you invest time to learn about kernel-level related things. At this point of the game in game hacking, you need to be doing kernel level stuff to even attempt to protect your game/target to even come close to having a real solution. Anything that is done in usermode will be easily bypassed.
All of the main high-end anti-cheats rely on kernel-mode drivers and hypervisors at this point to make anything remotely useful/successful in terms of actually detecting cheats, and even then it is not hard/impossible to bypass those as well.
In the USA, the common major anti-cheats today are:
- BattleEye
- EasyAntiCheat
- VAC
In eastern markets and westernized eastern games, common major anti-cheats are:
- GameGuard (nProtect)
- HackShield
- XignCode3
- XTrap
Would suggest looking into how each of these work and what they offer in terms of features to get an idea into what you would be taking on in terms of making anything useful.
I'd also suggest that you focus more of your efforts on server-sided detections rather than wasting more time than needed on the client. Ultimately it also depends on how the game is coded and if it's online/multiplayer or not. There are various ways to detect different cheats on the server-side of things instead of relying on an anti-cheat that won't really do much.
_________________
- Retired. |
|
| Back to top |
|
|
ThexProdige
How do I cheat?
![]() Reputation: 0
Joined: 05 Jan 2020
Posts: 2
|
| Posted: Mon Jan 06, 2020 4:55 am Post subject: |
|
|
| atom0s wrote: | Would strongly recommend if you actually plan to make something useful in terms of an anti-cheat that you invest time to learn about kernel-level related things. At this point of the game in game hacking, you need to be doing kernel level stuff to even attempt to protect your game/target to even come close to having a real solution. Anything that is done in usermode will be easily bypassed.
All of the main high-end anti-cheats rely on kernel-mode drivers and hypervisors at this point to make anything remotely useful/successful in terms of actually detecting cheats, and even then it is not hard/impossible to bypass those as well.
In the USA, the common major anti-cheats today are:
- BattleEye
- EasyAntiCheat
- VAC
In eastern markets and westernized eastern games, common major anti-cheats are:
- GameGuard (nProtect)
- HackShield
- XignCode3
- XTrap
Would suggest looking into how each of these work and what they offer in terms of features to get an idea into what you would be taking on in terms of making anything useful.
I'd also suggest that you focus more of your efforts on server-sided detections rather than wasting more time than needed on the client. Ultimately it also depends on how the game is coded and if it's online/multiplayer or not. There are various ways to detect different cheats on the server-side of things instead of relying on an anti-cheat that won't really do much. |
Its osu! This is a solo game but scores are sent to a server to be recorded. This defines a multiplayer ranking. So not on the server side.I would like to know if my idea was good (searching the pattern) or if there was any other solution rating client .
|
|
| Back to top |
|
|
DanyDollaro
Master Cheater
![]() Reputation: 3
Joined: 01 Aug 2019
Posts: 334
|
| Posted: Mon Jan 06, 2020 12:34 pm Post subject: |
|
|
As Atom0s said it wouldn't be difficult to bypass a client-side anti-cheat. But in case you are interested in the same there are methods to know if a Dll has been injected:
Enumerate the Dlls, if the number of Dlls is greater or if there is one with a particular name then you know that one has been injected.
Or you can try hooking the APIs used to load the Dll but many can be used.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 199
Joined: 25 Jan 2006
Posts: 8518
Location: 127.0.0.1
|
| Posted: Wed Jan 08, 2020 7:15 pm Post subject: |
|
|
| Quote: | | Its osu! This is a solo game but scores are sent to a server to be recorded. This defines a multiplayer ranking. So not on the server side.I would like to know if my idea was good (searching the pattern) or if there was any other solution rating client . |
In that case, it is basically even more important to focus on lower-level protections since it is all relying on the client. Any user-mode related anti-cheat stuff will be easily bypassed by anyone experienced with anti-cheat related measures.
Pattern scanning is fine if you are also doing other things but as the only means of detections, it's basically worthless. You can just pack/obfuscate a file to alter its data which will in turn make your signatures useless against that file. Basic packers like UPX would be enough to defeat that kind of protection.
Main issue here is that running in usermode leaves your AC vulnerable to being tampered with extremely easily, or just the API functions it relies on in general. For example, if you are pattern scanning, you'd need to know what memory regions/pages to scan within. In order to obtain that data you'd be either calling some means of API (such as VirtualQuery). With that, the hacker can just hook that function (or the Nt equivalent) and fake the data returned hiding their modules memory.
You may try to walk the link list of modules from the processes PEB instead, but that can be altered as well to hide modules that have been manually mapped/injected in other manners too.
While you may detect some cheats/cheaters that are just trying to make simple/basic stuff, people who know how to work with AC's or what to look out for will be able to easily bypass it.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
