Antihack (Server&Client) [Source C#]

[TRSiDev]

Antihack Project.

Languages Used: Visual C#.
Type: Server > Client Application.
.NET: 2.0.
Source: Open Source.
Free: Yes.

I released this old source of my antihack becouse i have rewrite it from scratch, this anticheat concept was bad becouse all protection functions was on client side and didnt include security for anti cracking and debug, so this cant be used on live server, umm it can but it can be bypassed easy, since i dont need it anymore there is nothing to hide i release this source, this can be used for only for learning....

Server & Client, DB Generator are partialy working...


Made By: Steve Forest
Email: TRSi.Steve.Forest@live.com
Web: TRSiDev@wordpress.com

You must be registered to see links

 

[[GM]Terrorian]

Re: Antihack Project (Server & Client side)

Good luck with your project and don't abandon it like others do.
Go with it to the end.

 

[mauka]

Re: Antihack Project (Server & Client side)

what a fail, ppl just stuck on memory dumb ^^

unit uAntiDump;

interface

uses
 Winapi.Windows;

 procedure FuncInArray; assembler;
 procedure WriteShit(MyFunction: Pointer; SizeOfFunction: Cardinal);

implementation

procedure FuncInArray; assembler;
asm
  DB $90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90
  DB $90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90
  DB $90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90
end;

procedure WriteShit(MyFunction: Pointer; SizeOfFunction: Cardinal);
const
  instrIncDec : Array[0 .. 3] of Byte = ($40, $48, $43, $4B);
  instrMovExx : Array[0 .. 3] of Byte = ($8B, $C0, $8B, $DB);
  instrPUSHPOP: Array[0 .. 3] of Byte = ($50, $58, $53, $5B);
  instrAntiJMP: Array[0 .. 3] of Byte = ($EB, $00, $8A, $C0);
  instrOrOr   : Array[0 .. 3] of Byte = ($09, $C9, $09, $D2);
var
  OldProtect: Cardinal;
  i: Cardinal;
begin
  if VirtualProtect(MyFunction, SizeOfFunction, PAGE_EXECUTE_READWRITE, OldProtect) then
    begin
      for i := 0 to (SizeOfFunction div 4) -1 Do
       begin
        case Random(4) of
         0: PDWORD(Pointer(DWORD(MyFunction) + (i * 4)))^ := PDWORD(@instrIncDec)^;
         1: PDWORD(Pointer(DWORD(MyFunction) + (i * 4)))^ := PDWORD(@instrMovExx)^;
         2: PDWORD(Pointer(DWORD(MyFunction) + (i * 4)))^ := PDWORD(@instrPUSHPOP)^;
         3: PDWORD(Pointer(DWORD(MyFunction) + (i * 4)))^ := PDWORD(@instrAntiJMP)^;
         4: PDWORD(Pointer(DWORD(MyFunction) + (i * 4)))^ := PDWORD(@instrOrOr)^;
        end;
       end;
     VirtualProtect(MyFunction, SizeOfFunction, OldProtect, OldProtect)
    end;
end;

end.

i dont remeber who coded it, but i think its DeepBlueSee
This shity 5 lines function bypass your anticheat - i meant add junk code in main cheat func and your shity AH will never, ever will detect cheat.. shame

 

[TRSiDev]

Re: Antihack Project (Server & Client side)

what a fail, ppl just stuck on memory dumb ^^

unit uAntiDump;

interface

uses
 Winapi.Windows;

 procedure FuncInArray; assembler;
 procedure WriteShit(MyFunction: Pointer; SizeOfFunction: Cardinal);

implementation

procedure FuncInArray; assembler;
asm
  DB $90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90
  DB $90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90
  DB $90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90
end;

procedure WriteShit(MyFunction: Pointer; SizeOfFunction: Cardinal);
const
  instrIncDec : Array[0 .. 3] of Byte = ($40, $48, $43, $4B);
  instrMovExx : Array[0 .. 3] of Byte = ($8B, $C0, $8B, $DB);
  instrPUSHPOP: Array[0 .. 3] of Byte = ($50, $58, $53, $5B);
  instrAntiJMP: Array[0 .. 3] of Byte = ($EB, $00, $8A, $C0);
  instrOrOr   : Array[0 .. 3] of Byte = ($09, $C9, $09, $D2);
var
  OldProtect: Cardinal;
  i: Cardinal;
begin
  if VirtualProtect(MyFunction, SizeOfFunction, PAGE_EXECUTE_READWRITE, OldProtect) then
    begin
      for i := 0 to (SizeOfFunction div 4) -1 Do
       begin
        case Random(4) of
         0: PDWORD(Pointer(DWORD(MyFunction) + (i * 4)))^ := PDWORD(@instrIncDec)^;
         1: PDWORD(Pointer(DWORD(MyFunction) + (i * 4)))^ := PDWORD(@instrMovExx)^;
         2: PDWORD(Pointer(DWORD(MyFunction) + (i * 4)))^ := PDWORD(@instrPUSHPOP)^;
         3: PDWORD(Pointer(DWORD(MyFunction) + (i * 4)))^ := PDWORD(@instrAntiJMP)^;
         4: PDWORD(Pointer(DWORD(MyFunction) + (i * 4)))^ := PDWORD(@instrOrOr)^;
        end;
       end;
     VirtualProtect(MyFunction, SizeOfFunction, OldProtect, OldProtect)
    end;
end;

end.

i dont remeber who coded it, but i think its DeepBlueSee
This shity 5 lines function bypass your anticheat - i meant add junk code in main cheat func and your shity AH will never, ever will detect cheat.. shame

Constructive criticism is always welcome! If anyone else have any suggestions, please share them.

PS. I never sad this is the best anticheat evar. ^^

And everything is can be bypassed or cracked, so mostly all antihack is developed to stop wannabe hackers, becouse nothing can stop pro's.

EDIT: Test Release is Added for DOWNLOAD!

 

[mauka]

Re: Antihack Project (Server & Client side)

i dint meant to insult u anyway even PB and GG uses memory signature scaners, its like the best and easy way to block all pub cheats

 

[Crazzy]

Re: Antihack Project (Server & Client side)

nice! but useless one

 

[BARAMOS]

Re: Antihack Project (Server & Client side)

Sorry but sendspace website dont work for me .
if you can pliz upload to other website for i can testing too.
Good luck.

 

[dobrjag]

Re: Antihack Project (Server & Client side)

Sorry but sendspace website dont work for me .
if you can pliz upload to other website for i can testing too.
Good luck.

You must be registered to see links

 

[TRSiDev]

Re: Antihack Project (Server & Client side)

I have updated server and client.

Serverv0.0.4
- Added client File checking & client Process memory writing (mem write can be disabled)
[File Check Settings Preview]

            <setting name="MyCheckFileList" serializeAs="Xml">
                <value>
                    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                        xmlns:xsd="http://www.w3.org/2001/XMLSchema">
                        <string>test.txt,0,323244</string>
                        <string>test1.txt,12,45343</string>
                    </ArrayOfString>
                </value>
            </setting>

<string>file,size,checksum</string>

[Process Memory Write Settings Preview]

            <setting name="MyProcMemList" serializeAs="Xml">
                <value>
                    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                        xmlns:xsd="http://www.w3.org/2001/XMLSchema">
                        <string>proc_name:offset1,offset1_val:offset2,offset2_val:Offset3_offset,offset3_val</string>
                    </ArrayOfString>
                </value>
            </setting>

<string>proc_nameffset1,offset1_valffset2,offset2_val:Offset3_offset,offset3_val</string>

- Cheat list can be configured from file

            <setting name="MyCheatList" serializeAs="Xml">
                <value>
                    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                        xmlns:xsd="http://www.w3.org/2001/XMLSchema">
                        <string>NotePad,01007395,1801204204204204204106112104830</string>
                    </ArrayOfString>
                </value>
            </setting>

<string>NotePad,01007395,1801204204204204204106112104830</string>

- Some other options added...

This is a short preview from v0.0.4, more information will be added soon.

 

[19871986]

Re: Antihack Project (Server & Client side)

Connecting Fail

how we will use this ? xD where i can write ip ? for connect a server

 

[TRSiDev]

Re: Antihack Project (Server & Client side)

Connecting Fail

how we will use this ? xD where i can write ip ? for connect a server

Stable release that can be used on actual server will be out soon...

//////////////////////////////////////////////////////////////////
// Blackwolf Antihack Premium Release							//
// Version 1.2.x Stable											//
// Author TRSi Development										//
//////////////////////////////////////////////////////////////////

[ INFO ]

:: Setup

Server will automaticly list on any available IP address on Server, you need to configurate ports and you are ready to go!

[ FEATURES ]

:: Overall

Application is well designed to avoid crashed and deadlock's or similar exceptions.
Programming Languages used: Visual C# 2008 & Visual C++ 2008.
Application requires .NET Framework 2.0 installed on Server and Client Computer.
Server and Client is optimised run on x86 systems, but x64 optimised build is also available.
This antihack grants server owner very big control over the clients computer.
The Application itself is very good protected from debuging, cracking etc.

:: Advanced

-- My Banned IP List --
About:			This is simple but powerfull system to prevent banned user ip addreses connect to server.
Configuration:	<IP Address,Reason for Ban>.
				 |			|-> Enter reason why he is banned. [ If value Is 'Nothing' then no reason will be displayed! ]
				 |-> Client IP Address to Ban
-- My Process Write List --
About:			With this feature you can manage clients proceses, like edit running proceses memory, for example you can edit 'main.exe' to your server ip address or serial, you choose whatever you want.
Configuration:	<Process Name,Offset,Bytes>
			     |			  |      |-> Bytes to Write to Selected Proccess Offset.
			     |            |-> Process Offset you Want to Edit;
			     |-> The Running Procces Name you Want to Edit;
-- My File Check List --
About:			Using File Check feature you can check every file size on clients computer if it modified or not.
Configuration:	<File Location,Size,Checksum>
				 |			   |	|-> Orginal File checksum;
				 |			   |-> Orginal file size;
				 |-> File Location to check;
				     |-> Ex: 'c://Client//Main.exe' or './Main.exe' and '../OtherFile'.
							  |							|				|-> Search one folder backward where antihack is run.
							  |							|-> Search in same folder Where Antihack Client is Run.
							  |-> Full file Location.
-- My Cheat List --	
About:			This scans entire list of clients running proccess and compares their signature to servers database.
Configuration:	<Name,Address,Bytes>
				 |	  |		  |-> Cheat Application signature;
				 |	  |-> Cheat Application address;
				 |-> The Cheat Application name;
-- My Hide Process List --	
About:			Hides Selected process from user and other applications.
Configuration:	<Name>
				 |-> Process Name;

Note: Each Database support over 32000 items.

:: Basic

- Many Configuration Settings to Control your Server as YOU like.
- Database Editor.
  - Generate/Add/Edit/Remove items from databases.
- Graphic User Interface.
- Resend Database to All Online Clients.
- Send Message to All Online Clients.
- Send MessageBox Message to All Online Clients.
- Dissconect All online Clients.
- Save Log file.
- Update database without shutting down antihack server.

:: Future Implementations

- United Online Database
	- Master Server

....................................

Picture from v2.x.x

You must be registered to see links

You must be registered to see links

Main difrence betwen old antihack and this,is the all functions is done in server side, like process scan, file scan, all is done in SERVER side...

[v2.1.x]
- Added Database Manager (Add / Edit / Remove / Generate database items)
- File Signature Manager
- File Signature Generator
- Process Signature Manager
- Process Signature Generator
- Added Database Parser (Detects and Removes broken or wrong format database items)
- Added Server Exception Manager

Anyone who want to help me, please send PM...

 

[dobrjag]

Good Idea !
We look forward to releases from you

Thanks

 

[laudaicat]

- If hacker use Inject Dll hack into other application. (ex: Yahoo ?)
- This method Work ?

 

[mauka]

how can injected DLL into Yahoo, MSN effect main.exe / mu?

 

[Mulegend]

Magic trick?

TRSiDev, good job!
But when u say "- Dissconect All online Clients."

Disconnect players from Anticheat Server or All Server?

 

[kinder32]

Since this is server and client side, would be nice improve with the ban system, adding options like ban HD and MAC Adress, i think would be a lot more effective than ban ip address.

Nice job btw.

 

[TRSiDev]

Since this is server and client side, would be nice improve with the ban system, adding options like ban HD and MAC Adress, i think would be a lot more effective than ban ip address.

Nice job btw.

Yes i can add hardware id check...

Magic trick?

TRSiDev, good job!
But when u say "- Dissconect All online Clients."

Disconnect players from Anticheat Server or All Server?

DC from cheat server and close game on client computer

 

[jackbot]

Please upload link download

 

[Ponyo]

jackbot

You must be registered to see links

 

[quyen194]

how can injected DLL into Yahoo, MSN effect main.exe / mu?

It's normal and possible, dll is same as exe