[Guide] How to detect Memory hack

Results 1 to 6 of 6
  1. #1
    Registered vinleprince is offline
    MemberRank
    Feb 2015 Join Date
    10Posts

    information [Guide] How to detect Memory hack


    RaGEZONE Recommends

    RaGEZONE Recommends

    Today i will share how to detect memory hack. (not pro code but its work. i still newbie in C++)

    there is three part.
    - how to cheat with memory editor (for test where we need to protect it)
    - detect it from server (send value to server then check it)
    - detect it from client (clone variable in omi the encypt and compare and calculate ShuttleChild)

    ----------------------------------
    1. how to cheat with memory editor

    you can check it out in video. this is some way to cheat with CE.






    in the frist video he cheat it with change some ShuttleChild variable. too easy just find some float value and change it. this way they can instant change value.

    in the second video he browse the memory to edit some client memory (from omi.tex loaded) with item name and change data like a reatk missile shot. this way they need to reload data with change character. (not instant)
    so now we need to take care that point.

    for who don't know that ShuttleChild do. i give some guide


    (in the source side)

    (in the cheater side) * 9B 43 is 310 (in float)

    ShuttleChild will load data from memory (from omi.tex) then calculate data (equip item) for that character
    ex. load engine booster speed + enchant item bonus + buff bonus = shuttle value



    for who don't know that omi.tex loaded i will call CItemInfo

    (in the source side) Range is Booster for Engine Item


    (in the cheater side) * 36 01 is 310 (in hex)

    2. detect memory hack from server (sync data between client)

    from ep 4.3 release have some detect function but i tested it not 100% work to detect who is player or cheater. maybe they not release that part i think. so i continue the job from that function.


    file list address for newbie


    ProjectAtum Side :
    go to AtumApplication.cpp looking CAtumApplication::FrameMove() function. this part will loop every half second
    declare: every 30 second SendHackTime_EngineInfo will sync data to server
    Code:
    int nCheckTime = 1000 * 30; // 30 second to sync
         m_dwHackCheckTime += m_fElapsedTime*1000; //count the time in second
    if(m_pTutorial->IsTutorialMode() == FALSE && m_dwHackCheckTime > nCheckTime)
    {    
        SendHackTime_EngineInfo();     
        m_dwHackCheckTime=0;
    }
    then in the same file edit this function for send what variable to server
    Code:
    void CAtumApplication::SendHackTime_EngineInfo() 
    {    
        MSG_FC_CHARACTER_GET_REAL_ENGINE_INFO_OK msg_Engine;
        // struct in AtumProtocal.h what variable you need to send go to declare it on there    
        
        CItemInfo* pItemEngine = g_pStoreData->FindItemInInventoryByWindowPos(POS_REAR);
        //get Engine Data From Item if you Equip
    
        if(pItemEngine)       {        
              msg_Engine.ItemUID0            = pItemEngine->UniqueNumber;      
              msg_Engine.RangeH0            = pItemEngine->GetItemInfo()->Range;
            m_pFieldWinSocket->SendMsg( T_FC_CHARACTER_GET_REAL_ENGINE_INFO_OK, (char*)&msg_Engine, sizeof(msg_Engine));     
        }
    }
    in the AtumProtocol.h edit variable you need to send (edit both of them client and server atumprotocal.h)
    Code:
    struct MSG_FC_CHARACTER_GET_REAL_ENGINE_INFO_OK
    {
        UID64_t        ItemUID0;
        float        RangeH0;
    };
    ProjectServer Side:
    go to FieldIOCPSocket2.cpp the put this function for compare float variable
    Code:
    bool cmpf(float A, float B, float epsilon = 0.005f)
    {
        return (fabs(A - B) < epsilon);
    }
    then go to CFieldIOCPSocket::CheckMemoryHackEngine edit what you need to check
    Code:
    void CFieldIOCPSocket::CheckMemoryHackEngine(ITEM_GENERAL *i_pItemGen, MSG_FC_CHARACTER_GET_REAL_ENGINE_INFO_OK *i_pRealInfo)
    {
         if(NULL == i_pItemGen || ITEMKIND_SUPPORT != i_pItemGen->Kind)
            return;
    
        int getHackCount =0;
         // Omi Check
         if(cmpf(i_pItemGen->ItemInfo->Range , i_pRealInfo->RangeH0) == FALSE) 
                 getHackCount++;
        if(getHackCount > 0) 
        {
             CFieldIOCPSocket *pTargetFISoc = ms_pFieldIOCP->GetFieldIOCPSocketByCharacterUniqueNumber(i_pItemGen->Possess);
    
             if(NULL == pTargetFISoc || FALSE == pTargetFISoc->IsValidCharacter(FALSE))
            {
                    //kick failed
            }
    
                                  g_pFieldGlobal->WriteSystemLogEX(TRUE, "[WLOG] kicked %s (%d) \r\n", GetCharacterString(pTargetFISoc->GetCharacter(), string())  ,i_pItemGen->Possess );
          pTargetFISoc->Close(0x14070);
    
    }
    3. detect memory hack from client (self check duplicate value with encypt)
    later i write again. this time is too many fail with preview



    this is sample video what it should look like be

    for citeminfo (client check every 1 second and sync every 30 sec)

    for shuttle (client check every 1 second and sync every 30 sec)

    i hope this will help you guys.
    Last edited by vinleprince; 25-02-17 at 05:59 AM. Reason: Topic name failed


  2. #2
    struct { int:-!!(1); } Aesir is offline
    True MemberRank
    May 2015 Join Date
    MadnessLocation
    262Posts

    Re: [Guide] How to detect Memory hack

    Whatever you did here was already made by masang anyway.
    This check maybe would block some noob CE kid who tries to edit random values, but once you jump your function (or even worse, your countdown value gets edited) then the whole thing fucks up.

    (Oh, and, the 95% of the people who will read this post aren't even able to understand what an header is used for, i'd stop dealing making such advanced tuts.)



  3. #3
    Registered vinleprince is offline
    MemberRank
    Feb 2015 Join Date
    10Posts

    Re: [Guide] How to detect Memory hack

    3. self check
    go to AtumApplication.cpp lookingCAtumApplication::FrameMove() function
    Code:
    int nCheckTimeSelf = 1000 * 1;
    m_dwHackCheckTimeSelf +=  m_fElapsedTime*1000;
    
    
    if(m_pTutorial->IsTutorialMode() == FALSE && m_dwHackCheckTimeSelf > nCheckTimeSelf) {     SendHackTime_Self();       m_dwHackCheckTimeSelf=0;}
    go to AtumApplication.h for declare function
    Code:
    void    SendHackTime_Self();
    then back to AtumApplication.cpp put this function some where

    Code:
    void CAtumApplication::SendHackTime_Self(){
    CItemInfo* pItemEngine = g_pStoreData->FindItemInInventoryByWindowPos(POS_REAR);
    if(pItemEngine) {
    
    if(pItemEngine->GetItemInfo()->Range != pItemEngine->GetItemInfo()->RangeE
     || pItemEngine->GetItemInfo()->RangeE != pItemEngine->GetItemInfo()->RangeE2 - 6
     || (pItemEngine->GetItemInfo()->RangeE2 - 6 ) != 
    (g_pShuttleChild->m_fShuttleSpeedBoosterOn - g_pShuttleChild->GetEnchantDesParam(pItemEngine, DES_ENGINE_BOOSTER_SPEED_UP)) ) 
    {
         char tmpRange[200];
         sprintf(tmpRange, "Range Engine : [%d] [%d] [%d] [%d]", pItemEngine->GetItemInfo()->Range, pItemEngine->GetItemInfo()->RangeE, (pItemEngine->GetItemInfo()->RangeE2 - 6), g_pShuttleChild->m_fShuttleSpeedBoosterOn - g_pShuttleChild->GetEnchantDesParam(pItemEngine, DES_ENGINE_BOOSTER_SPEED_UP));
         g_pD3dApp->m_pChat->CreateChatChild(tmpRange, COLOR_SYSTEM); 
    }
    
    
    if (cmpf(g_pShuttleChild->m_fRealShuttleSpeedBoosterOn , (g_pShuttleChild->m_fShuttleSpeedBoosterOn + (0.0f + GetParamFactor_DesParam( g_pShuttleChild->m_paramFactor, DES_ENGINE_BOOSTER_SPEED_UP) ) )  *
    (1.0f + GetParamFactor_DesParam( g_pShuttleChild->m_paramFactor, DES_SPEED) ) ) == FALSE && pItemArmor ) 
    {
    
    MessageBox(NULL, "Error #000016 Engine Booster Speed Hack", "Error", MB_OK);                       
    
    }
    
    }
    declare this part: you need to edit export omi.tex function. go to AtumDBHelper.cpp in commonserver
    Code:
    void CAtumDBHelper::BindColITEM(SQLHSTMT &hstmt, ITEM &item, SQLINTEGER *cb)
    make duplicate fields name with encypt formula for self check data

    if data one hacked you can compare it with data two. in this guide i make it for three.

    ex. If(DATA1 != DATA2 || DATA2 != (DATA3 - X ) || ETC for combo check with shuttle)

    anyway this code in part two it already did by masang but they didn't check about shuttle that why it not work.

  4. #4
    Guss decarvk is offline
    True MemberRank
    Jul 2008 Join Date
    /home/bed/Location
    350Posts

    Re: [Guide] How to detect Memory hack

    I think Aesir wish to say if the cheater edit the call to your function (certainly an assembly jmp) and set a "nop" your check will never happened and the player will be able to cheat.

  5. #5
    Member Davidc96 is offline
    MemberRank
    Feb 2011 Join Date
    Rubí, CatalunaLocation
    75Posts

    Re: [Guide] How to detect Memory hack

    Quote Originally Posted by decarvk View Post
    I think Aesir wish to say if the cheater edit the call to your function (certainly an assembly jmp) and set a "nop" your check will never happened and the player will be able to cheat.
    Maybe one solution to this problem and the countdown value edition is make the server do the sync request, not the client, just like this:

    Server ticks 30 s
    Server sends to the client a sync request message
    Client response with the info
    Server do the stuff it does with the info

    To avoid the bypass function another solution would be if the Server doesn't receive the client response, close the connection or something like that.
    This is one of many possible fixes to solve it, probably the worst, but is one solution anyway xd

  6. #6
    [Guide] How to detect Memory hack St34lth4ng3l is offline
    True MemberRank
    Apr 2013 Join Date
    __FILE__Location
    816Posts

    Re: [Guide] How to detect Memory hack

    Well, you could replace every call with nop, so it doesn't matter how you do it, because as long as it's done in a seperate method you could simply replace it, as long as you bypass the checksum check and thats not very difficult to do.




Advertisement