The Cow Anti Cheat

[theunknownguy]

Hey, i got the idea of do a open source anti cheat including some librarys, so guys that already developeded an anti cheat, would be able to use the ASM optimized parts into their C++ codes. Anyway this is not an official supported project and no its not a "BIG" anti cheat. But on compiled version you can apply a good packer for fool unpackers (lames ones).


Download Here Source Code 0.6:

You must be registered to see links

Includes:

      - Fast and flexible API anti hook
      - Fast and flexible CheckSum against procedure edition
      - Database Incorpored
      - Scan system added (Signature + Full Memory + RVA calculator)
      - Scan system incorpored to thread (needs to be optimized)
      - Compiled DLL
      - Tool for Encryption/Decryption Database (RC4 algo)
      - Decryption added on COW anti cheat

Next To Add:

      - Thread test and some optimization

FAQ about encryption tool:

- Can i encrpt more files?
  R: Yes ofcourse put all the files you want to encrypt on Data folder

- How can i change RC4 password?
  R: Enter here https://www.grc.com/passwords.htm and take a new generated password of random alphanumeric, set on source code and compile again (on COW anti cheat as on tool)

- Why RC4?
  R: Caused thats what i wanted...

- Why key cant be long?
  R: It can be as long as you want, just dont forget to edit source code constants before doing it so.

- Why isnt with interface?
  R: Caused i dont give a f*ck.

Why "The Cow" anti cheat?. Well its just for funny, i dont really take this has a project, just like something to help friends.

Greets to mauka & eric.

 

[Diabolik]

not so bad : i really apreciate your work bro :closedeyes:

 

[mauka]

U should release it as OpenSource under some license ^^
Non of anticheat developer here i seen respect credits and other ppl work..

Okeh maybe 1

 

[Sam3000]

I'm very interesting... will you finish any of project that you started?

 

[theunknownguy]

I'm very interesting... will you finish any of project that you started?

I dont know, i really dont care i work on real life so this is my hobby.

---------- Post added at 05:51 PM ---------- Previous post was at 05:50 PM ----------

U should release it as OpenSource under some license ^^
Non of anticheat developer here i seen respect credits and other ppl work..

Okeh maybe 1

My witch, i dont need license, people can stole it or put they credits i dont give a duck. I know this is my source and thats all it matters.

---------- Post added at 06:03 PM ---------- Previous post was at 05:51 PM ----------

Database could look like this:

ProcessName = WPEPro.exe
RVA = 483
Signature = 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30

Or it could have another format, any ideas are welcome about the style DB.

 

[mauka]

huehuehueh this will kill all fakeass anticheat copy/paste developers ))

 

[theunknownguy]

huehuehueh this will kill all fakeass anticheat copy/paste developers ))

Hey witch, give me an idea for Database format...

 

[mauka]

ProcessName = WPEPro.exe
RVA = 483
Signature = 303030303030303030303030303030303030303030303030303030

hate spaces btw bytes
^^

 

[theunknownguy]

ProcessName = WPEPro.exe
RVA = 483
Signature = 303030303030303030303030303030303030303030303030303030

hate spaces btw bytes
^^

Lol dont you have some style? you same bored has me bro hehehe...

Meaby something like:

#483 "WPEPro.exe"
303030303030303030303030303030303030303030303030303030

i dont know xD

 

[Mulegend]

WPEPro.exe  303030303030303030303030303030303030303030303030303030  483
Other.exe  303030303030303030303030303030303030303030303030303030  500

 

[theunknownguy]

WPEPro.exe  303030303030303030303030303030303030303030303030303030  483
Other.exe  303030303030303030303030303030303030303030303030303030  500

I think its more cute:

ProcessName = WPEPro.exe
RVA = 483
Signature = 303030303030303030303030303030303030303030303030303030

 

[josesp]

WPEPro.exe  303030303030303030303030303030303030303030303030303030  483
Other.exe  303030303030303030303030303030303030303030303030303030  500

mmm i like it and i like you'r signature...

PD: Nice work fenix but please dont leave this in nothing...

 

[theunknownguy]

mmm i like it and i like you'r signature...

PD: Nice work fenix but please dont leave this in nothing...

Well i never leave something in nothing, sources are already publish, if i leave it would be on "something".

Read my first post, this is nothing for serious, ill drop it when i get bored.

PS: Ill start working on this in 1-2 hours more.
PS2: Ill use Mulegend DB style, i can make code faster in that way.

---------- Post added at 10:51 PM ---------- Previous post was at 09:59 PM ----------

Ok people how long the signatures would be?

8 bytes?
16 bytes?
32 bytes?

The longer the signature the more area of detection you can grab avoiding some false positive, but the longer the signature the more will delay the scan.

 

[StarOrId]

Well i never leave something in nothing, sources are already publish, if i leave it would be on "something".

Read my first post, this is nothing for serious, ill drop it when i get bored.

PS: Ill start working on this in 1-2 hours more.
PS2: Ill use Mulegend DB style, i can make code faster in that way.

---------- Post added at 10:51 PM ---------- Previous post was at 09:59 PM ----------

Ok people how long the signatures would be?

8 bytes?
16 bytes?
32 bytes?

The longer the signature the more area of detection you can grab avoiding some false positive, but the longer the signature the more will delay the scan.

I think those 3-4seconds more are better to wait then giving players fake anti hack messages.

thx for sharing but without cheat list its kind of useless,who really going to download 500cheats to add them to the cheats db?

btw can you upload the sources to somewhere else ?

 

[theunknownguy]

I think those 3-4seconds more are better to wait then giving players fake anti hack messages.

thx for sharing but without cheat list its kind of useless,who really going to download 500cheats to add them to the cheats db?

btw can you upload the sources to somewhere else ?

You guys are going to download those 500 cheats and add to the database. Why?... Caused this is faster, safer and open source. :laugh:

Ill upload next update on multiple sites, but all like megaupload and so on.

If nobody want to add 500 cheats, 10, or 5 (whatever) just dont and dont use it. Its pretty simple.

 

[theunknownguy]

Ok guys updated out

Download here or in main post:

You must be registered to see links

Whats new:

    - Scan system added (signature + RVA Offset)
    - Database added
    - Alot of details and optimization

Whats comming:

    - Possible option to choose for full memory scan
    - Optimize the scan system for thread (scan each X seconds)
    - Encrypt / Decrypt database
    - Details

Yes this are only sources, ill put here when a compilated version is out.


Format of Database is:

"WPEPro.exe"  303030303030303030303030303030303030303030303030303030  483
"Other.exe"   303030303030303030303030303030303030303030303030303030  500

Style credits to MULegend.

Where the string is Process Name, the second field is signature (32 bytes) and the last field is an RVA. The reason why an RVA instead of an hardcoded offset will be explained later.

 

[Netzo]

Nice job! I Like IT!
Suggestion: add crc check for bmd files =)

 

[Dios]

Hey, use this:

You must be registered to see links

Multi automatic mirrors.

I'll clean this up later.

 

[MuIsBest]

Stop flaming each others. If you don't like the development, then don't flame the thread author, no need for that.

Infractions will be given to the next one doing so. Also, stick to the thread.

Thread Cleaned(I did it for you Dios )

 

[StarOrId]

fenix you know if theres a way to track packets without anti virus detect it as a virus?
though maybe instead of adding all those cheats will be much better to allow packets to send only from main.exe
still not the best protection but with few more addons to server side+main.exe it might be enoght