MuOnline antihacks 2015.

**Fallen166** · 09-09-15

Hey there, I've been away from muonline for qite a lot time. Visiting the forum again I noticed people still use the "lame IO sucking crap using dumps", antihacks.

I don't really get how you really get with that crap and still be happy.

Antihack should be simple as fuck not specified for every each public or private hack/bot/cheat.

A couple of things should be enough.

1) Packet encryption to avoid packet hacks.
2) Virtuallization to avoid memory hacks.

Everything else is crap. I don't see the point playing the cat-mouse game with "hackers" looking for new cheats etc.

You make everything look like it's rocket science. CRC checks, molebox, or anything other crap to avoid the non-usage of your protection. WTF! seriously!

Debug, find network addresses, hook them, create a hooked function to intercept packets and that's it. Regarding virtuallization, google it. There are plenty of programs providing virtualization.

**MentaL**

**splound** · 09-09-15

There are already several.

**Hedgehock** · 09-09-15

Checking client file hashes makes sense, since there are some client-side based cheats which are completely packet independent. But yeah, overall, you are completely right. I might write something that would additionally encrypt network traffic and prevent memory modification. I see this as following:

- c++ dll injected into main.exe hooking winsock functions (connect, recv, send) and encrypting them
- c# server side implementing proxy functions and decrypting data received/send from / to client. This would provide additional features for implementing packet-based customs.

Sadly, I don't have c# version of new packet encryption algo of mu online, so, have to rewrite c++ sources released...

If you got some good ideas for this, feel free to PM me.

**007jodex** · 10-09-15

Originally Posted by Fallen166

Virtuallization to avoid memory hacks.

Hey, wait a moment.. That´s crap too ;) Virtuallization is not really necessary, if you know, that newest clients, have a lot of anti-virtualization checks, lot of crypt packets.. and the bigest and worst problem.. Keep in mind, muonline players dont have good computers.

Originally Posted by Fallen166

You make everything look like it's rocket science. CRC checks, molebox, or anything other crap to avoid the non-usage of your protection. WTF! seriously!.

+1

Originally Posted by Hedgehock

Checking client file hashes makes sense, since there are some client-side based cheats which are completely packet independent. But yeah, overall, you are completely right. I might write something that would additionally encrypt network traffic and prevent memory modification. I see this as following:

- c++ dll injected into main.exe hooking winsock functions (connect, recv, send) and encrypting them
- c# server side implementing proxy functions and decrypting data received/send from / to client. This would provide additional features for implementing packet-based customs.

Sadly, I don't have c# version of new packet encryption algo of mu online, so, have to rewrite c++ sources released...

If you got some good ideas for this, feel free to PM me.

Check client files hashes? Really?. Belive me, webzen still checking hashes/crc of every file in client, and since muonline begun, anyone can bypass that checks.

Encrypt network traffic --> +1 Points
Prevent Memory Modification... ---> - 10 points.

Anything clientside antihack ,trying to protect him, could be bypassed.

Whats my point? Simple. Prevent hacks, dupes and other bu**s*it directly from gameserver.

How? Simple. Fully dinamic Speed Checks, preveting dupe with serial checks, cuz if you think that webzen formules really are working, you are totally wrong, cuz they, in 2015, still having speed bypass, dupe, features that any person with n*uts could enjoy.

The answers is really simple. Start to study how these cheats/hacks are working, and use inverse to fix it server side. But, that require a lot of time, good coding skills..

Cheers ;)

**Fallen166** · 10-09-15

You should hook winsock WINAPI on program level, not hooking the ws_32.dll. Find recv/send function addresses in client side hook them and write a hooked-function on it. Implement a encryption algorithm, it could be even AES256 with pkcs7 padding, there are plenty "plug and play" source codes, tip: create if rule to check for 55901*(GS PORT) to avoid hooking on ConnectServer also..

For server do the same but instead of recv/send, hook WSARecv/WSASend. GS uses simple recv/send only for communication with server-support executables(ds,cs,exdb,etc).

You don't need to make a "hackserver" at all like this, just change the offset address for each different gameserver version. or if you want to make it available for any gameserver log the addresses and make an configuration .ini file to change the addresses of the hooked function easy.

Have fun!

**KarLi** · 13-09-15

Originally Posted by Fallen166

Hey there, I've been away from muonline for qite a lot time. Visiting the forum again I noticed people still use the "lame IO sucking crap using dumps", antihacks.

I don't really get how you really get with that crap and still be happy.

Antihack should be simple as fuck not specified for every each public or private hack/bot/cheat.

A couple of things should be enough.

1) Packet encryption to avoid packet hacks.
2) Virtuallization to avoid memory hacks.

Everything else is crap. I don't see the point playing the cat-mouse game with "hackers" looking for new cheats etc.

You make everything look like it's rocket science. CRC checks, molebox, or anything other crap to avoid the non-usage of your protection. WTF! seriously!

Debug, find network addresses, hook them, create a hooked function to intercept packets and that's it. Regarding virtuallization, google it. There are plenty of programs providing virtualization.

Lol that's why i love UGK (Undergroundk) antihack =]
it doesn't block any programm, it catches in real time the suspicious potential cheating programms and doesn't allow them proceed.

**StolenStar** · 13-09-15

I'm developer of NSEngine Anti-Cheat Systems. My Anti-Cheat doesn't use any cheat database/dumpers/window scanners.
General function it is Heuristic Analysis like functions on AntiViruses.

Who want to know more about it - link is in profile signature.

**DragonSeth** · 13-09-15

Or everyone can use the best anti hack that is for mu: https://forum.ragezone.com/f197/live...rsion-1026337/
Phew all this could been solved a long ass time ago.

**alex26** · 14-09-15

Originally Posted by DragonSeth

Or everyone can use the best anti hack that is for mu: https://forum.ragezone.com/f197/live...rsion-1026337/
Phew all this could been solved a long ass time ago.

It's not best anticheat even for mu)
my friend can bypass it in 2 minutes :D

**DragonSeth** · 14-09-15

Originally Posted by alex26

It's not best anticheat even for mu)
my friend can bypass it in 2 minutes :D

The premium version i highly doubt. You can say you can but doesn't mean you can.

**Mecanik** · 15-09-15

Crap crap crap, and again crap.
It seems that everyone have ideas, and know how to make a good antihack, but non of you focus to see what the latest hacks look like, and how they work.
TGH, have been developing pretty advanced hacking tools, that have nothing to do with packets, or memory writing, they use hooks on windows api, or write into the game`s memory (using openprocess) and change whatever they want.
I will tell you whats is wrong, and what is right, and what do you actually need for a mu-online server (and it`s not enough):

1)Packet encryption to avoid packet hacks. - yes, that is correct, but not every kind of encryption works, or protects 100%, and i did not see anyone to encrypt the whole packet(s) yet (with headers) for everykind of server files (especialy IGCN), but i did. (LiveGuard encrypts the whole packet, making decryption impossible, and using a custom crypto system, wich is not Google, or anywhere else)
And speed is essential also, everything must go as fast as webzen`s XOR, because it will ruin your game (lagging, unexpected d/c etc).

2)Virtuallization to avoid memory hacks. - incorrect, that won`t work properly, not on every server files, and not on every OS, and not with some AV engines. You have to consider something that will actually work everywhere, on any OS, for everyone. (LiveGuard makes this possible)

3)Protecting files from alteration (hash) - indeed this is needed, and it can be bypassed, but not if you know how to check it. (LiveGuard makes files replacing impossible)

4) Packet rate limitation - beleive it or not, even though you encrypt packets, if i make a hook, and send for example a login packet back to your GameServer 50 times in 1 second, well you know what`s gonna happen. (LiveGuard prevents that)

5) Prevent deep WINDOWS HOOKING - well some of you know, some of you just never heard of it, but AV engines, have special lib`s wich hook into NTAPI and use functions like:

Code:

PhOpenProcess(
    _Out_ PHANDLE ProcessHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ HANDLE ProcessId
    );
PHLIBAPI
NTSTATUS
NTAPI
PhOpenThread(
    _Out_ PHANDLE ThreadHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ HANDLE ThreadId
    );

So what this means, hooking kernel32.dll function make no difference, because with these functions, they can intercept a process or any function they like before kernel32.dll even knows it.
This is what tools like Process Hacker use, so you can write into the game`s memory, use functions, do whatever you like. (LiveGuard prevents this)

6)Preventing running certain hack tools in Ring0 mode - well, some of you may never even heard of it, but hackers and some viruses run in ring0 mode, so making it impossible to detect/block/intercept.
About ring0 mode here: https://en.wikipedia.org/wiki/Protection_ring
And of course, LiveGuard prevents this.

7)Avoid hooking GameServer - this is crucial, because some server files are packed, some or not, but either way, i am 100% sure you will ruing something. A gameserver stands in many functions, and any kind of modification should be made by Source code, not addons and crap,
(LiveGuard uses the most advanced proxy system out there, without touching the gameserver, and as an added bonus, it provides Load Balancing with 1 or more backends).

8)Memory DUMP detection - well, you tell me i am writing a cheat program in ring0 or ring3 mode, and run it, how will you block it? is your AH system like NOD32 ? or KasperSky ? (i don`t think so).

NOTE: these are only a few stuff i can mention, because i don`t have time to make you a poem.

I'm developer of NSEngine Anti-Cheat Systems. My Anti-Cheat doesn't use any cheat database/dumpers/window scanners.
General function it is Heuristic Analysis like functions on AntiViruses.

Let me read that again, so do you even know what heuristic means? Or have you seen sources from AV engines to actually say that your code works like them? Well i did, and beleive me, you are far away my friend... Oh, and i forgot to mention, why did you copy my proxy structure system? You just appeard a few months later, after i released my first version, and a friend of mine, showed me your software, all i can say, shame on you my friend, you should come up with your own ideas, not looking at others and making a copy in c#.

Lol that's why i love UGK (Undergroundk) antihack =]
it doesn't block any programm, it catches in real time the suspicious potential cheating programms and doesn't allow them proceed.

Let me explain that for you, "real time" means that it uses threads, executed at a specific time, and threads can be suspended, remmeber ?

You make everything look like it's rocket science. CRC checks, molebox, or anything other crap to avoid the non-usage of your protection. WTF! seriously!

Well beleive it or not, i have friends that can make you rethink that, there is alwasy a way to hack/exploit something, and if you are good enough, then you will even enjoy it.

What`s my point? Use my AH system, because we had the time to study, code, and prevent cheating. There are 99 ways to cheat, and i really don`t have time to explain.
Don`t bother hooking, and searching offsets to touch your gameserver.
You need really good knowledge to prevent 100% cheating, you need to understand WINDOWS functions, you need to understand how the MU works.

What`s recommended?
-Make you AH fast, stable, and imune to exploits
-Your AH should not *touch* the gameserver at all
-Your AH should be able to detect speed alteration upon OS level
-Your AH should be able to detect hack programs packed with Themida or WinLicense
-Your AH should be able to detect rootkits (ring0 mode processes)
-Your... crap i don`t have time, just use LiveGuard.

Cheeers~

**KarLi** · 15-09-15

Originally Posted by Mecanik

Let me explain that for you, "real time" means that it uses threads, executed at a specific time, and threads can be suspended, remmeber ?

No idea on that bro u have to talk with UGK to find out more about it, real time i mean it detects those unwanted programs mostly like bots/.exe's and packets and i dont know what even more, for me UGK is the realiest antihack server and client side, ofcourse i like yours aswell didnt had issues with it when i had it i just didnt use it much so understand that =)

**DragonSeth** · 15-09-15

Originally Posted by Mecanik

Crap crap crap, and again crap.
It seems that everyone have ideas, and know how to make a good antihack, but non of you focus to see what the latest hacks look like, and how they work.
TGH, have been developing pretty advanced hacking tools, that have nothing to do with packets, or memory writing, they use hooks on windows api, or write into the game`s memory (using openprocess) and change whatever they want.
I will tell you whats is wrong, and what is right, and what do you actually need for a mu-online server (and it`s not enough):

1)Packet encryption to avoid packet hacks. - yes, that is correct, but not every kind of encryption works, or protects 100%, and i did not see anyone to encrypt the whole packet(s) yet (with headers) for everykind of server files (especialy IGCN), but i did. (LiveGuard encrypts the whole packet, making decryption impossible, and using a custom crypto system, wich is not Google, or anywhere else)
And speed is essential also, everything must go as fast as webzen`s XOR, because it will ruin your game (lagging, unexpected d/c etc).

2)Virtuallization to avoid memory hacks. - incorrect, that won`t work properly, not on every server files, and not on every OS, and not with some AV engines. You have to consider something that will actually work everywhere, on any OS, for everyone. (LiveGuard makes this possible)

3)Protecting files from alteration (hash) - indeed this is needed, and it can be bypassed, but not if you know how to check it. (LiveGuard makes files replacing impossible)

4) Packet rate limitation - beleive it or not, even though you encrypt packets, if i make a hook, and send for example a login packet back to your GameServer 50 times in 1 second, well you know what`s gonna happen. (LiveGuard prevents that)

5) Prevent deep WINDOWS HOOKING - well some of you know, some of you just never heard of it, but AV engines, have special lib`s wich hook into NTAPI and use functions like:

So what this means, hooking kernel32.dll function make no difference, because with these functions, they can intercept a process or any function they like before kernel32.dll even knows it.
This is what tools like Process Hacker use, so you can write into the game`s memory, use functions, do whatever you like. (LiveGuard prevents this)

6)Preventing running certain hack tools in Ring0 mode - well, some of you may never even heard of it, but hackers and some viruses run in ring0 mode, so making it impossible to detect/block/intercept.
About ring0 mode here: https://en.wikipedia.org/wiki/Protection_ring
And of course, LiveGuard prevents this.

7)Avoid hooking GameServer - this is crucial, because some server files are packed, some or not, but either way, i am 100% sure you will ruing something. A gameserver stands in many functions, and any kind of modification should be made by Source code, not addons and crap,
(LiveGuard uses the most advanced proxy system out there, without touching the gameserver, and as an added bonus, it provides Load Balancing with 1 or more backends).

8)Memory DUMP detection - well, you tell me i am writing a cheat program in ring0 or ring3 mode, and run it, how will you block it? is your AH system like NOD32 ? or KasperSky ? (i don`t think so).

NOTE: these are only a few stuff i can mention, because i don`t have time to make you a poem.

Let me read that again, so do you even know what heuristic means? Or have you seen sources from AV engines to actually say that your code works like them? Well i did, and beleive me, you are far away my friend... Oh, and i forgot to mention, why did you copy my proxy structure system? You just appeard a few months later, after i released my first version, and a friend of mine, showed me your software, all i can say, shame on you my friend, you should come up with your own ideas, not looking at others and making a copy in c#.

Let me explain that for you, "real time" means that it uses threads, executed at a specific time, and threads can be suspended, remmeber ?

Well beleive it or not, i have friends that can make you rethink that, there is alwasy a way to hack/exploit something, and if you are good enough, then you will even enjoy it.

What`s my point? Use my AH system, because we had the time to study, code, and prevent cheating. There are 99 ways to cheat, and i really don`t have time to explain.
Don`t bother hooking, and searching offsets to touch your gameserver.
You need really good knowledge to prevent 100% cheating, you need to understand WINDOWS functions, you need to understand how the MU works.

What`s recommended?
-Make you AH fast, stable, and imune to exploits
-Your AH should not *touch* the gameserver at all
-Your AH should be able to detect speed alteration upon OS level
-Your AH should be able to detect hack programs packed with Themida or WinLicense
-Your AH should be able to detect rootkits (ring0 mode processes)
-Your... crap i don`t have time, just use LiveGuard.

Cheeers~

I think someone just kicked some asses xD Keep up ur good work i supported you from day 1 bro!!

**steve5287** · 15-09-15

Using your system and thanks God, because that helps me 99.9% on my server protection.

**StolenStar** · 15-09-15

Originally Posted by Mecanik

Oh, and i forgot to mention, why did you copy my proxy structure system? You just appeard a few months later, after i released my first version, and a friend of mine, showed me your software, all i can say, shame on you my friend, you should come up with your own ideas, not looking at others and making a copy in c#.

My Anti-Cheat System exists since 2011 Year and proxy system exists on my Anti-Cheat System 4 years.

Originally Posted by Mecanik

6)Preventing running certain hack tools in Ring0 mode

Originally Posted by Mecanik

- well, some of you may never even heard of it, but hackers and some viruses run in ring0 mode, so making it impossible to detect/block/intercept.
About ring0 mode here: https://en.wikipedia.org/wiki/Protection_ring
And of course, LiveGuard prevents this.

OMG. Your Anti-Cheat is RING3, in RING3 it impossible to prevent RING0. Do not lie.

MuOnline antihacks 2015.

Thread Tools

MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Re: MuOnline antihacks 2015.

Advertisement