Q-Protect Anti hack source code

Hi,

I thought I release the source code now as I promised it ones :ott1:
I'm not working on this project anymore so no reason to keep it for myself.
Well I hope you all can use it well or even improve it if you like too :ott1:
If you are going to use this source don't forget to give me some credits :wink:

Source code from my Flyff Source

Functions : [C++] qProtect - Pastebin.com

How I execute them

Code:

---

#ifdef __QUGET_NON_PROTECT_DLL_VERSION
HANDLE_QUGET_ANTI_PACKET = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)QUGET_ANTI_PACKET, 0, 0, 0 );
HANDLE_QUGET_ANTI_SPEED = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)QUGET_ANTI_SPEED, 0, 0, 0 );
HANDLE_QUGET_ANTI_WINM = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)QUGET_ANTI_WINM, 0, 0, 0 );
#endif

---

This source can be used for most games :ott1:
Lol its not really big its simple and messy in my view.

Don't forget to like this post for the release :P:

If I can break your code by modifying the string table, you're doing it wrong.

Edit: Proxy DLLs.

Then improve it? Source is there:p
You don't get the goal for releasing a source code?

That's like releasing a hello world as an operating system example and then when someone says "this isn't an operating system" you reply "so improve it, isn't that the point of releasing the source code?"

/facepalm.

Quote:

---

Originally Posted by MisterKid

Then improve it? Source is there:p
You don't get the goal for releasing a source code?

---

That implies that there's something of substance to begin with. That's not to say that your code isn't useful -- it has the makings of a packet editor already -- just that if it cannot protect itself from reversing, it won't protect a game client.

Anywho anyone willing to improve the anti-hack can just go ahead, the source was probably released probably due to it lacking interest for the OP and therefor decide to release it rather than working on it.

It helps some people :ott1: that was my goal. Or it makes people wanting to do more into anti-hacking.
I didn't really like it so i gave up on it a long time ago. And I promised to release the source ones so I did.

@people complaining.
Read

Quote:

---

"Well I hope you all can use it well or even improve it if you like too "
Lol its not really big its simple and messy in my view.

---

Well, I've been semi-waiting for this, merely because I'm interested in how it works (whether or not it's perfect)

Btw, think you put enough smilies in the first post? o.o

Thanks For the Download I will try to make the antihack better

Bump.
The non sourced thread is getting some post and I get bugged on msn/pm's
I do not continue so use the source!

Is this source updated or not?

Quote:

---

Originally Posted by Intelligence

Is this source updated or not?

---

updated in which way? It haven't been touched since release if that's what you're asking.

Ahhh ok. I mean is, the one that developing by misterkid is q-protect 4 and he said in his last post (I think) in the thread were q-protect 4 is 'go to the source of it'. That's why I came here.

I haven't looked at it, but this was released after q-protect v4, so I'm guessing this is the source for that version.

Alright and I see that this has been released after qpro 4.

the source is the latest version :P

Uhhhh...

#1 - Threading in an antihack isn't usually good unless done properly(which requires time checking by the main thread). A hacker can simply suspend your checking threads and your antihack is bypassed. You should have it check in a function that is essential to the game's processing, such as render.

#2 - Why are you using ASM and VirtualProtect at all? You can simply do something like:

Code:

---

DWORD dwAddr = GetProcAddress(hModule, "QueryPerformanceCounter");
if(*((BYTE*)dwAddr) == 0xE9)
...

---

#3 - This only checks for jmps at the address of the functions. A hacker can also jmp inside the function, or even hook the vtable and bypass any .text section checking completely. Do some research and you can easily find much better methods of detour detection.

#4 - At least check for hooks on ExitProcess/GetProcAddress/GetModuleHandle. Those are also easy ways to bypass this "antihack".

Updated link
@ Mootie Ty :P

hey sir can you add splash thingy?

Erm Mootie your way is invalid.
DWORD dwAddr = GetProcAddress(hModule, "QueryPerformanceCounter");
Will get you the function address when the dll has the export.
Kernal32.dll exports QueryPerformanceCounter right?:P

if(*((BYTE*)dwAddr) == 0xE9)
It is not possible to do it like this :P

I found another way to block functions. The new way just replaces the function if it can find the function addres :P But using the same method you be able to bypass the antihack :S (only if you know the function addres) Most Flyff server has their neuzes unpacked so it would be easy to find the addres.

Quote:

---

Originally Posted by MisterKid

Erm Mootie your way is invalid.
DWORD dwAddr = GetProcAddress(hModule, "QueryPerformanceCounter");
Will get you the function address when the dll has the export.
Kernal32.dll exports QueryPerformanceCounter right?:P

if(*((BYTE*)dwAddr) == 0xE9)
It is not possible to do it like this :P

I found another way to block functions. The new way just replaces the function if it can find the function addres :P But using the same method you be able to bypass the antihack :S (only if you know the function addres) Most Flyff server has their neuzes unpacked so it would be easy to find the addres.

---

Why doesn't it work? It seems perfectly valid to me.

dwAddr = DWORD(an x86 address)
dwAddr is cast as a ptr to a BYTE
dwAddr is dereferenced and checked to make sure the function call isn't detoured

It does the exact same thing as what your code does, except less mess and performance overhead. The only thing that doesn't work about it is if the hacker uses a non-standard detour that doesn't use the 0xE9 instruction, but yours doesn't protect against this either. VirtualProtect is completely unnecessary to check the text section of a normal loaded module.

getproc doesnt really return a Dword. But I try converting it and test it again .
:p just interested in it agaib lol
Posted via Mobile Device

some ideas:
Let your anticheat scan itself and the Neuz.exe for modifications.

Let your anticheat send some crypted information to the server, which kicks/bans the user, if the informations are not valid / sent.

Create a driver, which blocks ZwOpenProcess, ZwReadProcessMemory, ZwWriteProcessMemory, etc..

Ignore jmps at the begging of a function (this isn't really efficient, because you still can hook in the mid of the function)
example

Code:

---

int QueryPerformanceCounter_real = (DWORD)GetProcAddress(GetModuleHandle("Kernel32.dll"), "QueryPerformanceCounter") + 5;
__declspec(naked) BOOL WINAPI QueryPerformanceCounter_proxy(LARGE_INTEGER *lpPerformanceCount)
{
        __asm
        {
                mov edi, edi
                push ebp
                mov ebp, esp
                jmp [QueryPerformanceCounter_real]
        }
}

---

make it minimized to tray when opened =))

Which version should I use visual studio?

2003 not open

You need visual studio 2010.

Update link, please ?

this anti hack is obsolete and really easy to bypass as is. Their is ALOT more secure and non by-passable ways to build an anti-hack in your neuz. Their is alot of releases out their that fix almost every major bug. if you are looking for cheat engine, speed hack fixes, and a simple hack detection system look in this source:
http://forum.ragezone.com/f457/goh-f...y-play-922629/

I do not recommend using this source for your live server, its loaded with bugs and back doors.... Just look at the versioncommon and rip the security stuff out for your server. You don't even have to know c++ to do this. just common sense.


And lastly their is a redone version of this out their, quget developed this decent anti-hack. when he couldn't take it any further he released it here. Some flyff servers took his code here and applied it into their neuz directly. At least 1 top flyff server i know of uses this antihack like i said above... Also if you REALLY need an antihack the itak-pro source was leaked and is around somewhere. *I'm not sure if its released here* I dont like itak but it will get the job done for your server for now, maybe since its a source you could make it better then itak himself. Itaks is by passable but its not something a normal player could do ( maybe if they tried..)


and this is all i have to say about this...

Quote:

---

Originally Posted by Johnny

this anti hack is obsolete and really easy to bypass as is.

---

Really? :?: but how does the NOP...

Quote:

---

Originally Posted by Johnny

Their is ALOT more secure and non by-passable ways to build an anti-hack in your neuz.

---

I've bypassed GameGuard and Hackshield in various ways... VAC and Warden both have public bypasses available. You think you can make a better anticheat than these huge companies? Good luck sir. By definition, a client-sided anticheat can be bypassed. A clientsided anticheat is merely to keep idiots from messing with things they shouldn't be.

I'm betting itak pro would be able to keep you busy for awhile, which is funny considering is .NET unobfuscated anticheat... :/:

Quote:

---

Originally Posted by Johnny

Their is alot of releases out their that fix almost every major bug. if you are looking for cheat engine, speed hack fixes, and a simple hack detection system look in this source:
http://forum.ragezone.com/f457/goh-f...y-play-922629/

---

Almost every major bug? I can name dozens of remote code execution exploits that aren't patched publicly and I'm sure there are many more...

Quote:

---

Originally Posted by Johnny

I do not recommend using this source for your live server, its loaded with bugs and back doors.... Just look at the versioncommon and rip the security stuff out for your server. You don't even have to know c++ to do this. just common sense.

---

Yes, you don't have to understand the potentially backdoored code you're putting into your source... Just copy paste and is all good. ^^

Cool cool... but can anyone reup the source?