Simple Muguard

[phit666]

As the title says, this is a simple mu anticheat that can do the following:

1. Scan cheat based in (32 bytes of memory) fingerprint (136 dumps).
2. Recursive scanning of window title, a target name of cheat engine will match all program with cheat engine word in it no matter what is the capitalization. You can add max of 10 names.
3. File CRC comparison technique, you can add a max of 2.
4. Client startup logo loading, you can freely modify the bitmap file inside MuGuard folder.

Howto:

DLL will read its data from list.dat file, this is encrypted file. This file contains the CRC and cheat names data. A tool is included ,inside tool folder in the package, to produce this list.dat from list.ini file. List.ini is a text file where you can add CRC and cheat names data.

Here is how list.ini looks like, where you can edit values. Its obvious that you have to increment count values accordingly. DONT REMOVE THE LAST LINE "[eof]":

[CRCVALUE]
count = 2
0 = 77286090
1 = 297457b2
[CRCPATH]
0 = data\\local\\item.bmd
1 = data\\player\\player.bmd
[CHEATS]
count = 10
0 = speed gear
1 = cheat engine
2 = moonlight engine
3 = hithack
4 = gproxy
5 = speederxp
6 = hasty mu
7 = artmoney
8 = xspeed
9 = wpe pro
[eof]

When you run CreateDAT.exe (included in tool folder), it will create a file list.dat from list.ini which look like this. This is what you need to put inside MuGuard folder, muguard.dll will take data from this file.:

5FE37B40BC452190C0A0C88E0B4C7197F98AE6CF7C75573EB23861DFF64EA099F9DE89199A0CA896158E31D04CAF2A3410A8240ABD2B062503EB248F3FE955E9423005BF66CCBB98460FBAF167021E430C3BB9C2674CEACDAE9140C562A0D0A3F3FD60F76182148DB05C3B110A51640E1B8F38FBA067D3E9A25C678AEC4A931DF333C32C982DDE9ED26BD6BA97E9A63C27787B53F0BAA146ACAA82F710E89989A72470EBB65542AA29886877CD7F783B0B913E2BDB7B204F7665BB8C747F4D04EC56A1AD482E0A7366519BBE4681709AB0A35DBC1D1D52806B1104AF512375B7173BB5B41DDD1D04E3FE1FF26149AF86267EF914AD4C4E8B78959F723E20DA94F6931319A199052C74FB3B9E4DE5288C5E10BC39FBFBA6E0D5C14ACA156FEADB

Credits:
f1x - memory scan idea
leo123 - window title idea
MSDN ^^
me ofc

[03-01-2010 - ver 1.0.1.0]
* muguard.dll, createdat.exe and list.ini updated, now its using my full version encryption.

[05-01-2010 - ver 1.0.2.0 update]
* muguard.dll and list.ini updated. Added the following section in list.ini to bind dll and dat file, main = main.exe client crc value (small letter).

[COMMON]
main = main.exe_crc_value

 

[MuIsBest]

Re: [Release] Simple Muguard

Approved

 

[fenix010203]

Re: [Release] Simple Muguard

Release SOurce Please

 

[Crazzy]

Re: [Release] Simple Muguard

this is demo version , for community // full version 200usd OMG? wtf big price for lite product/ sorry...

 

[phit666]

Re: [Release] Simple Muguard

this is demo version , for community // full version 200usd OMG? wtf big price for lite product/ sorry...

Oh yeah, putting main process in ring0 is lite for you, lol! It is free version if you dont like it no one forces you!

BTW

[CHEATS]
count = 2
0 = speed gear
1 = cheat engine

will detect all speed gear and cheat engine versions including future updates of this products, actually that is if they wont change window title :tongue:

 

[Annaev]

Re: [Release] Simple Muguard

This is not a ring0 check, is simple Handle Check.
Your Guard is easy to bypass.

 

[phit666]

Re: [Release] Simple Muguard

whatever.. thanks for your time.. and release if its a usefull for some1
for me its funny 2 cheats in list

lol^^ read first before you comment about 2 cheats ? Dont you see you can add upto 10 limit?

This is not a ring0 check, is simple Handle Check.
Your Guard is easy to bypass.

Where did I say this free version has ring0 feature? I was referring to my full version and if you want to see it you can download my client anytime.

 

[crlfrancis]

Re: [Release] Simple Muguard

i bought the full version of this product and it really offers good protection hiding main process and detecting any possible cheat forms, now my server is well protected

you can try it before you buy or just test it in phit666s server, i would say its worth it if you want a professional mu server

 

[devisz]

Re: [Release] Simple Muguard

another 200$ just to abandon project after 1-2 months like psafe did ? )

 

[Xezis]

Re: [Release] Simple Muguard

Funny encryption. It was too easy to bypass. Look in attachment.

VirusScan:

You must be registered to see links

 

[[RCZ]ShadowKing]

Re: [Release] Simple Muguard

any client side protection bring you about 50% protection because there are a lot of hackers with a little brain that will think to change the main and send fake packets to gs with checksum than they do what they want!
A client side antihack don't worth 200USD,seriously!

 

[phit666]

Re: [Release] Simple Muguard

Funny encryption. It was too easy to bypass. Look in attachment.

VirusScan:

You must be registered to see links

Title says buddy!

Anyway here is the updated version using my full version encryption.

*Original post updated.

 

[mauka]

Re: [Release] Simple Muguard

lol^^ read first before you comment about 2 cheats ? Dont you see you can add upto 10 limit?

i did LauncherBuilder with 4 types of anticheat
+ u can add there cheats without limit :8:

ps. i see u updated post now its have 10 cheats in list

 

[phit666]

Re: [Release] Simple Muguard

Am I asking about your launcher? LOL^^ Dude you better read post first before commenting nonsense!

 

[Lautaro]

Re: [Release] Simple Muguard

I purchased the full version of this product and its really worth it, my server is 100% protected from any cheat, plus it has a great 3d camera.

 

[tomatoes]

Re: [Release] Simple Muguard

I purchased the full version of this product and its really worth it, my server is 100% protected from any cheat, plus it has a great 3d camera.

I recomend author:
easy bypass antihack If you don't pack main.exe
and better than you should make a new checksum from Server.Main Checksum.dat by DW,hacker can by pass.

 

[exclamatio]

I agree, keep posting on this thread on toipic with the original post please. Thread hijaking is bad manners on forums

If you already have a thread mauka then that's enough

 

[Infiniti]

I think you should add cheat module injection (dll), api hook and your scanner thread protections. Maybe traffic crypt. Good luck in development.

 

[DaRcAntiX]

Perhaps I'm missing something, but am I right in understanding that this 'anticheat' ONLY works on window titles of cheat programs?? :/:

Sooo... it works against cheaters who are too stupid to hex edit or reshack a window title. Okay, that's about half of them, as ShadowKing pointed out. And within 1 day that goes down to 0% of cheaters blocked, since the cheat authors (or other slightly-less-stupid friends of stupid cheaters) can easily 'release' a new cheat version every day with a different title. Are you expecting admins to update your program every day? Every hour? Every minute? It takes less than 60 seconds to change the window title of a program (or external filename, or internal filename, or process name, etc).

From a business perspective, you've had a good idea (selling an anticheat program) - that has obviously worked for you. You've made some money, congratulations. You had a good business idea, but not a good software idea. There's a reason why things like Antivirus scanners don't rely on window titles or process names. A really effective client-side anticheat could only operate by signature and heuristic analysis - that is, identifying unique strings inside running files or particular code in the memory of running processes, or monitoring active programs and blocking any suspicious behaviours like memory patching, injection, emulation or proxying.

While there is no effective server-side solution to a basic speed hack (including using a corrupted/modified player.bmd, running a 1HH program, or using a program which fools your Mu client into thinking you have 32000 agility), there ARE server-side solutions to almost every other type of hack/cheat for Mu, which will generally be a much better investment of your effort (and money, if you're buying an antihack). The most effective defence overall is one which performs both functions, like the old SkyTeam antihack, though that had its own issues despite being easily the best when it first came out. Another big factor in fighting cheaters is having an active, attentive, and knowledgeable admin team with the ability to respond to reports/complaints in realtime (meaning they have to be online where people on your server can PM or IM them while cheaters are in action), though of course this is usually something that takes time to build up, as good admins are hard to find, train and keep.

Unfortunately there is no magic cure to cheaters on your Mu server, but there are specific approaches you can use in order to make various types of cheating less beneficial. Firstly, your server should not be vulnerable to any kinds of SQL injection or blasting. If someone manages to get full-option items out of nowhere, then you have a SERIOUS security flaw, and should get proper help immediately. That sort of problem CAN be due to a lack of security on your server (computer) itself, but almost always due to an exploitable fault in the web package you have. Almost all Mu Website packages have known vulnerabilities that allow this sort of thing, if they are not properly updated and patched (and many still have openings, just not all are known).

Secondly, if you know of any duping methods that work against your server, or have suspicion that it is going on, you should look at upgrading to a version where that dupe no longer works, or research how to stop it. If you have not gone out and tried to hack your own server with whatever is out there, then you aren't doing your job as admin properly. Be CAREFUL when messing with cheat programs though, since many of them will be infected with trojans and password stealers (use an emulated windows system to run them, or a temporary installation that is wiped after your testing, without any sensitive passwords ever being entered into it). Most cheaters are just retarded kiddies who have no clue about anything, and most cheat authors are n00bs who think respect from those retards actually means something - so yeah, they aren't generally very useful or honest people.

Now, I probably should have mentioned this first but I'll cover it now... You should have regular backups of your server. By this I mean at least 2 backups of the server files and configurations themselves, so you can easily change back if you mess with a setting and it has unexpected results, without having the headache of trying to remember exactly what to change from the defaults. Normally this means you can get away with just backing up the Data folder, but it's good to also have a copy of the entire MuServer folder, since being able to quickly restore everything is a good option to have. You should also be keeping backups of your databases and logs - databases can get quite large, so even when you first start it's probably a good idea to work out a system of tiered backups. You should have a scheduled backup at least once a day (better 2x a day), preferably during a quiet period of course. Daily backups should be kept for at least a week, preferably two weeks, at which point the oldest can be deleted except for one, and you just keep 1 per week... that last sentence might be confusing so here's a quick example of the backup retention I'm talking about:

- 1 day ago
- 2 days ago
- 3 days ago
- 4 days ago
- 5 days ago
- 6 days ago
- 7 days ago
-14 days ago
-21 days ago
-28 days ago
- 2 months ago
- 3 months ago
... and I don't think you would ever need more than that. Many people probably wouldn't keep any older than 1 month, though if you have plenty of space (databases zip up really well) then why not? Personally I would keep at least daily backups for 2 weeks, since if someone does find a way to dupe or somehow cheat the economy on your server, and they're not bragging about it, it is possible that it could take more than a week to notice them.

In my own server (not up yet) I'll be offering generous rewards for hackers/cheaters to let me know of any vulnerabilities, maybe you could try that approach as well - but it only works if you make it hard to benefit from the cheating itself!

I realize this post has gone reeeeeally long, but I hope it helped at least one person understand some of the directions they must concentrate on to achieve MuServer security.

 

[phit666]

yeah quite lonnngg Anyway as I've wrote in my first post, this version is loaded with 136 cheat's 32bytes memory dump ('Guess Ive included all cheats dump released here plus my own dumps) and it is the first method cheat scan base its doing. Problem with this method is when the user need to add another cheat but he dont have source then it will be impossible. I've added the window title base scanning as a supplement, here a user can append new cheat, using list.ini (under [CHEATS], (sorry but in this version max 10 only), actually I find it more effective than the first method coz as I've previously wrote, adding a simple CHEAT ENGINE will much all cheat engine versions + its future versions. Another thing is when it comes to scanning, first method will fail to detect hidden cheat process while this one can.


*DLL updated to ver. 1.0.2.0, I only added key binding between dll and dat file.