TKC-Community

Hacking and Art => Vietcong 1 & 2 => Topic started by: MonkeyAll3n on September 20, 2006, 10:19:11 am

Title: Bypass or Antikick still possible?
Post by: MonkeyAll3n on September 20, 2006, 10:19:11 am
hey ,

I have been getting kicked for using my trainers lately and really want to somehow disable HB, without needing to know programing. I know it has been done before, but is it still possible? Is antikick possible?
Title: Re: Bypass or Antikick still possible?
Post by: Subsky on September 20, 2006, 04:14:52 pm
There are a few ways to bypass HRADBA's memory scanning (eg. kicks for #138); directly patch the memory scanning detection algorithm it uses to aways say 'Status: OK'... or implement some kind of memory hiding element in your own custom built trainer (it's called 'rootkit' technology- read about it briefly here (http://http://en.wikipedia.org/wiki/Rootkits)).

HRADBA.dll is loaded into vietcong.exe's address space; and can (try) to read any of the processes memory directly; making it hard to beat using most well known API hooking techniques.  This is because HRADBA doesn't use Windows API functions like ReadProcessMemory() to scan memory, like PB (last time I checked) etc.

I'm currently implementing a user-mode version of a very new memory hiding method called Shadow Walking- which can be read about here (http://http://www.securityfocus.com/infocus/1851).  When done correctly- all trainers, new and old will not be detected.

I hate to say it- but you really won't get anywhere unless you know some programming.

Subsky
Title: Re: Bypass or Antikick still possible?
Post by: Subsky on September 20, 2006, 04:21:10 pm
And anti-kick does not work (AFAIK)... I tried it a few months ago.

Here, I joined a server- set VC up to ignore certain 'kick me' SRV_MSG's being received- and then had a remote admin kick me.

Although the messages are ignored by the client; and despite you being able to move around for about 30 seconds more... Wwhen the server see's the client does not respond after a certain time period; it closes the connection automatically.

Unless you join with fake/changing info- you're going down- because the server sabotages the connection eventually...

Subsky
Title: Re: Bypass or Antikick still possible?
Post by: MonkeyAll3n on September 21, 2006, 09:40:40 am
thanks sub...learning programming is on my to do list  :D :D
Title: Re: Bypass or Antikick still possible?
Post by: ZOldDude on September 21, 2006, 10:38:51 pm
And anti-kick does not work (AFAIK)... I tried it a few months ago.

Here, I joined a server- set VC up to ignore certain 'kick me' SRV_MSG's being received- and then had a remote admin kick me.

Although the messages are ignored by the client; and despite you being able to move around for about 30 seconds more... Wwhen the server see's the client does not respond after a certain time period; it closes the connection automatically.

Unless you join with fake/changing info- you're going down- because the server sabotages the connection eventually...

Subsky

I have (as an admin) seen people who's NIC and USER # show in the "LIST" but when you goto kick/ban them "User not found".  :shock:
Title: Re: Bypass or Antikick still possible?
Post by: g-spot on September 22, 2006, 11:29:00 am
Yes!

My friend claims to have seen the exact same thing!
Title: Re: Bypass or Antikick still possible?
Post by: Subsky on September 22, 2006, 11:34:08 am
Yeap- they probably would have joined the server with fake info to begin with.
Title: Re: Bypass or Antikick still possible?
Post by: Bozo_the_clown15 on September 22, 2006, 12:28:57 pm
Gah SPAM!!!!

Slow down guys.. All i want is a nice VCHook preferable 4.1 or 5.0 (5.0 seems impossible 4.1 would be nice).

Would that be ok then you guys can teach me how to make it lol..
Title: Re: Bypass or Antikick still possible?
Post by: $3R!N63 on September 22, 2006, 02:03:25 pm
you can't make a vchook and release it.
Ask RainerStoff
Title: Re: Bypass or Antikick still possible?
Post by: MonkeyAll3n on September 22, 2006, 02:50:53 pm
i wudnt bother to ask rainer why wud he give it to u
Title: Re: Bypass or Antikick still possible?
Post by: $3R!N63 on September 22, 2006, 02:53:14 pm
lol i was just sending him on an adventure everyone needs in life..
Title: Re: Bypass or Antikick still possible?
Post by: MonkeyAll3n on September 22, 2006, 03:13:38 pm
lol :D
Title: Re: Bypass or Antikick still possible?
Post by: [TKC]Solid Snake on September 26, 2006, 05:17:08 am

I have (as an admin) seen people who's NIC and USER # show in the "LIST" but when you goto kick/ban them "User not found".  :shock:

there is a way of doing that zoldude. in your name, type instead of zoldude, type ~zoldude~, the ~~ will not show in list, name, anywere, so if they try to kick you via name, it will show as player not found. although...the id kicks still work.
Title: Re: Bypass or Antikick still possible?
Post by: MonkeyAll3n on September 26, 2006, 05:59:23 am
yep...bt most admins use player id
Title: Re: Bypass or Antikick still possible?
Post by: [TKC]Solid Snake on September 26, 2006, 06:25:14 am
 :roll: 342? or V easyer?

~V~
Title: Re: Bypass or Antikick still possible?
Post by: ZOldDude on September 26, 2006, 10:17:04 am
Yeap- they probably would have joined the server with fake info to begin with.

But...when you join a server IT gives you an ID # so it can keep track of your score.

Useing the PAYERS NAME ...or... the ID # would not kick them (no they were not remote admins).
Title: Re: Bypass or Antikick still possible?
Post by: g-spot on September 26, 2006, 05:43:11 pm
Yes, I think something like an anti-kick does exist.

The ~ thing may sound logical, but my friend claims when trying to vote kick the person (with kick "id"), console said: player id not found.
Title: Re: Bypass or Antikick still possible?
Post by: [TKC]Solid Snake on September 26, 2006, 05:47:07 pm
hmmm...i think i may have an idea of how they did it.
Title: Re: Bypass or Antikick still possible?
Post by: g-spot on September 26, 2006, 05:48:21 pm
Cool!
Work on it! Would be the best thing ever for a cheater, an absolute must-have.
Title: Re: Bypass or Antikick still possible?
Post by: MonkeyAll3n on September 27, 2006, 09:47:26 am
yes well if someone made program/trainer that refreshs/changes player id each second/split second the problem wud be solved then every1 cud just hav ~ in ther name and admins wud spend ages working out where in ur name the ~ is
Title: Re: Bypass or Antikick still possible?
Post by: Subsky on September 27, 2006, 02:54:55 pm
yes well if someone made program/trainer that refreshs/changes player id each second/split second the problem wud be solved then every1 cud just hav ~ in ther name and admins wud spend ages working out where in ur name the ~ is

That won't work- because the SERVER keeps track of player ID's.  Changing in on the client won't do anything...

Subsky