Author Topic: Frustration... sucks...  (Read 501 times)

0 Members and 1 Guest are viewing this topic.

Subsky

  • Insane Joker
  • ****
  • Posts: 504
  • Subskii
    • View Profile
Frustration... sucks...
« on: October 06, 2006, 08:45:54 am »
I'm pretty damn frustrated...

First I tried to statically patch (using a hex editor) logs.dll + game.dll; to avoid cheating #138 (shoot through walls + no gun raising); but no luck...

Conclusion:  #138 detection is server-side.

HRADBA scans memory; may hash it- and sends it to server for comparison (with what 'should' be there).

So, I then used DLL injection- to inject a DLL stub- which loaded hacked_logs.dll; got the address of the required functions in this 'copy'- located the IAT (Import Address Table) Entry of game.dll for the required functions and redirected them to point to hacked_logs.dll; instead of the original logs.dll...  Eventually; everything compiled and ran; functions were being hooked- so I load them game up and start the injection process.

Join a server with HRADBA... 2 minutes later; bang- right there... cheating #128 (if I remember correctly)- "Can be caused by (except real cheats) by Windows Blinds like software... etc etc".

I thought; wtf- there are hundreds of exported API functions in logs.dll- and hooking one is detected, by the server in 2 minutes?

Darawks method on using the debug registers is nice- but only being able to use 4 memory addresses really sucks bigtime- and ain't great for large trainers pokin' shit all over the place...

My conclusion...

The only way I feel HRADBA can be defeated (Pure server check + #138, #128 + #143?), is with a full-fledged rootkit...

But... it will be beaten...

Subsky
« Last Edit: November 19, 2006, 09:07:28 am by Subsky »

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Frustration... sucks...
« Reply #1 on: October 06, 2006, 09:44:23 am »
Every now and then some of the stuff I play with gives me a #138....like 1 time out of 1,000 games.
A false HB detection of some sort.

Most servers use a set time to have HB run it's checks (this value can be slowed down/speed up....speed it up TOO much and the server will 'lag').

Set up a server/player and try grabing the check info and make a redirect for the call to do the check.

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

[TKC]Russ

  • Relentless Teamkiller
  • **
  • Posts: 94
    • View Profile
    • no.
Re: Frustration... sucks...
« Reply #2 on: October 07, 2006, 10:27:07 pm »
me and nick can create servers, maybe if #138 is serverside that will help

Subsky

  • Insane Joker
  • ****
  • Posts: 504
  • Subskii
    • View Profile
Re: Frustration... sucks...
« Reply #3 on: October 08, 2006, 02:24:17 am »
me and nick can create servers, maybe if #138 is serverside that will help

It is; there is one function in HRADBA.DLL that can be modified to 'do nothing'- and return (won't detect any hradba cheats/kick clients)... but it must be run on the server... the detections are serverside and patching them on a client does nothing...

Subsky