Separate names with a comma.
Discussion in 'Dungeon Fighter Online' started by Neop1e, Mar 24, 2015.
Discuss Bypass??? in the Dungeon Fighter Online area at GameKiller.net
Truty looking for a bypass, I found one but it for A.V.A :behindsofa:
The game literally went live today, you should give people some time before asking for bypass / hacks.
Do with that what you will.
I had to login just to like this post, thank you!
Wasnt this just the source code from that reddit post?
the linked code is not a bypass or anything... it simply presses a button sequence. it is not useful nor helpful...maybe you can make your own "press x a lot" program, which is ok i guess...
Correct but it is also insight as to how Xigncode processes information
I'm not asking to be spoon fed, rather, could you link me to something that can help me understand this?
that code is literally worthless and gives you no insight into xigncode.
for above poster: code is very simple and basic C++.
some concepts used...
see the ALLCAPS_THINGS with a | between them? | is "binary or" operator. it is often used to combine flags. the things being combined are all numerical values defined in windows headers.
there's an INPUT structure used, you can see the structure's properties accessed by "."
yeah so basically just go learn any amount of C/C++ and the link should not be hard to understand. win32 functions like sendinput are all explained on the msdn
[MENTION=884772]ROPist[/MENTION] you have a point but shit-posting isn't going help anyone. Nice name though.For anyone else look into d3v1l401's research on xign code 3. I found that it is pretty useful for figuring out xign is doing.
IT'S NOT A BYPASS. Don't ask him or get me involved with it.
cant figure out a bypass but i can defeintly figure out how to inject hacks into ccproxy useing wpe program from a Virtual machine to hack this game problem is all old packets are outdated and not working and when u send a packet it just disconnects u from server.. problem being that either xigncode is running or / detecting the use of BS.. or problem is that gamekiller has deleted all of its tutorials on WPE editing!
Just a fyi: If you don't know what the fuck you are doing don't touch xigncode. My reasons are simple: It logs everything about you; ip, folders, programs, recently used, and more. You might end up on a list that you don't want to be on.
Things we know (could be wrong on a few. Just tell me) :
Suspending won't always be the go to answer for it to work.
Don't do anything stupid in DLLMain. Loader lock.
Detects thread creations.
Likes to be at the kernel level.
Avoid Window APIs
Removing the PE Header used to make dll's to become undetected.
Removing the xhunter1 service used to prevent future detections and dll injection detections.
Hook to NtQueryInformationProcess, NtQueryVirtualMemory, NtReadVirtualMemory, NtQueryInformationThread, NtOpenFile, NtWow64QueryInformationProcess64, NtWow64QueryVirtualMemory64, NtWow64ReadVirtualMemory64 to view anything involving to your dll and xign.
More tricks are being used than with HShield.
Detects LoadLibrary injection, CreateThread, GetAsyncKeyState, CreateFont, LdrLoadDll, LoadLibraryA, LoadLibraryW, LoadLibraryExA, LoadLibraryExW, GetModuleFileName.
Always obfuscate / encrypt your dll.
XHunter1 does a SSDT hook on NtOpenProcess() or they register an callback on the object manager by using ObRegisterCallback(). That means that after the rootkit is enabled xign is able to trace all access you make to the games process.
Checks each module's crc / md5 with a internal list.
CreateRemoteThread can be used.
Xign checks the stack frame from NtUserGetAsyncKeyState
Spoof return addresses after looking into SetWindowsHookEx and GetWindowLongPtr
Use low level keyboard / mouse hooks
for d3d9 use a vtable
Things I would suggest doing instead of peeing on the fire:
Run in a secure vm environment with/without the game.
Unpack, look into tuts4you if you need help.
Try some ROP to get around.
Look for other vulnerabilities. *Mostly kernel.
See if it is doing anything related to other anti-hack software because most have the same logic idea.
Read through key parts in IDA. Rename / rewrite. Use plugins.
Examine SSDT hooks if any.
I've heard that using vtables and or the cheatengine lib @
If you really want to be cheap and lazy take a look at previous xign3 bypasses and rce them to figure out what is going on.
where to downalod bot?
It should be here:
I believe you need a specific number of posts before you can download it. Not so sure.