MapleStory 2 Full Bypass NULLGameSecurity NGS + CRC (Undetected Cheat Engine)

Discussion in 'MapleStory 2 Global & Europe Hacks, Cheats & Bots' started by revitalizedHackster, Oct 29, 2018.

Discuss MapleStory 2 Full Bypass NULLGameSecurity NGS + CRC (Undetected Cheat Engine) in the MapleStory 2 Global & Europe Hacks, Cheats & Bots area at GameKiller.net

?

Do you appreciate this and want to thank me for it? :)

  1. Yes

    80 vote(s)
    97.6%
  2. No

    2 vote(s)
    2.4%
  1. revitalizedHackster

    revitalizedHackster United States Lurker

    Post Count:
    6
    Likes Received:
    20
    Stats
    This is NULLGameSecurity coded by me revitalizedHackster! So I've decided to publicly release my NGS+CRC Bypass for all to enjoy and to start making some awesome hacks for MS2!
    [​IMG]

    Requirements:
    • Win64 (No win32/32bit version created)
    • It's easy and allows the bypasses' driver module to be loaded unsigned and to patch the necessary kernel areas that make our protected processes invisible to NGS/BlackCipher and also to redirect it's CRC reads to a copy of the memory instead of the real memory.
    • Patchguard disabled
      • UPGDSED will help you easily patch Patchguard out of the picture so we gain a huge advantage over NGS/BlackCipher since they believe they can't work in kernelmode whereas we now can! (even in x64 windows): hfiref0x/UPGDSED
      • KPP Destroyer(an alternative to the above which does it in one click, but probably doesn't work on the most recent version of windows, I use this on win7 and it works perfectly, after enabled when booting just choose the patched kernel and if it works you're good to go! If not just select the regular unpatched one and try UPGDSED instead which should work on newer versions of windows besides 7 and 8:
      • Cheat Engine :: View topic - KPP Destroyer (Patchguard Disabler)
    Instructions:
    1. Use one of the above tools to disable Patchguard!
    2. Launch NULLGS.exe as administrator (It should already enforce it, but you could right click and do it anyway)
    3. (Needs to be done only once) It will launch the 64bit version NtApiTool from .\NtApiTool\PDBReaderx64.exe click okay to let it launch, this will get the required Syscall numbers specific to your version of windows. It downloads them from microsoft's servers debug file information that contains what's needed to easily get them.
      You'll see a black command window while it's happening and it'll look like this once it's done:[​IMG]
    4. Click OK on the message box in NULLGameSecurity once it is complete and it will load the driver and initialize the bypass! Else it will just load and initialize bypass on launch thereafter :)
    5. (Optional) Customize the protected processes list to add more processes to protect from NGS detection, by default it's Cheat Engine, DebugView, and Firefox and itself is always protected even though not listed.
    6. Customize the Unhooked processes list as a text file edit only. I have by default excluded svchost.exe as it caused issues with the newer window style loading on protected programs that you ran after the bypass, and also because firefox for example wouldn't be able to open files or play bluetooth audio so excluding svchost.exe prevents those kind of annoyances. Also explorer.exe is by default immune to the hooks as well so that you can alt-tab to protected processes (other wise it doesn't show up in the alt-tab list lol)
    7. PROFIT!!! :) Load up MapleStory 2 and your protected processes will be completely undetected, and once it says the CRC Bypass is Active! (After about 30 seconds to 1 minute after fully getting into the game) Then you can patch memory freely at will, to your hearts content! So go out there and find some awesome hacks for MapleStory 2! Now that I've given you the tools to do!
    Debugging and debug registers also work beautifully in CE and I'm sure in any program that uses a VEH debugger (make sure to select the VEH debugger in CE before you start debugging)
    CE's driver also can be loaded and it's not detected either! So truly a FULL Bypass for Cheat Engine, and basically any program! Let me know your results and how it works for you!

    Download:






    Donation:
    You can show your support by contributing to my work via Bitcoin Cash / BCH or Bitcoin / BTC
    bitcoincash:qpvs35cgs7chyhmftf0wthlq3nv9vf49qvne4xr0d9
    BTC: 188CS3sPeDrBhDu6TL9BwSFyE61v9ec9Qd

    Screenshots:
    Proof of working: (13:37) 13mins 37secs
    [​IMG]
    To 1:23:37 (1hour 23mins 37secs)
    [​IMG]
    With memory patched and CE open and no disconnects, no client terminates!
    It works :)
     
    Last edited: Oct 30, 2018

    Mr. Ad Advertisement

     
  2. stapled

    stapled Canada Renown Hacker

    Post Count:
    335
    Likes Received:
    183
    Stats
    Very nice! I can't wait to see how the community will grow from here!
     
    revitalizedHackster likes this.
  3. Godsonftw

    Godsonftw Australia The New Guy

    Post Count:
    35
    Likes Received:
    10
    Stats
    i cant seem to get past this. it wont go active
    [​IMG]
     
    Last edited: Oct 29, 2018
  4. revitalizedHackster

    revitalizedHackster United States Lurker

    Post Count:
    6
    Likes Received:
    20
    Stats
    Okay Godsonftw I'm figuring it out right now, but I need your help to do it...

    @Godsonftw I see you have added MapleStory2's exe name to the protected process list... Don't!! do that! lol I should have made it so you can't. MS2's process is not to be protected, the protection is for our processes only.

    Have you tried it without 'MapleStory2.ex' added to the protected process list? And waited a least a minute or so after being in game with your character on any map? Double click MS2's process and click ok to remove it, then hit apply!

    Here's what I'm thinking is happening: Since you protected MS2's process which you shouldn't of, BlackCipher can't read MapleStory 2's memory so you aren't allowing it to make the memory copy of MS2 that it then keeps and is forced to read from within it's own process.

    This it what appears when I load it in DebugView:
    1. It repeats the 'Wrote CRC Bypass enable/disable command" line and the driver "CRC Bypass Enabled: 1, CRCBypass Active: 0 !" lines until the line where It says "ZwAllocate Status: 0, MS2CRCBypass copy allocated at: -> 0x258e0000 in this instance(changes every game instance/game restart), MS2CRC copy made! size: 0x125D037 (which is consistent) and [CRC BYPASSED] BlackCipher.ae [is reading] BlackCipher.ae, Handle: -1 (0xFFFFFFFF aka itself), Address should be the same as where it was allocated at (in this instance 0x258e0000), and size is 0x125d037, and NtStatus should equal 0 for success! Buffer is it's CRC buffer that it's copying from itself into.
    [​IMG]

    Remove MapleStory2.ex from the protected processes list (double click it and hit ok), then hit apply and try it again, and be sure to wait after you get in game so it can be applied first before changing any memory.

    If it's still not working or If you want to see the debugview output yourself, so you can see if there's still an issue, open regedit.exe and add a DWORD to this key:
    [​IMG]

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter -> Right click, new DWORD, named 'IHVDRIVER' and set to value 0xF

    Then get DebugView application and run it as adminstrator each time you run it and first time you run it click the Gear symbol-> Capture Kernel (Ctrl+K) so kernel output is enabled, then restart it again running it as adminstrator and the output will start showing.

    It is possible that you added MS2's process in an effort to try and get it working, when it wasn't working normally, so if I did mess up somewhere and there's a bug causing it not to work, the debug output will help me figure out what could be wrong!

    Thanks! Hopefully it's just that you added MS2's process as protected and not a problem, but either way I'll get to the bottom of it! I should've maybe made it so that BlackCipher could still read MS2 regardless, but I didn't want to help them lol, it's user configurable whether you want protect MS2's process or not, but that means you nor BlackCipher can't access it either... (w/ the debug output) :)
     
  5. nutella

    nutella United States Renown Hacker

    Post Count:
    358
    Likes Received:
    44
    Stats
    wow that was fast! can't wait for hacks :emoji_bow:
     
    revitalizedHackster likes this.
  6. Godsonftw

    Godsonftw Australia The New Guy

    Post Count:
    35
    Likes Received:
    10
    Stats
    hey man do you have discord?
     
  7. Godsonftw

    Godsonftw Australia The New Guy

    Post Count:
    35
    Likes Received:
    10
    Stats
    so i did this and hit Apply.
    [​IMG]
     
    revitalizedHackster likes this.
  8. Godsonftw

    Godsonftw Australia The New Guy

    Post Count:
    35
    Likes Received:
    10
    Stats
    is this the correct thing to do? plus it may be easier for people where the process name is make it a dropdown menu so when people load up the game they can select the correct .exe file
     
  9. vn373498

    vn373498 Vietnam The New Guy

    Post Count:
    15
    Likes Received:
    0
    Stats
    "File does not exist on this server"
    Reup please :(
     
  10. Godsonftw

    Godsonftw Australia The New Guy

    Post Count:
    35
    Likes Received:
    10
    Stats
    yeah the zippy link doesnt work use the one above
     
  11. revitalizedHackster

    revitalizedHackster United States Lurker

    Post Count:
    6
    Likes Received:
    20
    Stats
    Okay, removed the non working link and added more links so there's more ability to get it in case it gets deleted from there or the link just doesn't work for whatever reason. For an update I should make it so that it clearly shows you that the driver is loaded and so it's going to work... At the moment it doesn't have any indicator whether the driver is loaded or not, which it must be for it to work. Still version 1.0 released, I'll post version 1.1 with that made more clear and when there's something else to add or fix to it.
     
    vn373498 likes this.
  12. mazia8987

    mazia8987 Vietnam Informed Hacker

    Post Count:
    52
    Likes Received:
    1
    Stats
    good idea, i still get disconect error when turning on CE
     
  13. Onvoloper

    Onvoloper United States Lurker

    Post Count:
    3
    Likes Received:
    0
    Stats
    I am having trouble with patchguard...
    Patch: Unsupported Windows version.
    Patch: Press Enter to exit
    Is there a patchguard disable for the most current version of windows 10? paid or not? (none of the methods listed above are working for me)
    Can I use iniuria?
    Thank You
     
  14. Perton

    Perton Israel The New Guy

    Post Count:
    49
    Likes Received:
    4
    Stats
    Thanks for sharing :emoji_grimacing:
     
    revitalizedHackster likes this.
  15. xxjvcm

    xxjvcm United States Lurker

    Post Count:
    1
    Likes Received:
    0
    Stats
    Same here, the current Patchguard disablers are not working for the latest version of Windows 10 version(Version: 10.0.17134)
     
  16. revitalizedHackster

    revitalizedHackster United States Lurker

    Post Count:
    6
    Likes Received:
    20
    Stats
    So I take it Windows 7 x64 and Windows 8 x64 users have gotten it to work! :), and it's just win10 users that aren't getting it working due to changes in KPP/Patchguard that have made it not able to be disabled with current publicly available tools :( (due to it forcing updates so basically any win10 users are on the latest version that isn't supported like earlier versions of win10 are)...

    So I have a few options to help win10 users out:
    1. Install latest win10 on my spare computer(I will not do it on my main, and I think I'll pull the wifi chip out just so it can't even attempt to connect to anything, purely offline only), and try to update the patchguard disabler for it. I realize though that even if I'm successful, it could be short lived as MSFT will probably patch it again pretty quickly and it'll only work for a time. That's why patching a solidified version of windows is a better option, even if I do this as it won't change and it'll stay working unlike win10 which is constantly changing and forcing everyone that uses it to accept those changes good or bad.

    2. Use my kernelmode bypass to more easily help me build a fully usermode bypass so that disabling Patchguard won't be required, and then win10 users can enjoy it as well and even anyone that doesn't want to or can't disable their Patchguard for any reason.

    3. Try to figure out a way to make the bypass work without having to disable Patchguard and merely work around it instead... It'll still require you to enable test signing though even if I can figure out a way to load the driver unsigned still, or actually something like the capcom driver can be used to at least bypass signature verification and load an unsigned driver but still Patchguard will have to be sidestepped rather than disabled...

    In the mean time win10 users can if possible use a machine with win7x64 or win8x64 while I come up with one of these three solutions, even if you have to install it on a spare machine or extra hard disk or possibly a vm!

    Okay I'm getting to work on it, along with searching and debugging for some cool hacks in MS2, I'm going for a kami like hack, mouse teleport, godmode, and hopefully even a mob vac! :D
     
    daniel955 and vn373498 like this.
  17. huethanh

    huethanh Finland Lurker

    Post Count:
    1
    Likes Received:
    0
    Stats
    Hi is this all we need or do we need to download something for cheat engine?
     
    Last edited: Oct 30, 2018
  18. daniel955

    daniel955 Denmark Informed Hacker

    Post Count:
    61
    Likes Received:
    12
    Stats
    working great on win 7 sp1 x64. Thanks for your great work
     
    revitalizedHackster likes this.
  19. sabu068

    sabu068 Turkey Lurker

    Post Count:
    1
    Likes Received:
    0
    Stats
    can you make video? you show the features
     
  20. Cam1596

    Cam1596 Germany Lurker

    Post Count:
    1
    Likes Received:
    2
    Stats
    This is not a full bypass. Why don't you prevent NGS from accessing your process list? Only allow maplestory2 instances to be opened. Why manually adding processes to be protected?

    Why KernelMode bypass? This might fuck up your computer. Disabling patchguard is bad and open doors to malware.

    UserMode bypass is more safe for x64 since the target application is a WOW64 Process.

    Simply hook the following WINAPI function from the 64 bit ntdll:
    NtOpenProcess; Block every process id except MapleStory2 instances.
    NtReadVirtualMemory: Feed BlackCipher a clean copy of MS2 memory region when in tries to read MS2 Instance
    NtQueryVirtualMemory: ...
    NtQuerySystemInformation: ...

    Haven't bothered to check this bypass, but it should be run in a virtual machine and see if there is virus like crypto currency bot miner. OP might be the notorious aasdf
     
    explicity and gipal like this.

Share This Page

  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies.
    Dismiss Notice
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies.
    Dismiss Notice