Separate names with a comma.
Discussion in 'MapleStory 2 Global & Europe Hacks, Cheats & Bots' started by revitalizedHackster, Oct 29, 2018.
Discuss MapleStory 2 Full Bypass NULLGameSecurity NGS + CRC (Undetected Cheat Engine) in the MapleStory 2 Global & Europe Hacks, Cheats & Bots area at GameKiller.net
i reconize your name, you’re an old hacker back in the days Huh?
It could be possible he's the real one yes, MS2 is seeming to have people from MS1 to have another go at it! :)
Hi Cam1596 thanks for your criticisms, the criteria I was using to call it full is that is bypasses both detection of your cheat tool and detections of patches you make to the game, so if it does both of those then it's more full than if it only does one of them.
Why kernel mode, why not only allow ms2 to be opened...,why not prevent from reading any process? Because it's a system wide hook, so preventing every process from being opened by any process wouldn't be a good thing. So it instead prevents any process from opening your list of protected processes. It could be made specific to it's detector process name, and only then could you block opening everything except MS2 (which it at the very least needs so that it can read its memory for the crc check). If that'll still work then I guess I'll make the usermode version (that's the option I pretty much chose for having win10 support) like you say and block every process except ms2 from being opened by it. The process names are actually visible though they just can't open the processes to read their memory to be certain it's actually that process.
You pretty much stated my nearly exact methods except swap the NtQuery's for every window locating api... Cam it's not enough to just protect the detectable process from being opened but also to prevent their windows from being found either. The three syscall RVAs that are then added to user32.dll's base and then the syscall index extracted from there, are the three apis that can be used to prevent your application to protect's windows from also being seen, as that'll cause detection just the same as if they can read your processes memory. (Only two of those three are actually needed to be hooked currently, but I had the third anyway in case they switched to using enumwindows instead of findwindow it would still be covered :))
My KerneMode code is good though, so it's not going to fuck up your computer! lol. And hey I wanted to bypass NGS and it's CRC by any means necessary so even going so far as disabling Patchguard entirely was worth it! Patch Patchguard early before it even starts, to enable you to keep patching as much as you want ;)
I did it to gain ground over MS2, but you're right now that I know what it takes to get around it the fully usermode version won't be too difficult. Just do the same thing that it's doing now except in usermode, so it also won't be system wide but just specific for the processes that need it, NGS's processes. So a KerneMode bypass is/was still worth doing even if you only do it, to know exactly how to build the usermode version. :)
SO i have started to get disconnects every 5/10 minutes after i run CE. Everything is working and patched as in your guide.
Would love to know what did you do to stay in the game for 1hr+
I wrote a market sniper by finding the pointers while it closes every 2 minutes lmao (before you released this) THANK YOU
So can anyone verify this is working yet?
I have an issue on Windows 7, where the driver cannot be loaded since it is unsigned. I have already patched Windows as well as enabled test loading.
Hi, is it patched ? I don't want to take the risk of disabling patchguard if the bypass doesn't work, thanks for the answer.
Since I can't post links yet, if you search for "hfiref0x" on github you'll see "UPDGSED" in their repository and will most likely be taken to the "master" branch where the older version is. If you click on the drop down menu where you see "master", you'll see a branch option called "dev", which is where they have posted an updated version of it that worked for me.
I downloaded this updated version on github from the original programmer's repository. Ran it after disabling SecureBoot and it ran with no issues. Hope this helps!
Has anyone made any hacks to use with this yet? :D
Any idea when your gonna be able to use this on windows 10?
Ok now how can i remove it ?? because it didn't work for me and i keep getting ( Error D000 ) while disconnecting every 1 minute or so .. help me please :D
From my understanding and experience, this hack no longer works. I went through all the steps in November and had it working until the next day. My guess is that Nexon got wise as the day that the hack stopped working is the day an update came out.
The files are clean; both exe and sys. The sys driver is pretty straight forward.
1) The sys crc tries to find the right processes (blackcipher and maplestory2) and it just redirects the clean ZwAllocateVirtualMemory output on NtReadVirtualMemory.
2) The sys hooks are ZwOpenProcess, NtReadVirtualMemory, NtUserQueryWindow, NtUserBuildHwndList, and NtUserFindWindowEx and does exactly that.
3) The exe is just sketch large because the resources were never compressed (big ass image). Also, both the exe and sys were not optimized at compile time so there is a mix causing some bloat.
@VViener nexon is currently still in a data collection phase for this game so they are holding back on some of the settings. Also, they are collecting more identification information that isn't protected by this. So, yeah as Cam states, it didn't include all the methods needed to prevent snooping. Cam did list some of the ntdll functions needed but there are a few more. I'll get around to providing a research info dump eventually.