Holograms?

Just a quick post this time since the last post was pretty damn long.

First off, Holographic displays. Most instances of this seem like science fiction out of Star Trek or Star Wars. Suprisingly this technology is very close to being perfected and becoming science fact.

There are a slew of different companies trying to create a good hologram. The Physical Oprics Corp. is one such organization. Written in 1997 there was a document by an MIT student, working for IBM, explaining the theory and possibilities of it all.

Suprisingly the best and closest to an actual hologram, in my opinion, is a company that claims it's not a hologram at all but rather the Heliodisplay. Just check out some of the videos on the site and you'll see what I mean...I need one of those.

Thats all, like I said, short one. Just wanted to rant.

AK

The creation of a hack

Ok, this will all in all, detail an email conversation I had with someone directly quoting pretty much all of it. Someone, I will withold the name of the person due to legal stuff, asked me through an email about Hackshield and how they would go about hacking it. I didn't know what game they were using till about half way through, which was KAL online, but with my previous experience in hacking I tried my best, I don't know if any of this'll be useful but there's a lot of crap information out there.

User:
hey, i ran across your blog when researching bypassing anti cheat software, and i noticed that you know what youre talking about. well me and my friend have been looking for a way to disable or bypass hackshield ( similiar to punkbuster) a friend we met along the way said he had disabled hackshield by using breakpoints and that it is the same with punkbuster, he wanted to keep his knowledge private, even after being offered money. if you could help us out in away way i would be very grateful

Me:
Well ----, I haven't personally had any experience dealing with hackshield but if it does work like punkbuster then it should be quite easy to bypass. Upon getting your email I started doing some background research as to how hackshield actually works but without a game that it runs directly with I'm not completely sure how it would work during gameplay. With punkbuster it actively scans all new users as well as scans all active users every 30-45 seconds depending on how the server is set up. One of the biggest exploits I found with punkbuster is that it doesn't scan for certain things. The games associated with punkbuster are largely open_gl based games so it directly scans those files. Create a hack that isn't based in open_gl, say scripts skins and root files, then you don't have to worry about it being picked up.

getting around it as best possible

I know this is a long shot but if you happen to be on a 64 bit os then hackshield won't register on the machine. Then you can change the opening command of it slightly, this is where some scripting history comes into it, to still register as working but since it's a 64 bit os it won't scan properly thus always send back a response of the all clear. The type of scripting you'd need would probably, not completely sure I've just tinkered with the base files, be some kind of file relation mechanism.

"main file"
{
{
hackshield/main/user/objection

.???
Gen identity
}
}

Here is where your personal scripting would come into play. You'd have to type up something to trick the program. This should be easy enough...simply take the base file and make a copy of it. Now modify the copy keeping the base file in another folder. This will be your gateway to it all, trial and error, read through the program code a few times...print it out, highlight through it...etc.

As for Breakpoints, they're simply parts of code that tell the debugger to stop the program when it reaches a certain point. It is possible to bypass it using breakpoints, but it would work much better if you use the #if command, something like
"
#if_key_bob (don't forget to make Key = bob)

goto_(or extern in some programming) #1337

#else

#end

#endif
"

This should allow you to skip certain parts of the program itself rather than just stopping because if there is no response from the user side of it then there's a problem and you're caught. This way you can at least send something in game and not have a problem with the uptake.

I hope this helps ya...if you could tell me the name of the specific game/mod/version you're working with I could see what all I could do.

p.s. Have you been to the hackshield website? It's kinda creepy...a anti game cheat based program and the pics of the people are all happy and giddy in the workplace. They're not supposed to play games at work.

User:
lol i have been to the website, its pretty funny for a antihacking site, looks more like a ISP website or something, the game is called kalonline ( www.kalonline.com ) and hackshield is integrated with the game and the server, there are 2 international servers that you can connect to. im not sure if u read around on the site but it says that hackshield only works where every client connects to the same server, so it can check up on itself im assuming.
all the info you provided is VERY helpful and im extremely thankful. im not very familiar with scripting,packet editing, programming and that type of thing, but i will research what you have told me. the main thing we would like to do in this game is be able to kill the monsters in 1 hit , i asked some of the people that used the 1 hit hack before hackshield and some told me it was editing the .dat files which i uploaded a while ago (here is a link if you want to check them out, these are now in (Edited Out This was a link to files of his) and its passworded since hackshield (Edited Out This was a link to files of his)
and some said it was .dll files that edited the packets. (the file that contains weapon info is in Config / inititem.dat (i used Kode to view the .dat files, im sure you have this or have heard of it, but here is a link just incase (Edited Out This was a link to files of his)) i will most likely have the files
from the 1 hit hack shortly, so we can see how it was done. thanks again for your help

im running windows xp pro 32 bit, i would only need 64bit if i was going to do what u said about chaning the way it loads?

Me:
Yea, if you had a 64 bit processor and the opperating system modification to go with it for that to work. Then you'd just have to script the beginning again, or at least thats the way it looks in the programming but I don't see it staying like that for very long, I figure the next update that comes out will take care of that.

From the sound of this anticheat it works very oddly compared to punkbuster. I don't know if this is useful but....http://downloads

.hackingsource.net/index.php?act=view&id=112.... that is a good site that is ran by a friend of mine and there's a premade speed hack...for some reason my computer won't open the files within it, I think because it's a visual basic based/created program...I hate that, anyway I pissed around with it and a personally hacked version of KAL. The fact that this game was created in Korea helped in my personal hacking of it as the coding style taught there is very easy to decode and work with.

As I look through random other hacks associated with this game most of them are with selling something. There are a suprising number of people who hack at the game, I used a code viewer, a program that allows you to see what code has been sent by other NPCs as well as other players in the game, and I realized a lot of discrepancies in their code. The code viewer can also be seen as a cheat as you can see what buttons the opponent are pushing and respond to them and yatta yatta yatta.....

Anyway, I'm still checking up on it all, just wanted to give you an update...

User:
i have a modified cheat engine , which i think i can inject dll's into the game. i can change the cooldown on items and attacks to 0 , and i can give my weapons infinite range and speedhack as fast as i want with the memory editor. i talked to the guy who made the 1 hit hack and item creation and he said that he stumbled upon GM functions when he was going thru packets, with gm function you can create any item like custom weapons that are strong enough to kill the monsters in 1 hit. he said he disabled hackshield by "kernal threshold" or something, i cant recall that well because i forgot to save the conversation, he said he has a hack program that he can create geons (ingame money) and other items. the game uses a storage system where you can put your items in, they also have the option to pay for things with cash , like onetime use items, a friend said that you can create items that way. i have a amd x2 4400 processor and i have the dual core processor driver, i have 32 bit windows tho , would your method still work for me? thanks for all the help. we have many people and friends working on this lol. what time zone are you in? im in southern california (pacific time)

Me:
I'm in West Virginia Eastern Standard Time...As for changing your windows, if it is windows XP, there is an update you can download that will allow you to use your processor in it's 64 bit state. Once this is done you could probably easy hack the game. As for the kernel threshold I don't see how that could play into it at all, I'm not saying it doesn't I'm just saying I don't know how it would. I'm suprised the memory hacking isn't picked up by the anticheat program, since that's the case you should be able to search for the variable strand that is your attack power, this should be easy as it changes depending on which weapon you modify...Attach a stronger weapon and the variable goes up, attach a weaker one and it goes down. Simply figure it out and change it to whatever the cap on dammage is then lock the variable so no matter what weapon you use will work. You can do this with speed and defense as well. This would be the easiest way to do it.

User:
i narrowed it down to 770 addresses, and found 3 significant ones. they didnt change anything , except after a about a minute of changing the values the game crashed

Me:
if the game crashed then it wasn't the right variable. There should be 2 variables that are the same thing yet in different locations. One of these is the attack. If you know your actual attack power you could try to type it in and search those specifically as you change them. This should allow you to narrow it a lot faster. The reason there'll be 2 variables is that one will be the attack that is displayed to you and the other variable is the attack's actual power. If there's a way to scan people's power on the game this could come in handy. Set the display really low and the actual attack really high. Take em by suprise.

User:
lol yea, i think that attack damages are server side and that it randomly chooses how much damage you do , but i will try this again. i would think that this would have already been done if it is possible, health points and mana points are all server side, you can change them client side but it doesnt have any effect

Me:
well there's the base attack plausible which should be userside...thats the number from which the server determines how much damage to do...and there's the final which is server side...which is how much damage is delt

User:
i found the attack point and changed the minimum attack and max attack. there was only 1 address which is the one shown on my screen , correct?

Me:
There should be, I'm not completely sure as I'm not doing this along with ya, just thinking it through when I've done it before. For safety reasons I'd set the minimum about 10-15 points lower than the maximum...you can still set both amazingly high, just have a little buffer there.

User:
yea it didnt change anything, do you think it would be possible to send hitpackets over and over? they are timestamped tho, is that hard to get around? oh also. have u installed the game or looked around in the files i sent u?

Me:

I downloaded it off the website and (plead the 5th). I didn't look through the files you sent but rather tried to work without an outside influence.

As for getting around the timestamp you probably wouldn't have to, you could probably just spam with hitpackets and not worry about it.

User:
how did you (plead the 5th again).

as far as i know dll hooks and packet editing is the way to go with this game, at least thats what ive been hearing. i think ive done nearly all i can do with this mem editor so far, except to give myself infinite buffs

oh also, could you tell me how to disable punkbuster or bypass it? is it an exe?

Me:
well (pleading the 5th again)...lol

disabling punkbuster is easy, I simply made a hack that isn't open_gl based as thats what punkbuster works with. It does check cvars in game but I basically made a independant packet that works seperately from it all.

I think I've helped all I can with the hacking of this...I wish you luck with your hacking/cracking exploits. If I come up with anything else I'll be sure to let you know.

User:
did you ever find a way to disable hackshield? and do you think there would be anyway i could (protecting the user here)? sry if i have started to bug you lol, i know how it is when you are bombarded with questions. (protecting the user here)

Me:
disabling hackshield isn't an option. Upon disabling hackshield it would kick you for non-respondance or something similar to that. As for the (protecting the user and pleading the 5th again)

Ok, this is basically it. The rest of the conversation is the kinda trouble you can get into if you do the wrong thing the wrong way. I just wanted him to be clear on the consequences of his actions. Remember, never break the law. If you're simply testing game security in an effort to increase your knowledge thats fine, but don't try to make money off anything or something like that.

Thank you random person for the stuff I could use on the blog, I did my best to keep everything remotely related to you a secret. good mojo.

Hackshield, I came to the conclusion that you suck allowing simple value adjustment bypass your security.

Punkbuster, you suck just as much cause...well...your security sucks, my 1 gig jump drive has more security on it than your system.

Any more questions email me or post em...thanks

AK