Anti-Cheat Research menu

User Tag List

Results 1 to 13 of 13
  1. #1
    V-X's Avatar Member
    Reputation
    2
    Join Date
    Nov 2017
    Posts
    3
    Thanks G/R
    3/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Anti-Cheat Research

    Hello all,

    Can't seem to find any other discussion or information about the anti-cheat (or detection methods) that they've implemented to detect cheats. So I guess this thread will be used as a place we can centralize our research as to what we've figured out so far and hopefully get a working bypass. (After typing that out I realize it sounds suspicious)

    I sold my own private hack for a while until I got bored of the game and fell off, things like ESP, teleport, auto-harvest, and some other unique features for PVP etc. etc. I have yet to try it this update since I don't feel like wasting my account but I think we should get some things out of the way first like what we know they're doing.

    Confirmed Detected:
    Modification of the camera's field of view:
    Thanks Jadd for the information:
    They include destination vector and interaction target in the Move packet.
    Bypass: Albion max view detection vector bypass. * GitHub
    Loaded Modules Hashset:
    Thanks again Jadd for this one aswell:
    It creates a list of hashed assemblies that are loaded in the game, which is included each time a SelectCharacter and/or ChangeCluster packet is sent.
    PHP Code:
    // aop.a
    public static HashSet<int_assemblyHashes = new HashSet<int>();

    // aq9.az
    public void StoreLoadedAssemblies(EventData eventData) {
        foreach (var 
    assembly in AppDomain.CurrentDomain.GetAssemblies()) {
            try {
                var 
    fileStream = new FileStream(assembly.LocationFileMode.OpenFileAccess.ReadWriteFileShare.Read);
                var 
    binaryReader = new BinaryReader(fileStream);
                
                var 
    assemblyLength binaryReader.BaseStream.Length;
                var 
    assemblyBytes binaryReader.ReadBytes(assemblyLength);
                var 
    assemblyHash Hash(assemblyBytes);
                
                
    binaryReader.Close();
                
                
    _assemblyHashes.Add(assemblyHash);
            }
            catch (
    Exception) {
                
    _assemblyHashes.Add(-1);
            }
        }
    }

    // ara.a
    public static int Hash(byte[] bytes) {
        var 
    hash = -0x7EE3623B;

        foreach (var @
    byte in bytes) {
            
    hash ^= @byte;
            
    hash *= 0x01000193;
        }

        
    hash += hash << 13;
        
    hash ^= hash >> 07;
        
    hash += hash << 03;
        
    hash ^= hash >> 17;
        
    hash += hash << 05;

        return 
    hash;

    Potentially Detected:
    Cheat engine:
    While I haven't seen anyone verbatim say it's detected it's pretty likely, if anyone does any research into this please be sure to comment.


    Any information is useful, so if you know anything please contribute.
    Last edited by V-X; 11-12-2017 at 09:05 PM.

    Anti-Cheat Research
  2. Thanks Jadd (1 members gave Thanks to V-X for this useful post)
  3. #2
    Jadd's Avatar 🐸 Premium Seller
    Reputation
    1511
    Join Date
    May 2008
    Posts
    2,432
    Thanks G/R
    81/333
    Trade Feedback
    1 (100%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by V-X View Post
    Some theorized that they may be doing checks to see if your clicks are outside of view range, I cannot confirm this is the case, but after reversing the game's supporting libraries I didn't come across anything like that in the games input handling routine.
    They include destination vector and interaction target in the Move packet. I have always limited the distance to 10 units and also removed the interaction target if it was further. I've never been detected that way. I modify it directly in the packet before it is sent, so there is no impact on gameplay. Code here.

    There's also this, in case you missed it: Interesting Internal Cheat Detection

    The anti-cheat is really nothing to fear in this game. I generally just check on a throwaway account if there's any new packets being sent in the login process or when I get in-game. Any new detection vector is easy to identify from what I've seen - "what are those weird integers being sent in the SelectCharacter packet?
    Oh, they are hashes of the loaded assemblies."
    Last edited by Jadd; 11-12-2017 at 08:11 PM.

  4. Thanks V-X, Inject (2 members gave Thanks to Jadd for this useful post)
  5. #3
    V-X's Avatar Member
    Reputation
    2
    Join Date
    Nov 2017
    Posts
    3
    Thanks G/R
    3/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the information! However, I'm struggling to find any of the methods you've referenced in your post, searching for even just the Hashset data type doesn't return anything from dnSpy, am I missing something?

  6. #4
    Jadd's Avatar 🐸 Premium Seller
    Reputation
    1511
    Join Date
    May 2008
    Posts
    2,432
    Thanks G/R
    81/333
    Trade Feedback
    1 (100%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    The rename obfuscation has been offset after a couple of patches. All of this hash detection stuff takes place in the Albion.PhotonClient assembly.

    As of 13 November 2017 (patch 1.0.340.102503:
    are -> as9
    aq9.au -> as4.au
    aq9.az -> as4.a2

  7. Thanks V-X (1 members gave Thanks to Jadd for this useful post)
  8. #5
    V-X's Avatar Member
    Reputation
    2
    Join Date
    Nov 2017
    Posts
    3
    Thanks G/R
    3/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah I see now, all the methods are "obfuscated" using reflection, that's why I couldn't find anything, thanks for the update!

    Also, wouldn't a simple bypass for hash detection be intercepting the hash list from a legit client, then just hard-coding the list with the legit hashes once and remove all code that modifies the list?
    Last edited by V-X; 11-13-2017 at 05:53 PM.

  9. #6
    Jadd's Avatar 🐸 Premium Seller
    Reputation
    1511
    Join Date
    May 2008
    Posts
    2,432
    Thanks G/R
    81/333
    Trade Feedback
    1 (100%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by V-X View Post
    Ah I see now, all the methods are "obfuscated" using reflection, that's why I couldn't find anything, thanks for the update!

    Also, wouldn't a simple bypass for hash detection be intercepting the hash list from a legit client, then just hard-coding the list with the legit hashes once and remove all code that modifies the list?
    Yes, that's how I do it. Seems to work just fine.

    Something else you can add to your list regarding detection - in the Login packet the client includes an MD5 of some (not all) asset files hashes sequentially. The hashes are created from the contents of the asset after decryption.

    You can see how the decryption and hashing is done here. I used it for my clientless bot and I haven't been banned for that either.

    Inputs (hash of decrypted contents, file name):

    Code:
    0E 73 2C CE FB 45 FA 41 7B 12 89 5F BD D9 56 19 | gamedata.xml
    F3 D5 F9 9B CE 40 CE 8F F3 53 02 BD E0 01 31 42 | buildings.xml
    F7 A0 DA 64 21 72 E0 A2 8C B2 94 90 EC 39 FF 1A | characters.xml
    5B 5E 16 4A E2 6F 80 88 D2 F8 BB C5 47 A0 1C 62 | mobs.xml
    FB F8 80 8D EF 26 11 AD 9A C4 A0 21 41 B2 6D 5E | spells.xml
    FD 8F 39 9D AB E6 BA 2C 13 A6 4B F0 AD 05 93 A6 | items.xml
    9F A0 EC 1B 18 1A 26 33 E0 4B E1 42 17 E3 C1 6B | accessrights.xml
    6E BF 72 CE 04 3D 4F FF AC 62 C0 B9 31 64 47 26 | worldsettings.xml
    59 3B 75 1F 25 C0 2A 91 79 A4 79 0E F0 2D AD 36 | world.xml
    1A 7B 5E A5 5C EC 9F 18 F5 66 57 42 C6 C2 37 69 | achievements.xml
    58 73 DE B1 A3 46 EF EE 55 6C FD 7D 97 8B 33 74 | agents.xml
    BC E4 B1 BF 6C 79 0D 0B 65 B2 93 08 61 88 F5 4B | factions.xml
    80 F8 1D FD 62 DB E5 31 1E 13 E0 66 C8 37 94 01 | missions.xml
    73 80 41 5D AF 33 4B 41 B3 37 80 10 59 37 27 EA | emotes.xml
    96 02 E0 81 9D F4 93 1D 1D 30 D4 AB 5A 71 7B D3 | expeditions.xml
    4B C3 54 1E D6 3F A9 38 CC 52 99 66 88 E9 70 CC | expeditioncategories.xml
    A2 D8 3F 22 95 BD BF 8F 01 80 43 61 ED 2F 98 E6 | expeditionagents.xml
    2B FF B1 C4 6E D3 83 FB 5B 87 CA A7 89 6A 2E 0F | itemroles.xml
    94 7D F9 8A 0D D1 20 1B C6 A0 64 99 97 AF 96 EF | orbtypes.xml
    D5 41 42 D8 64 62 D2 50 E4 98 6F 2D 52 3B 78 10 | matchtypes.xml
    Output (sent in login packet):
    Code:
    28 0A 40 02 CA 71 3A 65 9C 23 0A 06 FD 37 F6 22
    Personally I never modified the asset files, but if you do make sure you check if the input files have changed after each patch.
    I have not seen the order change but I have noticed that new files have been added to the list between some patches.
    Last edited by Jadd; 11-13-2017 at 07:19 PM.

  10. #7
    Kryso's Avatar Active Member
    Reputation
    40
    Join Date
    Jul 2009
    Posts
    97
    Thanks G/R
    0/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    EffectAreas.LateUpdate contains zoomhack flagging, flag is sent in `CastStart` request

    Code:
    LocalPlayerCharacterView localPlayerCharacterView = GameManager.GetInstance().GetLocalPlayerCharacterView();
    if (localPlayerCharacterView != null && (this.GameCamera.transform.position - localPlayerCharacterView.transform.position).sqrMagnitude > 1600f)
    {
    	if (++this.o > 5)
    	{
    		PhotonClient.GetInstance().t = 3;
    	}
    }
    else
    {
    	this.o = 0;
    }
    Tea and cake or death?!

  11. Thanks Jadd (1 members gave Thanks to Kryso for this useful post)
  12. #8
    noob4ever's Avatar Member
    Reputation
    2
    Join Date
    Oct 2013
    Posts
    10
    Thanks G/R
    0/1
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As my name say im Noob How can i use it? need made exe from github and run, than CE?

  13. #9
    Jazva's Avatar Member
    Reputation
    1
    Join Date
    Aug 2017
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Guys,
    I wonder, why to share all this info to public? Don't you know, that devs also read OwnedCore? (I have evidence.)
    You have your working hacks/zoomhacks/bots etc.? Ok, cool. But don't make their life easier (and my life harder) by posting here.
    Last edited by Jazva; 12-20-2017 at 07:03 PM.

  14. #10
    klukule's Avatar Member
    Reputation
    2
    Join Date
    Jan 2013
    Posts
    2
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    We don't make their life easier, since they already know what anti-cheat methods they use ....

    And as head developer of Merlin I can tell you two rules of thumb.... don't use zoom-hack... and use good injector (ex. Minject, developped by EquiFox, one of our team members) that way you are relatively safe (against automated detection) for example we have no confirmed bans by automated way... only one reported guy
    Last edited by klukule; 12-25-2017 at 05:27 PM.

  15. #11
    AlbionHelper's Avatar Active Member
    Reputation
    19
    Join Date
    Jan 2018
    Posts
    69
    Thanks G/R
    0/17
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Any code modifications are easier to detect. So any injector is detectable.
    Network packets interception is much safer.
    "Unity engine" uses photon protocol.
    Binary Protocol | Photon Engine
    Just decode it.

    I dont see any way to check it.

  16. #12
    super.cleric's Avatar Member
    Reputation
    1
    Join Date
    Sep 2017
    Posts
    9
    Thanks G/R
    4/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey guys! Has anyone tried to check if steam's anti-cheat system for albion release on steam?
    Ill heal the sh*t out of you!

  17. #13
    super.cleric's Avatar Member
    Reputation
    1
    Join Date
    Sep 2017
    Posts
    9
    Thanks G/R
    4/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey guys! alot of people getting ban from fishing bot, anyone has any idea how SBI detecting this?
    Ill heal the sh*t out of you!

Similar Threads

  1. Hooked On WoW - Amazing anti-cheat, * 99% Bug free *
    By Immüñé in forum WoW Emulator Server Listings
    Replies: 0
    Last Post: 07-02-2008, 04:57 PM
  2. Hooked on WoW [ANTI-CHEAT SYSTEM. FUNSERVER & BLIZZLIKE]
    By Exodius in forum WoW Emulator Server Listings
    Replies: 0
    Last Post: 06-20-2008, 03:17 PM
  3. Us Vs Anti Cheat system
    By Wildslayer in forum WoW Emulator Server Listings
    Replies: 0
    Last Post: 06-20-2008, 08:38 AM
  4. How does wow's anti cheat engine work?
    By Netzgeist in forum World of Warcraft General
    Replies: 4
    Last Post: 01-08-2008, 09:15 AM
  5. Techniques to beat anti-cheat
    By mp40stg44 in forum World of Warcraft Bots and Programs
    Replies: 2
    Last Post: 09-29-2006, 10:47 PM
All times are GMT -5. The time now is 08:34 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search