-
Member
Black Desert Online XignCode Detection
Hello all,
so far I have been working on a private bot for this game for fun and learning purposes and even coded a C++ launcher and injector which works fine when not hooking into anything or modifying anything.. When I do that my .dll is detected, when it doesn't do anything and is just injected it isn't detected by xigncode at all and even when it is being detected it takes anywhere from one minute to five minutes before it gets detected and terminated by xigncode.. I was wondering if anyone knew on how to bypass the detection? From what I can see from that pyx.bdo.dll it doesn't seem to be disabling xigncode and the same can be said with mmoviper, so what I am assuming is my hooking method is what is getting detected.
Does anyone know anything that can help with avoiding detection for this game?
Thanks in advance!
Note: not asking to be spoonfed, just some pointers!
Update:
Here is todays update dumped xigncode x3.xem for analysis if anyone is interested.
https://drive.google.com/file/d/0B3R...ew?usp=sharing
and here is virustotal link:
https://www.virustotal.com/en/file/8...is/1460603008/
and if anyone wants me to dump the .exe's just ask.
Code:
___:0040442E loc_40442E: ; CODE XREF: ___:004043FFj
___:0040442E 8B 0D FC 1B 2D 02 mov ecx, dword_22D1BFC
___:00404434 8B 11 mov edx, [ecx]
___:00404436 8B 42 08 mov eax, [edx+8]
___:00404439 FF D0 call eax
___:0040443B 6A 00 push 0
___:0040443D 84 C0 test al, al
___:0040443F 75 2B jnz short loc_40446C
___:00404441 68 5C A1 A4 01 push offset aFail ; "FAIL"
___:00404446 68 7C A1 A4 01 push offset aFailedToInitSe ; "Failed to init security."
___:0040444B 6A 00 push 0
___:0040444D 90 nop
___:0040444E E8 FD BA AE 74 call near ptr 74EEFF50h
___:00404453 33 C0 xor eax, eax
___:00404455 8B 8C 24 24 01 00 00 mov ecx, [esp+124h]
___:0040445C 64 89 0D 00 00 00 00 mov large fs:0, ecx
___:00404463 5F pop edi
___:00404464 5E pop esi
___:00404465 5B pop ebx
___:00404466 8B E5 mov esp, ebp
___:00404468 5D pop ebp
___:00404469 C2 10 00 retn 10h
Last edited by Ryse933; 04-13-2016 at 10:08 PM.
Reason: Update
-
Originally Posted by
Ryse933
Hello all,
so far I have been working on a private bot for this game for fun and learning purposes and even coded a C++ launcher and injector which works fine when not hooking into anything or modifying anything.. When I do that my .dll is detected, when it doesn't do anything and is just injected it isn't detected by xigncode at all and even when it is being detected it takes anywhere from one minute to five minutes before it gets detected and terminated by xigncode.. I was wondering if anyone knew on how to bypass the detection? From what I can see from that pyx.bdo.dll it doesn't seem to be disabling xigncode and the same can be said with mmoviper, so what I am assuming is my hooking method is what is getting detected.
Does anyone know anything that can help with avoiding detection for this game?
Thanks in advance!
Note: not asking to be spoonfed, just some pointers!
Maybe search for wherever xigncode is loaded and find/hook whatever scanning it does? That is how they bypass Warden from Blizzard.
EDIT: A starting point might be to find the code that is forcing the game to exit.
-
Post Thanks / Like - 1 Thanks
Ryse933 (1 members gave Thanks to Sychotix for this useful post)
-
Contributor
-
Post Thanks / Like - 1 Thanks
Ryse933 (1 members gave Thanks to Miksu for this useful post)
-
Originally Posted by
Miksu
dude can you free up some PM space? tried to reach you but couldnt
Regarding Xigncode bypass and packet editing / use of simple CE in BDO
I am currently on this game and cought the info that this game is really easy to alter and manipulate, since pretty much everything happens clientside. And that you can even use CE for it.
My "problem" is that I have never ever got into any detail regarding code of anything greater than producing a "Hello World" in cmd.
I have an easy time to learn quickly once I catch interest. But if not, gone. So I want to take this opportunity, possibly for even greater things one day, to bypass XIGNCODE in this game.
Would you please be so kind and help me out with basics on how to bypass this anti-cheat system?
What do I need in programs?
I have read alot about it, downloaded also a few like x64dbg, wpepro0.9, proxifier .. following this small guide here http://www.********ers.com/forum/bla...iting-bns.html
Also wwwc in that forum was so kind and contribute with a file/script/dump of current x3.xem + xcorona.xem via UnKnoWnCheaTs - Multiplayer Game Hacks and Cheats - XINGCODE3 dump
Also I have found this wiki about AVA's Xigncode Bypass XIGNCODE3 AVA - UnKnoWnCheaTs Game Hacking Wiki - Is that usable for BDO?
It seems like many things are really open to the public, when you catch the pieces and put them together
Can you help? To make this as directly as possible
I appreciate it greatly, PM me anytime
-
Member
Originally Posted by
crunk001
dude can you free up some PM space? tried to reach you but couldnt
Regarding Xigncode bypass and packet editing / use of simple CE in BDO
I am currently on this game and cought the info that this game is really easy to alter and manipulate, since pretty much everything happens clientside. And that you can even use CE for it.
Ehh what are you on about ? you cannot use CE for BDO without bypassing some XIGN detection as of now AFAIK
-
Originally Posted by
Astran.Gold
Ehh what are you on about ? you cannot use CE for BDO without bypassing some XIGN detection as of now AFAIK
"afaik" is not enough my friend
-
Post Thanks / Like - 1 Thanks
Astran.Gold (1 members gave Thanks to crunk001 for this useful post)
-
Member
Originally Posted by
crunk001
"afaik" is not enough my friend
Afaik comes from hours of search on this particular matter. I have renamed process, window title and window class, process description and so on from the Cheat engine executable, also have altered some hex manually and have tried various other CE version but it remained detected all along which is why I am surprised.
Would you post a link to a viable CE version (if not, would you give me a hint ie did you compile it yourself after some modifications?)
thanks!
Last edited by Astran.Gold; 05-30-2016 at 06:40 AM.
-
Originally Posted by
Astran.Gold
Afaik comes from hours of search on this particular matter. I have renamed process, window title and window class, process description and so on from the Cheat engine executable, also have altered some hex manually and have tried various other CE version but it remained detected all along which is why I am surprised.
Would you post a link to a viable CE version (if not, would you give me a hint ie did you compile it yourself after some modifications?)
thanks!
no I dont even use CE I am just finding a way to navigate around the XC at the moment, info is really scarce. Have you found a way around it? I do have found multiple coding sites who were on or still are on the current bypass of XC. can write via PM iv you want
-
Member
Originally Posted by
crunk001
no I dont even use CE
I am just finding a way to navigate around the XC at the moment, info is really scarce. Have you found a way around it? I do have found multiple coding sites who were on or still are on the current bypass of XC. can write via PM iv you want
It is actually easy to bypass xigncode.. I was able to fix that emulator after unpacking xigncode and the game client. I am already making a bot for it, found all inventory data, skill info, equipment etc. All that is left is to code all logic of bot so it actually does everything.