[Warning] Anti-cheat implemented, stop using any hack/bot (Proof inside)

[scharush]

100% safe mechanism to bypass self scan memory
if (pattern is a hack pattern) {
return no match
} else if (pattern is unknown) {
match1 = scan(exe());
if (match1)
return match1
return scan(currentmemory());
}

first case is in case it's a known hack pattern we wanna bypass, we return not found.
If they wanna check if it can find original poe memory it'll return match1 from a clean exe and last case is in case it's checking for something that is not in .exe at runtime but comes later, we just proceed as it normally would.

Hey Quariasse, are you saying that this peace of code will make hacks such as PoEhud and Gurud's trainer undetectable?
If so, and forgive me for my complete lack of knowledge about programming, but where do i insert this code into?
A detailed answer would be very much appreciated, thanks in advance!

[HvC]

that's pseudo code, it's a way to make code understandable for neophytes, there is no actual working and compilable version of that as far as I'm aware of.
It's mostly there to explain the concept of a possible bypass.

[scharush]

that's pseudo code, it's a way to make code understandable for neophytes, there is no actual working and compilable version of that as far as I'm aware of.
It's mostly there to explain the concept of a possible bypass.

Oh, got it. Thanks for clarifying

[FreadomFighter]

HvC: so... is it actually (mostly) safe to use your version atm or not?
Thanks everyone for all the work btw.

[HvC]

HvC: so... is it actually (mostly) safe to use your version atm or not?
Thanks everyone for all the work btw.

It's as safe as it can be without more info of the AC, it scrambles it's own PE so that in case it does actually check executable hashes and not just names. And I'll keep implementing safety features as we know more about the AC if great people like Ouariasse give us more to work with.

[zzgw]

For what it's worth, they currently embed the anti-cheat system results generated by the checks into the packet that is sent when adding items to another stack, as far as I can tell. I thought this is pretty funny.

[qoika]

Exilebuddy is working again, it looks they found the way:

On January 11, 2015, patch 1.3.0.14 (1.3.0i) was deployed. This patch contained what appeared to be an unannounced cheat detection system for Path of Exile. This would be the first client-sided cheat detection system ever used in the game, so an updated build of Exilebuddy was not pushed that day, and an announcement thread was made to notify users of the downtime. When it was absolutely clear what was added to the client, and conclusive proof backing that was obtained, a second announcement was made to let users know why there would be additional downtime. We are now ready to move forward with the next version of Exilebuddy, but before we do, there's some important information for users to know.

During our downtime, a lot of information has been posted on other forums about the cheat detection system Path of Exile now uses. We cannot comment on others' research, observations, or speculations in relation to how it might/might not affect Exilebuddy. Based on the information available to us, we've made changes to Exilebuddy necessary to provide the safest possible means of botting.

Exilebuddy does not currently modify Path of Exile's cheat detection in any way, shape, or form.

This will remain the case until we are forced to, but no further notifications of this will be made. However, this presents an important issue for users to understand: the continued use of any unauthorized 3rd party software developed without consideration for the new cheat detection system puts your account at additional risk. The following actions are examples of things that can result in your account being banned (at GGG's discretion):
- Loading unauthorized modules into the Path of Exile process space [DLL injection].
- Any Path of Exile code section modifications [Client modding].
- Running unauthorized 3rd party software at the same time Path of Exile is running (regardless if it interacts with the client or not) that has a specific process name or window title [Known cheating programs]
- Allocating memory in the Path of Exile process [Hooks, detours, non-module based stuff, etc...].

As it stands, Exilebuddy is as safe as we can get it, so no other changes to improve its security can be made until the cheat detection changes (which we expect it to as time goes on). It is the user's responsibility to ensure they are not doing anything prohibited by GGG that will be detected by the cheat detection and thus result in their account being banned. We do expect ban reports to increase as a result, but we understand enough about the new system in place to ensure users Exilebuddy is as safe as possible, and there's nothing else to be changed.

During our downtime, we've made some new tools to help assist us with future client updates. Unfortunately, we need to be extra careful with each patch from here on out to try and avoid releasing an update that causes the bot to be detected by the cheat detection. As a result, each patch will most likely see additional downtime, but we'll try to have EB up and running as soon as possible. When there are cheat detection updates, or other changes that affect the bot, we'll most likely not talk about it unless it's something entirely new and users need to be made aware of it.

Users must now rename Exilebuddy.exe/ExilebuddyBETA.exe to another random name of their choice to run Exilebuddy. We're sorry for this inconvenience, but it is now necessary with the cheat detection system in place. Since Exilebuddy supports command line arguments, and users have various programs and scripts in which they need to know the exe name, we cannot generate a random name at runtime and relaunch the bot.

[HvC]

Exilebuddy is working again, it looks they found the way:

If I'm not mistaken exilebuddy was allready external all they needed to do is to change the executable name / file...

[mareot]

Ok so if i understand correctly the path of exile anti cheat is reading computer process and it basicly can detect all your opened progrmas ? But anti cheat is not sending your process data to the GGG servers it just compares your process with anti cheats database ? What will happen if anti cheat tries to read process but it cant read it because i blocked it will that get me flagged ?
Or maybe what will happen if i dont block anti cheat but anti cheat tries to read my process and returns found nothing in process, will that get me flagged aswell ?

[qNxX]

Would copying the memory buffer to a distinct process and reading memory from there help the security at all?

[HvC]

Would copying the memory buffer to a distinct process and reading memory from there help the security at all?

No, open handles aren't currently checked, there's actually no point in doing this since it's not the ReadProcessMemory that's detected it's writing to it and/or commonly used hack names more accurately a hash of the name of an program it compares the crc32 of the program and the one it has on it's blacklist if the crcs match at at least 90% you are flagged, if you write to the memory in a certain specific way (eg: maphack) you are flagged. This is it.

[yumee]

if you write to the memory in a certain specific way (eg: maphack) you are flagged. This is it.

does that mean if I only use poehud for the itemalert and overlay (mobs, strongboxes, exiles, etc) I'm safe(ish)? since I'm not writing anything to the memory (I think?)

[HvC]

There are forks that currently don't write to memory (eg i2um1s or mine) Those are as safe as we can get at the moment.

[yumee]

new patch just went live (1.3.0k), just FYI guys

[irgoto]

Just logged in and seen this.. only tried it out for a few mins lol, i used this just for particals and mobs that was all