Can we bypass Hackshield?

[alcor75]

Hello.

Is anyone able to bypass Hackshield somehow? i want to dig the client with Cheatengine, and later code some tools (C#), but Hackshield is defeating me atm.

So i was wandering how you fight this battle?

Hope someone want to share some info.

/Bow

[Alfalfa]

From what I've read, which is not much, is that to it's much easier to just edit the game files instead of memory editing because bypassing hackshield is far from trivial. It communicates with their server and if you disable it they'll know you stopped communicating, so you'd have to fake that or something.

[Miksu]

Hello.

Is anyone able to bypass Hackshield somehow? i want to dig the client with Cheatengine, and later code some tools (C#), but Hackshield is defeating me atm.

So i was wandering how you fight this battle?

Hope someone want to share some info.

/Bow

There is some info about bypassing Hackshield on MPGH, you should check there =)

And here HackShield - UnKnoWnCheaTs Game Hacking Wiki

[alcor75]

Tnx to both for the info, Miksu, that helped me alot tnx wery much repping you.

[Miksu]

Tnx to both for the info, Miksu, that helped me alot tnx wery much repping you.

No problem and thanks for you too!

[sullx]

I have made many many hacks and have a breadth of experience with c++, but have only recently started trying to bypass anticheats, and I have to say, this version of Hackshield is a huge pain. In general, it's much easier to hide your hacks, than it is to bypass hackshield for all the reasons stated above. But this version of HS is fairly advanced. For instance, after a clean system restart, if I use OpenProcess on some trivial application, like notepad.exe, then close my notepad hack and notepad. Then I open archeage (and therefore Hackshield), Hackshield will close archeage with an error after about 15 minutes indicating something is wrong. I have checked and in these instances Eaglex64.sys (the HS driver) was not running on the clean restart. This is very confusing as HS was not running when I called OpenProcess, and I didn't even use the function to open archeage.

I have figured out a way to disable some of HS's protection, which allowed me to develop some flying + teleport + speed hacks, but unfortunetly until I defeat HS completely, I have to restart archeage every 30 minutes or run in a VM.

***edit***

If anyone experienced with bypassing anticheats (or a team working on an AA hack/bot) is looking to team up with a seasoned c++ programmer and intermediate reverse engineer, let me know. I can send you my resume and some hacks I have put a lot of time into

[yorki]

I have made many many hacks and have a breadth of experience with c++, but have only recently started trying to bypass anticheats, and I have to say, this version of Hackshield is a huge pain. In general, it's much easier to hide your hacks, than it is to bypass hackshield for all the reasons stated above. But this version of HS is fairly advanced. For instance, after a clean system restart, if I use OpenProcess on some trivial application, like notepad.exe, then close my notepad hack and notepad. Then I open archeage (and therefore Hackshield), Hackshield will close archeage with an error after about 15 minutes indicating something is wrong. I have checked and in these instances Eaglex64.sys (the HS driver) was not running on the clean restart. This is very confusing as HS was not running when I called OpenProcess, and I didn't even use the function to open archeage.

I have figured out a way to disable some of HS's protection, which allowed me to develop some flying + teleport + speed hacks, but unfortunetly until I defeat HS completely, I have to restart archeage every 30 minutes or run in a VM.

***edit***

If anyone experienced with bypassing anticheats (or a team working on an AA hack/bot) is looking to team up with a seasoned c++ programmer and intermediate reverse engineer, let me know. I can send you my resume and some hacks I have put a lot of time into

Contact me yorki dot ogame at gmail dot com.

[sullx]

Contact me yorki dot ogame at gmail dot com.

Sent you an email.

[darkkinght]

Sandboxie helps

[mithra0xE8]

Hey Sullx or Yorki,

If you're still working on this and need a partner, I'm working on this actively.

So far I've been able to get my dll injected, dump the relevant game dll to disk and bring it into IDA.

The problem I'm running into now is when my dll modifies the game dll, HS sees the changes far too quickly.

If I could defer detection at least 1 minute, I can do what I need to figure out where the packets are going out.

Tonight I've been playing around suspending threads but not having much luck.

Anyway I'd to collaborate on AA if either of you are interested, let me know!

drath88 at yahoo dot com.

[Ehnoah]

There was a way to disable, but since XLGames used a new Hackshield Version, it seemt for the most russian even, impossible. Not sure, how this act now.

But emulate the Package sent to Server was easy during a long time.

[mithra0xE8]

My thought is that if you can at least get your injection done and that isn't being detected, then you're at least in the game when it comes to the rest. When I write changes to monitored code, the changes get detected within a certain interval, but if I can do what I need and REPAIR the code, then I may not get kicked. And even if I DO get kicked, maybe it was enough to do my bug and so whatever. I'm not looking to create a public bot or create sustained changes in code, but rather figure out if I can do X in the code at Y, then get in and get out quick and not worry about HS or its behavior. But presently I think if I had a way to even delay detection for 30 seconds it would be immensely helpful because at least then I can test.

[archlord12345]

Hackshield can be bypassed. this program is stupid

[sullx]

Hey Sullx or Yorki,

If you're still working on this and need a partner, I'm working on this actively.

So far I've been able to get my dll injected, dump the relevant game dll to disk and bring it into IDA.

The problem I'm running into now is when my dll modifies the game dll, HS sees the changes far too quickly.

If I could defer detection at least 1 minute, I can do what I need to figure out where the packets are going out.

Tonight I've been playing around suspending threads but not having much luck.

Anyway I'd to collaborate on AA if either of you are interested, let me know!

drath88 at yahoo dot com.

Sent you a PM and an email.

[denk123456]

I am paying alot of money for someone who can show me some stuff or create me a personal hack. im talking about 2000 usd or euros. This is no joke.