WoW for OSX now Sandboxed???

[NessK]

Code:

Sections for '/System/Library/PrivateFrameworks/AppSandbox.framework/Versions/A/AppSandbox' (x86_64):

Sections for '/System/Library/PrivateFrameworks/AppSandbox.framework/Versions/A/AppSandbox' (x86_64):

[xalcon]

I'm not a mac user so I'm not that much informed about the mac osx sandboxing capabilities but sandboxing is in general (atleast in my opinion) a good thing since it allows restricting access to sensitive resources.

I might misunderstand the capabilities of App Sandbox (or sandboxes in general) but this looks more like a compliance thing to me rather than some anti-cheat measurement, especially since sandboxes dont protect your process from other non-sandboxed processes.

[doityourself]

You can still access the process and read/write with root rights. Root is already required for a long time now on mac to write to the process. So no changes there.

[NessK]

Change anything, it just crashes.

[doityourself]

Change anything, it just crashes.

no it doesnt

[NessK]

no it doesnt

Not really sure how to respond to your 3 word quote here buddy. I have been looking at this for some time and just throwing 'no it doesnt' out there is counter productive.

I can fully see Beta BFA and all its lovely memory. Everything looks normal. If I use BitSlicer (or any other memory read / write program) and try to attempt to make a change (lets say 77 to EB on a single address), about 5 seconds later WoW crashes. So if your saying that you are able to do something like this and not have it crash, I am all ears.

Not trying to start an argument, just trying to solve this issue or least understand the issue.

Thanks.

[DarkLinux]

I think he is getting at the point that it's not crashing because its "Sandboxed". In the Windows version of WoW, they do checks on the image. I would think its the same for the Mac client. So its more of a general wow anti-tamper problem, something not exclusive to mac. I would also guess that king48488 has bypassed this.

[sbn666]

It crashed even if you do not alter anything. Attach bit slicer and add a random breakpoint and just resume when it's hit will crash wow. I tried doing this and it just crashed the game.

Code:

class Script(object):
    def __init__(self):
        debug.addBreakpoint(0x1016F6965, self.resume)
    def resume(self, instructionAddress, registers):
        debug.resume()
    def finish(self):
        debug.log('Cleaning up..')

If there's a way around this I'd love to hear more as well.

[DarkLinux]

Is that a software breakpoint? I would think they have anti-debugging protection. Not a mac user or I would check.

[sbn666]

instruction breakpoint. Tried using lldb adding a hardware breakpoint like this:

Code:

(lldb) breakpoint set -a 0x1016F6965
Breakpoint 1: where = World of Warcraft`___lldb_unnamed_symbol60175$$World of Warcraft + 1829, address = 0x00000001016f6965
(lldb) br com add
Enter your debugger command(s).  Type 'DONE' to end.
> continue 
Process 10636 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x0000000000000000
error: memory read failed for 0x0
Target 0: (World of Warcraft) stopped.

As you ca see it crashed as well.

[NessK]

I think he is getting at the point that it's not crashing because its "Sandboxed". In the Windows version of WoW, they do checks on the image. I would think its the same for the Mac client. So its more of a general wow anti-tamper problem, something not exclusive to mac. I would also guess that king48488 has bypassed this.

Been on this for a few weeks now and if King48488 has any hints as to how to bypass this I am more then all ears. The subject has been non existent everywhere I have looked..

[culino2]

Been on this for a few weeks now and if King48488 has any hints as to how to bypass this I am more then all ears. The subject has been non existent everywhere I have looked..

I'm currently not working with WoW anymore (waiting for their app update and classic ), but some decades ago it was exact the same with warden, you haven't found any information on how to bypass this shit, you've only found some cool names like cypher, kynox, harko etc. until some guy made the first patterns public. People kept posting offsets and how to detour warden like they learned it on their own. Idk why, but people are very paranoid when it comes to stuff like this. Not to mention Blizzard was usually super lazy back then, just don't blame the warden guy and you're fine.

Don't get me wrong, it's not nice to reverse the crap for other people, warden is nothing against this, so I can understand King if he's keeping stuff private but only posting 3 words makes no sense at all. I still love his work, though,

I would love to tell you more but I never faced any problems on windows, the only thing I had to update in my hack was the manual mapping crap. My account is still alive since cataclysm, even if I've used some cool exploits \o

[doityourself]

I'm currently not working with WoW anymore (waiting for their app update and classic ), but some decades ago it was exact the same with warden, you haven't found any information on how to bypass this shit, you've only found some cool names like cypher, kynox, harko etc. until some guy made the first patterns public. People kept posting offsets and how to detour warden like they learned it on their own. Idk why, but people are very paranoid when it comes to stuff like this. Not to mention Blizzard was usually super lazy back then, just don't blame the warden guy and you're fine.

Don't get me wrong, it's not nice to reverse the crap for other people, warden is nothing against this, so I can understand King if he's keeping stuff private but only posting 3 words makes no sense at all. I still love his work, though,

I would love to tell you more but I never faced any problems on windows, the only thing I had to update in my hack was the manual mapping crap. My account is still alive since cataclysm, even if I've used some cool exploits \o

Well since 7.3 you have to do a bit more stuff even for windows. It's not warden but their obfuscation/protection now. But you can still get around that. LIke 2-3 weeks ago they also added a protection against direct binary patching of the .text section.

But it's not hard to do memory patching because there are not many protections for that;

[WiNiFiX]

I know its semi-off-topic, but i think it goes well in this chat - what sort of things do your guys private bots do? (no I dont want to buy them / bug you about them) - purely curious how others pass the time - for now pixels still do what i need for rotations.

[doityourself]

I know its semi-off-topic, but i think it goes well in this chat - what sort of things do your guys private bots do? (no I dont want to buy them / bug you about them) - purely curious how others pass the time - for now pixels still do what i need for rotations.

I dont do bots. I don't like them