Anti-hacking

KLKS · Post by **KLKS** » Sun Oct 23, 2005 9:53 pm

my advice on this, use a stream chipper on incomming and outgoing packets then pack the client with armadillo. armadillo wont allow memory patches and i know of only a few people who can fully unpack armadillo at max protection.

Post by **charlie** » Sun Oct 23, 2005 10:00 pm

#unpackers on efnet?

jk's

Jaap · Post by **Jaap** » Mon Oct 24, 2005 10:54 am

KLKS wrote: my advice on this, use a stream chipper on incomming and outgoing packets then pack the client with armadillo. armadillo wont allow memory patches and i know of only a few people who can fully unpack armadillo at max protection.

packing the client too much can cause some players to not be able to load the executable.

RageIlluminati · Post by **RageIlluminati** » Mon Oct 24, 2005 12:25 pm

KLKS wrote: use a stream chipper on incomming and outgoing packets

what is stream chipper? how to use it.. from where can I get it?

KLKS · Post by **KLKS** » Tue Oct 25, 2005 12:19 am

Jaap wrote:
KLKS wrote: my advice on this, use a stream chipper on incomming and outgoing packets then pack the client with armadillo. armadillo wont allow memory patches and i know of only a few people who can fully unpack armadillo at max protection.
packing the client too much can cause some players to not be able to load the executable.

actually thats a false assumption alot of people make. packers 2 years ago have had this problems but with modern packers, the chances of this happening is very slim. and we are not talking about multiple packing, but a one time pack with armadillo. have u guys actually seen armadillo in action, the latest version!

locobans · Post by **locobans** » Tue Oct 25, 2005 12:18 pm

Where to get armadillo...where to buy it.... :unsure:

Jaap · Post by **Jaap** » Tue Oct 25, 2005 9:16 pm

KLKS wrote:
Jaap wrote:
KLKS wrote: my advice on this, use a stream chipper on incomming and outgoing packets then pack the client with armadillo. armadillo wont allow memory patches and i know of only a few people who can fully unpack armadillo at max protection.
packing the client too much can cause some players to not be able to load the executable.
actually thats a false assumption alot of people make. packers 2 years ago have had this problems but with modern packers, the chances of this happening is very slim. and we are not talking about multiple packing, but a one time pack with armadillo. have u guys actually seen armadillo in action, the latest version!

I must have set armadillo settings too high then, because alot of players had troubles. That's typically me..

What settings do you recommend?

KLKS · Post by **KLKS** » Thu Oct 27, 2005 12:26 pm

nanomites might cause problems. antidebugging,dissasembling/the parent,child setting protection should run fine. code splicing is also good. destroying and emulating import tables. recently there was this guy who reversed engineered the whole armadillo thing. reteam.org read the paper by Andrea Gordon.

locobans · Post by **locobans** » Fri Oct 28, 2005 12:30 am

Thanks a lot...KLKS

RageIlluminati · Post by **RageIlluminati** » Fri Oct 28, 2005 11:06 am

does anybody know the way to HEX into serverfiles and to the client different version... smthing like 5.0 or smthing.. and when hacker wants to connect to the server with hes hacked exe that has not modified to the right version.. then server doesn't let it in and says that server and client version doesn't match...
I tried to connect to my server with 3.82 client.. and it didn't let me in with that error I described...

EDIT: does anybody know.. how to change memory structure in client.. that binarydata memory patcher would not find right strings and couldn't change these strings needed...

-Pitu- · Post by **-Pitu-** » Fri Oct 28, 2005 7:34 pm

locobans or KLKS where to get armadillo?

dumber · Post by **dumber** » Sun Oct 30, 2005 3:37 am

U need Armadillo Private (Custom), all public versions are already taken by trohan, spyware and virus makers, this mean that your users will have troubles with antivirus/antispyware products.

Also a good option is using a dll joiner, u need to code a dll to relocate ws name ramdonly. In the dll a code a routine to avoid mem patchers u will get a good client, combine this with molebox and will be difficult to hack it. Also u can code a dll on the server side to only accept connections from your client dll. (Like a fingerprint)

Who knows, maybe i am talking a lot of sh1t, but dll joiners exists

Jaap · Post by **Jaap** » Sun Oct 30, 2005 4:40 pm

dumber wrote: U need Armadillo Private (Custom), all public versions are already taken by trohan, spyware and virus makers, this mean that your users will have troubles with antivirus/antispyware products.

Also a good option is using a dll joiner, u need to code a dll to relocate ws name ramdonly. In the dll a code a routine to avoid mem patchers u will get a good client, combine this with molebox and will be difficult to hack it. Also u can code a dll on the server side to only accept connections from your client dll. (Like a fingerprint)

Who knows, maybe i am talking a lot of sh1t, but dll joiners exists

so? just use a packet sniffer to sniff the login packets. they contain the ws name

dumber · Post by **dumber** » Sun Oct 30, 2005 9:17 pm

yes, but is a whole idea not only ws name.

RageIlluminati · Post by **RageIlluminati** » Mon Oct 31, 2005 9:13 am

Can anybody upload or give a link with correct version of Armadillo.. so I could test it against memory patchers...