Jump to content

Recommended Posts

Posted

I did not want are posting this, unfortunately I have to post more. Navigating the Internet and the search for something related to the new Anti Bot that is taking on some servers, as L2DEX, Horyu and L2Fury ... After muiitas searches found the site selling the new Anti Bot, I will leave the link below so that they can demonstrate:

 

Lineage II Anti Bot System L2ABS

 

Please note that the price of Anti Bot, is not high, has a value of U$85.00. That's personal, more a challenge for us all: Time to find a way to stop this Anti Bot ... The construction of the same was done by Russians.

  • 1 month later...
  • 2 weeks later...
Posted

good but useless

walker works on all servers, because admin cant know if we using walker or client!

this is what i thing !

lol! when you log in trough different way than the original (l2.exe) the server can "read" this ... the packets are different, the client behavior is different ... you cant say that the admins cant know when we do or we dont cheat ... they can always check you but it takes time for each check - that's what this antibot system does - it logs all logins - the regular and the bot-ones

Posted

lol! when you log in trough different way than the original (l2.exe) the server can "read" this ... the packets are different, the client behavior is different ... you cant say that the admins cant know when we do or we dont cheat ... they can always check you but it takes time for each check - that's what this antibot system does - it logs all logins - the regular and the bot-ones

 

man please dont say bullshit, bake ice blocks bots in YOUR system, it does check on system to see if ur using walker and closes it, i think l2abs is doing the same thing and send the info to gms server and they ban u, anyway, ANY software can be cracked (example, all latest protection in games getting pwned) and bake ice was cracked, and this software will be, only need people who knows what they're doing. the truth is that if u want to motivate developers or crackers and u really wanna bot offer some money on cracking or hacking forums, u'll see the solution for this antibot or others real fast xD

Posted

Guys this is other possible Anti-Bot system used for Dex and Frintezza:

 

[howto] kill hlapex/l2phx/l2walker with 3k of code

Hi,

 

On this thread smeli mentions about antihlapex. I don't know if anything like this is currently available (or for free) - but it is now.

 

This little project is an ultra simple way of keeping l2phx, hlapex, along with l2walker away from the game client.

 

First I'll say that both l2phx/hlapex depend on one import from ws2_32.dll (connect) in order to function correctly. Since both applications hook ws2_32.connect by way of a jmp at the start of the function - the solution is obvious, we need to replace their hook. The good news is that the first 12 or so bytes for ws2_32.connect is the same across all versions of Windows (yes, this works on X64 too - I tested it), so instead of patching their jmp with another jmp, we'll simply restore the original bytes of ws2_32.connect, and problem solved.

 

L2Walker is completely different - from briefly looking it in OllyDbg... walker seems to operate by calling functions inside of L2's engine itself... It installs its window hook (the home key) by directly calling a function inside of window.dll - L2Walker is really impressive actually... but also makes me wonder if the author might have 'inside information' about how Lineage II works internally, if you get my meaning.

 

Anyways, to the point... the actual bot is LineageII.dll - not the loader application L2Walker.exe - because LineageII.dll is protected with Asprotect... users of the bot can't just rename it to whatever, or Asprotect will get mad D= ... so the simple solution is to query for it with GetModuleHandleA then if we return an address... terminate the game process. I haven't been able to force unload walker's LineageII.dll without causing a GPF in the L2 game client - oh well, who cares...

 

nophx.dll works by adding it to the IAT of engine.dll and importing DllEntryPoint - since our DllEntryPoint is called quite often(no its not called only once...) its always running through the two 'anti bot' sub-routines. Now how to prevent players from just replacing our engine.dll with an older version? Nevyn gets the credit for this idea in his post here - we change the Auth key, so using an older engine.dll means you don't login.

 

Well, that's all, kill three bots with 3kb of code, and we didn't even hook outside of our own process address space (unlike some stupid kernel mode anti-cheat programs) -- I'd like to know what others think of this (if anything), or any holes you might find...

 

The .dll and its source code is attached to this thread...

 

-Fyyre

 

http://postpacific.com/showthread.php?t=12182

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...