Thread: Sucking your knowledge!

Hi! Once again I have a question.. What exactly makes hook an undetected, or punkbuster proof all together?

I made this thread as I think I will have few more of such questions coming, so it will be better to but them all into one thread..

EDIT: OK, I understand people wont just give me a way to get undetected by PB. But just a general concept of it to research would be just as good

I think what makes a bot undetected is a new hooking method using detours. A bot is pb proof when it also
sends cleanpbss. Simply turn off all bot functions on pbss request of punkbuster.
Correct me if I'm wrong.

Don't use asm in your bot, its detected, just stick to c++/c.

...languages aren't detected. In fact, if you actually knew anything about coding you'd know that C++/C all comes down to ASM/hex opcodes. :-|

If that was a joke and I missed it, I'm terribly sorry and please excuse the rude comment. Otherwise, gtfo.

--Macpunk

Originally Posted by Macpunk

...languages aren't detected. In fact, if you actually knew anything about coding you'd know that C++/C all comes down to ASM/hex opcodes. :-|

If that was a joke and I missed it, I'm terribly sorry and please excuse the rude comment. Otherwise, gtfo.

--Macpunk

It's a joke.

Originally Posted by Macpunk

...languages aren't detected. In fact, if you actually knew anything about coding you'd know that C++/C all comes down to ASM/hex opcodes. :-|

If that was a joke and I missed it, I'm terribly sorry and please excuse the rude comment. Otherwise, gtfo.

--Macpunk

how rude...

Um...we did get slightly offtopic here. So I'd like to hijack it back to the original request > which was stuff about making a hack undectable. I was also going to post about this so I thought that attempting to bring it back ontopic would be the ideal solution.

Unfortunately I know nothing about this sort of thing.

So instead, I'm just going to add a few more questions for people who DO know to answer. OK so here goes.

1. What about a hack is detected? Ie. when a hack is detected what does PB do to find it next time and thus prevent people using it?
Presumably it is not the method (eg. nopping) that they use to display, for example, nametags. Otherwise private hacks couldn't be updated if detected so fast. Then again, that is unless the hack makers keep a list of ways to display, for example nametags, that has not been used/detected yet. But surely Punkbuster could just work out all the possibly ways to do this and ban them all? So probably it is not the method that they use to display, for example nametags, eg. by nopping something.
So what else could it be? I was thinking that maybe it was the name of each function in the hack, but then I thought not, because otherwise one could assign a random name to each function every time a program ran and PB would have to be VERY lucky (consider probability of, for example, 64 character case-sensitive name!) to catch anyone.
Insania's suggestion made the most sense to me. And that was

Originally Posted by Insania

I think what makes a bot undetected is a new hooking method using detours. A bot is pb proof when it also
sends cleanpbss. Simply turn off all bot functions on pbss request of punkbuster.

The Punkbuster screenshot thing I already knew - basically Insania said it but I'll explain it again.
You add (presumably) a detour to the pbss function ie. in pseudocode

Code:

realPBSScall //PB's call for a screenshot
{
detour1 //our detour - hacks off
{
//switch off all functions
chams.off
wallhack.off
allotherstuff.off //everything visible on screen (ie. not necessarily aimbot, just menu, kill stats etc.)
return realPBSScall // end detour
}
PBtakescreenshot // Pb takes its screenshot, but all our functions are off so its clean!
detour2 //our detour - hacks back on again!
{
chams.on
wallhack.on
allotherstuff.on //all our hacks are active again!
return realPBSScall // all the hacks are on so we rerout back to the original code written by PB
} // end of our detour
} //end of our hacked PB function

But what about the rest of it? This is the hard part.

Originally Posted by Insania

I think what makes a bot undetected is a new hooking method using detours.

Insania, could you please tell me what you mean by 'new' (duh?). Do you mean that the hooking method is a new one, as in hackers have only begun using it recently, or do you mean that the hooking method is a new one, as in it has to be a different detour or type of detour to the other detected hacks.

If it is the latter, then surely (once again) a random detour can be generated. Look at Sinner's DetoursXS. If you can make your own detour library, you can call them whatever you want, including generating them randomly at runtime, meaning that PB could do absolutely nothing!

Correct me if I am wrong, (coders please help, especially someone with an undetected private bot lol).

Thanks, Nosferatu (means Vampire)

EDIT thanks Insania ur right it was made by Sinner

I thought DetourXS was by Sinner. ;o
Well my statement was actually wrong.
Sometimes changing some simple stuff or adding useless code may make a bot/a detected hooking method undetected again.

Thanks Insania / corrected above.

Yeh I believe the reason that sometimes randomly added code is the fact the PB scans all running memory for detected hack bytes. For example, a piece of code which adds chams and nametags might have bytes

Code:

6575345643525434134124134141345F

(gosh that was fun!)

So, PB will say 'ahah, look he's got that series of bytes he must have corrupted memory.'

However, if we add a useless function in between the chams and nametags, for example so we have

Code:

 6575345643525434134569FCA34124134141345F

the block of bytes is not found (cause there's something in the middle!).

Thanks, Nosferatu (means Vampire)

i never knew that!

i'm sure the pr0s will find that handy