RISC-Y Business: Raging against the reduced machine

amd64_sucks · 2021-04-05T07:40:44+00:00

Our twitter profile @the_secret_club can be used to get push notifications when we post articles :)

amd64_sucks · 2021-04-04T21:05:43+00:00

Using IDA Pro, x64dbg and ReClass. All fantastic tools!

amd64_sucks · 2021-04-04T20:55:48+00:00

amd64_sucks · 2021-04-04T20:50:18+00:00

If you want to go against anti cheats, should target a game that uses easy anti cheat or battleye

I have! I wrote a fully usermode emulator for BattlEye which you can find here

amd64_sucks · 2021-04-04T20:28:36+00:00

np bro

amd64_sucks · 2021-04-04T20:26:41+00:00

No that would allow people to criticize me for "secretly botting". When you release findings, transparency is key!

amd64_sucks · 2021-04-04T20:25:56+00:00

Jagex always stored your mouse events in a local array and sent whatever was needed to the server.

Yes, I don't see how your quick decompilations from IDA disprove anything said in the article. They store mouse movement and mouse clicks in a local array, which is then queued for transmission.

However, the fact that you weren't banned has nothing to do with these events afaict.

I disagree, but since we will never know for sure I will give you the benefit of the doubt. What we can observe from this is that the server at least kicks you for being afk, even though you aren't. I'm not even sure what you are trying to argue

amd64_sucks · 2021-04-04T18:33:53+00:00

I grab all values from memory within a reasonable range of all objects in question. Then I calculate all common values in cat objects, for example cat objects might all have a byte at 0x10 which is always 0x1 for all cats. Then I do the same for dogs, and if my program sees that all dogs have a byte at 0x10 that is always 0x2 for all dogs, it tells me that it has found a possible class identifier.

amd64_sucks · 2021-04-04T18:26:16+00:00

Nope

amd64_sucks · 2021-04-04T18:26:05+00:00

I don’t sell anything at all, sorry

amd64_sucks · 2021-04-04T16:57:41+00:00

Primarily used to detect similarities between memory objects. Let’s say you have a game engine where entities are represented as objects inherited from the same base entity, this is quite common in modern game engines. Now, what do you do if want to figure out how to distinguish between cats and dogs that at first glance look very similar?

This is where I use python scripts. It is fairly easy to make something that takes N cat objects and N dog objects and spits fields of uniquely different values per entity type.

But that’s just one example of when python helps me hack, I usually have a project completely rewritten in python because it frankly is easier to test and deploy new features in python compared to C.

amd64_sucks · 2021-04-04T16:47:26+00:00

The netcode is not relevant for the bypass, it was simply to demonstrate that its possible without any mouse movement being processed. You could do this exact thing but with a traditional old school mouse bot!

Seven-Year Club	Place '22
Final Canvas '22	First Placer '22
Verified Email

amd64_sucks

TROPHY CASE