• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Results 1 to 8 of 8
    1. #1
      Newbie
      Tatted up, mini skirt with my
      Js on
       
      Coding
       
      Unorth's Avatar
      Join Date
      Jan 2013
      Posts
      2
      Thanks (-->)
      2
      Thanks (<--)
      1

      Question External TriggerBot Questions

      John Kittz
      I started with Fleep's memory TriggerBot and was looking to improve its functionality a bit. I also wanted to switch it to Counter Strike: Global Offensive. I have a few questions regarding VAC/Anti-Cheat detection and the best practices for a TriggerBot.

      1.) The first change I would like to make is to improve the accuracy and it seems like using the bone matrix and FOV would be one of the most accurate ways to trigger the clicks. I was curious how many bones should I be checking for this. If I were to check them all for each player would it be too slow? I'm assuming I could cut a lot of the bones like the fingers out but I was curious how much of an impact testing a bone has on the performance of the triggerbot. This check would happen for each player in a loop of all players.

      2.) I read somewhere, I think on UC, that using one ReadProcessMemory(RPM) call would seem less suspicious to an anti-cheat program than multiple. So instead of grabbing the base, the team id, and the bones in separate RPM calls I'm assuming you would grab all the bytes after the base address for a certain length and separate the returned buffer into the variables afterwords. I was curious on someone with a little more experience with anti-cheat software's opinion on this. I would assume it depends on how many bytes you need so assume I would grab all the data relating to HP, Team and All the Bones in one call and the Anti-Cheat is VAC3.

      3.) I was looking at Anti-Cheat detection for external hacks and I read it would be possible for an Anti-Cheat to scan all the processes that used OpenProcess on it and see RPM calls by watching that api. I was curious if there is an alternative way to reading the memory of a process that is less detectable or do people who write external hacks just continue to do so because VAC does not ban for RPM and OpenProcess?

      4.) Finally, to send the fire command Fleep writes to memory which is easily detectable. I was curious whats the best(least detectable) way to send fake mouse input and keyboard input.

      Thanks for your time.


      Edit: Typos and Wording
      Last edited by Unorth; 02-13-2014 at 05:10 AM.

    2. #2
      Jr.Hacker
      Haze-Productions
       
      Coding
       
      rN''s Avatar
      Join Date
      Jan 2014
      Posts
      340
      Thanks (-->)
      20
      Thanks (<--)
      126
      1.) Using Bones & GetFOV is not very accurat. It works but it isn't the best way. I prefer Hiboxes.
      2.) You can still use ReadProcessMemory and your cheat will not get detected.
      3.) There a a lot of Methods to detect the Cheat. Signature, MD5/CRC32, String detection, ...
      4.) Use mouse_event instead of WriteProcessMemory @ +attack

    3. Thanks Unorth thanked for this post
    4. #3
      Global Moderator
      give me my colorz back
      FeelsBadMan
       
      Coding
       
      till0sch's Avatar
      Join Date
      Oct 2012
      Location
      Germany.
      Posts
      1,168
      Thanks (-->)
      179
      Thanks (<--)
      340
      Correct me if I'm wrong but aren't those APIs only detected when they're hooked by the anti-cheat? Never dealt with it

    5. #4
      Coder
      Creating UE3 x86/x64 tut
       
      Coding
       
      TastyHorror's Avatar
      Join Date
      Oct 2012
      Location
      Canada
      Posts
      184
      Thanks (-->)
      54
      Thanks (<--)
      81
      I started with Fleep's memory TriggerBot and was looking to improve its functionality a bit. I also wanted to switch it to Counter Strike: Global Offensive. I have a few questions regarding VAC/Anti-Cheat detection and the best practices for a TriggerBot.
      Try creating a lan server, make sure in your console you have "sv_cheats 1" and "sv_lan 1" and "sv_pure -1" to make sure you do not get vac banned when testing your hack. Also, go on OFFLINE mode for steam to be 100% sure. In launch options for the steam game put "-insecure".

      1.) The first change I would like to make is to improve the accuracy and it seems like using the bone matrix and FOV would be one of the most accurate ways to trigger the clicks. I was curious how many bones should I be checking for this. If I were to check them all for each player would it be too slow? I'm assuming I could cut a lot of the bones like the fingers out but I was curious how much of an impact testing a bone has on the performance of the triggerbot. This check would happen for each player in a loop of all players.
      The less loops you go thru, the better. The simpler your code, and the easier to understand, is better. Not saying, dumb down your code, just make it efficient. Not going to say wether you should do FoV, Bone, or HitBox, its all up to you.

      2.) I read somewhere, I think on UC, that using one ReadProcessMemory(RPM) call would seem less suspicious to an anti-cheat program than multiple. So instead of grabbing the base, the team id, and the bones in separate RPM calls I'm assuming you would grab all the bytes after the base address for a certain length and separate the returned buffer into the variables afterwords. I was curious on someone with a little more experience with anti-cheat software's opinion on this. I would assume it depends on how many bytes you need so assume I would grab all the data relating to HP, Team and All the Bones in one call and the Anti-Cheat is VAC3.
      Ihave ZERO experience with any and all anti cheats, so I will direct you to read this here. If you do not understand the terminology, you shouldn't create "undetected hacks".

      3.) I was looking at Anti-Cheat detection for external hacks and I read it would be possible for an Anti-Cheat to scan all the processes that used OpenProcess on it and see RPM calls by watching that api. I was curious if there is an alternative way to reading the memory of a process that is less detectable or do people who write external hacks just continue to do so because VAC does not ban for RPM and OpenProcess?
      Read what I wrote above.

      4.) Finally, to send the fire command Fleep writes to memory which is easily detectable. I was curious whats the best(least detectable) way to send fake mouse input and keyboard input.
      You should give this a look, but I am not confident enough to say it will be undetected, same thing goes with the function sendMessage.

      Thanks for your time.
      No problem, I am glad you have asked this question, so when ever someone asks for a source engine/vac related detection question... I can redirect them here.

      What ever I wrote here in this post is most likely wrong, so don't rely on my info too much. Do lots of research, look at the dumps of vac, and such to be sure you won't get detected. Have a good day.
      Last edited by TastyHorror; 02-15-2014 at 03:03 AM.
      Quote Originally Posted by squeenie View Post
      And just like Jesus did on easter Monday, he returns!

    6. Thanks Unorth thanked for this post
    7. #5
      Newbie
      Tatted up, mini skirt with my
      Js on
       
      Coding
       
      Unorth's Avatar
      Join Date
      Jan 2013
      Posts
      2
      Thanks (-->)
      2
      Thanks (<--)
      1
      Just wanted to touch back in with where I'm at, I figure it might help some people coming off of fleep's tutorial.
      Also, I appreciate the quick responses rN' and TastyHorror, they helped get me going in the right direction.

      The things so far I've noticed with fleep's tutorial in regards to VAC but keep in mind I have not reversed VAC3 and this is general information I have found throughout forums which is a few months out of date.
      1) OpenProcess should be changed to have Read Only Permissions.
      2) mouse_event should be used instead of writing 4 and 5's to memory. This should remove all the Write Memory Functions. I've heard some people talking about click speed could indicate if someone is cheating so I plan to implement it in a way that simulates my actual click response time, I'm not sure if this is necessary though.

      There's probably more to this list and I will try to update it as I go. I'm working pretty slow through this since I'm working full time.

      Things to keep in mind:
      1) CS:GO is updated pretty frequently and I've noticed with the up to date offset threads that some of the offsets can be wrong. Make sure you know how to get the ones you need. With that said, fleep's code will run with just the offsets updated for CS:GO.
      2) The number of player's count that fleep uses does not work online. I simply use 32 as the player count but you could fine tune this to the server you play on ie 10 in competitive, 20 in casual.

      As of now I have it working in CS:GO the same way it works in CSS. I have not implemented a more accurate way to trigger the mouse clicks, so far I'm looking into hitboxes and bones with either FOV or vector intersection but its a bit difficult to find straight copy paste code to get a quick understanding of the proper implementation so I will need to go through the data structures and math on my own. A lot of these calculations deal with vectors so I would suggest at least a decent understanding before updating this aspect of the TriggerBot. I'll Post a run through of what I end up doing when I get there.
      Last edited by Unorth; 02-15-2014 at 02:13 AM.

    8. Thanks TastyHorror thanked for this post
    9. #6
      Hacker
      ^.^
       
      Eating
       
      NTvalk's Avatar
      Join Date
      Jul 2013
      Location
      Your RAM
      Posts
      512
      Thanks (-->)
      176
      Thanks (<--)
      145
      Quote Originally Posted by till0sch97 View Post
      Correct me if I'm wrong but aren't those APIs only detected when they're hooked by the anti-cheat? Never dealt with it
      I'm pretty sure VAC hooks Readprocessmemory yes, they don't ban directly for it i think tho.

    10. #7
      Coder
      Learning to hack games!
       
      Feeling Normal
       
      brinkz's Avatar
      Join Date
      Sep 2012
      Posts
      213
      Thanks (-->)
      5
      Thanks (<--)
      74
      Quote Originally Posted by NTvalk View Post
      I'm pretty sure VAC hooks Readprocessmemory yes, they don't ban directly for it i think tho.
      Nope it doesn't. They would need to hook it in every application running then, which is definitely not done (VAC doesn't load a driver either).
      What VAC does is tracing back handles opened to the game process, so basically even a read only cheat get detected if VAC traces back the handle and uploads the memory of the cheat to their server to analyze it.

    11. #8
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      Menalix's Avatar
      Join Date
      Jan 2014
      Posts
      7
      Thanks (-->)
      0
      Thanks (<--)
      0
      Cheats'n'Trainers
      1.) Checking for bones will not be to accurate and will as you self says take to much time, use hitbox triggerbot.

      2.) Well I don't think it matters if you call it twice or one time, what matters is the open handle which is there when you make 1 or 3 calls no matter what, when doing a triggerbot anyways you have to constantly use RPM to check if enemy is visible or something, unless you have triggerkey.
      But always try to minimize your calls, not because of the detection rate because it won't increase it.
      but because of the speed, it's faster to split information in the process than calling RPM more times.

      3.) There is not alternatives other than writing your own driver, but there is still things you can do, so that the handle won't trigger detections on mostly AC's, VAC has fore sure imported RPM and WPM, I don't know for what, but well they don't do detections on them.

      4.) mouse_event, and for other messages use PostMessage and get the lParam for the message with spy++
      Last edited by Menalix; 02-16-2014 at 06:51 PM.

    Similar Game Hacker Threads

    1. [Help] i got some IDA Questions.
      By shryder in forum IDA Pro Disassembler
      Replies: 1
      Last Post: 04-06-2016, 05:39 PM
    2. [Release] Jbr2096's Simple external Triggerbot and CrouchBunnyhop(more speed) hack v1.0
      By Jbr2096 in forum Source Engine Hacks
      Replies: 3
      Last Post: 12-23-2015, 10:27 AM
    3. CS:GO External Triggerbot V1.2
      By Nether in forum CS:GO Hacks
      Replies: 5
      Last Post: 04-05-2014, 08:54 PM
    4. CS: GO External Triggerbot
      By Nether in forum CS:GO Hacks
      Replies: 17
      Last Post: 03-15-2014, 02:22 PM
    5. Questions about C++
      By nb81 in forum C/C++
      Replies: 3
      Last Post: 10-26-2013, 03:43 PM

    Tags for this Thread