Discuss Polymorphic ASM Parser

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
We all know AC's can be a bitch if it comes down to your public cheats. Unless your cheat is small, flexible and dynamic. For that reason I wrote myself a little tool that can parse my-sort-of-own-assembly-based-opcode language input, obfuscate it (fully polymorphic), and map it to memory, fixing all relatives, imports, absoloutes, realigning etc.

This can close down most AC's reactive cheat detection vectors, especially if your code acts more like a "shellcode", rather than setting hooks, etc.

A little illustration of the input format.


Basically you define your globals under [GLOBAL] tab, code under code etc.

I took all of it and formated from IDA output of my simple cheat. The advantage of reformating is that you get rid of all the junk code (crt, security checks, library init, etc) and get exactly all you need from your code.

Feed the input file to parser, and parsed input to obfuscator and you'll end up with something like that on two different runs:



So nothing left to disk, no headers, no handles (except you need to write it to target process, createthread at entry), small and polymorphic.
c++ junk code generator
Thoughts, suggestions? Might be an overkill for some but it was fun to code and the codebase isn't very big (roughly 2k lines)
 
Last edited by a moderator:

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
Might publish some parts of it at one point.
That'd be great. Wasn't irony, I think this is an important topic in game hacking obviously, so thanks for sharing your thoughts was what I meant :)
 

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
Sounds like pure magic, and a really fun project. Great job, wish I knew more so I could give better feedback :)
 

Obsta

Jr.Hacker
Meme Tier VIP
Jan 27, 2014
394
2,978
17
Every time i read any of your posts i realize how fucking shit i am at cheating.
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
Every time i read any of your posts i realize how fucking shit i am at cheating.
me too, but it rather makes me look forward for what's to come when I keep coding xd
 

NTvalk

Hacker
Meme Tier VIP
Jul 6, 2013
499
3,108
8
Very nice! can you release the code ? ^^
How did you fix the imports?
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Very nice! can you release the code ? ^^
How did you fix the imports?
One of the weak links atm, i resolve the addresses in the local processes and assume they stay the same in the target (works with early loaded modules ie. Kernel32, user, ntdll, etc). Needs some improvement.

Biggest focus so far was fixing the relatives (jmps, calls) to code since code was realigned (junk added)

No plan for code release right now
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods