Results 1 to 7 of 7
  1. #1
    gm3x
    gm3x is offline
    Member-in-training gm3x's Avatar
    Join Date
    2011 Feb
    Location
    Rio Grande, RS - Brazil
    Posts
    92
    Thanks Thanks Given 
    4
    Thanks Thanks Received 
    56
    Thanked in
    16 Posts
    Rep Power
    0

    Undetectable CE for AIKABR

    Hi ppl.

    Last night I've made the UCE following this tutorial:

    https://progamercity.net/code-tut/33...-tutorial.html

    Well, I've made EVERYTHING perfect, as the tuto says, all the answers said in tutorial, I got on my uce, etc.
    (The making .sys step that 50% people couldn't do, I did )

    So I'll post my UCE here, maybe someone want to look it, file is attached and scan below (27%)

    So... I want to discuss some things on this UCE...


    1)Cheat Engine has been detected by Xtrap...

    2)Opened CE using antirootkit to remove xtrap hooks, failed.

    3)Antirootkit+parameter -ACK in executable client and opened CE, failed.

    To start discussion, that tutorial doesn't give all the detected words? What makes Xtrap detect it? Because on similar tutorials around web, it shows people playing games with xtrap and they've made it work undetected, so here no one could.
    There's something missing on tutorial that make xtrap detect it?

    >Compiling all the steps on Delphi7, all goes correct, analyzing CheatEngine.dpr, it don't have any other word that can be detected.

    >I don't need to inject it on AIKA, only opening UCE makes the game close, so I think that isn't because injection that the xtrap detects it.

    >As I said in answer to the tuto, I used my CE in other games (OFFline) with cheat tabs and it works perfect, so I think itsn't an program write error.


    Dwar doesn't support the tuto topic (I think) because the questions haven't been anwered a long time ago, so I let my UCE for further uses, analysis and etc.



    SCAN: VirusTotal - Free Online Virus, Malware and URL Scanner

    UCE attached.

    Please register or login to download attachments.


  2. #2
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Quote Originally Posted by gm3x View Post
    Please move it to AIKA area
    I will leave it here, 'cuz it more suitable for this section
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  3. #3
    snOw.
    snOw. is offline
    Member-in-training snOw.'s Avatar
    Join Date
    2011 Aug
    Posts
    169
    Thanks Thanks Given 
    21
    Thanks Thanks Received 
    349
    Thanked in
    44 Posts
    Rep Power
    0
    Cheat engine works on x64
    but some hacks are limited..

  4. #4
    The_USDL
    The_USDL is offline
    Senior Member The_USDL's Avatar
    Join Date
    2011 Oct
    Posts
    201
    Thanks Thanks Given 
    24
    Thanks Thanks Received 
    538
    Thanked in
    47 Posts
    Rep Power
    0
    Well, there are many things you can do something to be detected.
    The Xtrap may be working the same way that antivirus.

    I Have some tips to make something undetectable.

    1 - Use a Random Title
    2 - Use a Random ExeName
    3 - Use a Random PE Info
    4 - Use a Random Function Names
    5 - Use a Random Var Names
    6 - Cryp Your String with a Strong algorithmy (RC4, DES)
    7 - Polymorphic and Metamorphic Procedures are Welcome...


    Sure, but this is the easy part. The obvious part.
    Going a little deeper into trouble, WHAT can see that being detected or combination is the use of certain APIs.

    You have some Solutins Here:

    1 - Use a TLB to put all your APIS.
    2 - Use a own Crypt Function to Crypt yout Api
    3 - Use an System to Call Api Without Declaring It.
    4 - Execute yout Soft ON-FLY

    Good Luck

  5. #5
    Mega
    Mega is offline
    New member Mega's Avatar
    Join Date
    2011 Oct
    Posts
    47
    Thanks Thanks Given 
    17
    Thanks Thanks Received 
    3
    Thanked in
    3 Posts
    Rep Power
    0
    oh gosh, this "antirootkit" seems to be so complex :/

  6. #6
    sanook666
    sanook666 is offline
    New member
    Join Date
    2011 Jan
    Posts
    4
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    when xtrap detected stuff it will display and tell you what it detected
    if it said something like
    detected cheat engine 6.1.exe
    you could edit the name of your uce and edit the resource (try resource hacker)

    if you would want to disable xtrap permanently you could use thread killing

  7. #7
    S4R4H
    S4R4H is offline
    New member S4R4H's Avatar
    Join Date
    2011 Jun
    Posts
    28
    Thanks Thanks Given 
    12
    Thanks Thanks Received 
    33
    Thanked in
    8 Posts
    Rep Power
    0
    additional detected strings [source: site ]
    sorted alphabetically and compared against the old string list from post

    checked against CE sources and found/changeable:

    CEHook
    ContinueDebugEvent
    CreateRemoteThread
    CTL_CODE
    DebugActiveProcess
    DeviceIoControl
    GetDriverVersion
    GetProcAddress
    GetThreadContext
    GetWin32KAddress
    InitializeDriver
    NtOpenThread
    NtOT
    RestoreKernel32
    ResumeThread
    RewriteKernel32
    SetThreadContext
    SuspendThread
    ValueType
    VarType2
    VirtualProtect
    VirtualProtectEx
    WaitForDebugEvent

    checked against CE sources and not-found/unchangeable:
    the original source did state that these strings are located inside: advapi32.dll, gdi32.dll, ntdll.dll, winsta.dll
    I don't know what to do with these suggestions ?

    CreateProcessInternalW
    CreateServiceW
    GetPixel
    GetWindowThreadProcessId
    keybd_event
    LoadLibraryExW
    MapViewOfFile
    MapViewOfFileEx
    mouse_event
    MoveFileW
    MSDOS Prompt
    NtDeviceIoControlFile
    NtOpenThreadToken
    NtQueryDirectoryObject
    NtQueryVolumeInformationFile
    NtReplyPort
    NtUnloadDriver
    NtUnlockVirtualMemory
    NtUnmapViewOfSection
    PostMessageA
    PostMessageW
    PropertyLengthAsVariant
    SendInput
    SendMessageA
    SendMessageW
    SetCursorPos
    SetWindowsHookEx
    SetWindowsHookExA
    SetWindowsHookExA
    SetWindowsHookExW
    Test Application
    VirtualAlloc
    WinStationTerminateProcess
    ZwOpenProcess
    ZwProtectVirtualMemory
    ZwQuerySystemInformation
    ZwReadVirtualMemory
    ZwSuspendThread
    ZwTerminateProcess
    ZwTerminateThread
    ZwWriteVirtualMemory

    below strings are found/changeable but I received an error during the compilation of cheatengine.bpg
    my assumptions, these strings are essential keywords in making sure that CE will compile/run successfully therefore it must be left as it is
    verdicts ?

    OpenProcess
    OpenThread
    ReadProcessMemory
    VirtualAllocEx
    VirtualQueryEx
    WriteProcessMemory

    word of warning, the original post where I found all the strings has been trashed, back in '06 but I'm gonna list it anyway in case it works
    I'm still in the middle of changing all the mentioned strings, bit by bit..

Similar Threads

  1. [Delphi] Undetectable Cheat Engine step by step tutorial
    By Dwar in forum Programming Tutorials
    Replies: 31
    Last Post: 2014-06-30, 04:47 AM
  2. [Info] AIKABR exe Unpacked
    By gm3x in forum Aika Online
    Replies: 17
    Last Post: 2011-08-26, 01:21 AM
  3. Undetectable
    By arthurcracker in forum Aika Online
    Replies: 5
    Last Post: 2011-07-03, 09:12 PM
  4. [realese] new update aikabr, dextrade down
    By evohack in forum Aika Online
    Replies: 0
    Last Post: 2010-12-08, 04:59 PM
  5. Hack for AikaBR
    By lreapperl in forum Aika Online
    Replies: 2
    Last Post: 2010-11-04, 03:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •