Page 1 of 1

Re: COD4 Field of View (fov) increase detected by PB

Posted: Sat Jan 09, 2010 5:06 pm
by Genocide
Sethioz wrote: here's one crazy idea. as far as i know, PB is not local. it sends info back to some PB server and based on that it will either kick or ban. my tought is to fool PB somehow, so you actually close PB down, but make server think that you are still running it (actually i think this is the method that this bypass was based on).
I can understand the concept there of sending dummy packets but I honestly have no idea how I would do that at this time.

Again I understand what Retox was saying with the code cave example, I jump to another area where my modified code resides or I call my modified code instead of the original code its just finding where I need to implement this. In fact I have tried this with the piece of code which writes to the base address for fov and it worked.

The problem at the minute is my lack of knowledge, changing a simple decimal value in a memory scanner is easy enough but manipulating code in a disassembler is something else.

Edit: This is the write address
0056B586 |. 8977 0C MOV DWORD PTR DS:[EDI+C],ESI
but where do I go from here?

Re: COD4 Field of View (fov) increase detected by PB

Posted: Sat Jan 09, 2010 8:54 pm
by Sethioz
about the code cave and writing your own code, there are some very good examples in Tsearch's tutorial. it is included inside of tsearch. try reading that.
I am not interested in PB, so i can't give you exact examples, but if you write your own code, you can just put it into random place. in Tsearch just open the memory viewer/editor and look for empty place, this is where you can write it.
you don't even need olly for that, you can use Tsearch's easywrite interpreter. it is very easy to use.

i have done few things with easywrite, you should read this thread > Resident Evil 5 - hacks & stuff [PC]
use your brower's search and search for "easywrite". i have few examples there on how to use it, i wrote my own code in RE5, using easywrite. it might help you out on how to use it and jump to your own code.

Re: COD4 Field of View (fov) increase detected by PB

Posted: Sat Jan 09, 2010 9:35 pm
by TeamRetox
Genocide wrote:
Sethioz wrote: here's one crazy idea. as far as i know, PB is not local. it sends info back to some PB server and based on that it will either kick or ban. my tought is to fool PB somehow, so you actually close PB down, but make server think that you are still running it (actually i think this is the method that this bypass was based on).
I can understand the concept there of sending dummy packets but I honestly have no idea how I would do that at this time.

Again I understand what Retox was saying with the code cave example, I jump to another area where my modified code resides or I call my modified code instead of the original code its just finding where I need to implement this. In fact I have tried this with the piece of code which writes to the base address for fov and it worked.

The problem at the minute is my lack of knowledge, changing a simple decimal value in a memory scanner is easy enough but manipulating code in a disassembler is something else.

Edit: This is the write address
0056B586 |. 8977 0C MOV DWORD PTR DS:[EDI+C],ESI
but where do I go from here?
MOV DWORD PTR DS:[EDI+C],ESI
MOVe
DWORD pointer, ds is a register
EDI+C = Address of EDI+C, the [] around it means the value memory location pointed to by what is inside the []
ESI is a register

in this case, they move(copy) ESI into the address pointed to by EDI+C
put a breakpoint on it, run CoD4 and change the fov, see if the breakpoint triggers, and see what value ESI is.

I asume ESI is the fov, and [EDI+C] is either the D3D location that contains the fov, or part of a punkbuster scan.
if ESI is indeed the fov try replacing the command with MOV DWORD PTR:DS[EDI+C], 0x5A

Re: COD4 Field of View (fov) increase detected by PB

Posted: Sat Jan 09, 2010 10:44 pm
by Genocide
Thanks for your patience Retox I know it can be frustrating helping someone like myself at times.

Using ollydbg I set a breakpoint on
0056B586 |. 8977 0C MOV DWORD PTR DS:[EDI+C],ESI
yet when I changed fov via console it doesn't break?

I'm not sure if this helps but when setting a breakpoint on
0CBAF114 0000 ADD BYTE PTR DS:[EAX],AL

the value of ESI at break is , 42A00000

Re: COD4 Field of View (fov) increase detected by PB

Posted: Sun Jan 10, 2010 7:27 pm
by TeamRetox
See what happens if you NOP the mov DWORD PTR DS:[EDI+C], ESI
Try changing the fov, if it wont change its the correct line, if it does changes its another line that handles fov

Re: COD4 Field of View (fov) increase detected by PB

Posted: Sun Jan 10, 2010 11:23 pm
by Genocide
Yeah I did NOP that line and then when I change the fov via the console it doesn't change. However under the cg_fov command as well as stating the default value 65 it also then states latched value which is the value I tried to set but it no longer changes. I also redirected this line of code to another area for a little practice with codecaves, when doing so I was able to change fov fine then once again when I NOP the line in the code cave can no longer change and have latched value.

Re: COD4 Field of View (fov) increase detected by PB

Posted: Sun Jan 16, 2011 12:16 pm
by SageR
Could you use Proxocket on Punkbuster to record a long session of gaming, and when you're done playing, block Punkbuster and replay the data recorded by Proxocket with a packet sender to the Punkbuster server, and then muck about for as long as the long session of gaming lasted? Seems logical, but somehow unlikely. I know I'm missing some variables in there. Tell me what you think.

Re: COD4 Field of View (fov) increase detected by PB

Posted: Sun Jan 16, 2011 3:32 pm
by Sethioz
proxocket captures only the process, which means you have to first put proxocket into PB folder and then into game folder.
my idea would be fake packet. if pb says "busted" then using a filter in proxocket, it would say "clean"

but why you want to send the long game session ? anyways im not the right person to talk about PB, i never done any research on it. PB only fucks my pc up, cuz of my custom XP. it doesnt like it, everything conflicts and it crashes ..etc

Re: COD4 Field of View (fov) increase detected by PB

Posted: Tue Jan 18, 2011 4:44 pm
by SageR
Remember in the movie Speed they fool the bad guy by putting the footage on a loop? That's what I was thinking, only more of a one-shot deal. Still learning as I go. The filter approach seems like the best bet. Punkbuster, to the best of my knowledge, scans only apps that interact with its games, not PB itself. Whether it keeps an eye on itself remains to be seen.

I'm curious: what decent MMO games are there with no cheat protection that can be used as practise? These days it seems like everyone's got their backs up about cheating that there's no latitude for educational exploration. That sounds horribly off-topic, but my rationale is: practise first, spoof Punkbuster later.

Re: COD4 Field of View (fov) increase detected by PB

Posted: Tue Jan 18, 2011 7:49 pm
by Sethioz
those theorys about PB are interesting, but not in this topic.
if you wish to discuss how to bypass PB, make a new thread under pc hacking or game hacking, PB could be both.