Author Topic: Lockdown (Read 12049 times)

Hdx · « **on:** February 24, 2007, 10:34:16 pm »

[Joe Edit: Split from *me*]

Just a note:
Lockdown is completely possible to do in Java

But its not working yet.
~Hdx

Joe · « **Reply #1 on:** March 02, 2007, 04:35:00 pm »

Quote from: HdxBmx27 on February 24, 2007, 10:34:16 pm

Just a note:
Lockdown is completely possible to do in Java
But its not working yet.
~Hdx

Dumping StarCraft's RAM image to a file is cheating, results in massive "hash files", and will be broken as soon as someone implements it and Blizzard changes lockdown to hash the location it loaded itself into memory as well.

Just sayin'.

Hdx · « **Reply #2 on:** March 06, 2007, 12:15:13 pm »

It already hashes itself.
From what I've seen/heard it grabs from the dll, the 3 main files, and your gfx buffer.
Something like that.
~Hdx

Joe · « **Reply #3 on:** March 06, 2007, 06:22:20 pm »

So wait -- for each lockdown, you'd have to have the image of itself in memory? Can that be gotten from the DLL itself without loading it?

The graphics buffer, I think, would be stupidly easy as it's the same each time (lockdown runs at the same point).

trust · « **Reply #4 on:** March 06, 2007, 09:02:43 pm »

Quote from: HdxBmx27 on February 24, 2007, 10:34:16 pm

[Joe Edit: Split from *me*]

Just a note:
Lockdown is completely possible to do in Java
But its not working yet.
~Hdx

I'm pretty sure I wrote a lockdown plugin for JavaOp v1 if you can find it.

Joe · « **Reply #5 on:** March 06, 2007, 09:20:40 pm »

I'm almost positive you're confused.

The only ones who have gotten lockdown working are Yoni and/or Skywing, or those who have done so and kept it private. But if you did, "flippin' awesome!".

rabbit · « **Reply #6 on:** March 06, 2007, 09:51:54 pm »

Quote from: OG Trust on March 06, 2007, 09:02:43 pm

Quote from: HdxBmx27 on February 24, 2007, 10:34:16 pm
[Joe Edit: Split from *me*]

Just a note:
Lockdown is completely possible to do in Java
But its not working yet.
~Hdx

I'm pretty sure I wrote a lockdown plugin for JavaOp v1 if you can find it.

Lockdown is a new type of checkrevision created by Battle.net which hashes various parts of memory, and does some other things. Not channel lockdown, which is retarded.

abc · « **Reply #7 on:** March 06, 2007, 09:58:27 pm »

** & warz

Joe · « **Reply #8 on:** March 06, 2007, 10:09:01 pm »

Nope. warz never finished.

trust · « **Reply #9 on:** March 06, 2007, 10:25:46 pm »

Quote from: rabbit on March 06, 2007, 09:51:54 pm

Quote from: OG Trust on March 06, 2007, 09:02:43 pm
Quote from: HdxBmx27 on February 24, 2007, 10:34:16 pm
[Joe Edit: Split from *me*]

Just a note:
Lockdown is completely possible to do in Java
But its not working yet.
~Hdx

I'm pretty sure I wrote a lockdown plugin for JavaOp v1 if you can find it.
Lockdown is a new type of checkrevision created by Battle.net which hashes various parts of memory, and does some other things. Not channel lockdown, which is retarded.

oh sorry, yeah I was talking about channel lockdown.

Furious · « **Reply #10 on:** March 07, 2007, 07:31:37 am »

Quote from: OG Trust on March 06, 2007, 10:25:46 pm

Quote from: rabbit on March 06, 2007, 09:51:54 pm
Quote from: OG Trust on March 06, 2007, 09:02:43 pm
Quote from: HdxBmx27 on February 24, 2007, 10:34:16 pm
[Joe Edit: Split from *me*]

Just a note:
Lockdown is completely possible to do in Java
But its not working yet.
~Hdx

I'm pretty sure I wrote a lockdown plugin for JavaOp v1 if you can find it.
Lockdown is a new type of checkrevision created by Battle.net which hashes various parts of memory, and does some other things. Not channel lockdown, which is retarded.

oh sorry, yeah I was talking about channel lockdown.

Lol

Joe · « **Reply #11 on:** March 07, 2007, 11:04:28 am »

Quote from: Furious on March 07, 2007, 07:31:37 am

Quote from: OG Trust on March 06, 2007, 10:25:46 pm
Quote from: rabbit on March 06, 2007, 09:51:54 pm
Quote from: OG Trust on March 06, 2007, 09:02:43 pm
Quote from: HdxBmx27 on February 24, 2007, 10:34:16 pm
[Joe Edit: Split from *me*]

Just a note:
Lockdown is completely possible to do in Java
But its not working yet.
~Hdx

I'm pretty sure I wrote a lockdown plugin for JavaOp v1 if you can find it.
Lockdown is a new type of checkrevision created by Battle.net which hashes various parts of memory, and does some other things. Not channel lockdown, which is retarded.

oh sorry, yeah I was talking about channel lockdown.

Lol

What a waste of like a kilobit of bandwidth for me.

Furious · « **Reply #12 on:** March 07, 2007, 11:05:39 am »

Quote from: Joe[x86] on March 07, 2007, 11:04:28 am

Quote from: Furious on March 07, 2007, 07:31:37 am
Quote from: OG Trust on March 06, 2007, 10:25:46 pm
Quote from: rabbit on March 06, 2007, 09:51:54 pm
Quote from: OG Trust on March 06, 2007, 09:02:43 pm
Quote from: HdxBmx27 on February 24, 2007, 10:34:16 pm
[Joe Edit: Split from *me*]

Just a note:
Lockdown is completely possible to do in Java
But its not working yet.
~Hdx

I'm pretty sure I wrote a lockdown plugin for JavaOp v1 if you can find it.
Lockdown is a new type of checkrevision created by Battle.net which hashes various parts of memory, and does some other things. Not channel lockdown, which is retarded.

oh sorry, yeah I was talking about channel lockdown.

Lol

What a waste of like a kilobit of bandwidth for me.

That's what I say when I read half of your topics. *shrug*

Joe · « **Reply #13 on:** March 07, 2007, 11:14:10 am »

*shrug*

Note that this is Hdx's topic.

K20A2 · « **Reply #14 on:** March 10, 2007, 03:18:40 am »

Quote from: Joe[x86] on March 02, 2007, 04:35:00 pm

Quote from: HdxBmx27 on February 24, 2007, 10:34:16 pm
Just a note:
Lockdown is completely possible to do in Java
But its not working yet.
~Hdx

Dumping StarCraft's RAM image to a file is cheating, results in massive "hash files", and will be broken as soon as someone implements it and Blizzard changes lockdown to hash the location it loaded itself into memory as well.

Just sayin'.

Dumping the "RAM image" is rather useless. You just need to hash the three versioncheck files using a generated key from the server as well as a hash calculated off of the game's DirectX video buffer.

The whole idea behind lockdown isn't that complicated. The only hack it checks for is pplug114.bwl (by trying to get the base address of it), but then again if you have a hack loaded, it probably modified the game's memory which is put through hash (not the actual files on disk, once again, it gets the base address of the files loaded). Just finding exactly what it hashes is the hard part.

It is easier to write your own implementation than to write a workaround for loading Blizzard's version

Joe · « **Reply #15 on:** April 11, 2007, 04:38:37 pm »

Hm, if you replaced CreateFile, DeleteFile, etc, with stubs, couldn't you actually make your own lockdown DLL's that didn't check for the hacks?

iago · « **Reply #16 on:** April 11, 2007, 05:14:59 pm »

Quote from: Joe[x86/64] on April 11, 2007, 04:38:37 pm

Hm, if you replaced CreateFile, DeleteFile, etc, with stubs, couldn't you actually make your own lockdown DLL's that didn't check for the hacks?

Assuming that the DLL does a checksum on memory (which I'm pretty sure it does), you'd have to fake the checksum, which would be identical to re-implementing it.

Joe · « **Reply #17 on:** April 11, 2007, 07:05:33 pm »

Right, but you could force StarCraft to use your DLL instead of the one from BNFTP, which does check for hacks, right?

iago · « **Reply #18 on:** April 11, 2007, 07:22:24 pm »

The one from Battle.net checks for exactly one hack.

The easier thing to do if you want to hack is to load your memory patches after the CheckRevision .dll is unloaded. You can hook LoadLibraryA() and FreeLibrary() safely, because Battle.net's .dll can't check those (kernel32.dll can't be guaranteed to have a consistent checksum).

Better yet, apply patches after the ExtraWork .dll has been unloaded. Then you're even safer.

warz · « **Reply #19 on:** April 12, 2007, 02:30:08 pm »

Quote from: iago on April 11, 2007, 07:22:24 pm

The one from Battle.net checks for exactly one hack.

Saying that is misleading. Checkrevision only checks for one hack's file name. Since most hacks deal with modifying memory, and the new Checkrevision routines check for that, I'd say it checks for a whole realm of hacks.

iago · « **Reply #20 on:** April 12, 2007, 02:57:09 pm »

Quote from: warz on April 12, 2007, 02:30:08 pm

Quote from: iago on April 11, 2007, 07:22:24 pm
The one from Battle.net checks for exactly one hack.

Saying that is misleading. Checkrevision only checks for one hack's file name. Since most hacks deal with modifying memory, and the new Checkrevision routines check for that, I'd say it checks for a whole realm of hacks.

I explained that in the previous post. But Joe is talking about checking for specific .dll's.

Joe · « **Reply #21 on:** April 12, 2007, 05:25:26 pm »

No, I'm saying that we could write a DLL that has the same functionality as the BnFtp DLL's, but doesn't check for hacks. By patching StarCraft's CreateFile and DeleteFile, we can stick our own DLL in the folder and StarCraft *should* run it instead.

iago · « **Reply #22 on:** April 12, 2007, 07:21:01 pm »

Quote from: Joe[x86/64] on April 12, 2007, 05:25:26 pm

No, I'm saying that we could write a DLL that has the same functionality as the BnFtp DLL's, but doesn't check for hacks. By patching StarCraft's CreateFile and DeleteFile, we can stick our own DLL in the folder and StarCraft *should* run it instead.

Have you read my posts? The new CheckRevision does a checksum on your *memory*! The trick is to re-implement the checksum, which isn't an easy job.

The alternative, as I said, is to load hacks *after* the CheckRevision function runs. It's a whole lot easier than the alternatives.

News:

Author Topic: Lockdown (Read 12049 times)

trust

trust