Xemectrum

Nerrazzuri wrote:

guyz92 wrote:Get ready for a Hackshield update sooner or later.

Wundows 7 SP1 will be out to the public in a few days time, to prevent compatibly issue, Asiasoft will have no choice to update their Hackshield to the latest Rev which support Windows 7 SP1.

So just about time this bypass would be gone.

Frankly speaking, I don't think Hackshield CRC will be patch. Hackshield always has problem with Vista and 7, Windows upgrade will not affect Hackshield and I believe Hackshield wouldn't put much effort in it only for Maplestory.

Also hooking these APIs not only disable CRC check, but also disable detection of hacking tools, as long as people don't abuse it, Maplestory will not bother to patch them.

guyz92 wrote:

Nerrazzuri wrote:

guyz92 wrote:Get ready for a Hackshield update sooner or later.

Wundows 7 SP1 will be out to the public in a few days time, to prevent compatibly issue, Asiasoft will have no choice to update their Hackshield to the latest Rev which support Windows 7 SP1.

So just about time this bypass would be gone.

Frankly speaking, I don't think Hackshield CRC will be patch. Hackshield always has problem with Vista and 7, Windows upgrade will not affect Hackshield and I believe Hackshield wouldn't put much effort in it only for Maplestory.

Also hooking these APIs not only disable CRC check, but also disable detection of hacking tools, as long as people don't abuse it, Maplestory will not bother to patch them.

I have friend who upgrade to Windows 7 SP1 RC then got HAD problem while they are not hacking.

Link back to what happen to AuditionSEA which is using HSHEILD all the time.
When Windows Vista RTM to WIndows Vista SP1 time, there is a problem which makes the whole Audition stuck and it wont run. While Korea Audition at that time using xTrap wasn't affected.

Raiden wrote:Picture shows a million words.

NotWorking01.png

Edit: Now it works for me, BUT CRC scripts and debuggers WON`T work. The MSCRC won`t work AT ALL. Sigh~
The bad side of the bypass: I can only use softkeyboard to login. Keyboard is locked on login page and 2nd password enter page.
MSCRC: (CE Auto-Assemble code)

Code: Select all

//MSCRC Bypass
//This script is dynamic, no nid update except if AoB changed.
//Original by Nimo
[Enable]
//MS CRC Bypass 
//CE Assembly Script by nimo1993.
//If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked.
Alloc(CRCBypass,512)
Alloc(FakeDump,8376320)
Label(MSCRCBypass)
Label(Normal)
Label(MSmemcpy)
Label(SearchAOB)
Label(StartHook)
Label(Title)
Label(FailureMsg)
Label(SuccessMsg)
Label(BackToMSCRC)
RegisterSymbol(MSCRCBypass)
RegisterSymbol(FakeDump)

CreateThread(MSmemcpy)

CRCBypass:
MSCRCBypass:
push eax
lea eax, [ecx]
cmp eax, 00401000
jb Normal
cmp eax, 00D00000
ja Normal
push ebx
mov ebx, FakeDump
sub eax, 00401000
add eax, ebx
movzx ecx, byte ptr [eax]
pop ebx
pop eax
jmp Normal+04

Normal:
pop eax
movzx ecx, byte ptr [ecx]
mov edx, [ebp+14]
jmp [BackToMSCRC]



MSmemcpy:
//Copy Memory
mov edi, FakeDump
mov esi, 00401000
mov ecx, 001FF400
repe movsd

mov eax, 00401000
SearchAOB:
cmp [eax], 8B09B60F
je StartHook
inc eax
cmp eax, 00D00000
jle SearchAOB
push 10 //MB_ICONERROR
push Title
push FailureMsg
push 00
call MessageBoxA
ret
StartHook:
lea ebx, [eax+05] //The Target Address - The Next Address
sub ebx, MSCRCBypass
neg ebx
mov byte ptr [eax], e9 //jmp
mov [eax+01], ebx //Target AOB
mov byte ptr [eax+05], 90 //nop
add eax, 6
mov [BackToMSCRC], eax //Return to the address+6
push 40 //MB_ICONINFORMATION
push Title
push SuccessMsg
push 00
call MessageBoxA
ret

Title:
db 'MS-CRC-Bypass' 00
FailureMsg:
db Anti-MS-CRC-Check Fail!' 00
SuccessMsg:
db 'Anti-MS-CRC-Check Init Successfully!' 00
BackToMSCRC:
dd 0
[Disable] 

fireboylolz wrote:

Raiden wrote:Picture shows a million words.

NotWorking01.png

Edit: Now it works for me, BUT CRC scripts and debuggers WON`T work. The MSCRC won`t work AT ALL. Sigh~
The bad side of the bypass: I can only use softkeyboard to login. Keyboard is locked on login page and 2nd password enter page.
MSCRC: (CE Auto-Assemble code)

Code: Select all

//MSCRC Bypass
//This script is dynamic, no nid update except if AoB changed.
//Original by Nimo
[Enable]
//MS CRC Bypass 
//CE Assembly Script by nimo1993.
//If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked.
Alloc(CRCBypass,512)
Alloc(FakeDump,8376320)
Label(MSCRCBypass)
Label(Normal)
Label(MSmemcpy)
Label(SearchAOB)
Label(StartHook)
Label(Title)
Label(FailureMsg)
Label(SuccessMsg)
Label(BackToMSCRC)
RegisterSymbol(MSCRCBypass)
RegisterSymbol(FakeDump)

CreateThread(MSmemcpy)

CRCBypass:
MSCRCBypass:
push eax
lea eax, [ecx]
cmp eax, 00401000
jb Normal
cmp eax, 00D00000
ja Normal
push ebx
mov ebx, FakeDump
sub eax, 00401000
add eax, ebx
movzx ecx, byte ptr [eax]
pop ebx
pop eax
jmp Normal+04

Normal:
pop eax
movzx ecx, byte ptr [ecx]
mov edx, [ebp+14]
jmp [BackToMSCRC]



MSmemcpy:
//Copy Memory
mov edi, FakeDump
mov esi, 00401000
mov ecx, 001FF400
repe movsd

mov eax, 00401000
SearchAOB:
cmp [eax], 8B09B60F
je StartHook
inc eax
cmp eax, 00D00000
jle SearchAOB
push 10 //MB_ICONERROR
push Title
push FailureMsg
push 00
call MessageBoxA
ret
StartHook:
lea ebx, [eax+05] //The Target Address - The Next Address
sub ebx, MSCRCBypass
neg ebx
mov byte ptr [eax], e9 //jmp
mov [eax+01], ebx //Target AOB
mov byte ptr [eax+05], 90 //nop
add eax, 6
mov [BackToMSCRC], eax //Return to the address+6
push 40 //MB_ICONINFORMATION
push Title
push SuccessMsg
push 00
call MessageBoxA
ret

Title:
db 'MS-CRC-Bypass' 00
FailureMsg:
db Anti-MS-CRC-Check Fail!' 00
SuccessMsg:
db 'Anti-MS-CRC-Check Init Successfully!' 00
BackToMSCRC:
dd 0
[Disable] 

Anyone mind teaching me how to use MSCRC?I keep getting DC-ed at login page.

maplemaple wrote:Goodbye bypass T.T