Post: [1.13+] Anti Ban Addresses
Options
06-03-2014, 07:20 PM
#1
Notorious
Caprisuns Is Back
Today I share with you the anti ban addresses for 1.13, I also made an IDC Script to update them for all updates above 1.13 !
Here are the addresses for 1.13:
0x006FD047
0x006FD04B
0x006FD04F
0x006FC33F
0x006FBF5B
Set them to 00 or just go to the bottom of function and nop it at the branch.
Here is the IDC Script to update the addresses:
#include <idc.idc>
static searchBinary(name, binary, offset, length)
{
auto currentAddress, lastAddress;
for(currentAddress=0; currentAddress != BADADDR; currentAddress=currentAddress+4)
{
currentAddress = FindBinary(currentAddress, SEARCH_DOWN, binary);
if(currentAddress == BADADDR)
{
Message("%s not found!\n", name);
break;
}
currentAddress = currentAddress - offset;
MakeUnknown(currentAddress, length, 0);
MakeCode(currentAddress);
MakeFunction(currentAddress, currentAddress + length);
if(MakeNameEx(currentAddress, name, SN_NOCHECK|SN_NOWARN) != 1)
MakeNameEx(currentAddress, name, 0);
Message("\t%s offset: 0x%08X\n", name, currentAddress);
break;
}
}
static findDemonware()
{
searchBinary("DemonWare1", "7C 66 A9 2D 40 82 FF F0 30 61 00 70 38 80 00 32", 0x329, 0x1B
;
searchBinary("Demonware2", "7C 9C A9 2D 40 82 FF F0 2C 03 00 00 40 82 00 24", 0x3F9, 0x1B;
searchBinary("DemonWare3", "4E 9E 04 21 80 A1 00 B0 2C 05 00 00 90 BB 1F AC", 0x591, 0x1B;
searchBinary("DemonWare4", "A3 81 00 94 93 DD 00 00 93 9D 00 04 2C 1C 00 00", 0x3F9, 0x1B;
searchBinary("Demonware5", "57 DB E9 7E 30 D8 00 02 78 A5 D1 46 7B 67 2E A4", 0xFFFFFFFFFFD828E9, 0x1B;
}
static main()
{
Message("Antiban Finder Script by: Notorious\n");
findDemonware();
return 0;
}
Credits:
Notorious
Bitwise - IDC Generator
Godly
The following 12 users say thank you to Notorious for this useful post:
The following user thanked Notorious for this useful post:
06-03-2014, 07:48 PM
#6
br0wniiez
Yung Chico
Originally posted by Prime
dude... get your facts straight.. it says i made this thread at 7:20, you edited urs at 7:40... so just stop now.
Or nah x10293049201 lol.. I don't mind, you know it's only call of duty lmao
You must login or register to view this content.
You must login or register to view this content.
06-03-2014, 08:29 PM
#8
d4n1ls0n
Brute
Originally posted by Prime
Hello NGU,
Today I share with you the anti ban addresses for 1.13, I also made an IDC Script to update them for all updates above 1.13 !
Here are the addresses for 1.13:
Set them to 00 or just go to the bottom of function and nop it at the branch.
Here is the IDC Script to update the addresses:
Credits:
Today I share with you the anti ban addresses for 1.13, I also made an IDC Script to update them for all updates above 1.13 !
Here are the addresses for 1.13:
0x006FD047
0x006FD04B
0x006FD04F
0x006FC33F
0x006FBF5B
Set them to 00 or just go to the bottom of function and nop it at the branch.
Here is the IDC Script to update the addresses:
#include <idc.idc>
static searchBinary(name, binary, offset, length)
{
auto currentAddress, lastAddress;
for(currentAddress=0; currentAddress != BADADDR; currentAddress=currentAddress+4)
{
currentAddress = FindBinary(currentAddress, SEARCH_DOWN, binary);
if(currentAddress == BADADDR)
{
Message("%s not found!\n", name);
break;
}
currentAddress = currentAddress - offset;
MakeUnknown(currentAddress, length, 0);
MakeCode(currentAddress);
MakeFunction(currentAddress, currentAddress + length);
if(MakeNameEx(currentAddress, name, SN_NOCHECK|SN_NOWARN) != 1)
MakeNameEx(currentAddress, name, 0);
Message("\t%s offset: 0x%08X\n", name, currentAddress);
break;
}
}
static findDemonware()
{
searchBinary("DemonWare1", "7C 66 A9 2D 40 82 FF F0 30 61 00 70 38 80 00 32", 0x329, 0x1B;
searchBinary("Demonware2", "7C 9C A9 2D 40 82 FF F0 2C 03 00 00 40 82 00 24", 0x3F9, 0x1B;
searchBinary("DemonWare3", "4E 9E 04 21 80 A1 00 B0 2C 05 00 00 90 BB 1F AC", 0x591, 0x1B;
searchBinary("DemonWare4", "A3 81 00 94 93 DD 00 00 93 9D 00 04 2C 1C 00 00", 0x3F9, 0x1B;
searchBinary("Demonware5", "57 DB E9 7E 30 D8 00 02 78 A5 D1 46 7B 67 2E A4", 0xFFFFFFFFFFD828E9, 0x1B;
}
static main()
{
Message("Antiban Finder Script by: Notorious\n");
findDemonware();
return 0;
}
Credits:
Notorious
Bitwise - IDC Generator
Godly
0x6FBFCB = 0x00
0x6FC33F = 0x00
0x6FD047 = 0x00
0x6FD04B = 0x00
0x6FD04F= 0x00
This is the offset found by Imsoocool but...
There is a different one offset in your list, Prime Notorious.
0x6FBFCB OR 0x006FBF5B Which one is correct??
06-03-2014, 08:41 PM
#9
Bitwise
Mario!
The length isn't actually needed 
static LabelFunction(name,binary,functionname)
{
for(function=0;function != BADADDR;function = function + 0x04)
{
function = FindBinary(function,SEARCH_DOWN,binary);
Message(".:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.\n\nTrying to find function %s with binary ['%s']...\n", name, binary);
Sleep(250);
if(function == BADADDR)
{
Warning("%s could not be found in memory (%08X)\n", name, BADADDR);
break;
}
else
{
auto math = GetFunctionAttr(function, FUNCATTR_START);
MakeUnknown(math, GetFunctionAttr(math, FUNCATTR_END), 0x00);
SetStatus(1);
MakeCode(math);
MakeFunction(math, GetFunctionAttr(math, FUNCATTR_END));
MakeNameEx(math, name, 0x00);
SetStatus(0);
if(GetCharPrm(INF_COMPILER) != COMP_MS)
{
SetCharPrm(INF_COMPILER, COMP_MS);
}
SetType(math, sprintf("%s;", functionname));
Jump(math);
SetStatus(1);
Message("%s found in memory (%08X)\nDeclariation:\n\t%s\n\n\n", name, math, GetType(math));
SetStatus(0);
Message("Function flag: %i\n", GetFunctionFlags(math+4));
break;
}
}
}
06-03-2014, 08:43 PM
#10
Notorious
Caprisuns Is Back
Originally posted by B1TW153
The length isn't actually needed
static LabelFunction(name,binary,functionname)
{
for(function=0;function != BADADDR;function = function + 0x04)
{
function = FindBinary(function,SEARCH_DOWN,binary);
Message(".:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@::.\n\nTrying to find function %s with binary ['%s']...\n", name, binary);
Sleep(250);
if(function == BADADDR)
{
Warning("%s could not be found in memory (%08X)\n", name, BADADDR);
break;
}
else
{
auto math = GetFunctionAttr(function, FUNCATTR_START);
MakeUnknown(math, GetFunctionAttr(math, FUNCATTR_END), 0x00);
SetStatus(1);
MakeCode(math);
MakeFunction(math, GetFunctionAttr(math, FUNCATTR_END));
MakeNameEx(math, name, 0x00);
SetStatus(0);
if(GetCharPrm(INF_COMPILER) != COMP_MS)
{
SetCharPrm(INF_COMPILER, COMP_MS);
}
SetType(math, sprintf("%s;", functionname));
Jump(math);
SetStatus(1);
Message("%s found in memory (%08X)\nDeclariation:\n\t%s\n\n\n", name, math, GetType(math));
SetStatus(0);
Message("Function flag: %i\n", GetFunctionFlags(math+4));
break;
}
}
}
Oh ok thanks man :p
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
