VAC Wave - 10/11/16

This is a discussion on VAC Wave - 10/11/16 within the Counter-Strike: Hack Chat board part of the Counter-Strike Forum category; lol na i dont think so lol i play now 1 year without a VAC i survived all waves and ...

Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 55
  1. #11
    BlackWolfSante's Avatar
    BlackWolfSante is offline Advanced Hacker

    Array
    Join Date
    Feb 2016
    Location
    Germany
    Posts
    250
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    4
    Reputation
    57
    lol na i dont think so lol i play now 1 year without a VAC i survived all waves and it will stay like this.

  2. #12
    disav0w is offline Guru
    Array
    Join Date
    Feb 2016
    Posts
    82
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    4
    Reputation
    57
    Quote Originally Posted by BlackWolfSante View Post
    lol na i dont think so lol i play now 1 year without a VAC i survived all waves and it will stay like this.
    it's vac afterall
    things have actually changed, if before staying ud here for long time was an archievement, the archievement now is get the cheat detected
    the real sad things are cheats having code running at kernel level and still getting detected by an anticheat entirely in usermode

    i feel bad for aimware, wondering why do they even load a driver

  3. #13
    LordTristan's Avatar
    LordTristan is offline Premium Member

    Array
    Join Date
    Dec 2013
    Location
    United States
    Posts
    1,070
    Mentioned
    24 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    8
    Reputation
    436
    Quote Originally Posted by disav0w View Post
    it's vac afterall
    things have actually changed, if before staying ud here for long time was an archievement, the archievement now is get the cheat detected
    the real sad things are cheats having code running at kernel level and still getting detected by an anticheat entirely in usermode

    i feel bad for aimware, wondering why do they even load a driver
    They don't, last time I did an analysis of them they didn't have a kernel driver so if they're still advertising that they do then they're lying. With that being said, most of these cheats that use kernel drivers only use them as a tool to manual map their module, the driver provides no additional protection at all and they're as about as secure as they would be if they had no driver at all.

    Literally almost every cheat with a driver I have looked at just leaves blatant file system traces that scream "It's me <CHEAT NAME> and I've been loaded really recently! Please VAC detect me!". AimJunkies and PlatinumCheats leave lingering service entries, Interwebz leaves lingering device entries, PerfectAim leaves lingering Event Log entries and USN entries, the list goes on.
    Last edited by LordTristan; 10-12-2016 at 09:37 PM.

  4. The Following 2 Users Say Thank You to LordTristan For This Useful Post:


  5. #14
    interwebzCC is offline Advanced Hacker

    Array
    Join Date
    Mar 2015
    Posts
    438
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    5
    Reputation
    108
    Quote Originally Posted by LordTristan View Post
    They don't, last time I did an analysis of them they didn't have a kernel driver so if they're still advertising that they do then they're lying. With that being said, most of these cheats that use kernel drivers only use them as a tool to manual map their module, the driver provides no additional protection at all and they're as about as secure as they would be if they had no driver at all.

    Literally almost every cheat with a driver I have looked at just leaves blatant file system traces that scream "It's me <CHEAT NAME> and I've been loaded really recently! Please VAC detect me!". AimJunkies and PlatinumCheats leave lingering service entries, Interwebz leaves lingering device entries, PerfectAim leaves lingering Event Log entries and USN entries, the list goes on.
    Could you tell me more about interwebz? it is really interesting that you know things about us we don't

    we delete symbolic link, device and driver object and maybe you should reanalyse it
    Last edited by interwebzCC; 10-12-2016 at 09:42 PM.

  6. The Following User Says Thank You to interwebzCC For This Useful Post:


  7. #15
    LordTristan's Avatar
    LordTristan is offline Premium Member

    Array
    Join Date
    Dec 2013
    Location
    United States
    Posts
    1,070
    Mentioned
    24 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    8
    Reputation
    436
    Quote Originally Posted by interwebzCC View Post
    Could you tell me more about interwebz? it is really interesting that you know things about us we don't

    we delete symbolic link, device and driver object and maybe you should reanalyse it
    Last time I looked at your cheat you left your driver running, it had a static image size and a predictable naming scheme and a trivial call to NtQuerySystemInformation would be all it would take, that is ignoring the fact that your module was visible in memory and only 60-75% unique on average, nowhere near unique enough to avoid a byte signature. This was before the VT-X update and before you got VAC detected after a year of being undetected, I haven't poked around in Interwebz since.
    Last edited by LordTristan; 10-12-2016 at 09:47 PM.

  8. The Following User Says Thank You to LordTristan For This Useful Post:


  9. #16
    interwebzCC is offline Advanced Hacker

    Array
    Join Date
    Mar 2015
    Posts
    438
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    5
    Reputation
    108
    Quote Originally Posted by LordTristan View Post
    Last time I looked at your cheat you left your driver running, it had a static image size and a predictable naming scheme and a trivial call to NtQuerySystemInformation would be all it would take, that is ignoring the fact that your module was visible in memory and only 60-75% unique on average, nowhere near unique enough to avoid a byte signature. This was before the VT-X update.
    After 3rd august everything you mentioned was fixed already

  10. #17
    LordTristan's Avatar
    LordTristan is offline Premium Member

    Array
    Join Date
    Dec 2013
    Location
    United States
    Posts
    1,070
    Mentioned
    24 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    8
    Reputation
    436
    Quote Originally Posted by interwebzCC View Post
    After 3rd august everything you mentioned was fixed already
    Yeah, pretty sure I was poking around in Interwebz CS:GO cheat before August and then another time much earlier this year.

  11. #18
    interwebzCC is offline Advanced Hacker

    Array
    Join Date
    Mar 2015
    Posts
    438
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    5
    Reputation
    108
    Quote Originally Posted by LordTristan View Post
    Yeah, pretty sure I was poking around in Interwebz CS:GO cheat before August and then another time much earlier this year.
    actually we have been deleting device, symbolic link and driver object since when we got rid of the middleman process, which i cant even recall how long ago it was, and also our driver is never loaded through any nt api or service manager, its mapped into system space

  12. #19
    powmeow is offline Wannabe Member
    Array
    Join Date
    Apr 2015
    Posts
    19
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    5
    Reputation
    1
    :popcorn:
    i dont know what it means, but it sure sounds fancy

  13. #20
    LordTristan's Avatar
    LordTristan is offline Premium Member

    Array
    Join Date
    Dec 2013
    Location
    United States
    Posts
    1,070
    Mentioned
    24 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    8
    Reputation
    436
    Quote Originally Posted by interwebzCC View Post
    actually we have been deleting device, symbolic link and driver object since when we got rid of the middleman process, which i cant even recall how long ago it was, and also our driver is never loaded through any nt api or service manager, its mapped into system space
    I last looked at your cheat around late August and the things I mentioned still existed, they existed around the start of 2016 as well if I recall.

Page 2 of 6 FirstFirst 1234 ... LastLast

Similar Threads

  1. Vac wave
    By Nevur in forum Counter-Strike: Hack Chat
    Replies: 10
    Last Post: 07-31-2016, 07:30 PM
  2. Vac Wave
    By xxfbtmof in forum Counter-Strike: Global Offensive Hacks
    Replies: 5
    Last Post: 04-30-2016, 03:53 AM
  3. New VAC wave?
    By Protossop in forum Counter-Strike: Hack Chat
    Replies: 24
    Last Post: 11-01-2015, 02:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •