Far Cry 5 [Engine:Dunia Engine 2]

Upload your cheat tables here (No requests)
Post Reply
User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 1504
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 223

Far Cry 5 [Engine:Dunia Engine 2]

Post by SunBeam » Wed Mar 28, 2018 6:46 pm

[ 05.05.2018 - Update #4]

Updated the DLL once more for the latest game version. Find it in attach below (last ZIP from the right). Usage instructions are in the 4th spoiler below ;)


[ 11.04.2018 - Update #3]

Updated the DLL to dynamically find the patch spots by AOBs now.

Extra: -> No Intro Fix <- (gir489 started posting some info, I picked-it up from there).

Download EasyAntiCheat_x64_20180411.zip from below :)



[ 5.04.2018 - Update #2]

Since I had auto-updates enabled in UPlay client, game silently did it for me. Below's the updated DLL; you know where to place it.

EasyAntiCheat_x64.zip
(42.99 KiB) Downloaded 6601 times
SpoilerShow
[ 30.03.2018 - Information Update #3]

It has been brought to my attention CH now has a working trainer; let's see how far their legality goes.

According to Ubisoft's EULA, found here, paragraph 1.2 (ii, iii, iv):
(ii) reverse engineer, decompile, disassemble, adapt, reproduce, or create derivate works of this Product (except if the Product enable You through a specific feature to create, generate or submit User Generated Content and for which You will need to create an Account and comply Terms of Use), in whole or in part; (iii) create, use and/or distribute “auto”, “trainer”, “script” or “macro” computer programs or other “cheat” or “hack” programs or software applications for this Product (whether in an online multiplayer game or in a single player game over the internet or in local area network); (iv) remove, alter, disable or circumvent any copyright and trademark indications [...]
By these simple statements:
  • decompile, disassemble: you shall not debug the game to learn how to circumvent or alter its normal flow (that's reverse-engineering; it's the only way to learn how to do things like bypassing the link between game and protection)
  • trainer, script, macro: self-explanatory, right?
  • single player, multiplayer: therefore CH's stunt that you're OK if you use their trainer in a single player game is pure bullcrap
CH (and anyone performing the above) is committing an illegality and can easily be sued by Ubisoft. I'm thinking this post will be a very interesting read to everyone out there :)

Let's see how CH's bypass works :) Considering the amount of information flaunted around and the fact that you can easily modify game files (FarCry5.exe, FC_m64.dll, etc.) led to exactly my assumption. CheatHappens is using the same method of patching game files to avoid/circumvent EAC initialization. What they don't tell their beloved users is this too is illegal (see above explanations).

Details: the difference between what I did and what they (Caliber) do is the modifications come from their spawned trainer process, generically called ~CheatHappensTrainer<id>.tmp.

1) Trainer queries registry for game installed path. If it can't find it, it won't run. People often install games to various locations on disk OR copy them manually to some other places. Game still runs, but the registry indicator points to a non-existing location now. Hence the several complaints CH users have made that the trainer doesn't work.

2) Once found, it will run the FarCry5.exe process in suspended mode. Performs various permission checks, copying files to C:\Users\<name>\Cheathappens\Work folder and attempting injections mapped via WriteProcessMemory. Routine check-ups.

Code: Select all

00007FF98846E490 | 4C 8B DC                               | MOV R11,RSP                                 |
00007FF98846E493 | 48 83 EC 58                            | SUB RSP,58                                  |
00007FF98846E497 | 48 8B 84 24 A8 00 00 00                | MOV RAX,QWORD PTR SS:[RSP+A8]               |
00007FF98846E49F | 49 89 43 F0                            | MOV QWORD PTR DS:[R11-10],RAX               |
00007FF98846E4A3 | 48 8B 84 24 A0 00 00 00                | MOV RAX,QWORD PTR SS:[RSP+A0]               |
00007FF98846E4AB | 49 89 43 E8                            | MOV QWORD PTR DS:[R11-18],RAX               |
00007FF98846E4AF | 48 8B 84 24 98 00 00 00                | MOV RAX,QWORD PTR SS:[RSP+98]               |
00007FF98846E4B7 | 49 89 43 E0                            | MOV QWORD PTR DS:[R11-20],RAX               |
00007FF98846E4BB | 48 8B 84 24 90 00 00 00                | MOV RAX,QWORD PTR SS:[RSP+90]               |
00007FF98846E4C3 | 49 89 43 D8                            | MOV QWORD PTR DS:[R11-28],RAX               |
00007FF98846E4C7 | 8B 84 24 88 00 00 00                   | MOV EAX,DWORD PTR SS:[RSP+88]               |
00007FF98846E4CE | 89 44 24 28                            | MOV DWORD PTR SS:[RSP+28],EAX               |
00007FF98846E4D2 | 8B 84 24 80 00 00 00                   | MOV EAX,DWORD PTR SS:[RSP+80]               |
00007FF98846E4D9 | 89 44 24 20                            | MOV DWORD PTR SS:[RSP+20],EAX               |
00007FF98846E4DD | FF 15 65 6E 06 00                      | CALL QWORD PTR DS:[<&CreateProcessW>]       |
00007FF98846E4E3 | 48 83 C4 58                            | ADD RSP,58                                  |
00007FF98846E4E7 | C3                                     | RET                                         |

1: rcx 000000000FE10A00 L"G:\\Ubisoft\\Games\\Far Cry 5\\bin\\FarCry5.exe"
2: rdx 000000000FE88290 L"\"G:\\Ubisoft\\Games\\Far Cry 5\\bin\\FarCry5.exe\" "
3: r8 0000000000000000 
4: r9 0000000000000000 
5: [rsp+28] 0000000000000000
3) Once all of the above return a green light, OpenProcess is used to obtain a handle to the started/suspended process:

Code: Select all

0000000140017148 | C7 05 AF 8E 0E 00 9F 0D 00 00          | MOV DWORD PTR DS:[140100001],D9F                                  |
0000000140017152 | 48 C7 05 BB 59 13 00 00 00 00 00       | MOV QWORD PTR DS:[14014CB18],0                                    |
000000014001715D | C7 05 9A 8E 0E 00 A1 0D 00 00          | MOV DWORD PTR DS:[140100001],DA1                                  |
0000000140017167 | 48 8B 0D 8A 54 13 00                   | MOV RCX,QWORD PTR DS:[14014C5F8]                                  | 14014C5F8:&L"FarCry5.exe"
000000014001716E | E8 8D 14 01 00                         | CALL ~cheathappenstrainer5542.140028600                           |
0000000140017173 | 48 89 05 9E 59 13 00                   | MOV QWORD PTR DS:[14014CB18],RAX                                  |
000000014001717A | C7 05 7D 8E 0E 00 A3 0D 00 00          | MOV DWORD PTR DS:[140100001],DA3                                  |
0000000140017184 | 4C 8B 05 8D 59 13 00                   | MOV R8,QWORD PTR DS:[14014CB18]                                   |
000000014001718B | 48 8B 15 9E 5C 13 00                   | MOV RDX,QWORD PTR DS:[14014CE30]                                  |
0000000140017192 | 48 B9 FF 0F 1F 00 00 00 00 00          | MOVABS RCX,1F0FFF                                                 |
000000014001719C | E8 77 2E 01 00                         | CALL <~cheathappenstrainer5542.OpenProcess>                       |
00000001400171A1 | 48 89 05 38 56 13 00                   | MOV QWORD PTR DS:[14014C7E0],RAX                                  |
00000001400171A8 | C7 05 4F 8E 0E 00 A7 0D 00 00          | MOV DWORD PTR DS:[140100001],DA7                                  |
4) In order to find the FC_m64.dll inside the started process (cuz it will load all its dependencies, including this DLL), a Createtoolhelp32Snapshot loop is used + Module32First/Module32Next APIs:

Code: Select all

0000000140027790 | 48 89 4C 24 08                         | MOV QWORD PTR SS:[RSP+8],RCX                                      |
0000000140027795 | 48 89 54 24 10                         | MOV QWORD PTR SS:[RSP+10],RDX                                     |
000000014002779A | 55                                     | PUSH RBP                                                          |
000000014002779B | 48 C7 C0 8B 00 00 00                   | MOV RAX,8B                                                        |
00000001400277A2 | 48 83 EC 08                            | SUB RSP,8                                                         |
00000001400277A6 | 48 C7 04 24 00 00 00 00                | MOV QWORD PTR SS:[RSP],0                                          | [rsp]:&L"FC_m64.dll"
00000001400277AE | 48 FF C8                               | DEC RAX                                                           |
00000001400277B1 | 75 EF                                  | JNE ~cheathappenstrainer5542.1400277A2                            |
00000001400277B3 | 48 83 EC 28                            | SUB RSP,28                                                        |
00000001400277B7 | E8 E4 07 02 00                         | CALL ~cheathappenstrainer5542.140047FA0                           |
00000001400277BC | 48 8B 94 24 98 04 00 00                | MOV RDX,QWORD PTR SS:[RSP+498]                                    |
00000001400277C4 | 48 8D 4C 24 28                         | LEA RCX,QWORD PTR SS:[RSP+28]                                     |
00000001400277C9 | 48 83 EC 10                            | SUB RSP,10                                                        |
00000001400277CD | E8 3E 08 02 00                         | CALL ~cheathappenstrainer5542.140048010                           |
00000001400277D2 | 48 83 C4 10                            | ADD RSP,10                                                        |
00000001400277D6 | C7 05 21 88 0D 00 85 00 00 02          | MOV DWORD PTR DS:[140100001],2000085                              |
00000001400277E0 | C7 05 17 88 0D 00 88 00 00 02          | MOV DWORD PTR DS:[140100001],2000088                              |
00000001400277EA | 48 8D 6C 24 38                         | LEA RBP,QWORD PTR SS:[RSP+38]                                     |
00000001400277EF | C7 45 00 38 04 00 00                   | MOV DWORD PTR SS:[RBP],438                                        |
00000001400277F6 | C7 05 01 88 0D 00 8B 00 00 02          | MOV DWORD PTR DS:[140100001],200008B                              |
0000000140027800 | 48 63 84 24 90 04 00 00                | MOVSXD RAX,DWORD PTR SS:[RSP+490]                                 |
0000000140027808 | 48 89 C0                               | MOV RAX,RAX                                                       |
000000014002780B | 50                                     | PUSH RAX                                                          |
000000014002780C | 68 08 00 00 00                         | PUSH 8                                                            |
0000000140027811 | 59                                     | POP RCX                                                           |
0000000140027812 | 5A                                     | POP RDX                                                           | rdx:L"FC_m64.dll"
0000000140027813 | E8 3C 28 00 00                         | CALL <~cheathappenstrainer5542.CreateToolhelp32Snapshot>          |
0000000140027818 | 48 89 44 24 30                         | MOV QWORD PTR SS:[RSP+30],RAX                                     |
000000014002781D | C7 05 DA 87 0D 00 8C 00 00 02          | MOV DWORD PTR DS:[140100001],200008C                              |
0000000140027827 | 48 83 7C 24 30 00                      | CMP QWORD PTR SS:[RSP+30],0                                       |
000000014002782D | 0F 84 17 02 00 00                      | JE ~cheathappenstrainer5542.140027A4A                             |
0000000140027833 | C7 05 C4 87 0D 00 8D 00 00 02          | MOV DWORD PTR DS:[140100001],200008D                              |
000000014002783D | 48 8D 44 24 38                         | LEA RAX,QWORD PTR SS:[RSP+38]                                     |
0000000140027842 | 48 89 C0                               | MOV RAX,RAX                                                       |
0000000140027845 | 50                                     | PUSH RAX                                                          |
0000000140027846 | FF 74 24 38                            | PUSH QWORD PTR SS:[RSP+38]                                        |
000000014002784A | 59                                     | POP RCX                                                           |
000000014002784B | 5A                                     | POP RDX                                                           | rdx:L"FC_m64.dll"
000000014002784C | E8 09 28 00 00                         | CALL <~cheathappenstrainer5542.Module32FirstW>                    |
0000000140027851 | 48 21 C0                               | AND RAX,RAX                                                       |
0000000140027854 | 0F 84 D2 01 00 00                      | JE ~cheathappenstrainer5542.140027A2C                             |
5) NtSuspendProcess is required from time to time, as the execution is allowed to reach the patch spots:

Code: Select all

00000001400275D2 | 48 89 4C 24 08                         | MOV QWORD PTR SS:[RSP+8],RCX                                      |
00000001400275D7 | 48 31 C0                               | XOR RAX,RAX                                                       |
00000001400275DA | 50                                     | PUSH RAX                                                          |
00000001400275DB | 50                                     | PUSH RAX                                                          |
00000001400275DC | 50                                     | PUSH RAX                                                          |
00000001400275DD | 50                                     | PUSH RAX                                                          |
00000001400275DE | 48 83 EC 28                            | SUB RSP,28                                                        |
00000001400275E2 | E8 B9 09 02 00                         | CALL ~cheathappenstrainer5542.140047FA0                           |
00000001400275E7 | C7 05 10 8A 0D 00 B7 01 00 00          | MOV DWORD PTR DS:[140100001],1B7                                  |
00000001400275F1 | C7 05 06 8A 0D 00 B9 01 00 00          | MOV DWORD PTR DS:[140100001],1B9                                  |
00000001400275FB | 48 B8 52 02 10 40 01 00 00 00          | MOVABS RAX,~cheathappenstrainer5542.140100252                     | 140100252:L"ntdll.dll"
0000000140027605 | 50                                     | PUSH RAX                                                          |
0000000140027606 | 68 FF FF FF FF                         | PUSH FFFFFFFFFFFFFFFF                                             |
000000014002760B | 59                                     | POP RCX                                                           |
000000014002760C | 5A                                     | POP RDX                                                           |
000000014002760D | E8 DE 6D 00 00                         | CALL ~cheathappenstrainer5542.14002E3F0                           |
0000000140027612 | 48 89 44 24 30                         | MOV QWORD PTR SS:[RSP+30],RAX                                     |
0000000140027617 | C7 05 E0 89 0D 00 BB 01 00 00          | MOV DWORD PTR DS:[140100001],1BB                                  |
0000000140027621 | 48 83 7C 24 30 00                      | CMP QWORD PTR SS:[RSP+30],0                                       |
0000000140027627 | 0F 84 86 00 00 00                      | JE ~cheathappenstrainer5542.1400276B3                             |
000000014002762D | C7 05 CA 89 0D 00 BC 01 00 00          | MOV DWORD PTR DS:[140100001],1BC                                  |
0000000140027637 | 48 B8 DC 46 10 40 01 00 00 00          | MOVABS RAX,~cheathappenstrainer5542.1401046DC                     | 1401046DC:L"NtSuspendProcess"
6) Considering this API's address needs to be obtained, GetProcAddress is used:

Code: Select all

0000000140027648 | E8 2B 6E 00 00                         | CALL ~cheathappenstrainer5542.14002E478                           | <-- GetProcAddress
000000014002764D | 48 89 44 24 28                         | MOV QWORD PTR SS:[RSP+28],RAX                                     | [rsp+28]:NtSuspendProcess, rax:NtSuspendProcess
0000000140027652 | C7 05 A5 89 0D 00 BD 01 00 00          | MOV DWORD PTR DS:[140100001],1BD                                  |
000000014002765C | FF 74 24 50                            | PUSH QWORD PTR SS:[RSP+50]                                        |
0000000140027660 | 68 00 00 00 00                         | PUSH 0                                                            |
0000000140027665 | 68 FF 0F 1F 00                         | PUSH 1F0FFF                                                       |
000000014002766A | 59                                     | POP RCX                                                           |
000000014002766B | 5A                                     | POP RDX                                                           |
000000014002766C | 41 58                                  | POP R8                                                            |
000000014002766E | E8 A5 29 00 00                         | CALL <~cheathappenstrainer5542.OpenProcess>                       | <-- OpenProcess
7) Once inside the target process, the trainer patches various locations inside FC_m64.dll to circumvent loading of EAC:

Image

For those of you who don't know, EBFE's effect in terms of executable instructions is an infinite loop. Common practice used in reverse-engineering to suspend a process where and how long you want. I used the exact same technique to get this flow working: Far Cry 5.exe -> FC_m64.DLL -> upc.exe (UPlay's loader) -> Far Cry 5.exe -> FC_m64.DLL -> game opens.

Before:

Image

After:

Image

How is this not illegally modifying game files? It's clearly shown you change a game DLL's executable code. No "but"s here, there's nothing to be said about it. Furthermore, it's patches in the same function (that initializes CreateGameClient) I mentioned to circumvent. Funny how their patches are conveniently in the same function, but not necessarily at the same spots I'm patching :D It wouldn't hurt to admit you're using free information to promote CH, without a single shred of crediting. But that's how CH rolls, it's been like that for a while.

I can post all of the patches if need be, but I see no point in doing it. Goal here was to show THEY USE THE SAME METHOD of patching game files in-memory. Nothing LEGAL about it.

8) Once everything is in place, all of the code having been patched is restored to its original form. Thus making you think nothing's happened and not know what CH has done in there to bypass EAC :D That's what they call LEGAL.

The result - the same fucking identical method (as concept, not necessarily as patch spots) I've used in mine.

So, let's see:

Image

- REQUIRES NO ILLEGAL CRACKED GAME FILES FROM GR WILDLANDS

First-up, there are no cracked files. PWizard is continuing the same fake charade he's started with lies to belittle something I've done. Figured if he's already created an impact to his worshipers, by saying I'm providing "malicious" files (cracked, infected), he should continue in the same style, making sure he's specifying CH doesn't do this! :D As mentioned, the CPY file is a standalone, it's NOT the cracked original EAC .dll. It's a library someone has taken time to write-up and compiled with an IDE. Get it in your thick fucking skull!
- REQUIRES NO EAC OR OTHER GAME .DLL FILES TO BE MODIFIED WHICH ARE DOING WHO KNOWS WHAT AND SENDING INFO TO WHO KNOWS WHO
Again, re-stating to his pleb not to use physically patched files. Well, if I dump FC_m64.dll from memory to disk BEFORE the trainer has restored all the patches, wouldn't I have the same thing as you're preaching you're not doing here? A patched DLL? Ironic, huh? Never thought of it, that's how limited in technicalities some are.
- REQUIRES NO SYSTEM LEVEL DRIVER BE INJECTED INTO THE GAME WHICH CAN GIVE THE TRAINER UNLIMITED ACCESS TO YOUR SYSTEM
This is a continuation of that one user (fake user; created by PWizard) who repeated what you started convincing the world I'm doing, eh?

Image

I am not using any driver - no one is capable of publicly doing that with EAC - nor changing "core system files". Get your facts straight.
- DOES NOT MANIPULATE THE USER KERNEL
Why are you even adding this crap? Just so it is there, afraid of law-suits or something?
- DOES NOT MANIPULATE EAC
True. But prevents loading of it. Nuh-uuuuh. Still illegal.
- DOES NOT CRACK THE GAME'S DRM
And mine does? Again, put there to cover your ass.
Because that's how we do things at CH. LEGIT. I can pretty much guarantee that if your account gets banned it's because you used one of those other trainers and illegal bypass methods. Hopefully you were smarter than that. If you have used these other trainers or hacking methods, you will need to revert the game back to it's original state so that the legitimate, non-modified files are in place or else your game will likely crash.
Nothing smart about it when a prick like me shows you lie, is it? LEGIT? LEGAL? No fucking way. Read again what you're saying. Furthermore, you're ditching all possible outcomes from people getting banned due to your LEGIT/LEGAL bypass :) Convenient, isn't it?

Tell you what, just so we're LEGAL too, we can write-up a loader (our "trainer") that can take all of the patches and circumvention of EACLaunch.exe launch to our tool. That way, people won't have to touch game files. Because ONLY THAT alone is ILLEGAL. In your book, as long as the original files are not touched, you're LEGAL; if you do touch them in memory, that's NOT ILLEGAL :D See how pathetic you sound? You're basing all these affirmations on the poor technical experience and that of the people who pay for a subscription, as well as them being gullible. They are unaware of what's going on behind the 'hood' of the trainer: from inline patches to querying of PC's peripherals (for the offline key), you're NOT impressing anyone nor establishing a popular belief that all your files are LEGAL. The more you defend it, the guiltier you look.

In conclusion:
  • CH has come up with a revolutionary bypass that does the exact same thing, in terms of methodology, as I did.
  • While at it, they're wiping their tracks clean to be 'stealthy' and claiming the trainer is LEGAL.
  • PWizard prefers to continuously defend his high throne belittling anything in his path, when this could/could've be/en avoided by simply admitting from time to time, others are good at it, if not better; instead of "glad you could pull it off", he preferred "yeah, but it's not legal what you're doing" - - tell me, when will you be satisfied with another's work before yours to meet your terms?
  • Last time I checked: cracking, patching, inlining, keygenning are all reverse-engineering. And that's the first thing Ubisoft's EULA says you're not allowed to do. To be able to come-up with a bypass, you need the knowledge that comes from reverse-engineering the game's files. No one further would care for your explanations, that you clean your tracks and so on and so forth. It's been proven above what you do. Period.
  • Just so I don't say they are using my method (it's an universal method reversers use), I will say this: people around the world, asynchronously, happen to identify the means for something to work; I just happened to have been much faster at it than you did, given the circumstances and experience. Simple. And the posts dates clearly indicate "who was the first to do it" this time around, just so it's said.
End of communication.
[ 30.03.2018 - Update #1]

Been working with Frank from WeMod; we managed to put everything into one DLL, his coding:

EasyAntiCheat_x64.zip
(42.99 KiB) Downloaded 6560 times

Mirror: https://goo.gl/htVwKo

Get the archive from above and place the single DLL you see (EasyAntiCheat_x64.dll) into your Far Cry 5/bin/EasyAntiCheat folder - you may want to backup the original file - e.g.: G:\Ubisoft\Games\Far Cry 5\bin\EasyAntiCheat.

1) Before running the game, make sure you delete FC_m64.dll I provided with the first release and restore it from your original backup (rename FC_m64.dll.BAK to FC_m64.dll).
2) Leave EACLaunch.exe.BAK renamed as such. If you haven't already, rename EACLaunch.exe to EACLaunch.exe.BAK in /bin/ folder.

Enjoy!
SpoilerShow
[ 29.03.2018 - Informational Update #2]

As it was brought to my attention, the CH propaganda continues, whereas PWiz is deleting any topics/posts about this game and EAC, as well as those involving the words "FRF" or "SunBeam". Furthermore, dupe accounts are used to promote the idea that the files I've provided are suspicious, malicious and unsafe to use on one's OS. And these posts are created in locked topics, so no one would have the nerve to respond/post. Also, who the duck in their right mind would use a word-for-word copy-paste from the announcement post? The lamest stunt one can pull to cover their e-integrity, if you ask me. That's how the world of today works: belittle or degrade someone's work to advertise/promote yours. But wait, they don't have anything working :)

Image

Well, go fuck yourself, PWiz:

Image

Used a local scanner for the game DLL, as the maximum size allowed on 10 online scanners I tried is 140 MB (file is 270 MB):

Image

Image

Image

But you can also scan them yourselves, right? :) Just so we're over this poor CH stunt.

You can compute the MD5/SHA file hashes yourselves in case you don't trust my Photoshop-ed screenshots ;) /ironical Sucks for them to be the only sheep in the yard without a "legal bypass" (that choice of words itself is the definition of stupidity).

Meanwhile all CH users who praised CH, hoping they'd release something, are now using it.

The rampage continues, will keep you posted. I know you don't care, go play Far Cry 5 with my "malicious files"! :D
SpoilerShow
[ 29.03.2018 - Informational Update #1]

According to Frank @ WeMod, simply replacing the EAC DLL with a naked one that exports the CreateGameClient interface is enough:
void* DoNothing()
{
return 0;
}

void* interface[] = {
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
(void*)DoNothing,
};

__declspec(dllexport) void* CreateGameClient()
{
return &interface;
}
naked_EasyAntiCheat_x64.zip
(4.15 KiB) Downloaded 2663 times

Notes:
  • as long as the exported interface does its job and Ubi's only check is the initialization's result (TEST AL,AL), EAC == bye bye
  • CPY chose to create a dummy DLL for Wildlands just so they wouldn't have to deal with inlines in a 200+ MB file; not to mention GRW.exe is not 90% clean, so direct patches wouldn't have worked; elegant method from our Italian friends, kudos!

    As for that CHunt, PWizard (new meme, I like the sound of it):

    Considering the amount of information I've posted, I now realize that if I had shut the fuck up and just turned this 'bypass' into a naked DLL that does the patches - - note that the patches can turn into 1 simple patch of 2 bytes; I just didn't bother - - in DllMain(), you wouldn't have had the nerve to say "here comes SunBeam using yet again someone else's methods". But this is all good because: 1) I admitted to having done that and credited where due; 2) this shows I'm not a mischievous cunt who keeps silent about whom he borrows information/methods from and pats himself on the back "I was the first to do it". Just cuz you keep quiet about where you're stealing your information from doesn't make you the umbilicus of the gamehacking world. Remember fisherprice's driver used as an embedded bypass within the CH trainer for Wildlands? I've not seen any credits specified anywhere; cuz that's how you roll. And I'm pretty sure there were others across history. That's what people remember you for, not for the 'reinvented' TOS-abiding chunts you are today. Lastly, you fucks fail to realize that while - let's say - you discover something, someone else, somewhere out there, would've discovered it too. At times, even before you did. That's how thick your bubble is. I guess it's all just a matter of who has the bigger mouth to gloat it all over the interwebz, right? Advertising, that's what you feed on.

    I now realize you said "includes cracked game files from another Ubisoft game and replacing EAC files that come with FC5". Wow, you literally just turned the instructions into statements :) Furthermore, it's dumb on so many levels: cracked as in? You think CPY cracked EAC? :D :D The absurdity of your statement reeks of desperation to find the proper words in hopes of exposing bad ol' SunBeam to the world and getting more adepts, defending CH's image, wanting to be portrayed as the good guys. You didn't even bother to check what these do (or you did - - just to see if it works - - and you got pissed; not cuz you don't have a bypass, not cuz you're not the "first" yet again - - but simply cuz you underestimated me). And by checking I mean hex-compare the original DLL versus the patched one. Aside from the idea of a naked DLL which wouldn't have been possible without studying CPY's work, the rest of tracing, debugging and patching is entirely my work :)
[ 28.03.2018 - First Release ]

UPDATE: Trainer's out. Thank you, BooBoo -> https://www.ddstrainers.com/2018/03/far ... ainer.html

Hello, folks.

As promised, time for the method I've cropped up to disable EAC in Far Cry 5. A little story behind it first (those who are not interested, skip to the "Instructions").

Overview:

I started this quest as a simple challenge, to see if anything could be done using the available tools at my disposal:
  • x64dbg - - with which I did most of the tracing and breakpointing
  • Cheat Engine - - used mostly to see if detected or not
  • CPY's EasyAntiCheat_x64.dll - - created for their Tom Clancy's Ghost Recon: Wildlands release (understanding of what's going on in there)
Few hours in I was able to understand how the emulation works and where exactly to intercept/debug each of its calls, while loaded in the target (Wildlands). I then set out to use the same DLL in Far Cry 5. I first checked if it's compatible (no bogus exports that would error) to learn there's only one: CreateGameClient. What the DLL does is to re-route EAC's own function to this emulated one. I've then come up with the means to debug FarCry5.exe in such a way that it would load Dunia DLL (fc_m64.dll - - main game module) and allow me to trace through it. I used the infinite loop method placed at DLL's EP, attached, restored bytes, continued tracing. I then got to several locations, which make the subject of my patch, where EAC's CreateGameClient is avoided - - since we have it already in CPY's DLL - - and EAC initialization is forced to return success (the handling code for this is in virtualized).

Instructions:

1) Download the linked archive (password: FRF): 2) Backing-up/renaming:
  • In your Far Cry 5/bin/ folder first rename EACLaunch.exe to EACLaunch.exe.BAK.
  • In your Far Cry 5/bin/ folder rename FC_m64.dll to FC_m64.dll.BAK.
  • In your Far Cry 5/bin/EasyAntiCheat/ folder, rename EasyAntiCheat_x64.dll to EasyAntiCheat_x64.dll.BAK.
3) Place EasyAntiCheat_x64.dll file from the archive into your Far Cry 5/bin/EasyAntiCheat folder.

4) Place FC_m64.dll file from the archive into your Far Cry 5/bin/ folder.

Done.

Start the game as usual (NO NEED FOR EXTRA PARAMETERS OR ANY OTHER CRAP!). Enjoy!

FULL CREDIT FOR THE EMULATOR FLIES OUT TO < CPY > AND THEIR WILDLANDS RELEASE; whoever you guys are, we appreciate it.

That being said, play nice and start filling this topic up with code snippets, scripts, etc. If you want, then consolidate everything in a community-driven table. I would highly appreciate it if this time around we work together to achieve all (or almost all) the options you'd think doable in this game, using common sense still (no MP requests or questions about bans or silver bars, please).

BR,
Sun

Q & A:

Q: Will this get patched?
A: If Ubi cares, yes.

Q: Will you do it for upcoming updates?
A: Depending on how Ubi ups their game, I might.

Q: Is there any other "bypass" like this around?
A: Not that I have seen. I delayed its release just to see if someone else invented something in the meantime. All upcoming bypasses that will use this method, well, you know where they originate. Just so I don't hear any fucking "we were the first!" statements when CH releases their trainer (which they said they won't do).

Q: How about other groups using this method?
A: I would be very appreciative if credit is given where due, same as I've given in turn to CPY for their emulator, emphasizing the fact that this is provided free of charge to enhance your SP experience. The only thing I am claiming here is having thought of a way to adapt their DLL to Far Cry 5, thus the patches and debugging/testing within Dunia's main DLL. This method may very well be useless once they release their version with the updated EasyAntiCheat_x64.dll library.
Attachments
EasyAntiCheat_x64_20180505.zip
loader/bypass for third update
(5.28 KiB) Downloaded 661 times
EasyAntiCheat_x64_20180411.zip
loader/bypass for second update
(5.27 KiB) Downloaded 205 times

User avatar
gir489
RCE Fanatics
RCE Fanatics
Posts: 285
Joined: Mon May 08, 2017 4:08 am
Reputation: 33
Contact:

Re: Far Cry 5 [Engine:Dunia 2]

Post by gir489 » Wed Mar 28, 2018 6:47 pm

Nice work.

Archevek
Noobzor
Noobzor
Posts: 8
Joined: Tue Mar 27, 2018 10:09 pm
Reputation: 0

Re: Far Cry 5 [Engine:Dunia 2]

Post by Archevek » Wed Mar 28, 2018 6:49 pm

Nice ! Thanks from France ! 8-|

Corvo3108
Noobzor
Noobzor
Posts: 14
Joined: Thu Oct 05, 2017 1:06 am
Reputation: 0

Re: Far Cry 5 [Engine:Dunia 2]

Post by Corvo3108 » Wed Mar 28, 2018 6:50 pm

Eres DIOS, te amo.

lol3003
Cheater
Cheater
Posts: 28
Joined: Fri Mar 10, 2017 6:44 pm
Reputation: 2

Re: Far Cry 5 [Engine:Dunia 2]

Post by lol3003 » Wed Mar 28, 2018 6:51 pm

gir489 wrote:
Wed Mar 28, 2018 6:47 pm
Nice work.
I Agree

and thank you

Eminan
Noobzor
Noobzor
Posts: 12
Joined: Wed Sep 13, 2017 7:50 pm
Reputation: 0

Re: Far Cry 5 [Engine:Dunia 2]

Post by Eminan » Wed Mar 28, 2018 6:52 pm

It's a shame that you can not have my children... haha
It needs a password to unzip. Password?

User avatar
gorthezar
Noobzor
Noobzor
Posts: 8
Joined: Wed Mar 28, 2018 6:52 pm
Reputation: 0

Re: Far Cry 5 [Engine:Dunia 2]

Post by gorthezar » Wed Mar 28, 2018 6:53 pm

Thank you for this.

User avatar
gir489
RCE Fanatics
RCE Fanatics
Posts: 285
Joined: Mon May 08, 2017 4:08 am
Reputation: 33
Contact:

Re: Far Cry 5 [Engine:Dunia 2]

Post by gir489 » Wed Mar 28, 2018 6:53 pm

Eminan wrote:
Wed Mar 28, 2018 6:52 pm
It's a shame that you can not have my children... haha
It needs a password to unzip. Password?
There is no password.

d0nar
Novice Cheater
Novice Cheater
Posts: 16
Joined: Tue Mar 27, 2018 8:24 pm
Reputation: 0

Re: Far Cry 5 [Engine:Dunia 2]

Post by d0nar » Wed Mar 28, 2018 6:53 pm

gir489 wrote:
Wed Mar 28, 2018 6:53 pm
Eminan wrote:
Wed Mar 28, 2018 6:52 pm
It's a shame that you can not have my children... haha
It needs a password to unzip. Password?
There is no password.
there is, the zip asks for an password

Corvo3108
Noobzor
Noobzor
Posts: 14
Joined: Thu Oct 05, 2017 1:06 am
Reputation: 0

Re: Far Cry 5 [Engine:Dunia 2]

Post by Corvo3108 » Wed Mar 28, 2018 6:54 pm

d0nar wrote:
Wed Mar 28, 2018 6:53 pm
gir489 wrote:
Wed Mar 28, 2018 6:53 pm
Eminan wrote:
Wed Mar 28, 2018 6:52 pm
It's a shame that you can not have my children... haha
It needs a password to unzip. Password?
There is no password.
there is, the zip asks for an password
Same

User avatar
STN
Founder
Founder
Posts: 3113
Joined: Thu Mar 02, 2017 7:48 pm
Reputation: 430

Re: Far Cry 5 [Engine:Dunia 2]

Post by STN » Wed Mar 28, 2018 6:55 pm

and so it begins!
For site updates, follow FRF's official Twitter, Facebook

lambac0re
Noobzor
Noobzor
Posts: 8
Joined: Wed Mar 07, 2018 4:37 am
Reputation: 0

Re: Far Cry 5 [Engine:Dunia 2]

Post by lambac0re » Wed Mar 28, 2018 6:56 pm

Asks for password on unzip.
Found it: FRF
Last edited by lambac0re on Wed Mar 28, 2018 6:57 pm, edited 1 time in total.

OttersGonnaOtt
Noobzor
Noobzor
Posts: 10
Joined: Wed Mar 28, 2018 5:24 pm
Reputation: 0

Re: Far Cry 5 [Engine:Dunia 2]

Post by OttersGonnaOtt » Wed Mar 28, 2018 6:56 pm

SunBeam wrote:
Wed Mar 28, 2018 6:46 pm
Q: Can I have your babies?
A: I have a girlfriend.
I don't see you having a boyfriend, though. ;)

Awesome work. I'm going to have fun with lunar gravity and rockets now.

User avatar
HylianZ
Fearless Donors
Fearless Donors
Posts: 118
Joined: Thu Mar 23, 2017 5:37 pm
Reputation: 7

Re: Far Cry 5 [Engine:Dunia 2]

Post by HylianZ » Wed Mar 28, 2018 6:56 pm

Password is in first post.

2ponds
Noobzor
Noobzor
Posts: 10
Joined: Wed Mar 28, 2018 12:03 am
Reputation: 0

Re: Far Cry 5 [Engine:Dunia 2]

Post by 2ponds » Wed Mar 28, 2018 6:56 pm

Password?

Post Reply

Who is online

Users browsing this forum: RomanHladik, Skidnifrobous, TheMenda