Bypassing Integrity Checks in Assassin's Creed Unity & Syndicate

SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,480
Dropping this here. Peace :)

https://www.youtube.com/watch?v=id35U6UmpSw

BR,
Sun
 
fantomas

fantomas

Expert Cheater
Table Maker
Joined
Mar 25, 2017
Messages
1,291
Nobody could deny of how it is always nice to watch your work - The only thing that keeps me from enjoying it even more is all your s**t and f**k, every two lines.
When I was watching the video I said: "Wow! He speaks normally", it even gave a plus to the video. But sunbeam would not be sunbeam without a little s**t and f**k, would not he?

One day, one day. ;)
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,480
Would be nice to listen to it without your mom or wife nearby. Or kids. Your choice :D
 
TheyCallMeTim13

TheyCallMeTim13

Enchanter
Staff member
Administrator
Fearless Donors
Talents
Joined
Mar 3, 2017
Messages
1,788
I Just started playing this game, so perfect timing for me. Thanks for the video.

fantomas said:
Nobody could deny of how it is always nice to watch your work - The only thing that keeps me from enjoying it even more is all your s**t and f**k, every two lines.
When I was watching the video I said: "Wow! He speaks normally", it even gave a plus to the video. But sunbeam would not be sunbeam without a little s**t and f**k, would not he?

One day, one day. ;)
It really isn't that bad, he says fuck once and shit once. Plus it actually added ephesus to what he's saying, so it works well. But they are adult words, with adult meaning and feelings.
 
fantomas

fantomas

Expert Cheater
Table Maker
Joined
Mar 25, 2017
Messages
1,291
TheyCallMeTim13 said:
It really isn't that bad, he says fuck once and shit once.
And I applaud his effort, it is exactly what I'm saying in my comment. I put a 9/10. :D

But no intention to offend, of course. Just some people more sensitive than other. Especially in a public and serious forum such like FRF. ;)
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,480
You guys crack me up :D :D *claps*

Incoming: "Batman Arkham Knight - Console & CheatManager" - - letting UE3 do the dirty work for us :) ;)
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,480
That's what I basically did in MK11. I don't patch the prologue of the thread functions; I just set the thread creation flag to CREATE_SUSPENDED. That way the thread doesn't even start, doesn't eat up CPU and won't even show in the thread list. See here: https://docs.microsoft.com/en-us/windows/desktop/api/processthreadsapi/nf-processthreadsapi-createthread. But then again, going full blown patching-style on the game shows what you said: you don't have the time to.

As for the inspiration, it simply came from remembering SneakyMofo did some thread killing in Sniper Elite 4. That pretty much tipped me off into looking for threads' entry points that were mainly VMProtect obfuscated/virtualized code. Killing such a thread (thus trial/error) led me to the video. That's about it. Didn't look high and low for some method :) Like you said.. thinking outside of the box, which we kinda missed back in Unity/Syndicate days.

I did read those Crackdown 3 posts, but at the time, I wasn't both going to use them or interested, as my main target practice was UE4 and what I could get out of it, as well as succeeding in dumping UE4 information to disk from an UWP shielded process. Which I tried in several ways and didn't yet succeed. Had one more thing to try, but then another game surfaced (think it was FC:ND) and so I let it be. I've done enough in Crackdown 3 as well, so yeah...
 
C

chrisreddot3

Expert Cheater
Joined
Mar 24, 2019
Messages
126
SunBeam said:
Dropping this here. Peace :)

https://www.youtube.com/watch?v=id35U6UmpSw

BR,
Sun
Ubi just update the game,this thread dont exist anymore,so you can't stop checks in,in this game and no cheat table or trainer works with this game =[
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,480
:| Seriously now.. the game's got years since it last updated. Ah, that you can't find the SAME address.. that's a different thing. Doesn't mean the game updated.
 
C

chrisreddot3

Expert Cheater
Joined
Mar 24, 2019
Messages
126
SunBeam said:
:| Seriously now.. the game's got years since it last updated. Ah, that you can't find the SAME address.. that's a different thing. Doesn't mean the game updated.
I understand,but that's sad :(
 
P

Paul44

Expert Cheater
Table Maker
Joined
Jul 27, 2017
Messages
149
@SunBeam: yep, I recall that 'Sniper 4' trick as well at the time; but that kind of stuff is out-of-my-league anyways. That said: any chances of getting the Id of the thread and having it killed via the CE GUI interface?
Reason I ask: I do not dare touching my table (adding just one additional breakpt makes it very unstable/unreliable); and one can hardly expect gamers to pick up that particular thread...

I did do some research in the mean time, but apparently CE does not (yet) have a method to get that ID. Perhaps it can be done using ASM, but then again we are back to square one... Also: did check upon: 'getThreadlist()' (which only returns a string list; no additional info/props/methods) & 'getHandleList()' (nothing in that list I could link with info from [View ~ Threadlist] ~ I noticed then that 2 threads check that opcode location)
And apparently, it is not straightforward to call a winAPI from within Lua; correct me if I'm wrong?!

see also:
* [ https://www.cheatengine.org/forum/viewtopic.php?p=5705307&sid=09abf95102eed231f6c7aff3c91ab03d ]
* [ https://forum.cheatengine.org/viewtopic.php?p=5547328#5547328 ]
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,480
I'll check what you can do with Lua; in theory, the logic would be: get a list of thread ids, get into each thread, get the rip and compare it to a hard-coded address (that should be unique to the executable you use, do note that!). In the video I am showing the thread and the function running in that thread checking the code integrity; that's what should be used as a comparison. Thread entry point. Will return with more feedback; reinstalling Unity to see if my theory works.

EDIT: Theory worked, I now have a nice Lua script that does the job just fine :p Will post it in a bit.
 
Last edited:
P

Paul44

Expert Cheater
Table Maker
Joined
Jul 27, 2017
Messages
149
^ I did not post on CE yet - see above link - until I get/got some response from here.
I already read that one can easily access C(++) via Lua, but that solution would probably become a drag(on)... There are also some (basic) WinAPI libraries (github andwhatnot), but I do not like to go in that direction either.
Thx for taking the time looking into this, but don't go overboard...
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,480
^ I did not post on CE yet - see above link - until I get/got some response from here.
I already read that one can easily access C(++) via Lua, but that solution would probably become a drag(on)... There are also some (basic) WinAPI libraries (github andwhatnot), but I do not like to go in that direction either.
Thx for taking the time looking into this, but don't go overboard...
If you hop on Discord, you'll see what I've done :p Else, wait till I post the whole script (with comments).
 
P

Paul44

Expert Cheater
Table Maker
Joined
Jul 27, 2017
Messages
149
I think Discord is feminin; we don't get along very well :cool:. Anyways: trying to hold up on your reputation, are you? the other day, you said that #Zanzer was from Mars... Neighbours by any chance?
Ahum: awaiting your script...
 
Top