BattlEye bypass from Caliber@CH can be found in this post: viewtopic.php?p=113806#p113806. Please remember to give him the proper credit if you plan to leech the content!
- "Disable Drone Swarm" should be enabled before entering a drone-swarm trigger zone. If you've already summoned the drones, leave the area so message disappears and drones vanish, re-enable script, then enter the area.
- "Disable Screen Shake" will remove any screen shake from damage (fired upon) and running (via Shift). Enjoy
- "Get Username For Masking (press M once)" - as it says, enable script and press M one time. Map will appear with mouse cursor pointing at you. Back in CE you'll see the user name being populated in the field below. Click it, press Ctrl+B and look down in the Hex window. Click on the first character in your name, then change that to 00. Now, every time you do the following, you user-name will be masked:
Once you're done with everything (taking your screenies or recording videos with your name masked), put the letter back or disable script + reload game.
Below you'll find the table that's been working since *BETA* days, with a few adjustments, along with the BattlEye bypass I've been using. Note that currently only UPlay+ EXE is supported, as the normal version will activate on the 4th of October.
Bypass:
Note that I'm not using some random launcher, as I really got bored of doing RE of all of the fucking EXEs out there to patch some conditional jumps or skip initialization. The method goes as follows:
1) Get [Link] and install it. Make sure to launch it with Administrator privileges.
2) Go up top to the right in the GUI where the search field is and type in bes. You'll see Process Hacker filters out the process list and shows only BEService.exe. Right-click it and choose 'Suspend'. (note that after a while, 1 min or so, this resumes back on its own; just in case you wonder why it's not suspended anymore).
3) Grab [Link], unzip it and run it as Administrator. Flip over to the Kernel-Module tab, find BEDaisy.sys in the list (just press b and e keys to get fast to it), right-click and Unload it. Do the same for a driver called pchunterXX.sys. It's important that you unload both! Close PC Hunter.
4) Grab the attached BEDaisy.zip and extract it to a folder of your choice (somewhere on a short path, like D:\).
5) Download and install this [Link]. Run it as Administrator. Give it the path to your extracted .sys file (e.g.: D:\BEDaisy.sys) and input a name for it in the next field (BEDaisy). Click Load and wait for 2-3s for it to load.
6) Back to Process Hacker, if BEService.exe hasn't resumed already, right-click it and Resume.
That's all. You should now be able to see GRB_UPP.exe as a valid process, available for open, read, write and debug.
* * Credits for the method: Zula BattlEye Bypass (google it, please, if you're curious, as UC links are forbidden on this forum) * *
If you have any problems with this please don't whine here. You've been warned!
Will be adding more in the upcoming days. Want to see how the story goes first
BR,
Sun
P.S.#1: Just so this is 100% clear - the content of that table is obtained through my own means, via analyzing the Anvil Engine source code in comparison to the one in Wildlands (while the engine is the same, code optimization and other crap makes some function not look identical in flow). Apart from that, IF YOU WANT TO USE THIS SHIT IN YOUR TRAINERS, ASK. OK? There's no shame in it.
P.S.#2: Note that most of the sought-for options are tagged with several markers across the engine:
The reason some appear twice or multiple times is Denuvo; only one instance of each string is valid, find the right on by checking if the ASM it's part of is game code or a Denuvo copy.
<Denuvo copy>
<GRB executable code>
Not sure if this is some common knowledge people mentioned anywhere, so you're welcome It's up to you to figure out which options these refer to (for example ID#13 is God Mode and the check for Immunity). Thank you for making our lives easier, Ubisoft developers!
How to use this cheat table?
Install Cheat Engine
Double-click the .CT file in order to open it.
Click the PC icon in Cheat Engine in order to select the game process.
Keep the list.
Activate the trainer options by checking boxes or setting values from 0 to 1
Looks like the initial patch notes are up now for tomorrow's release and the "Day-1" update although I was expecting the data to be updated before the Uplay+ or Ultimate edition unlock but nope.
GENERAL:
Polished aim assist.
Improved performances and optimizations.
Improvements to online flows.
Improved game stability.
Improved voice chat and text chat.
UI/UX:
Improvements made to some menus for better understanding.
AUDIO:
Improved gun sounds.
PVP:
Polished matchmaking stability.
Polished Elimination and Sabotage game modes.
BUG FIXES:
Fixed a number of flow issues (i.e. infinite loading, online errors).
Fixed an issue where the mark would remain on a player longer than intended.
Fixed and issue where some Milestones were not completed as intended.
Fixed a UI issue with the end match screen page.
AI:
Improved enemy AI detection.
CLASS, ITEMS, AND MAG DEBUGGING:
Tweaked item spawns and loot placement on maps.
Tweaked and improved some weapon balance.
BUG FIXES:
Fixed issues where players would get stuck in the world or fall under the map.
Fixed issues where players would have character freeze or get stuck after specific actions.
Unlisted would be the various platform specific fixes (If any.) and other longer notes on specific mission fixes and such stuff.
But yeah a patch is coming out and then I guess they'll be doing monthly updates at least to coincide with events and other content additions hopefully without too much downtime but I expect online connectivity to be a bit rough now that everyone is going to be accessing the server.
EDIT: Pretty sure they didn't need to make the UI understandable though everyone playing the beta likely already understood it's a mess and a real problem to navigate and use easily so that should be focused on.
(And for the objectives screen we're making it look like a messy newspaper clips wall of random bits of everything. Excellent decision there.)
Though I suppose any improvement can only be better and at least it's not a mess of hold this button and press this button and a mix of the two.
(World interactivity though is a combination of the two methods of hold and press ha ha.)
But anyways that's some random game shortcomings and this is meant to be about using CE and information for resolving certain other game "issues" hah. Interesting to see Denuvo being able to make a bit of a confusing moment there by having multiples and then how to get that sorted plus how Wildlands thanks to game engine similarities can actually aid with Breakpoint and well I guess it's not completely unexpected for classes and such to remain but it's interesting to read up and see more about it.
Plus another method for dealing with BattlEye if that becomes a problem.
^ Will consider it. For the time being, No Spread and No Recoil are soon to follow.
EDIT: I reconsidered. It takes too much time to come up with this shit; got no interest in doing an item editor (whatever you meant by that). If you're thinking editor as in create your own weapon from parts, then forget it. The amount of time to understand Anvil and then come up with an editor is cumbersome.
^ Will consider it. For the time being, No Spread and No Recoil are soon to follow.
EDIT: I reconsidered. It takes too much time to come up with this shit; got no interest in doing an item editor (whatever you meant by that). If you're thinking editor as in create your own weapon from parts, then forget it. The amount of time to understand Anvil and then come up with an editor is cumbersome.
I didnt mean anything so much, just ability to add weapons and maybe blueprints, that's it. like the weapons from the battle pass or any hidden weapons that were removed after the OTT. if its too much i understand.
I've had several exchanges via PM with Caliber and one of his requests was this:
I don't really know how he's done his "No Recoil" option, the very option which he claims is not perfect and that he worked so hard to do it to have CEV steal it from his trainer, thus breaking the very fabric of harmony on FRF:
Well, this is how I did it ( sent the PM to him, which he'll never read; but can read it here, with or without an account - am imagining he's doing Ctrl+F "CH" in all of my topics ):
┄ "cPlayerCameraComponent" has the hash 0x4428E933
┄ search for that in your session, as a DWORD and check the only address in green (read-only memory) -> here, for easier check-up: GRB_UPP.exe+532DA7C
┄ subtract 0x2C (this_2 in the code above) from that address you found (GRB_UPP.exe+532DA7C - 2C = GRB_UPP.exe+532DA50)
┄ scan for the address (GRB_UPP.exe+532DA50) you now have in CE, on 8 bytes; has to be in address format to find a pointer to it; look at the address in green
┄ I got this 7FF79AE7C470 = GRB_UPP.exe+532C470
┄ now attach x64dbg to the game, go to the section with the biggest size (that's where Denuvo moved all the to-be-decrypted executable code) and Ctrl+F; type in MOV RAX,QWORD PTR DS:[0xyour_address from_above]
┄ because Denuvo moved the function to its section, it put a JMP in its place; so now follow that address in dump, in the top part go to FIRST section of the .exe, right click first byte in the dump and do "Find References"
┄ now find a pointer to this in CE, scanning for the address as 8 bytes
┄ you will get this one: GRB_UPP.exe+4622FC0
┄ remember "this_1"? from this address subtract 0x28 -> GRB_UPP.exe+4622F98
And now you have the member-functions pointer (to the vtable of functions) used by all game objects that have the GetName result the hash 0x4428E933.
Scan for that address (GRB_UPP.exe+4622F98; as address) now in CE and you'll get 4-5 cPlayerCameraComponent objects. One of these is your "cPlayerCameraComponent". How to tell which is yours? Browse each in memory and move around; you'll find only ONE whose values flip around in red (CE, bottom hex view in Memory Viewer). That is the one you want.
Now set an exceptions breakpoint on a large range, say 100 bytes, and see what you get in the debugger. I got these:
Guess what happens when you RET that function? That's right:
The function is part of a series of registered handler functions for various screen functionality (such as rotation via mouse, zooming in, etc.). Recoil is handler with id 0x4. Why am I saying all of this? Because I study code, because I care for shit to which Caliber says this: "I am not interested in this engine in the same manner as you [...]".
Yeah, posted it cuz not everyone wastes HOURS or DAYS to get something done right. Struggling with scanning and debugging, because it's the easiest and most cheapest method out there to get the job done and charge them $ from people. Where's the reward in it? Unless the only thing he cares about is MONEY. See.. that distinguishes me from Caliber. Whichever path I take, it's always not going to be easy to the reader. Because that's the whole idea: NOT getting bored of that same fucking routine. I honestly don't know how he lasted this long doing the same thing over and over, expecting different outcomes: that the $ always flocks in, competition is dire and he's the most awesome game-hacker out there BY QUANTITY (not quality). Here's what google says:
That's about it, folks.
BR,
Sun
P.S.: Posted it as I want Caliber to steal this option from this post and put it in his CH trainer. Let's see if he uses the DIRECT prologue of the function or hooks somewhere inside it. Just like his method is unique, same is mine. Wanna use it? No problem; CONDITION is to ask me for permission and give credit. Your pleb won't mind seeing an option that isn't 100% yours, right? Same goes to all others out there wanting this option like this.
I didnt mean anything so much, just ability to add weapons and maybe blueprints, that's it. like the weapons from the battle pass or any hidden weapons that were removed after the OTT. if its too much i understand.
It is. My list is full of games I paid for to reverse/play and have only gotten to release tools for OTHERS to use, not myself. That changes now. Sick of addressing others' requests while not tending to my "backlog".
As I was saying 2 posts above, place a breakpoint at "No Recoil" function's epilogue and exit the function (check [rsp] for the return address). Once out scroll a bit till here:
Right-click the line with CMP, then "Find out what addresses this instruction accesses". From your list copy-paste to a text editor (Notepad++) only those that don't show 0. Now.. subtract 0x20 from each, then read the address you get ([]), then go to member-function 0xB8 ([[]+B8]) and check them one by one. All addresses you copied belong to your player because ALL of those -0x20 pointers have at 0x8 offset your player's Entity Note the functions are shared (AI also have recoil, accuracy, etc.). Now you know what the check should be ([ptr+0x8] == Entity from [ Debug ] section in the table).
^ Updated main post with a table containing the 2-3 items above.
Thank you so much for all the work you have done for us (the community)!
If you have method to donate i would do it because many of your tables helped me in the past
Keep up the great work you are doing as long as it makes fun for you / you are like it
But one question: Do i guess right the steps to bypass be needs to be done before every gamestart if we want to use the table in this session?
And is it still undetected by Battleeye because did the google search you mentioned for the team / person created the bypass and there is a post form beginning of september where they wrote that this doesn‘t work anymore / got detected and fixed (at least with the files there).
Or did i find a wrong article/post? (Its directly at CE Website). If so could you send me a link via pn because as i read posting such links is not allowed.
Just ask because would really like to have god mode in Singleplayer but don‘t want to get banned because all of my Games are on that a account so that would be terrible loosing them.
Or would it be better doing all of that while Uplay is in Offline Mode? Because maybe they can‘t detect it then or at least the message can‘t be send to them.
I know the only 100% safe option is to not use a cheattable but would be really great if it would work without a risk or a very very low risk (~ 0,0001% ). at least for Singleplayer because i play multiplayer 1 hour per Month or so so that would be no problem and cheats in common should be kept out of Multiplayer Mode (Just my opinion but think many will agree with that
EDIT: Never mind. The Thread i found was for the game zula and in that game it‘s no longer working.
Do i quess right that the files you posted the link to are other/updated file? (The driver loaded in the last step i mean)
^ The bypass works for Breakpoint. It's the same identical one as on UC. Those posts (about it not working) refer to active online games that regularly update their BattlEye client with newer detection signatures.
):
Note the functions are shared (AI also have recoil, accuracy, etc.). Now you know what the check should be 
). at least for Singleplayer because i play multiplayer 1 hour per Month or so so that would be no problem and cheats in common should be kept out of Multiplayer Mode (Just my opinion but think many will agree with that 