Help Bypassing AC system.

piedrax199

Member
Joined
Aug 20, 2024
Messages
7
Reaction score
0
I would like to know if there's a way of bypassing the anticheat system in a specific SA:MP server. I have an old bypass that used to work not so long ago.
Here's the IP for the server: s1.fenixzone.tv
I attached the old bypass if it helps.

I heard the anticheat system they implemented in this server is kind of illegal since it searches in your system for malicious files or possible cheats. I don't know much about it, that's why I'm requiring help. If you have any questions about this and it helps you find a possible fix, please let me know.
I know it may be difficult and it might require some time. If you know what you're doing and think you can come up with a bypass, I'd be willing to pay for your work.
 

Attachments

  • DialogRCEfix(1).rar
    42.1 KB · Views: 10

Expl01T3R

Active member
Joined
Nov 20, 2022
Messages
133
Reaction score
21
Location
Czech Republic
They're abusing R1 Public RCE to inject their ac (+ checking connection to ac from serverside to check if its injected), if you block it somehow from executing they're gonna kick you after they figure out it was not injected into ur gta process.
@Hidend cooperating with them, he told me there are plenty of new & private RCE's available also in 0.3.7-R5, so they will always find a way to inject rce into ur gta sa, cuz Kalcor f*ed it up.
Only way to bypass that sh*t is to scan whole gta_sa.exe for injected shellcode (which could take some time) and then just make ur own patches, which disable memory scanning for .asi/.cs etc files dangerous for server..
OR Dump injected shellcode and check how they communicating with server and make ur own comm-emulator and when they tries to inject it - block it & send "OK" msg via that emulator.
For blocking possible RCE u will need some "universal" method to block all positive RCE attempts while receiving packets/rpcs from serverside..

I've implemented that universal possible rce blocker in my latest build of my #TE Project.
Which will be soon approved hopefully.
 

piedrax199

Member
Joined
Aug 20, 2024
Messages
7
Reaction score
0
They're abusing R1 Public RCE to inject their ac (+ checking connection to ac from serverside to check if its injected), if you block it somehow from executing they're gonna kick you after they figure out it was not injected into ur gta process.
@Hidend cooperating with them, he told me there are plenty of new & private RCE's available also in 0.3.7-R5, so they will always find a way to inject rce into ur gta sa, cuz Kalcor f*ed it up.
Only way to bypass that sh*t is to scan whole gta_sa.exe for injected shellcode (which could take some time) and then just make ur own patches, which disable memory scanning for .asi/.cs etc files dangerous for server..
OR Dump injected shellcode and check how they communicating with server and make ur own comm-emulator and when they tries to inject it - block it & send "OK" msg via that emulator.
For blocking possible RCE u will need some "universal" method to block all positive RCE attempts while receiving packets/rpcs from serverside..

I've implemented that universal possible rce blocker in my latest build of my #TE Project.
Which will be soon approved hopefully.
Thank you so much, I really hope this works.
 

Expl01T3R

Active member
Joined
Nov 20, 2022
Messages
133
Reaction score
21
Location
Czech Republic
Thank you so much, I really hope this works.
On fenixzone my project will block RCEs, but as I mentioned the server will kick you. :)
Let me be clear: My project implements only universal method to block possible RCE's but there is not comm-emulator which sends information to server that their ac was loaded.
You just need to code it by urself or find someone.
 

Hidend

Expert
Joined
Mar 4, 2013
Messages
656
Reaction score
50
Just use this: https://www.blast.hk/threads/216377/

The only thing I said to you is there are 324929 exploits in the wild since SAMP is dead and Kalcor doesn't care anymore, as you said yes. So use OpenMP if possible and even with that, there are 234234 exploits unfixed still so yes. As for the anticheat, go for it I don't know what to say.
 

piedrax199

Member
Joined
Aug 20, 2024
Messages
7
Reaction score
0
Just use this: https://www.blast.hk/threads/216377/

The only thing I said to you is there are 324929 exploits in the wild since SAMP is dead and Kalcor doesn't care anymore, as you said yes. So use OpenMP if possible and even with that, there are 234234 exploits unfixed still so yes. As for the anticheat, go for it I don't know what to say.
So using that link I'll be able to bypass the anticheat?
 
Top