Sunday, 8 March 2015

Encrypted External CSS Multihack

Hello again. I just thought I'd show off my old external hack. This hack came about under different circumstances to most.

Most hacks I just make for fun, and really,most of the fun comes from the reversing side rather than the actual coding. I'm not really a fan of cheating online, I think it kinda ruins it. Not just for others but also for yourself, though maybe that's because I enjoy the thrill of winning legitimately (I used to play Day of Defeat: Source competitively, ahhhhh those were the days).

So the story goes like this:
I had a friend staying with me for a while and I thought it would be fun (and somewhat productive) to test my hack on a LAN. After a bit of doodling around and testing all the bits, we decide to play crimsonland. Everything seemed fine. Until the next time I went to log in to steam to find my previously clean account VAC banned! "What the fuuuuuuuuuuck" I remember were the exact words that came out of my mouth. How could it have been vacced? We were playing on a LAN! I had -insecure set in the launch options! Well after about 2 seconds of googling I found a thread that says that VAC3 doesn't care about the -insecure flag and is now much more aggressive with external hacks. The only way to stop it on a LAN is to play with sv_lan 1 (Remember this! very important!). 


So naturally this annoyed me quite a bit. My first thought was to just go after VAC, but my reversing knowledge was just not up to par (and probably still isn't). Instead I thought to write an encryption class which would pick a random key at run-time and encrypt strings, functions, and destroy things that no longer need to be used. This seems to work so I'm thinking that because VAC3 doesn't care about -insecure and I didn't realise, it was probably gathering signatures as I developed the cheat :\. This method seems to pretty effective against signature scans however its still vulnerable to static analysis.

Hopefully by learning from my mistakes, you won't repeat them.

Anyway, enough jib jabbering, here's the video

Feel free to leave a comment or email me at