| View previous topic :: View next topic |
| Author |
Message |
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
 Posted: Tue Jul 31, 2018 4:06 am Post subject: Android CE detected |
 |
|
Hello, some android game detects CE when attaching through android CEserver but it doesn't detect CE when attaching from windows (with android emulator).
Any advice as to how to defeat their protection ? CE server is injecting a dll maybe and that's what is detected ?
The ceserver itself is not detected untill I attach network with windows CE and start scanning
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25812
Location: The netherlands
|
| Posted: Tue Jul 31, 2018 6:32 am Post subject: |
|
|
find out how they detect ce(probably a isptraced flag or scanning for ce), then write some code into the linux kernel to block that, rebuild the kernel ,install it and done
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Tue Jul 31, 2018 7:36 am Post subject: |
|
|
| Dark Byte wrote: | | find out how they detect ce(probably a isptraced flag or scanning for ce), then write some code into the linux kernel to block that, rebuild the kernel ,install it and done |
To me this looks like "Need nuclear codes ? Hack into pentagone, get the codes and done".
For now I ve noticed they scan actively for lots of CE stuff. My scanner crashs shortly tho because of detection. Well now I have renamed the ceserver_x86 into something random and the cheatengine apk is no longer detected
I haven't found debug possibilities in the cheat engine apk, are they hidden somewhere or the only way to debug with CE is with network ?
I can kow scan the game freely but as soon as I use a breakpoint CE still gets detected, could it be the name of the other two files "ceserver_x86_nopie" and the libserver extention file that get detected ?
I assume I cannot change their names else the ceserver wont be able to load them
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25812
Location: The netherlands
|
| Posted: Tue Jul 31, 2018 9:47 am Post subject: |
|
|
the lib is only for dll/.so injection
Is it detected when you debug, or does it just crash ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Tue Jul 31, 2018 9:53 am Post subject: |
|
|
| Dark Byte wrote: | the lib is only for dll/.so injection
Is it detected when you debug, or does it just crash ? |
It is detected when I debug, right when I attach process.
It used to be detected right when scanning process but this is no longer detected since I changed the ceserver filename
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25812
Location: The netherlands
|
| Posted: Tue Jul 31, 2018 9:54 am Post subject: |
|
|
I mean how do you know it is detected. What happens? Does a popup show saying it is detected, or does it just close ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Tue Jul 31, 2018 10:49 am Post subject: |
|
|
| Dark Byte wrote: | | I mean how do you know it is detected. What happens? Does a popup show saying it is detected, or does it just close ? |
It says "we have detected a forbidden program, contact our support for more information" blabla. And then it closes.
For some reason the cheat engine apk works good after i rename ceserver.
Windows cheat engine will be detected as soon as connection to ce server and if i change windows cheat engine name it will be detected at first scan/first debug.
the debugger does work tho, i mean i do get the debug info (ie what access this address will tell me what code accessed, but game crashes)
Also if i use apk ce (which doesnt get detected) and scan for 'cheat engine' it gets detected. Clearly string checks, but i wonder how they see the string i search into (their?) memory ?
do you inject a dll in their process to scan ?
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Tue Jul 31, 2018 11:05 pm Post subject: |
|
|
Since its an Android game, you can extract the APK and decompile the source to look for the bits of code that are causing the detection to determine whats going on or what is being used to detect things.
_________________
- Retired. |
|
| Back to top |
|
|
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Wed Aug 01, 2018 12:41 am Post subject: |
|
|
| atom0s wrote: | | Since its an Android game, you can extract the APK and decompile the source to look for the bits of code that are causing the detection to determine whats going on or what is being used to detect things. |
great, I will look into this, thanks
edit :
Is there any way to make data breakpoint work on those emulator game processes (bluestacks it's Player.exe, for NOX it's VMHandle.exe and so on) ? I have tried all debug options but data will always change and cheatengine and other debuggers wont detect it, i reckon it's because of vitualization.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
