DiiMoON
Membre
les gens font tant de cinema a vendre des tools avec specifiquement un antiban dedans , ils savent seulement recuperer les infos sur NGU comme la pluspart de leur offset ...
pour les plus faineant je vous coderais rapidement un antiban en opensource dans l'apreme
pour la 1.05
1: 0x3B3518 --> NOP (0x60 0x00 0x00 0x00)
2: 0x597220 --> LI R3, 0 (0x38 0x60 0x00 0x00)
3: 0x599848 --> BLR (0x4E 0x80 0x00 0x20)
4: 0x642800 --> NOP; LI R31, 0 (0x60 0x00 0x00 0x00 0x3B 0xE0)
5: 0x642D74 --> NOP (0x60 0x00 0x00 0x00)
6: 0x7BFBBC --> NULL (0x00)
7: 0x642DEC --> LI R30, 0 (0x3B 0xC0 0x00 0x00)
et la raison , je vous laisserais traduire
First offset: 0x3B3518 --> Patch this to NOP (0x60 0x00 0x00 0x00)
Over here is a call to a function that performs nothing but a ban check. I've seen other AntiBans NOP stuff /within/ this function such as at 0x597914. Its much safer and cleaner to just prevent this entire function from being called in the first place. So NOP it at the branch to this function ( 0x3B3518 ).
Second offset: 0x597220 --> Patch this to LI R3, 0 (0x38 0x60 0x00 0x00)
This is the major function that performs bans (its obvious by the strings ;P). Other AntiBans also NOP all the calls following the strings (e.g "EXE_COD_ONLINE_PERM_BAN_PLAYER"). If you look around the beginning of the function: 0x597228, there is a (IF R3 == 0) { GOTO 0x597490; }. If you look at 0x597490, you will see it gracefully exits the function. Just apply the bytes above and the code will look like this:
R3 = 0;
if(R3 == 0) {
GOTO GRACEFUL_EXIT();
} else {
performBanChecks();
}
Thus ALWAYS gracefully exiting the ban function and not requiring all the numerous NOPs that follow if R3 is NOT 0.
Third offset: 0x599848 --> PATCH THIS TO BLR (0x4E 0x80 0x00 0x20)
This function performs bans as well (e.g "EXE_COD_ONLINE_PERM_BAN_CONSOLE"). It is called way too many times (you can check with IDA by pressing x on the function). There are 16 xrefs. Don't apply 16 NOPs. Just make the function return immediately if its called. 4 Bytes versus 16 * 4 Bytes always sounds much cleaner to me
Fourth offset: 0x642800 --> Patch this to NOP; LI R31, 0 (0x60 0x00 0x00 0x00 0x3B 0xE0)
This is the one I did not see anyone patch... Every time you join a lobby, a task called "anticheat" is spawned. I don't know about you... But I don't want anything with that running ;P
By applying the NOP you are overwriting the call to start the task. The proceeding bytes (0x3B 0xE0) are to make R31 = 0. There is a compare condition right after the call. If start_task made R31 = 0, it assumes the task started successfully. So in addition to NOP'ing the call, we make R31 = 0 to ensure the BEQ condition at 0x64280C is called and not the nasty "Failed to start task" error getting printed to console and possibly refuse online game play. Moving on...
Fifth offset: 0x642D74 --> Patch this to NOP (0x60 0x00 0x00 0x00)
This one I felt like patching just because it also had anticheat and a check to make sure the console ID is NOT full of zeros. This just NOPs the if(R31 == 0) { err("Failed to read Console ID"); }. This is an optional patch, but is useful.
Sixth offset: 0x7BFBBC --> Patch this to 0x00
This is the "anticheat" string. It is used to specify which task to start. Since this is a null-terminated string, if we apply a null (0x00) to the beginning of the string, the string is effectively empty when referenced. I patched this because at 0x642D88, when the if(R3 == 0) condition runs... it also starts the task 'anticheat'. I couldn't NOP out the call at 0x642DE8 like how I did in the fourth offset because this seems to get called for other tasks that are essential for the game to run. So killing the string effectively stops the task from being spawned at that point. However... NULL is not a valid task, so the condition at 0x642DF0 will fail and say "Failed to start task".
if(R30 == 0) {
weGood();
} else {
somethingWentWrong();
}
Which brings me to my final offset...
Seventh offset: 0x642DEC --> Patch this to LI R30, 0 (0x3B 0xC0 0x00 0x00)
This will effectively assume all tasks successfully started (by making R30 = 0; right before the if condition). and not log the failure to spawn the inexistent task that we NULL'd.
Source NGU
pour les plus faineant je vous coderais rapidement un antiban en opensource dans l'apreme
pour la 1.05
1: 0x3B3518 --> NOP (0x60 0x00 0x00 0x00)
2: 0x597220 --> LI R3, 0 (0x38 0x60 0x00 0x00)
3: 0x599848 --> BLR (0x4E 0x80 0x00 0x20)
4: 0x642800 --> NOP; LI R31, 0 (0x60 0x00 0x00 0x00 0x3B 0xE0)
5: 0x642D74 --> NOP (0x60 0x00 0x00 0x00)
6: 0x7BFBBC --> NULL (0x00)
7: 0x642DEC --> LI R30, 0 (0x3B 0xC0 0x00 0x00)
et la raison , je vous laisserais traduire
First offset: 0x3B3518 --> Patch this to NOP (0x60 0x00 0x00 0x00)
Over here is a call to a function that performs nothing but a ban check. I've seen other AntiBans NOP stuff /within/ this function such as at 0x597914. Its much safer and cleaner to just prevent this entire function from being called in the first place. So NOP it at the branch to this function ( 0x3B3518 ).
Second offset: 0x597220 --> Patch this to LI R3, 0 (0x38 0x60 0x00 0x00)
This is the major function that performs bans (its obvious by the strings ;P). Other AntiBans also NOP all the calls following the strings (e.g "EXE_COD_ONLINE_PERM_BAN_PLAYER"). If you look around the beginning of the function: 0x597228, there is a (IF R3 == 0) { GOTO 0x597490; }. If you look at 0x597490, you will see it gracefully exits the function. Just apply the bytes above and the code will look like this:
R3 = 0;
if(R3 == 0) {
GOTO GRACEFUL_EXIT();
} else {
performBanChecks();
}
Thus ALWAYS gracefully exiting the ban function and not requiring all the numerous NOPs that follow if R3 is NOT 0.
Third offset: 0x599848 --> PATCH THIS TO BLR (0x4E 0x80 0x00 0x20)
This function performs bans as well (e.g "EXE_COD_ONLINE_PERM_BAN_CONSOLE"). It is called way too many times (you can check with IDA by pressing x on the function). There are 16 xrefs. Don't apply 16 NOPs. Just make the function return immediately if its called. 4 Bytes versus 16 * 4 Bytes always sounds much cleaner to me

Fourth offset: 0x642800 --> Patch this to NOP; LI R31, 0 (0x60 0x00 0x00 0x00 0x3B 0xE0)
This is the one I did not see anyone patch... Every time you join a lobby, a task called "anticheat" is spawned. I don't know about you... But I don't want anything with that running ;P
By applying the NOP you are overwriting the call to start the task. The proceeding bytes (0x3B 0xE0) are to make R31 = 0. There is a compare condition right after the call. If start_task made R31 = 0, it assumes the task started successfully. So in addition to NOP'ing the call, we make R31 = 0 to ensure the BEQ condition at 0x64280C is called and not the nasty "Failed to start task" error getting printed to console and possibly refuse online game play. Moving on...

Fifth offset: 0x642D74 --> Patch this to NOP (0x60 0x00 0x00 0x00)
This one I felt like patching just because it also had anticheat and a check to make sure the console ID is NOT full of zeros. This just NOPs the if(R31 == 0) { err("Failed to read Console ID"); }. This is an optional patch, but is useful.
Sixth offset: 0x7BFBBC --> Patch this to 0x00
This is the "anticheat" string. It is used to specify which task to start. Since this is a null-terminated string, if we apply a null (0x00) to the beginning of the string, the string is effectively empty when referenced. I patched this because at 0x642D88, when the if(R3 == 0) condition runs... it also starts the task 'anticheat'. I couldn't NOP out the call at 0x642DE8 like how I did in the fourth offset because this seems to get called for other tasks that are essential for the game to run. So killing the string effectively stops the task from being spawned at that point. However... NULL is not a valid task, so the condition at 0x642DF0 will fail and say "Failed to start task".
if(R30 == 0) {
weGood();
} else {
somethingWentWrong();
}
Which brings me to my final offset...
Seventh offset: 0x642DEC --> Patch this to LI R30, 0 (0x3B 0xC0 0x00 0x00)
This will effectively assume all tasks successfully started (by making R30 = 0; right before the if condition). and not log the failure to spawn the inexistent task that we NULL'd.

Source NGU