Jump to content
Moopler
Sign in to follow this  
NewSprux2.0?

Release NexonGameThreat (NexonGameSecurity bypass)

Recommended Posts

NexonGameThreat (NexonGameSecurity bypass)


So I started working on a new NexonGameSecurity bypass about a week ago, because I was very interested in the new security model of their anti-tampering modules, and I am proud to say that this is without doubt the most advanced piece of software that has been developed in the efforts to bypass MapleStory anti-cheat solutions.

The primary goal of the bypass, was to make it compatible with any game that runs NexonGameSecurity, and that seems to have been accomplished. However, this bypass will only work on x64 systems, and therefore does not support x86 (32-bit) systems. If the demand for 32-bit support is high, this might be implemented in the future.

Since this is a generic bypass, it was not possible to code it as a DLL stub that auto-injects itself (different games has different dependencies), so I've also included a simple MapleStory stub DLL (dinput8.dll), which will auto-load itself, block the internal MapleStory multiclient-checks and load the NexonGameThreat.dll file.

 

If you use this with MapleStory, simply:

  • Drop all files (NexonGameThreat.dll, NexonGameHooks_x64.dll, dinput8.dll) into the MapleStory folder, and run MapleStory as always.

 

If you use this with another game, it is important to understand that:

  • The NexonGameThreat-files assumes that:
    • The game folder is found in an arbitrary location:
      • "<drive>:\<game_path>"
    • The ngs folder is found in an arbitrary location:
      • "<drive>:\<game_path>\<ngs_folder>"
  • Due to the nature of this, the following constraints are in place:
    • NexonGameThreat.dll doesn't care about its own location, as it must be injected manually into the host process.
    • NexonGameHooks_x64.dll must be exactly one folder upstream from the ngs_folder.
  • The wisest would be to place both files exactly one folder upstream from the ngs_folder, as that is the test-environment they were developed in.

 

  • Like 11
  • Thanks 4
  • Haha 2

Share this post


Link to post

It should probably also be noted that this bypass does not contain an mscrc bypass, so you must manually bypass mscrc. Please refer to the following script: 

 

  • Like 2

Share this post


Link to post

It has come to my attention that this bypass may not work on Windows 7. I will look into the issue later this week :)

Share this post


Link to post

Okay, so I have been trying to address the Windows 7 issue, and it appears that the method simply is not properly supported on Windows 7 because of how kernel loader works on that operating system. I can bypass the failure to load the hook-dll, but it will not be able to access its imports properly, either due to failure in relocating the imagebase/imports, or because the imported libraries does not initialize properly.

Eitherway, the bypassing technique will not support Windows 7 for the foreseeable future (unless I decide to switch method), but has been proven working on Windows 8.1 and Windows 10.

  • Thanks 1
  • Sad 1

Share this post


Link to post
48 minutes ago, Crypt707 said:

If GK can you can too,B|

GK just stole my emulator bypass (https://github.com/VirtualPuppet/NexonGameSecurity-bypass-alternative), since they are nothing but unoriginal thieves. However, this is a memory bypass and not an emulator :P

If the demand for Windows 7 support is high enough (I have no clue how many people still run that operating system), I may consider reworking the bypass to support it. Like this post only if you run Windows 7.

Edited by NewSprux2.0?
  • Like 7

Share this post


Link to post

Here we go again. Benny taking and claiming credit for everything he sees on sight. He hates on other's success because he isn't successful himself.

Edited by lolreeree

Share this post


Link to post

Upon bypassing maple's debug register check successfully and placing breakpoints in Maplestory memory, NGS CPU usage goes up to >50% (Usually sits at 80% after a while). Closing maple through the UI doesn't kill NGS(It still stays at 80% CPU usage), need to use task manager to manual kill.

Also results in NGS hacking detected 0xD4000101.

 

MSEA/Win10x64 v1709 16299.125/CE 6.6&6.7 (Mine)

MSEA/Win10x64 v1607 14393.2097/CE 6.7 (Friend's)

 

Share this post


Link to post
1 hour ago, southernemblem said:

Upon bypassing maple's debug register check successfully and placing breakpoints in Maplestory memory, NGS CPU usage goes up to >50% (Usually sits at 80% after a while). Closing maple through the UI doesn't kill NGS(It still stays at 80% CPU usage), need to use task manager to manual kill.

Also results in NGS hacking detected 0xD4000101.

 

MSEA/Win10x64 v1709 16299.125/CE 6.6&6.7 (Mine)

MSEA/Win10x64 v1607 14393.2097/CE 6.7 (Friend's)

 

The bypass makes a copy of MapleStory's memory pages, only after BlackCipher has been initialized. You must wait for BlackCipher's initialization before making memory edits.

Share this post


Link to post
2 hours ago, NewSprux2.0? said:

The bypass makes a copy of MapleStory's memory pages, only after BlackCipher has been initialized. You must wait for BlackCipher's initialization before making memory edits.

Left maple logged in for an hour++ with bypass only, came back, enabled scripts, set breakpoint(Never breaks), same result. VEH debugger& HW breakpoints.

GIF  At start had MSCRC bypass, Debug registry check bypass, NoCD, JDA and No Nametag on. Then I placed breakpoint on a function that is not called. 

Share this post


Link to post
54 minutes ago, southernemblem said:

Left maple logged in for an hour++ with bypass only, came back, enabled scripts, set breakpoint(Never breaks), same result. VEH debugger& HW breakpoints.

GIF  At start had MSCRC bypass, Debug registry check bypass, NoCD, JDA and No Nametag on. Then I placed breakpoint on a function that is not called. 

That is interesting indeed. I'll look into it tomorrow :)

Share this post


Link to post
7 hours ago, koreanrice said:

that shit lame, y u be like that.

LOL it was just a sarcasm joke to newSprux.
I didn't mean to push anyones buttons.

:huh:

Share this post


Link to post
25 minutes ago, Crypt707 said:

LOL it was just a sarcasm joke to newSprux.
I didn't mean to push anyones buttons.

:huh:

mb thought u were doing some lame ass shit.

Share this post


Link to post
在18/03/2018 at 21:25,NewSprux2.0?说过:

NexonGameThreat(NexonGameSecurity旁路)


所以我在一周前开始研究新的NexonGameSecurity旁路,因为我对他们的防篡改模块的新安全模型非常感兴趣,我很自豪地说这无疑是最先进的软件在绕过MapleStory反作弊解决方案的努力中得到了发展。

旁路的主要目标是使其与任何运行NexonGameSecurity的游戏兼容,并且这似乎已经完成。但是,此旁路仅适用于x64系统,因此不支持x86(32位)系统。如果对32位支持的需求很高,这可能会在未来实现。

由于这是一个通用的旁路,因此无法将其编码为自动注入自身的DLL存根(不同的游戏具有不同的依赖关系),所以我还包含了一个简单的MapleStory存根DLL(dinput8.dll),它将自动加载自身,阻止内部MapleStory多客户端检查并加载NexonGameThreat.dll文件。

 

如果你将这与MapleStory一起使用,只需:

  • 将所有文件(NexonGameThreat.dll,NexonGameHooks_x64.dll,dinput8.dll)放到MapleStory文件夹中,并像往常一样运行MapleStory。

 

如果你在其他游戏中使用它,理解这一点很重要:

  • NexonGameThreat-files假设:
    • 游戏文件夹位于任意位置:
      • “<驱动器>:\ <game_path>”
    • ngs文件夹位于任意位置:
      • “<驱动器>:\ <game_path> \ <ngs_folder>”
  • 由于这种性质,下列限制条件已到位:
    • NexonGameThreat.dll不关心自己的位置,因为它必须手动注入主机进程。
    • NexonGameHooks_x64.dll必须  恰好  位于ngs_folder上游的一个文件夹中
  • 最明智的做法是将这两个文件放在ngs_folder的上游一个文件夹中  ,因为这是它们开发的测试环境。

 

 

  • Haha 1

Share this post


Link to post

It's not actually patched, they just changed a single thing in the process. If you know what you're doing, you can still use it .

 

Share this post


Link to post

Are you able to give any direction as to what was changed and/or where we would be looking to make the change on our end?

Share this post


Link to post
2 hours ago, dandyman said:

Are you able to give any direction as to what was changed and/or where we would be looking to make the change on our end?

That would ruin the entire point of "if you know what you're doing" ?

  • Like 1
  • Haha 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×