HDD BAN BYPASS

**dreek1** · 04-17-2018

Heyy! What's up?! Today I will share some code to bypass BAN on Hardware.
Obs: You need change your MAC ADDRESS.Use THIS

Main.cpp

Code:

#include <windows.h>
#include "Xor.h"
 
typedef HANDLE(WINAPI* tDeviceIoControl)(HANDLE hDevice, DWORD dwIoControlCode, LPVOID lpInBuffer, DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesReturned, LPOVERLAPPED lpOverlapped);
tDeviceIoControl oDeviceIoControl;

bool WINAPI hkDeviceIoControl(HANDLE hDevice, DWORD dwIoControlCode, LPVOID lpInBuffer, DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesReturned, LPOVERLAPPED lpOverlapped)
{
	bool hkReturn = oDeviceIoControl(hDevice, dwIoControlCode, lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, lpBytesReturned, lpOverlapped);
	if (hkReturn != NULL)
	{
		::CloseHandle(hDevice);
	}
	return hkReturn;
}

void *DetourCreate(BYTE *src, CONST BYTE *dst, CONST INT len)
{
	BYTE *jmp = (BYTE *)malloc(len + 5);
	DWORD dwBack;

	VirtualProtect(src, len, PAGE_READWRITE, &dwBack);
	memcpy(jmp, src, len);
	jmp += len;
	jmp[0] = 0xE9;
	*(DWORD *)(jmp + 1) = (DWORD)(src + len - jmp) - 5;

	src[0] = 0xE9;
	*(DWORD *)(src + 1) = (DWORD)(dst - src) - 5;
	for (INT i = 5; i < len; i++)
		src[i] = 0x90;
	VirtualProtect(src, len, dwBack, &dwBack);

	return(jmp - len);
}
void hkCALL()
{
	DWORD dwDeviceIoControl = (DWORD)GetProcAddress((HMODULE)GetModuleHandleA(ker), DevIo); 
	if (dwDeviceIoControl != NULL)
	{
		oDeviceIoControl = (tDeviceIoControl)DetourCreate((BYTE*)dwDeviceIoControl, (BYTE*)hkDeviceIoControl,0x6);
	}
}
BOOL WINAPI DllMain(HINSTANCE Hdll, DWORD Reacao, LPVOID lpReserved)
{
	if (Reacao == TRUE)
	{
		DisableThreadLibraryCalls(Hdll);
		CreateThread(0, 0, (LPTHREAD_START_ROUTINE)hkCALL, 0, 0, 0);
		MessageBoxA(0, "Dev by: dreek1", "Bypassed", 0);
	}
	return true;
}

Xor.h

Code:

#ifndef _XOR_H
#define _XOR_H
template <int XORSTART, int BUFLEN, int XREFKILLER>

class XorStr
{
private:
	XorStr();
public:
	char s[BUFLEN];

	XorStr(const char * xs);

	~XorStr()
	{
		for (int i = 0; i<BUFLEN; i++) s[i] = 0;
	}
};

template <int XORSTART, int BUFLEN, int XREFKILLER>
XorStr<XORSTART, BUFLEN, XREFKILLER>::XorStr(const char * xs)
{
	int xvalue = XORSTART;
	int i = 0;

	for (; i < (BUFLEN - 1); i++)
	{
		s[i] = xs[i - XREFKILLER] ^ xvalue;
		xvalue += 1;
		xvalue %= 256;
	}

	s[BUFLEN - 1] = 0;
}


#define eCShell		XorStr<0xBB,11,0xEC676C84>("\xF8\xEF\xD5\xDB\xD3\xAC\xEF\xA6\xAF\xA8"+0xEC676C84).s
#define eClient		XorStr<0x19,13,0x4464E51F>("\x5A\x76\x72\x79\x73\x6A\x59\x78\x0F\x44\x5B\x40"+0x4464E51F).s
#define ed3d9		/*d3d9.dll*/XorStr<0xB9,9,0x64C42EE0>("\xDD\x89\xDF\x85\x93\xDA\xD3\xAC"+0x64C42EE0).s
#define eCF			/*crossfire.exe*/XorStr<0x52,14,0x2F5C6EF5>("\x31\x21\x3B\x26\x25\x31\x31\x2B\x3F\x75\x39\x25\x3B"+0x2F5C6EF5).s

#define ker /*kernel32.dll*/XorStr<0x4D,13,0x7F4E1E2A>("\x26\x2B\x3D\x3E\x34\x3E\x60\x66\x7B\x32\x3B\x34"+0x7F4E1E2A).s
#define DevIo /*DeviceIoControl*/XorStr<0x7E,16,0x1C930EFE>("\x3A\x1A\xF6\xE8\xE1\xE6\xCD\xEA\xC5\xE8\xE6\xFD\xF8\xE4\xE0"+0x1C930EFE).s

Code:

Happy Leech! Bye

**Userwemp** · 04-17-2018

Foda Dyo é nois

**vaisefud3** · 04-17-2018

Originally Posted by dreek1

Heyy! What's up?! Today I will share some code to bypass BAN on Hardware.
Obs: You need change your MAC ADDRESS.Use THIS

Main.cpp

Code:

#include <windows.h>
#include "Xor.h"
 
typedef HANDLE(WINAPI* tDeviceIoControl)(HANDLE hDevice, DWORD dwIoControlCode, LPVOID lpInBuffer, DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesReturned, LPOVERLAPPED lpOverlapped);
tDeviceIoControl oDeviceIoControl;

bool WINAPI hkDeviceIoControl(HANDLE hDevice, DWORD dwIoControlCode, LPVOID lpInBuffer, DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesReturned, LPOVERLAPPED lpOverlapped)
{
	bool hkReturn = oDeviceIoControl(hDevice, dwIoControlCode, lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, lpBytesReturned, lpOverlapped);
	if (hkReturn != NULL)
	{
		::CloseHandle(hDevice);
	}
	return hkReturn;
}

void *DetourCreate(BYTE *src, CONST BYTE *dst, CONST INT len)
{
	BYTE *jmp = (BYTE *)malloc(len + 5);
	DWORD dwBack;

	VirtualProtect(src, len, PAGE_READWRITE, &dwBack);
	memcpy(jmp, src, len);
	jmp += len;
	jmp[0] = 0xE9;
	*(DWORD *)(jmp + 1) = (DWORD)(src + len - jmp) - 5;

	src[0] = 0xE9;
	*(DWORD *)(src + 1) = (DWORD)(dst - src) - 5;
	for (INT i = 5; i < len; i++)
		src[i] = 0x90;
	VirtualProtect(src, len, dwBack, &dwBack);

	return(jmp - len);
}
void hkCALL()
{
	DWORD dwDeviceIoControl = (DWORD)GetProcAddress((HMODULE)GetModuleHandleA(ker), DevIo); 
	if (dwDeviceIoControl != NULL)
	{
		oDeviceIoControl = (tDeviceIoControl)DetourCreate((BYTE*)dwDeviceIoControl, (BYTE*)hkDeviceIoControl,0x6);
	}
}
BOOL WINAPI DllMain(HINSTANCE Hdll, DWORD Reacao, LPVOID lpReserved)
{
	if (Reacao == TRUE)
	{
		DisableThreadLibraryCalls(Hdll);
		CreateThread(0, 0, (LPTHREAD_START_ROUTINE)hkCALL, 0, 0, 0);
		MessageBoxA(0, "Dev by: dreek1", "Bypassed", 0);
	}
	return true;
}

Xor.h

Code:

#ifndef _XOR_H
#define _XOR_H
template <int XORSTART, int BUFLEN, int XREFKILLER>

class XorStr
{
private:
	XorStr();
public:
	char s[BUFLEN];

	XorStr(const char * xs);

	~XorStr()
	{
		for (int i = 0; i<BUFLEN; i++) s[i] = 0;
	}
};

template <int XORSTART, int BUFLEN, int XREFKILLER>
XorStr<XORSTART, BUFLEN, XREFKILLER>::XorStr(const char * xs)
{
	int xvalue = XORSTART;
	int i = 0;

	for (; i < (BUFLEN - 1); i++)
	{
		s[i] = xs[i - XREFKILLER] ^ xvalue;
		xvalue += 1;
		xvalue %= 256;
	}

	s[BUFLEN - 1] = 0;
}


#define eCShell		XorStr<0xBB,11,0xEC676C84>("\xF8\xEF\xD5\xDB\xD3\xAC\xEF\xA6\xAF\xA8"+0xEC676C84).s
#define eClient		XorStr<0x19,13,0x4464E51F>("\x5A\x76\x72\x79\x73\x6A\x59\x78\x0F\x44\x5B\x40"+0x4464E51F).s
#define ed3d9		/*d3d9.dll*/XorStr<0xB9,9,0x64C42EE0>("\xDD\x89\xDF\x85\x93\xDA\xD3\xAC"+0x64C42EE0).s
#define eCF			/*crossfire.exe*/XorStr<0x52,14,0x2F5C6EF5>("\x31\x21\x3B\x26\x25\x31\x31\x2B\x3F\x75\x39\x25\x3B"+0x2F5C6EF5).s

#define ker /*kernel32.dll*/XorStr<0x4D,13,0x7F4E1E2A>("\x26\x2B\x3D\x3E\x34\x3E\x60\x66\x7B\x32\x3B\x34"+0x7F4E1E2A).s
#define DevIo /*DeviceIoControl*/XorStr<0x7E,16,0x1C930EFE>("\x3A\x1A\xF6\xE8\xE1\xE6\xCD\xEA\xC5\xE8\xE6\xFD\xF8\xE4\xE0"+0x1C930EFE).s

Code:

Happy Leech! Bye

I was trying that way but it was crashing. Gonna try with your version of the hkDeviceIoControl

- - - Updated - - -

Disconnected from server on CFBR

**luizimloko** · 04-17-2018

It's a very dirty method to do it, when you do this the output buffer is a invalid pointer and the handle (1st param) returns INVALID_HANDLE_VALUE.
There some ways to do it better. anyway this method should work for some time.
PS: The DC (HDD Ban) don't use this way to get your HDD serial .

**dreek1** · 04-17-2018

Originally Posted by luizimloko

It's a very dirty method to do it, when you do this the output buffer is a invalid pointer and the handle (1st param) returns INVALID_HANDLE_VALUE.
There some ways to do it better. anyway this method should work for some time.
PS: The DC (HDD Ban) don't use this way to get your HDD serial .

I use since september/2016

- - - Updated - - -

Originally Posted by vaisefud3

I was trying that way but it was crashing. Gonna try with your version of the hkDeviceIoControl

- - - Updated - - -

Disconnected from server on CFBR

Use HideModule

**Userwemp** · 04-17-2018

Originally Posted by dreek1

I use since september/2016

- - - Updated - - -

Use HideModule

CF é foda com esses ban viu kkkk.
Se não fosse por isso '-'

**dreek1** · 04-17-2018

Originally Posted by Userwemp

CF é foda com esses ban viu kkkk.
Se não fosse por isso '-'

Use your head for bypass it, wasn't easy for me but i did

**vaisefud3** · 04-17-2018

Guys, I know that's not the point of this topic, but you are experienced coders and maybe you could help me.
I tried in every way I could find here and in other forums, but my ESP doesn't work.
When I try to get Me->Name it returns me: "_zuma_cube_respawn" and other strings.
My classes are updated from what I could get from other people.
Anyone knows what's causing this?

**I2espect** · 04-18-2018

Originally Posted by luizimloko

It's a very dirty method to do it, when you do this the output buffer is a invalid pointer and the handle (1st param) returns INVALID_HANDLE_VALUE.
There some ways to do it better. anyway this method should work for some time.
PS: The DC (HDD Ban) don't use this way to get your HDD serial .

doesnt it use "CHANGER_PRODUCT_DATA" ?
https://msdn.microsof*****m/en-us/lib...(v=vs.85).aspx

Code:

typedef struct _CHANGER_PRODUCT_DATA {
  BYTE VendorId[VENDOR_ID_LENGTH];
  BYTE ProductId[PRODUCT_ID_LENGTH];
  BYTE Revision[REVISION_LENGTH];
  BYTE SerialNumber[SERIAL_NUMBER_LENGTH];// <======== this ?
  BYTE DeviceType;
} CHANGER_PRODUCT_DATA, *PCHANGER_PRODUCT_DATA;

//btw
what makes closing the handle to a device bypass that !!?
why cant they create a new handle (createfile) again .. u already called the function so u didnt block it .. didn't fake the returning boolean either !!

and u are closing the handle after the function executes so how that bypass the ban or even affect their protectionat all !!

**96neko** · 04-18-2018

i think i posted the sig already in here for the mac ban lol ?

Originally Posted by dreek1

if (hkReturn != NULL)
{
::CloseHandle(hDevice);
}
return hkReturn;

so you are checking the hkReturn which is already successfully completed and closing the handle "AGAIN" after it's closed ? this will only return -1 ... it doesn't bypass the mac or hdd ban at all , but why are you changing the mac address in the first place if you are doing a whole source to bypass it ????

Originally Posted by dreek1

You need change your MAC ADDRESS.Use THIS

all you are doing is changing the mac manually and messing with the DeviceIoControl in the source ! and the problem is this function doesn't check ur mac address nor hdd serial.

**gaerGAERHGaerherh** · 04-18-2018

Not Work dissconnected and permanently block

**luizimloko** · 04-18-2018

Originally Posted by I2espect

doesnt it use "CHANGER_PRODUCT_DATA" ?
https://msdn.microsof*****m/en-us/lib...(v=vs.85).aspx

Code:

typedef struct _CHANGER_PRODUCT_DATA { BYTE VendorId[VENDOR_ID_LENGTH]; BYTE ProductId[PRODUCT_ID_LENGTH]; BYTE Revision[REVISION_LENGTH]; BYTE SerialNumber[SERIAL_NUMBER_LENGTH];// <======== this ? BYTE DeviceType; } CHANGER_PRODUCT_DATA, *PCHANGER_PRODUCT_DATA;

//btw
what makes closing the handle to a device bypass that !!?
why cant they create a new handle (createfile) again .. u already called the function so u didnt block it .. didn't fake the returning boolean either !!

and u are closing the handle after the function executes so how that bypass the ban or even affect their protectionat all !!

i didn't understand your question ...

**alisonbbzz** · 04-18-2018

ME AJUDA TEM ALGUM ARQUIVO JA PRONTO PRA DESBANI ? SOU BR TANBEM PORRA

**Fєηix** · 04-18-2018

Code:

if (dwIoControlCode == SMART_RCV_DRIVE_DATA) { //Change the return value of the Serial .. }

**Userwemp** · 04-18-2018

Thread: HDD BAN BYPASS

Thread Tools

Display

HDD BAN BYPASS

The Following User Says Thank You to dreek1 For This Useful Post:

The Following User Says Thank You to Fєηix For This Useful Post:

Similar Threads

Steam Games/VAC2 Ban, Bypass/Workaround, acess secure servers[release]

VAC ACCOUNT BAN BYPASS!!!

Combat Arms Ban Bypass :o

[RELEASE] Hardware Ban Bypasspublic

Hi I need a ban bypass

Thread: HDD BAN BYPASS

Thread Tools

Display

HDD BAN BYPASS

The Following User Says Thank You to dreek1 For This Useful Post:

The Following User Says Thank You to Fєηix For This Useful Post:

Similar Threads

Steam Games/VAC2 Ban, Bypass/Workaround, acess secure servers[release]

VAC ACCOUNT BAN BYPASS!!!

Combat Arms Ban Bypass :o

[RELEASE] Hardware Ban Bypass*public*

Hi I need a ban bypass

[RELEASE] Hardware Ban Bypasspublic