How does Tekno ban you

Originally Posted by Hitokiri~

If you stop C&P'ing code and actually READ the TeknoMW3 source released, you'd realize how they ban you.

Originally Posted by Hitokiri~

In addition to that,

I believe there's two things I said. Didn't I?
Or am I imagining this?

Hmm. you are saying that their are server side checks now that detects other then HWID to see if player is banned? As a result violation detected is the message that pops out. right?

I'm saying there's specifically a vital part needed for unbanning that is located in the TeknoMW3 source that no one seems to notice.

Originally Posted by Hitokiri~

I'm saying there's specifically a vital part needed for unbanning that is located in the TeknoMW3 source that no one seems to notice.

For whats give in source this is what server checks, but idk if this is all it checks, how in the world does it detected the hwid is changed. Unless their is something new...

The HWID is decrypted the same way it is encrypted which comes from "GetSystemFirmwareTable".

Code:

int __stdcall myGetBanStatus(bool SteamID_perm_banned, DWORD * hwid, DWORD steamID_hi, DWORD steamID_low, USHORT port, DWORD ip)
{	VU("myGetBanStatus");

	info("ip = %08X, port = %d, SteamID = %08X %08X, hwid[0] = %08X, perm_banned = %d", ip, port, steamID_low, steamID_hi, hwid[0], SteamID_perm_banned);

	if (SteamID_perm_banned) return true;
	if (g_IsTempBanned(ip)) return true;

	//decrypt and hash hwid
	DWORD hwid_l[4] = {hwid[0], hwid[1], hwid[2], hwid[3]};
	hwid_l[0] = hwid_l[0] ^ 0x23586134 ^ 0xC0DEB100;
	hwid_l[1] = hwid_l[1] ^ ntohl(hwid_l[0]) ^ 0x7629d1b9;
	hwid_l[2] = hwid_l[2] ^ hwid_l[0] ^ 0x1337D00D;
	hwid_l[3] = hwid_l[3] ^ (hwid_l[0] >> 1) ^ 0xDEADCAFE;
	DWORD hwid_crc = GetCRC32((void *)&hwid_l[1], 12);
	info("gotcrc %08X, expected %08X", hwid_crc, hwid_l[0]);

	if (hwid_crc == hwid_l[0] && !IsServerClientBanned(hwid_l)) // Here is what is check when you are ingame in server
	{
		AddServerVisitor(hwid_l, port, ip);
	}
	else
	{
		g_TempBan(ip);
		return 1;
	}

	return 0;
	VE();
}

- - - Updated - - -

Here is the rest of the info while connecting to server.

Code:

unsigned char ConnBlob_skeleton[0x60] = // 'le ticket blob
{
    0xFF, 0xF1, 0x01, 0x00, 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x00, 0xFF, 0x00, 0x00, 0x00, 0xFF, 0x00, 0xFF,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x44, 0x46, 0x8B, 0x1D,
	0xFA, 0x17, 0xD3, 0x47, 0x83, 0xC6, 0x6A, 0x2B, 0xE4, 0x3A, 0xAC, 0x45, 0x70, 0xAB, 0xB2, 0x01,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x12, 0x00, 0x70, 0xAB, 0xB2, 0x01,
} ;

Code:

void * ServerList::createConnectionBlob(ULONG ipAddr, USHORT port, bool ServerItemMustExist)
{	VU("ServerList::createConnectionBlob");

	void * blob = ConnBlob_skeleton;

	if (ServerItemMustExist)
	{
		ServerItem * item = getServerItemByAddress(ipAddr, port);

		if (item != NULL)
		{
			info("ServerList::createConnectionBlob() generating blob\n");

			*(DWORD*)((DWORD)blob+0x10) = htonl(item->getServerInternalIp());
			*(DWORD*)((DWORD)blob+0x22) = htonl(item->getServerExternalIp());
			*(WORD*)((DWORD)blob+0x14) = item->getServerInternalPort();
			*(WORD*)((DWORD)blob+0x26) = item->getServerExternalPort();
			*(BYTE*)((DWORD)blob+0x59) = 1; 


			//hwid challenge
			DWORD * hwid = (DWORD*)((DWORD)blob+0x3C);

			GetHWID(hwid);

			//hwid[1] = 0x14141414 ^ GetTickCount();
			//hwid[2] = 0x15151515 ^ GetTickCount();
			//hwid[3] = 0x16161616 ^ GetTickCount();

			hwid[0] = GetCRC32((void *)&hwid[1], 12);

			hwid[1] = hwid[1] ^ ntohl(hwid[0]) ^ 0x7629d1b9;
			hwid[2] = hwid[2] ^ hwid[0] ^ 0x1337D00D;
			hwid[3] = hwid[3] ^ (hwid[0] >> 1) ^ 0xDEADCAFE;
			hwid[0] = hwid[0] ^ 0x23586134 ^ 0xC0DEB100;


			//some other unknown vals CC'ed
			*(DWORD*)((DWORD)blob+0x30) = 0xCCCCCCCC;
			*(DWORD*)((DWORD)blob+0x34) = 0xCCCCCCCC;

			//copy serurity id+key (null by default)
			memcpy((void *)((DWORD)blob+0x8), item->getServerSecId(), 8);
			memcpy((void *)((DWORD)blob+0x29), item->getServerSecKey(), 16);

			#ifdef DEBUGGING_ENABLED
			info("Connection blob dump:");
			PrintBuffer((BYTE*)blob, 0x60, 0x10);
			#endif
			return blob;
		}

		info("ServerList::createConnectionBlob() server information not found\n");

		return NULL;
	}
	else
	{
		info("ServerList::createConnectionBlob() generating blob\n");

		*(DWORD*)((DWORD)blob+0x10) = htonl(ipAddr);
		*(DWORD*)((DWORD)blob+0x22) = htonl(ipAddr);
		*(WORD*)((DWORD)blob+0x14) = port;
		*(WORD*)((DWORD)blob+0x26) = port;
		*(BYTE*)((DWORD)blob+0x59) = 1; 

		//hwid challenge
		DWORD * hwid = (DWORD*)((DWORD)blob+0x3C);

		//hwid[1] = 0x14141414;
		//hwid[2] = 0x15151515;
		//hwid[3] = 0x16161616;
		GetHWID(hwid);
		hwid[0] = GetCRC32((void *)&hwid[1], 12);

		hwid[1] = hwid[1] ^ ntohl(hwid[0]) ^ 0x7629d1b9;
		hwid[2] = hwid[2] ^ hwid[0] ^ 0x1337D00D;
		hwid[3] = hwid[3] ^ (hwid[0] >> 1) ^ 0xDEADCAFE;
		hwid[0] = hwid[0] ^ 0x23586134 ^ 0xC0DEB100;


		//some other unknown vals CC'ed
		*(DWORD*)((DWORD)blob+0x30) = 0xCCCCCCCC;
		*(DWORD*)((DWORD)blob+0x34) = 0xCCCCCCCC;

		//copy serurity id+key (null by default)
		memset((void *)((DWORD)blob+0x8), STATIC_SECURITY_KEY, 8);
		memset((void *)((DWORD)blob+0x29), STATIC_SECURITY_KEY, 16);


		#ifdef DEBUGGING_ENABLED
		info("Connection blob dump:");
		PrintBuffer((BYTE*)blob, 0x60, 0x10);
		#endif
		return blob;
	}

	return NULL;

	VE();
}

Originally Posted by fire100

Unless their is something new...

Trust me, that ain't nothing new.

Then How come i getting kicked for violation detected on the servers i am banned and not on others. Where does this come from. Or refer to any ideas? Bypassing Ban and joining the server only to get this notice.

Anyway i will check this in detail later. Might be ip ban or something.

Originally Posted by fire100

Then How come i getting kicked for violation detected on the servers i am banned and not on others. Where does this come from. Or refer to any ideas? Bypassing Ban and joining the server only to get this notice.

Anyway i will check this in detail later. Might be ip ban or something.

Last hint: Why are you so assuming that that's piece of code that kicks you?

Originally Posted by Hitokiri~

Last hint: Why are you so assuming that that's piece of code that kicks you?

I am not, I dont think that i am getting kicked because of that piece of code as it has everything clear. It might be IP address. But i can change it and still i get kicked.
From the code i find no reason. From both the client side code as well as from the server side code.

However i dont know excatly how myGetBanStatus functions get these values from the client. But i think modifying HWID functions does the trick overall for HWID, XUID for player is simple enough to change and rest idk whats left to change as changing ip doesnt work either.

Do you have a working bypass that doesnt kick for violation detected? And i am not asking for hax here, i just want to know if its possible to get past that.

Originally Posted by fire100

I am not, I dont think that i am getting kicked because of that piece of code as it has everything clear. It might be IP address. But i can change it and still i get kicked.
From the code i find no reason. From both the client side code as well as from the server side code.

However i dont know excatly how myGetBanStatus functions get these values from the client. But i think modifying HWID functions does the trick overall for HWID, XUID for player is simple enough to change and rest idk whats left to change as changing ip doesnt work either.

Do you have a working bypass that doesnt kick for violation detected? And i am not asking for hax here, i just want to know if its possible to get past that.

http://www.mpgh.net/forum/showthread.php?t=895224

Someone did this.

Originally Posted by Hitokiri~

http://www.mpgh.net/forum/showthread.php?t=895224

Someone did this.

Someone... I wonder who.

Originally Posted by N3O0P

Someone... I wonder who.

The same guy you quoted.

Anyway, just as a general hint to anybody reversing or trying to bypass something: always try to think out of the box.

It may seem obvious, but it's how it works.

OK tell that some one that he has the same issue as mine. The bypass also gets violation kick from server which is the same issue i am discussing here. violation kick.Getting in the server is no issue here. Staying in it is. something is getting detected and then boom violation detected.

Originally Posted by fire100

The bypass also gets violation kick from server which is the same issue i am discussing here.

No, it's not the same issue.
The bypass DOES kick you sometimes for that violation, but as I stated in my Q&A, a simple restart fixes it and you're good to move on.
From what you're saying, it happens all the time.

Hmmm, well it happens all the time. Actually. Can you mentioned here or pm me what are the thing that you changed in you bypass.

I mean Like GetSystemFirmwareTable. Xna Address and XUID PM me the list if you can.

Just read Tekno's source, it's there.

How does Tekno ban you

Post a Reply

Similar Threads

Tags for this Thread