Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to protect my code

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
beck123xx
How do I cheat?
Reputation: 0

Joined: 22 Jan 2022
Posts: 3

PostPosted: Sat Jan 22, 2022 10:41 am    Post subject: How to protect my code Reply with quote

Hello.

Does anyone know how to protect this code ?


Code:
 function CETrainer_CECheckbox1Change(sender)
if CETrainer.spoofer.State == cbChecked then
autoAssemble[[
aobscanregion(_FUNC,0xC000AA50,0x9AC57A90,C3 C3 C3 C3 C3 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??)
alloc(restore,32) // storing 4 bytes..
registersymbol(restore)
registersymbol(_FUNC)

restore:
readmem(_FUNC,32)

_FUNC:
db 41 35 35 25 16 41 35 41 35 35 25 16 41 35

]]

else
autoAssemble[[
_FUNC:
readmem(restore,32) // -> jnge cheatengine-i386.exe+41E744; leave; ret;
dealloc(restore)
unregistersymbol(restore)
unregistersymbol(_FUNC)


]]
end
end

function CETrainer_kickChange(sender)
if CETrainer.kick.State == cbChecked then
autoAssemble[[
aobscanregion(KICK,0xCC30AA50,0x14ED0AA,90,41 35 35 25 16 41 35)
KICK:
db 41 35 35 25 16 41 35

]]
end
end

function CETrainer_CECheckbox1Change(sender)
if CETrainer.spoofer.State == cbChecked then
autoAssemble[[
aobscanregion(_FUNC,0x14035AA50,0x1450AA90,58 C4 35 35 25 16 41 35)
alloc(restore,32) // storing 4 bytes..
registersymbol(restore)
registersymbol(_FUNC)

restore:
readmem(_FUNC,32)

_FUNC:
db 33 33

]]

else
autoAssemble[[
_FUNC:
readmem(restore,32) // -> jnge cheatengine-i386.exe+41E744; leave; ret;
dealloc(restore)
unregistersymbol(restore)
unregistersymbol(_FUNC)


]]
end
end

function CETrainer_normalChange(sender)
if CETrainer.normal.State == cbChecked then
autoAssemble[[
aobscanregion(_FUNC,0x140000000,0x3500000,33 33 33 33 33)
alloc(restore,32) // storing 4 bytes..
registersymbol(restore)
registersymbol(_FUNC)

restore:
readmem(_FUNC,32)

_FUNC:
db  55 55 55

]]

else
autoAssemble[[
_FUNC:
readmem(restore,16) // -> jnge cheatengine-i386.exe+41E744; leave; ret;
dealloc(restore)
unregistersymbol(restore)
unregistersymbol(_FUNC)


]]
end
end


function CETrainer_invisibleChange(sender)
if CETrainer.invisible.State == cbChecked then
autoAssemble[[
aobscanregion(_FUNC,0x14035050,0x16ED0AA90,41 35 35 25 16 41 35)
alloc(restore,32) // storing 4 bytes..
registersymbol(restore)
registersymbol(_FUNC)

restore:
readmem(_FUNC,32)

_FUNC:
db 41 35 35 25 16 41 35 20

]]

else
autoAssemble[[
_FUNC:
readmem(restore,32) // -> jnge cheatengine-i386.exe+41E744; leave; ret;
dealloc(restore)
unregistersymbol(restore)
unregistersymbol(_FUNC)


]]
end
end
         


For example, when I open my hack and attach it to cheatengine, I can search for AOBSCANREGION and it ll basically show the source code and I don't want that.

Do you know any method to make this to not show ?

Later, I'll protect it it thermida + win license but those don't make the strings dissapear.

Any suggestions?


btw, this is just some junk code, I want to know how to encrypt it.
Back to top
View user's profile Send private message
LeFiXER
Grandmaster Cheater Supreme
Reputation: 20

Joined: 02 Sep 2011
Posts: 1053
Location: 0x90

PostPosted: Sat Jan 22, 2022 11:04 am    Post subject: Reply with quote

You may wish to use these Lua functions:
Code:

encodeFunction(function): string - Converts a given function into an encoded string that you can pass on to decodeFunction
decodeFunction(string): function - Converts an encoded string back into a function.  Note that the string must be made on the same architecture as it is currently running. 32-bit can only load 32-bit, 64-bit can only load 64-bit. So either have two scripts ready, or limit to only one architecture. (Like .EXE trainers)

encodeFunctionEx(string,pathtodll OPTIONAL) - See encodeFunction but uses a script instead of a function, and lets you specify which Lua DLL to use (Note: Still can't use 32-bit DLLs in 64-bit and vice-versa)


Although, I believe that it's not worth the time/hassle to try and protect a trainer. No offence.
Back to top
View user's profile Send private message
beck123xx
How do I cheat?
Reputation: 0

Joined: 22 Jan 2022
Posts: 3

PostPosted: Sat Jan 22, 2022 11:06 am    Post subject: Reply with quote

LeFiXER wrote:
You may wish to use these Lua functions:
Code:

encodeFunction(function): string - Converts a given function into an encoded string that you can pass on to decodeFunction
decodeFunction(string): function - Converts an encoded string back into a function.  Note that the string must be made on the same architecture as it is currently running. 32-bit can only load 32-bit, 64-bit can only load 64-bit. So either have two scripts ready, or limit to only one architecture. (Like .EXE trainers)

encodeFunctionEx(string,pathtodll OPTIONAL) - See encodeFunction but uses a script instead of a function, and lets you specify which Lua DLL to use (Note: Still can't use 32-bit DLLs in 64-bit and vice-versa)


Although, I believe that it's not worth the time/hassle to try and protect a trainer. No offence.



Hi, thanks for answering.

Could you give me an example on how to use that, please ?

Or if you know how to remove those strings with a program/online tool, just tell me Very Happy
Back to top
View user's profile Send private message
LeFiXER
Grandmaster Cheater Supreme
Reputation: 20

Joined: 02 Sep 2011
Posts: 1053
Location: 0x90

PostPosted: Sat Jan 22, 2022 11:19 am    Post subject: Reply with quote

Code:

function add(a,b)
  return a+b
end

local x = 5
local y = 25
local encodedFunction = encodeFunction(add)
local decodedFunction = decodeFunction(encodedFunction)

print(decodedFunction(x,y))
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Sat Jan 22, 2022 11:26 am    Post subject: Reply with quote

Just think of denovo, it's made to protect programs. It's build by a large team of very smart people. But the programs that use it regularly get crack in a day. I think the record is a few hours. Whatever you do can be reversed. At most you'll be able to "protect" your trainer from people who don't know much about coding/reversing, or in reality make it more work then someone wants to put into reversing your trainer.
_________________
Back to top
View user's profile Send private message Visit poster's website
beck123xx
How do I cheat?
Reputation: 0

Joined: 22 Jan 2022
Posts: 3

PostPosted: Sat Jan 22, 2022 11:27 am    Post subject: Reply with quote

LeFiXER wrote:
Code:

function add(a,b)
  return a+b
end

local x = 5
local y = 25
local encodedFunction = encodeFunction(add)
local decodedFunction = decodeFunction(encodedFunction)

print(decodedFunction(x,y))


Sorry, to bother you, but I still dont understand.

Let's say I want to encode this fuinction only
Code:
 function CETrainer_CECheckbox1Change(sender)
if CETrainer.spoofer.State == cbChecked then
autoAssemble[[
aobscanregion(_FUNC,0x14550AA50,0x1455D0AA90, 33 41 35 35 25 16 41 35 ?? ?? ??)
alloc(restore,32) // storing 4 bytes..
registersymbol(restore)
registersymbol(_FUNC)

restore:
readmem(_FUNC,32)

_FUNC:
db 33 41 35 35 25 16 41 35

]]

else
autoAssemble[[
_FUNC:
readmem(restore,32) // -> jnge cheatengine-i386.exe+41E744; leave; ret;
dealloc(restore)
unregistersymbol(restore)
unregistersymbol(_FUNC)


]]
end
end         



How do I encode that function using your code :

function add(a,b)
return a+b
end

local x = 5
local y = 25
local encodedFunction = encodeFunction(add)
local decodedFunction = decodeFunction(encodedFunction)

print(decodedFunction(x,y))


Where to put it ?

TheyCallMeTim13 wrote:
Just think of denovo, it's made to protect programs. It's build by a large team of very smart people. But the programs that use it regularly get crack in a day. I think the record is a few hours. Whatever you do can be reversed. At most you'll be able to "protect" your trainer from people who don't know much about coding/reversing, or in reality make it more work then someone wants to put into reversing your trainer.


Hi, it's not that, I know my program won't be 100% protected, it's just that someone can make it so easy to acces the source code, just by attaching it to CHEATENGINE, and then search for a string " AOBSCANREGION", and voila.

That's what I mean, I just try to hide those strings, thats all.
Back to top
View user's profile Send private message
LeFiXER
Grandmaster Cheater Supreme
Reputation: 20

Joined: 02 Sep 2011
Posts: 1053
Location: 0x90

PostPosted: Sat Jan 22, 2022 12:54 pm    Post subject: Reply with quote

I gave an example of how the encodeFunction/decodeFunction methods work.

You pass the name of the function you want to encode, to encodeFunction. Then you pass the encoded string to decodeFunction to retrieve the function again, but it only works with Lua because it's a Lua function.

It should be noted that here:
Code:

alloc(restore,32) // storing 4 bytes..


You are allocating 32 bytes to store a 4 byte value. You should allocate 4 instead of 32.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Jan 22, 2022 7:07 pm    Post subject: Reply with quote

Welcome to the losing battle you will never win. Protecting your trainer is no different than game companies trying to protect their games from tampering and piracy. If multi-billion dollar solutions cannot do it, you won't be able to either. It is something you are going to have to live with and instead figure out better solutions to how your trainer is designed.

The most you will be able to achieve is deterring lower-skilled people. However, anyone experienced with reverse engineering will easily still be able to figure out what your trainer does and dump anything from it if they feel the need to.

For example, if you are making a basic stand-alone trainer that is a separate exe itself, then all someone needs to do is hook a few API calls to dump everything your trainer is trying to read/write to the target process.

- ReadProcessMemory (or NtReadVirtualMemory)
- WriteProcessMemory (or NtWriteVirtualMemory)

Further, into that they can just write a driver to do the same thing to monitor what your process is doing to other processes if you bother trying to write any detection of hooks/tampering inside of your trainer so no actual editing will happen in your trainer.

Another example is if you decide to inject a DLL to do your edits instead of writing them externally. Firstly, the DLL you inject can be easily dumped when it's being written or even after it was written into the process, even if you manually map it or use other less known means of injection. Next, the attacker can enable all the features of your trainer they are interested in and then dump the entire process memory and compare to the games untouched code or another instance of the process with no edits made. This will allow them to easily find your patches.

Just resorting to solutions like Themida/VMProtect/WinLicense are not effective means of protection either. All of them have been fully dumped and there are public tools to decrypt and analyze the VMs they produce. Again, they are just helpers at deterring users who are less knowledgeable with reversing.

As for the suggestions of using Cheat Engine's features such as 'encodeFunction', the same things apply to that as well. First, Cheat Engine is open source, so anyone can see how the implementation of 'encodeFunction' works. Which you can see here:
https://github.com/cheat-engine/cheat-engine/blob/16e0fe03da6716c4381982c186cc0e190fef8bcd/Cheat%20Engine/LuaHandler.pas#L13112

Removing the extra layers added by CE leaves the compiled Lua bytecode, which again, is well understood, open-source and heavily documented. Tons of tools exist to decrypt compiled Lua back to readable code. Unless you manually alter CE's Lua implementation and change how the bytecode is handled, altering the opcodes, etc. then all public tools will work out of the box against it.

The main thing you can do is add layers of protections and code things to be difficult/time-consuming to figure out/reverse. But in the end, you need to weigh the cost of your time for that effort vs. what you are actually protecting and getting out of protecting things. Because you are fighting a losing battle. Don't waste too much time on things that are guaranteed to be defeated eventually.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites