User Tag List

Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: [INFO/DATA] Some nice information we missed- Antiboot data!

  1. #1
    [INFO/DATA] Some nice information we missed- Antiboot data!

    User Info Menu

    [INFO/DATA] Some nice information we missed- Antiboot data!

    Okay, for quite some time this has been under the public eyes for awhile now infact it has even been released by Tonic but it has often been looked over, well now I am going to provide a little info. I only played with this receiving function for a little while, which was awhile ago but I'm deciding Ill get back into this and find out what I possibly can and whatnot.

    First the topic of release and what it can be used for. Sure we've all seen it and loved it just the same. What am I talking about? Tonics activation for his safe re-writes that he released publicly awhile back, so I do give him credit for finding this function but I decided I would get back into working with it making an Antiboot that would block a shit(can I say that here lawl?) load of packets.

    This is what he released so shall we take a look @ it?

    Code:
    UMD OSKD Activation
    0xFFFFFFFF 0x004C1750
    0x0000088c 0x08ff30a0
    What is that, its the activation for OSKD, yeah nothing much but what do YOU think OSKD needs to properly activate and work? A way to receive the gun data(in packet form) using a receiving function... so now what do you think this is? Yeah, you guessed it! Its a VERY good pointer to a receiving function that we can use for no other than an Antiboot!! How so? Well Ill show my examples below of trying to delay/stop it.

    Why would you branch/return it? Well if you sent the pointer to where the data is received to some other location where it is denied or even returned BEFORE it has a chance to receive the packet data, whilst in theory it should block everything(or almost everything) it may block data that we do WANT! So thats a work around but oh wells.

    Now onto the information I already have.

    My attempts....

    Code:
    #Antiboot Test 1
    ;failed, only sumtimes delayed taunts, votes etc
    ;what i did....
    ;loaded the pointer and the offset, then branched to a return, which I think was 09d8e3dc as it was the closest one, to the functions.
    ;returned it all with jr ra after branch(and nop of course)
    0x00000098 0x0a339fd8
    0x004e7f60 0x3c0808cf
    0x004e7f64 0x8d0af520
    0x004e7f68 0x8d0a0804
    0x004e7f6c 0x110a991b
    0x004e7f70 0x00000000
    0x004e7f74 0x03e00008
    Code:
    #Antiboot packet test 2
    ;freezes me :)
    ;I again loaded the pointer and the offset, this time storing the offset and I jumped to the address 08800098
    ;jumpred there, and returned
    0x00000098 0x0a339fd8
    0x004e7f60 0x3c0808cf
    0x004e7f64 0x8d0af520
    0x004e7f68 0x8d0a0804
    0x004e7f6c 0x0a200026;should send to a jr ra, thus skiping those functions
    0x004e7f70 0xad0a0804
    0x004e7f74 0x03e00008
    Code:
    #DMA anti test
    ;took the pointer address tonic gave me, had the offset, and had it jump to a return which was 98, idk if thats a bad one to send it too who knows
    ;this one is easy to get :poorkingz:
    ;umm.. idk what the f to call this, a fail? Well it doesnt freeze when you turn on but I tried it and someone shot me(I think, or they shot idk) and I frooze...
    0xFFFFFFFF 0x004FF520
    0x00000804 0x0A200026
    Code:
    #DMA anti test 2
    ;returned it this time
    iffy jr_ra *In theroy it should return all sent data before its received?*
    0xFFFFFFFF 0x004FF520
    0x00000804 0x03e00008
    What I still have to try, Nofx gave me the idea of a pointer check which may just work out.

    Quite frankly I have no idea what he's talking about. What I suggest doing is adding a pointer check, ex.

    pointer = 08cf0500 offset 1c and we're gonna store 0xdeadbeef

    lui t0, $0900
    lw t1, $0500(t0)
    beqz t1, $endOfFunction ;probably not a command, but if it is, lol use it
    nop
    lui t2, $dead
    ori t2, t2, $beef ;Use ori's for this because the 7fff rule does not apply to it.
    Remember I did this in the early morning so its somewhat sloppy and may not make sense but feel free to discuss your findings with it and share with us what you find out about this nice little function. Hopefully it will lead to a great antiboot one day!


    .::Credit & Thanks::.
    Me-for this
    Tonic- For the basic info / the activation code
    NoEffex -for the pointer checky idea :)

    ~Imok/Nory
    Join Date
    11-10-2008!I joined exactly one year before MW2 !

  2. #2
    Complete Noob

    User Info Menu

    Re: [INFO/DATA] Some nice information we missed- Antiboot data!

    wow man the function copier is too complicated for me lol i stick to try and make no35 antis and thats wat im doing...or at least try to =,[

  3. #3
    [INFO/DATA] Some nice information we missed- Antiboot data!

    User Info Menu

    Re: [INFO/DATA] Some nice information we missed- Antiboot data!

    Quote Originally Posted by _.-wTF-._ View Post
    wow man the function copier is too complicated for me lol i stick to try and make no35 antis and thats wat im doing...or at least try to =,[
    In all honesty this theory shouldn't be too hard to grasp but some features might be blatant to people.
    Join Date
    11-10-2008!I joined exactly one year before MW2 !

  4. #4
    [INFO/DATA] Some nice information we missed- Antiboot data!

    User Info Menu

    Re: [INFO/DATA] Some nice information we missed- Antiboot data!

    Nice and IMOK do you have any guide on Packets or something,if you do PM please and thanks
    If I helped you with something,please REP+ ..

  5. #5
    Wu-Tang

    User Info Menu

    Re: [INFO/DATA] Some nice information we missed- Antiboot data!

    Quote Originally Posted by Tension View Post
    Nice and IMOK do you have any guide on Packets or something,if you do PM please and thanks
    Why, not just post it for everyone?


    Also, isn't that a pointer. So,

    #DMA anti test 2
    0xFFFFFFFF 0x004FF520
    0x00000804 0x03e00008 //It doesn't treat it as a jr ra, but goes to that area which is why it freeze's.

    #DMA anti test
    0xFFFFFFFF 0x004FF520
    0x00000804 0x0A200026 //Same thing but doesn't treat it as a jump.

    So, why not change the pointer to go to a jr ra.

    #DMA anti test 2
    0xFFFFFFFF 0x004FF520
    0x00000804 0x0880fd94 //Real address 0880fd94 fake address 0000fd94.

    Try that ,see if it works or not, it goes to a jr ra followed by an nop.
    "These cats they sentimental such with a gentle touch
    Dancin' double dutch and all sayin' nothin' much" -Black Thought

  6. #6
    [INFO/DATA] Some nice information we missed- Antiboot data!

    User Info Menu

    Re: [INFO/DATA] Some nice information we missed- Antiboot data!

    Quote Originally Posted by hell View Post
    Why, not just post it for everyone?


    Also, isn't that a pointer. So,

    #DMA anti test 2
    0xFFFFFFFF 0x004FF520
    0x00000804 0x03e00008 //It doesn't treat it as a jr ra, but goes to that area which is why it freeze's.

    #DMA anti test
    0xFFFFFFFF 0x004FF520
    0x00000804 0x0A200026 //Same thing but doesn't treat it as a jump.

    So, why not change the pointer to go to a jr ra.

    #DMA anti test 2
    0xFFFFFFFF 0x004FF520
    0x00000804 0x0880fd94 //Real address 0880fd94 fake address 0000fd94.

    Try that ,see if it works or not, it goes to a jr ra followed by an nop.
    Ah thanks hell I was thinking about sending the pointer to a return, that was like the second thing I tried and it never seemed to work that often. And I have a packet injection guide in the workings but not really useful for the PSP.
    Join Date
    11-10-2008!I joined exactly one year before MW2 !

  7. #7
    [INFO/DATA] Some nice information we missed- Antiboot data!

    User Info Menu

    Re: [INFO/DATA] Some nice information we missed- Antiboot data!

    Quote Originally Posted by hell View Post
    Why, not just post it for everyone?


    Also, isn't that a pointer. So,

    #DMA anti test 2
    0xFFFFFFFF 0x004FF520
    0x00000804 0x03e00008 //It doesn't treat it as a jr ra, but goes to that area which is why it freeze's.

    #DMA anti test
    0xFFFFFFFF 0x004FF520
    0x00000804 0x0A200026 //Same thing but doesn't treat it as a jump.

    So, why not change the pointer to go to a jr ra.

    #DMA anti test 2
    0xFFFFFFFF 0x004FF520
    0x00000804 0x0880fd94 //Real address 0880fd94 fake address 0000fd94.

    Try that ,see if it works or not, it goes to a jr ra followed by an nop.
    It will boot and or freeze you.
    The receiving end is setup to filter incoming data. If you cut it anyone that gets shot will boot you.

  8. #8
    CODE PORTER

    User Info Menu

    Re: [INFO/DATA] Some nice information we missed- Antiboot data!

    Anyone that gets shot? Even if the shooter and the victim are random people?
    Contact me if you want to play the EU version of SOCOM.

    @People from the EU game: I dont hack. I sometimes hack back, but I am here to learn. If you are seeing this, then chances are you hack, sorry to those that dont ;)

    I can spell SyKotik-KaNun :D

  9. #9
    [INFO/DATA] Some nice information we missed- Antiboot data!

    User Info Menu

    Re: [INFO/DATA] Some nice information we missed- Antiboot data!

    Correct. The "Supposed" hook above is redirecting the area the callback for that pointer will load, without the function in the proper format the way it should be setup you will be receiving corrupted packets period and we all know what corrupted packets do! The function is designed to receive, filter and continue. It will filter all the information sent and send it to another function that will prep it for a format and finally goto your main function that will tell your game what's going on.

  10. #10
    CODE PORTER

    User Info Menu

    Re: [INFO/DATA] Some nice information we missed- Antiboot data!

    Ok, thanks for explaining :)
    Contact me if you want to play the EU version of SOCOM.

    @People from the EU game: I dont hack. I sometimes hack back, but I am here to learn. If you are seeing this, then chances are you hack, sorry to those that dont ;)

    I can spell SyKotik-KaNun :D

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •