Jump to content

Protection from SpellManager.CastSpellBy && LuaDoString (or what?)


Recommended Posts

Hi.


On some server that called Sirus i encountered the weird protection from SpellManager.CastSpellBy and LuaDoString functions for using spells - they're doesn't work in combat.
 

Maybe there are alternative ways? Except PLua (only runmacrotext works)

 

 

4 minutes ago, Smokie said:

Idk if that’s a lua Function or if droidz uses memory writing for that but trying using normal lua CastSpellByName 

Doesn't work when in combat, I showed it right on the video. Only runmacrotext works.

After finding realmlisting, i was able to log in with my none modified client and was completely able to use 

 SpellManager.CastSpellByNameLUA("Lesser Heal");

CastSpellByName("Lesser Heal");

i did get Dc tho, idk if its because of the lua injection or if its because of my T-moble hotspot, but over all it works.

@Droidz you may want to check if they can detect l if a player is using lua for casting spells, they might not have a ban action in place, just a simple dc.

 

image.thumb.png.80833ee96cbdadb1e51858637b93f9c7.pngimage.thumb.png.6db956dfa3d9c47d31507b08913aa7fb.png

They probably disconnected you, because you didn't have their MPQs. 
You can probably add a custom MPQ that's loaded at the very beginning that just loads FrameXML or something that copies CastSpellByName

 

originalCastSpellByName = CastSpellByName

-- later in wrobot use this code:
originalCastSpellByName("Frostbolt")

Maybe that will work. Otherwise - weird. THey definitely heavily modify the UI with their MPQs

Yes, disconnecting because they require to install their patches, which they update daily.

 

2 hours ago, Matenia said:

You can probably add a custom MPQ that's loaded at the very beginning that just loads FrameXML or something that copies CastSpellByName

 


originalCastSpellByName = CastSpellByName

-- later in wrobot use this code:
originalCastSpellByName("Frostbolt")

Maybe that will work. Otherwise - weird. THey definitely heavily modify the UI with their MPQs

Interesting, will have to try, if I understand how to do that :)

Hello,

This is the code they use for there custom MPQ and they check if the file is there and if its not then they download and replace the file with theres. @Droidz Might have to see if he can bypass it.

 

the Mpq file  name : patch-ruRU-i.mpq

 

--	Filename:	Controller.lua
--	Project:	Sirus Game Interface
--	Author:		Nyll
--	E-mail:		[email protected]
--	Web:		https://sirus.su/

local _CastSpellByName = CastSpellByName
local _CastSpellByID = CastSpellByID
local _CastSpell = CastSpell

local ignoreSpell = {
	7620, 7731, 7732, 18248, 33095, 51294,
	2550, 3102, 3413, 18260, 33359, 51296,
	3273, 3274, 7924, 10846, 27028, 45542,
	2259, 3101, 3464, 11611, 28596, 51304, 28677, 28675, 28672,
	2018, 29844, 51300, 3538, 3100, 9785, 9788, 17039, 17040, 17041, 9787,
	13262, 7411, 7412, 7413, 13920, 28029, 51313,
	4036, 4037, 4038, 12656, 30350, 51306, 20222, 20219,
	2366, 2368, 3570, 11993, 28695, 50300,
	51005, 45357, 45358, 45359, 45360, 45361, 45363,
	31252, 25229, 25230, 28894, 28895, 28897, 51311,
	2108, 3104, 3811, 10662, 32549, 51302, 10656, 10660, 10658,
	2656,
	8613, 8617, 8618, 10768, 32678, 50305,
	3908, 3909, 3910, 12180, 26790, 51309, 26798, 26797, 26801
}

local blockSpell = {
	306647,
	306648,
	306649,
	306650,
	306651,
	306652,
	306653,
	306654,
}

local function GetSpellID( ... )
	if ... then
		local link = GetSpellLink( ... )
		if link then
			return tonumber(string.match(link, "spell:(%d*)"))
		end
	end
end

local function SendClientReport( name, ... )
	SendServerMessage("ACMSG_PROTECTED_LUA_CALL_DETECTED", name.."|"..strjoin(" ", tostringall(...)))
end

function CastSpellByName( ... )
	if not ... then
		return
	end

	local id = GetSpellID(...)

	if id and tContains(blockSpell, id) then
		return
	end

	if not UnitAffectingCombat("player") then
		_CastSpellByName(...)
		return
	end

	if id and tContains(ignoreSpell, id) then
		_CastSpellByName(...)
		return
	end

	SendClientReport("CastSpellByName", table.concat({..., id}, ", "))
end

function CastSpellByID( ... )
	if not ... then
		return
	end

	local id = GetSpellID(...)

	if id and tContains(blockSpell, id) then
		return
	end

	if not UnitAffectingCombat("player") then
		_CastSpellByID(...)
		return
	end

	if id and tContains(ignoreSpell, id) then
		_CastSpellByID(...)
		return
	end

	SendClientReport("CastSpellByID", ...)
end

function CastSpell( ... )
	if not ... then
		return
	end

	local id = GetSpellID(...)

	if id and tContains(blockSpell, id) then
		return
	end

	if not UnitAffectingCombat("player") then
		_CastSpell(...)
		return
	end

	if id and tContains(ignoreSpell, id) then
		_CastSpell(...)
		return
	end

	SendClientReport("CastSpell", ...)
end

function JoinBattlefield( ... )
	return nil
end

function AcceptBattlefieldPort( ... )
	return nil
end

function AcceptTrade()
	return nil
end

function GuildInvite()
	return nil
end

function EventHandler:ASMSG_CLIENT_VERSION_REQUEST()
	SendAddonMessage("ACMSG_CLIENT_VERSION_VERIFICATION", 739, "WHISPER", UnitName("player"))
end

 

Edited by Smokie

So basically they hook CastSpellByName etc. Smart and exactly what I thought they were doing. Load another custom before BEFORE this one and hook it BEFORE them. Then you may use your own custom function. 

 

If they don't check your IP (seems you're proxying) they might check your GetTime() (Lua) result because it is unique to your computer. You can modify this function by hooking it and adding a random offset. Search the forums.

Hi, if lua is modified only on MPQ file (and server don't check it after) you can try to call this code to reset CastSpell...:

wManager.Wow.Memory.WowMemory.InjectAndExecute(new []
                                               {
                                                 wManager.Wow.Memory.WowMemory.CallWrapperCode(0x53B740),
                                                 "ret"
                                                 });

 

2 hours ago, Matenia said:

If they don't check your IP (seems you're proxying) they might check your GetTime() (Lua) result because it is unique to your computer. You can modify this function by hooking it and adding a random offset. Search the forums.

On 2/22/2019 at 11:28 AM, Matenia said:

_oldGetTime = GetTime; function GetTime() return _oldGetTime() + math.random(1000, 15000); end

Very need your help sir, I added this function that hooking GetTime in custom addon but still disconnecting.... Maybe need to add this in custom patch or what other methods?

WRobot start when you character is already in game, you cannot bypass multiaccount security with him.

You can try to edit mpq file (add code to randomize GetTime in MPQ file or found function used if they don't detect mpq files change)

Hey! But what if, instead of a lua scripts/patches/modifying kernel32.dll, we make a simple script on c# that will be hacking GetTickCount(), what do you guys think? 

Because attempts to edit interface (lua) files in MPQ always ends up with the same error:
image.png.85984325ecaf35666d4742174174b75b.png
 

It's definitely possible to hook GetTickCount() and modify it. But we are taking a very WILD guess that this is what they use to identify your computer. 
This is mostly because I cannot think of anything else they would use (from Lua) to create a "hardware" fingerprint. 

You'll be better off just running VMs.

1 hour ago, Droidz said:

And with this wow addon: testaddon.zip (change code, addon/Title/Author name to avoid problem), if this don't works, use VMs is the best way

 

the addon works but does not solve the problem.

  • 2 weeks later...

@pudge after trying to get pqr (new undetected copy, releasing soon all over to piss off server devs.) i believe only way to cast a spell without heavy modifing anything or using a custom Registerd Hook, ive found that RunMacroText with /cast Comands work, but its only a matter or time for them to add RunMacroText to there protection. but for now use this

RunMacroText("/cast Immolate")

@Droidz You can make a seprate function register or if external call the memory address and the arguments to it.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...