Jump to content

Protection from SpellManager.CastSpellBy && LuaDoString (or what?)


Recommended Posts

Hi.


On some server that called Sirus i encountered the weird protection from SpellManager.CastSpellBy and LuaDoString functions for using spells - they're doesn't work in combat.
 

Maybe there are alternative ways? Except PLua (only runmacrotext works)

 

 

Link to post
Share on other sites
4 minutes ago, Smokie said:

Idk if that’s a lua Function or if droidz uses memory writing for that but trying using normal lua CastSpellByName 

Doesn't work when in combat, I showed it right on the video. Only runmacrotext works.

Link to post
Share on other sites

After finding realmlisting, i was able to log in with my none modified client and was completely able to use 

 SpellManager.CastSpellByNameLUA("Lesser Heal");

CastSpellByName("Lesser Heal");

i did get Dc tho, idk if its because of the lua injection or if its because of my T-moble hotspot, but over all it works.

@Droidz you may want to check if they can detect l if a player is using lua for casting spells, they might not have a ban action in place, just a simple dc.

 

image.thumb.png.80833ee96cbdadb1e51858637b93f9c7.pngimage.thumb.png.6db956dfa3d9c47d31507b08913aa7fb.png

Link to post
Share on other sites

They probably disconnected you, because you didn't have their MPQs. 
You can probably add a custom MPQ that's loaded at the very beginning that just loads FrameXML or something that copies CastSpellByName

 

originalCastSpellByName = CastSpellByName

-- later in wrobot use this code:
originalCastSpellByName("Frostbolt")

Maybe that will work. Otherwise - weird. THey definitely heavily modify the UI with their MPQs

Link to post
Share on other sites

Yes, disconnecting because they require to install their patches, which they update daily.

 

2 hours ago, Matenia said:

You can probably add a custom MPQ that's loaded at the very beginning that just loads FrameXML or something that copies CastSpellByName

 

originalCastSpellByName = CastSpellByName

-- later in wrobot use this code:
originalCastSpellByName("Frostbolt")

Maybe that will work. Otherwise - weird. THey definitely heavily modify the UI with their MPQs

Interesting, will have to try, if I understand how to do that :)

Link to post
Share on other sites

Hello,

This is the code they use for there custom MPQ and they check if the file is there and if its not then they download and replace the file with theres. @Droidz Might have to see if he can bypass it.

 

the Mpq file  name : patch-ruRU-i.mpq

 

--	Filename:	Controller.lua
--	Project:	Sirus Game Interface
--	Author:		Nyll
--	E-mail:		[email protected]
--	Web:		https://sirus.su/

local _CastSpellByName = CastSpellByName
local _CastSpellByID = CastSpellByID
local _CastSpell = CastSpell

local ignoreSpell = {
	7620, 7731, 7732, 18248, 33095, 51294,
	2550, 3102, 3413, 18260, 33359, 51296,
	3273, 3274, 7924, 10846, 27028, 45542,
	2259, 3101, 3464, 11611, 28596, 51304, 28677, 28675, 28672,
	2018, 29844, 51300, 3538, 3100, 9785, 9788, 17039, 17040, 17041, 9787,
	13262, 7411, 7412, 7413, 13920, 28029, 51313,
	4036, 4037, 4038, 12656, 30350, 51306, 20222, 20219,
	2366, 2368, 3570, 11993, 28695, 50300,
	51005, 45357, 45358, 45359, 45360, 45361, 45363,
	31252, 25229, 25230, 28894, 28895, 28897, 51311,
	2108, 3104, 3811, 10662, 32549, 51302, 10656, 10660, 10658,
	2656,
	8613, 8617, 8618, 10768, 32678, 50305,
	3908, 3909, 3910, 12180, 26790, 51309, 26798, 26797, 26801
}

local blockSpell = {
	306647,
	306648,
	306649,
	306650,
	306651,
	306652,
	306653,
	306654,
}

local function GetSpellID( ... )
	if ... then
		local link = GetSpellLink( ... )
		if link then
			return tonumber(string.match(link, "spell:(%d*)"))
		end
	end
end

local function SendClientReport( name, ... )
	SendServerMessage("ACMSG_PROTECTED_LUA_CALL_DETECTED", name.."|"..strjoin(" ", tostringall(...)))
end

function CastSpellByName( ... )
	if not ... then
		return
	end

	local id = GetSpellID(...)

	if id and tContains(blockSpell, id) then
		return
	end

	if not UnitAffectingCombat("player") then
		_CastSpellByName(...)
		return
	end

	if id and tContains(ignoreSpell, id) then
		_CastSpellByName(...)
		return
	end

	SendClientReport("CastSpellByName", table.concat({..., id}, ", "))
end

function CastSpellByID( ... )
	if not ... then
		return
	end

	local id = GetSpellID(...)

	if id and tContains(blockSpell, id) then
		return
	end

	if not UnitAffectingCombat("player") then
		_CastSpellByID(...)
		return
	end

	if id and tContains(ignoreSpell, id) then
		_CastSpellByID(...)
		return
	end

	SendClientReport("CastSpellByID", ...)
end

function CastSpell( ... )
	if not ... then
		return
	end

	local id = GetSpellID(...)

	if id and tContains(blockSpell, id) then
		return
	end

	if not UnitAffectingCombat("player") then
		_CastSpell(...)
		return
	end

	if id and tContains(ignoreSpell, id) then
		_CastSpell(...)
		return
	end

	SendClientReport("CastSpell", ...)
end

function JoinBattlefield( ... )
	return nil
end

function AcceptBattlefieldPort( ... )
	return nil
end

function AcceptTrade()
	return nil
end

function GuildInvite()
	return nil
end

function EventHandler:ASMSG_CLIENT_VERSION_REQUEST()
	SendAddonMessage("ACMSG_CLIENT_VERSION_VERIFICATION", 739, "WHISPER", UnitName("player"))
end

 

Edited by Smokie
Link to post
Share on other sites

So basically they hook CastSpellByName etc. Smart and exactly what I thought they were doing. Load another custom before BEFORE this one and hook it BEFORE them. Then you may use your own custom function. 

 

Link to post
Share on other sites

If they don't check your IP (seems you're proxying) they might check your GetTime() (Lua) result because it is unique to your computer. You can modify this function by hooking it and adding a random offset. Search the forums.

Link to post
Share on other sites

Hi, if lua is modified only on MPQ file (and server don't check it after) you can try to call this code to reset CastSpell...:

wManager.Wow.Memory.WowMemory.InjectAndExecute(new []
                                               {
                                                 wManager.Wow.Memory.WowMemory.CallWrapperCode(0x53B740),
                                                 "ret"
                                                 });

 

Link to post
Share on other sites
2 hours ago, Matenia said:

If they don't check your IP (seems you're proxying) they might check your GetTime() (Lua) result because it is unique to your computer. You can modify this function by hooking it and adding a random offset. Search the forums.

On 2/22/2019 at 11:28 AM, Matenia said:

_oldGetTime = GetTime; function GetTime() return _oldGetTime() + math.random(1000, 15000); end

Very need your help sir, I added this function that hooking GetTime in custom addon but still disconnecting.... Maybe need to add this in custom patch or what other methods?

Link to post
Share on other sites

WRobot start when you character is already in game, you cannot bypass multiaccount security with him.

You can try to edit mpq file (add code to randomize GetTime in MPQ file or found function used if they don't detect mpq files change)

Link to post
Share on other sites

Hey! But what if, instead of a lua scripts/patches/modifying kernel32.dll, we make a simple script on c# that will be hacking GetTickCount(), what do you guys think? 

Because attempts to edit interface (lua) files in MPQ always ends up with the same error:
image.png.85984325ecaf35666d4742174174b75b.png
 

Link to post
Share on other sites

It's definitely possible to hook GetTickCount() and modify it. But we are taking a very WILD guess that this is what they use to identify your computer. 
This is mostly because I cannot think of anything else they would use (from Lua) to create a "hardware" fingerprint. 

You'll be better off just running VMs.

Link to post
Share on other sites
  • 2 weeks later...

@pudge after trying to get pqr (new undetected copy, releasing soon all over to piss off server devs.) i believe only way to cast a spell without heavy modifing anything or using a custom Registerd Hook, ive found that RunMacroText with /cast Comands work, but its only a matter or time for them to add RunMacroText to there protection. but for now use this

RunMacroText("/cast Immolate")

@Droidz You can make a seprate function register or if external call the memory address and the arguments to it.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...