ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 7353

NetDll_Connect (Resolved Function) "Hide Your IP" [XamNet] IMPORT

by Giths - 01-31-2019 - 05:21 PM
#11
(02-06-2019 - 07:02 PM)ronin Wrote: To get past this super awesome top security, all it takes is for someone to find the import in the xex that gets module exports and search for usages until you find one using 0xC from xam. I'm almost certain that no one is trying to "flex" that they're using such a thing, I've seen multiple leaked stealth servers using this method, including ones from 17511. But if i'm completely wrong and most people reading this post haven't seen anything like this before then ggwp.

The point of this is to hide the import from the function list and call directly to the function in the xam module.

(02-07-2019 - 04:01 AM)razr Wrote:
(02-06-2019 - 07:02 PM)ronin Wrote: To get past this super awesome top security, all it takes is for someone to find the import in the xex that gets module exports and search for usages until you find one using 0xC from xam. I'm almost certain that no one is trying to "flex" that they're using such a thing, I've seen multiple leaked stealth servers using this method, including ones from 17511. But if i'm completely wrong and most people reading this post haven't seen anything like this before then ggwp.

These kids think they're untouchable just because they're resolving it at runtime instead of linking it.. What has the scene become.

I leaked this because people are trying to flex on it. I personally dont use this.

(02-06-2019 - 10:47 PM)ronin Wrote:
(02-06-2019 - 10:41 PM)XBLUnbound Wrote: oof, you just know what ur talking about and sounded like him

i'm a developer for NiNJA, i would hope i know what i'm talking about  Skeptical

same, i do the visuals. weird flex but ok.
Reply
#12
(02-07-2019 - 12:03 PM)Giths Wrote:
(02-06-2019 - 07:02 PM)ronin Wrote: To get past this super awesome top security, all it takes is for someone to find the import in the xex that gets module exports and search for usages until you find one using 0xC from xam. I'm almost certain that no one is trying to "flex" that they're using such a thing, I've seen multiple leaked stealth servers using this method, including ones from 17511. But if i'm completely wrong and most people reading this post haven't seen anything like this before then ggwp.

The point of this is to hide the import from the function list and call directly to the function in the xam module.

(02-07-2019 - 04:01 AM)razr Wrote:
(02-06-2019 - 07:02 PM)ronin Wrote: To get past this super awesome top security, all it takes is for someone to find the import in the xex that gets module exports and search for usages until you find one using 0xC from xam. I'm almost certain that no one is trying to "flex" that they're using such a thing, I've seen multiple leaked stealth servers using this method, including ones from 17511. But if i'm completely wrong and most people reading this post haven't seen anything like this before then ggwp.

These kids think they're untouchable just because they're resolving it at runtime instead of linking it.. What has the scene become.

I leaked this because people are trying to flex on it. I personally dont use this.

(02-06-2019 - 10:47 PM)ronin Wrote:
(02-06-2019 - 10:41 PM)XBLUnbound Wrote: oof, you just know what ur talking about and sounded like him

i'm a developer for NiNJA, i would hope i know what i'm talking about  Skeptical

same, i do the visuals. weird flex but ok.

They should let me do their security. It sucks at the moment.
In an isolated system, entropy can only increase.
#EpsilonSucks
Reply
#13
Nice leak man :)
Reply
#14
you can hide the IP all you want but if you use Wireshark you can still find it hiding your IP as completely pointless so I don't understand why people think oh just hide your IP they'll never find your server I'm just saying all internet connections can be logged and also the servers use it very distinct packet header that's different than any of the other packets the Xbox uses so it's very easy to find the server connection with a tool like Wireshark or any other network sniffing utility so why is this relevant in any way just wondering?

my only issue is you guys all claim you make your own servers and you understand how the packet layer works but yet you know nothing about structures or how anything Works you're still using the base that I released just you guys are all based off of colossal all of your c-sharp bases are based off of that and still use libraries from it so if you have create your own server how do you know nothing about packet layer information you cannot hide an IP address from Network layer sniffing and if you knew anything about packet layers you would understand that I just think it's funny how you guys are planning to make your own stuff but you're still basing it off of original release like all you guys have done is modify the code that is it and made a cool little GUIs but you're still all using the XO SC that was created on the server the original dump you're all using the same network connection completely not even modified me with Titan and my cplusplus server were different and also ninja with their python server or Infernus with their incredible server that is amazing but all of you guys still just use that c-sharp server that was created as a proof-of-concept modify and code base in updated code base but then claim you made your own server when it's all the same all of it
if you like my posts and want to see more please plus rep
Reply
#15
(03-23-2019 - 04:13 AM)theDomo Wrote: you can hide the IP all you want but if you use Wireshark you can still find it hiding your IP as completely pointless so I don't understand why people think oh just hide your IP they'll never find your server I'm just saying all internet connections can be logged and also the servers use it very distinct packet header that's different than any of the other packets the Xbox uses so it's very easy to find the server connection with a tool like Wireshark or any other network sniffing utility so why is this relevant in any way just wondering?

my only issue is you guys all claim you make your own servers and you understand how the packet layer works but yet you know nothing about structures or how anything Works you're still using the base that I released just you guys are all based off of colossal all of your c-sharp bases are based off of that and still use libraries from it so if you have create your own server how do you know nothing about packet layer information you cannot hide an IP address from Network layer sniffing and if you knew anything about packet layers you would understand that I just think it's funny how you guys are planning to make your own stuff but you're still basing it off of original release like all you guys have done is modify the code that is it and made a cool little GUIs but you're still all using the XO SC that was created on the server the original dump you're all using the same network connection completely not even modified me with Titan and my cplusplus server were different and also ninja with their python server or Infernus with their incredible server that is amazing but all of you guys still just use that c-sharp server that was created as a proof-of-concept modify and code base in updated code base but then claim you made your own server when it's all the same all of it

For someone to get the IP with wireshark they'd have to load the xex, yes they can do it but it's more to stop people from trying to find it in IDA and try and threaten people with their "Dank Hex View Hax".
Reply
#16
to get past things like this there is a program called wireshark and you can just get the ip through that while the xbox is booting
Reply
#17
(01-31-2019 - 05:21 PM)Giths Wrote: People trying to flex on the fact that they have "Hidden" their IP and it can't be seen in IDA. It can, its just not click and copy like before. This function will resolve NetDll_Connect so it is not seen as an import in your XEX.
Note: Again, this will not HIDE your IP, it will just make it harder for PPC skids peeking through your XEX.

Paste this in your Tools or Utilities, whatever you skids call it and remove the one from XamNet.h as most of you still use the xkelib library. 
Also this is not a releak, this is a proper correctly formatted resolved function, none of that skid shit you see in leaked teapot sources. Enjoy

Code:

Content Unlocked
Content is hidden! Please check original post to view it.
Reply
#18
ya maybe this isnt worth the credits.
This account is currently banned
Ban reason: Multi
Reply
#19
(04-23-2019 - 06:17 AM)brave_mods22 Wrote: ya maybe this isnt worth the credits.

was at the time.
Reply
#20
what is this for ??
Reply

Users browsing: 2 Guest(s)