Tuesday, January 20, 2015

[Makes detected hacks undetected] Simple PE Cipher

I was talking to Bombsaway a few days ago and he was saying that the old method of ciphering a file (pumping shit onto the end of the file) no longer works with CA.

It just so happens I was bored at the time so I wrote this simple little cipher. Basically it just manipulates a few values within the PE structure and also rewrites some data into the .text section.

This, unlike the older ciphers, should work to fool Nexon's hash logic. Using it is pretty straightforward: Download the .zip and extract it Run "Simple PE Cipher.exe" Press the browse button to locate your Dll Press "Run Cipher", if all goes as expected you should see a "Cipher Completed Successfully" message box appear. Inject the .dll.

 A backup of the original .dll is also created (with a .bak extension) in the same directory as the ciphered dll so you can revert at any time if something goes wrong. - See more at:

If you have any issues with it, please feel free to PM me or post in the thread, I'll do my best to rectify the issues.

No idea why this had those two scanners report a backdoor to be honest. Perhaps because I'm using some I/O API, dunno. Anyways, enjoy, and report back with results.

Download Now

'hotshotgamers.net' does not host any of the files mentioned on this blog. This blog only points out to various links on the Internet that already exist and are uploaded by other websites or users there. Use at your own risk!


Post a Comment