CPP RELEASE Emulator Wraith AntiCheat - W-AC

[SobFoX]

https://www.sobfox.com



Recently I got a chance to look at this server’s anti-cheat.
It was protected with VMProtect.
Basically, all they do is send a packet during the server login process —
276 empty bits.

This is the website: https://anticheat.fsc-clan.eu/
And this is the game server address: 89.38.135.169:7777

I attached here code that mimics/fakes the use of their anti-cheat.
Enjoy!

if (*uniqueID == RPC_ClientJoin) {
BYTE v9[276] = { 0 };
BitStream bsSend;
bsSend.Reset();

for (BYTE b : v9) {
    bsSend.Write(b);
}

Send_RPC(181, bsSend, HIGH_PRIORITY, RELIABLE_SEQUENCED);
}

 

[Expl01T3R]

XD
181 is free slot for RPC right? makes sense.
Average Anticheat Dev ..
well done !

 

[SobFoX]

I forgot to mention that it also sends two more RPC packets:
one with ID 38
and another with ID 201.

 

[Expl01T3R]

Bypassed.
You gotta need RPC NOP for RPC_ToggleClock (30) because via that they are crashing your game. (BitStream::ReadBits exception)
And then use your code with few edits:

if (uniqueID == RPC_ClientJoin)
{
    // WRAITH-AC BYPASS
    {
        BitStream bsTmp;
        uint32_t value1 = 0x1249;
        bsTmp.WriteBits((unsigned char*)&value1, 16, true);
        uint32_t value2 = 0xA64351;
        bsTmp.WriteBits((unsigned char*)&value2, 32, true);

        te::sdk::LocalClient->SendRPC(181, &bsTmp);
    }

    ...
}

Result: