Paladin Anticheat


CEVO has been fairly interesting itself. A few months ago it was very trivial to reverse it within a day, max. But now they've done some slightly annoying things to their binary. Had you read my previous writeup, you'd have seen that the strings were completely untouched

However, now they've done some .NET Metadata fuckery, as seen here.

It looked fairly complex at first, but once you look at it, all they're doing is using the exact same decryption routine, with some changed keys, and having it dependant on a few metadata tokens ( which are all easily gatherable. )

Aside from that, the code is basically unchanged from months ago! Maybe if they ever read this writeup they might change something, but I doubt it, i'm not very popular :). Until then, I'll have fun hacking on CEVO!

Home