Not an issue, but use this batch for opening to help fight against vacnut

[d3d43]

vacnet scans open windows when comp game starts. using this batch to open the cheat will disguise the cheat slightly:

@echo off title %random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random% echo Only continue once you are in game and can see your gun. echo. pause cd /d "%~dp0" set name=%random%%random%%random%%random% ren "*.jar" "%name%.jar" cls set args=-Xmx999M -Xms999M java %args% -jar "%name%.jar" pause

REMEMBER DO NOT OPEN CHEAT BEFORE SPAWNING WITH A GUN OUT

Also run cheat from usb if you want a bit more extra piece of security

[TheRatCode]

I'm not in a position to comment on the legitimacy of these suggestions but in my personal experience the name/from usb doesn't matter, and won't be making any changes at the moment. Will leave this open for anyone who wants as much potential security as possible.

[Isaac-Duarte]

Lmao been using this cheat 60+ hours never been caught/accused of cheating.

[Isaac-Duarte]

Also I wrote this thing to auto update the Hack. https://github.com/Fozie123/Rat-Poison-Updater (Can be improved)

[LauraSavall]

@phooooon Each program as an SHA256 signature...so changing the name will result of...nothing...sorry

Compiling AStupidRat without doing any change will make you having the same signature as all other people

If you want an unique signature, I suggest to you to add and HWID created from your PC in comment in last line of src/main/kotlin/rat/poison/RatPoison.kt which look like this for me :

Having this will make you own an unique ID Signature of RatPoison ;)...

You can have my version of HWID creation, right here : https://github.com/LauraSavall/disease

[LauraSavall]

I will make an PR soon to make it automatic at each build...to add a random and unique line around the world, so an unique and random signature all around the world... CYA

[Isaac-Duarte]

@LauraSavall I just added something like that into my updater.

https://github.com/Fozie123/Rat-Poison-Updater/commit/201101bea993b4455a5c5fe013c8e5d465329c17

[Isaac-Duarte]

[10urshin]

Both changing cmd window title and adding hwid as a "comment" does nothing.

[Isaac-Duarte]

Adding a comment does change the hash.

For example

I've got these two builds with the random comment.

Here are the different SHA 256 hashes 1: 3a97792da67dcd884c4aa230f5681e6c35281d5b2eb52f1fd26ca7e1e009aed9 2: 44c231adc28ffe6d3eee5d3de490975f9939f1097453fad9e94a6abc161fc40e

Which this I think was the attempt by the batch script

[10urshin]

Only hash of jar file matters. Plus it is not sha256 and it is not hashing it as a whole single file but taking small chunks and hashing them to compare similarity. Vac might be stupid compared to other anti-cheats but not stupid.

[Isaac-Duarte]

I know I did the hash of the jar file... Because my python script clones the repo, inserts the comment, then builds it. It has a different hash.

[10urshin]

Every time you compile it, it will have different hash because compiler add some bits from your computer and jar file is actually an archive which has a last modified time data for every file which changes because you saved the file after adding the comment. Comments do not make it into the jar/class files. Compiler simply ignores them.

[LauraSavall]

If you say so, compile RatPoison with //1 at the end, Clone and then compile with //2 Clone and then recompile with //1 Amazing... 1st and 3rd compile will have same hash isn't it ? But not 2nd

So yes, even if it's comment, it does change hash And... If comment doesn't work, as you say, let's add l.44 of RatPoison.kt "println("Random Signature")" Right ?

[10urshin]

Those hashes are the same because of a gradle feature : https://docs.gradle.org/current/userguide/more_about_tasks.html#sec:up_to_date_checks Delete the build folder between builds to see hash change.

And about adding the println, again vac doesn't hash the whole file, it takes chunks out and compare, adding one string and a println byte code only does like .001 difference from the original hash. No point imho.

And since vac actually hash the java process on memory, using a non-default jvm is your best bet.

[LauraSavall]

Adding a simple space to a program will change the whole signature...

VAC, I guess, check running process, and calculate HASH of the linked program running That's what we did with our GTA5RP server to ensure no cheat in our city.

So yes, JVM, Charlatano, and ofc RatPoison, are undetectable, but I can confirm, adding a single space change the signature

But, yes, if VAC use name program recognisable, it is useless to disguise the SHA signature

But, combining the name changing + signature changing can add some security level

[10urshin]

VAC, I guess, check running process, and calculate HASH of the linked program running That's what we did with our GTA5RP server to ensure no cheat in our city.

Yea ok, if you did it that way, VAC must work like that too.

So yes, JVM, Charlatano, and ofc RatPoison, are undetectable, but I can confirm, adding a single space change the signature

I never said undetectable.

But, yes, if VAC use name program recognisable, it is useless to disguise the SHA signature

Again VAC is not using SHA, not the SHA you know of anyway.

Adding a simple space to a program will change the whole signature... ... But, combining the name changing + signature changing can add some security level

No it doesn't.

[LauraSavall]

Yea ok, if you did it that way, VAC must work like that too. It is the easiest way to detect a specific program running, so yes, I guess they use a similar method.

Downloading all free cheat on market, create SHA256 of them and compare running program with their database...in my opinion...

Again VAC is not using SHA, not the SHA you know of anyway.

Oh... So how does it works pls?

Adding a simple space to a program will change the whole signature... ... But, combining the name changing + signature changing can add some security level

No it doesn't.

I have to admit, name change nothing to security/undetection... But signature does, I'm quite confident about it

[10urshin]

Yea ok, if you did it that way, VAC must work like that too. It is the easiest way to detect a specific program running, so yes, I guess they use a similar method. Downloading all free cheat on market, create SHA256 of them and compare running program with their database...in my opinion...

Again VAC is not using SHA, not the SHA you know of anyway.

Oh... So how does it works pls?

Vac RPM bits of memory, allocate it into own process and hash and compare. 0x10000 bytes MEM_COMMIT | MEM_RESERVE , PAGE_READWRITE https://www.unknowncheats.me/forum/anti-cheat-bypass/100197-vac-external-tool-detection-and-more.html

[LauraSavall]

Thanks for the links, I didn't read it before

Sept 2013... Is it still up to date ?

[d3d43]

@Fozie123

How does your updator work? Nice project could be useful

Also for now i feel like retarded bc i still dont know how to transfer my configs

[d3d43]

@Fozie123 update python script wont work. a window appears then just disappears. i will reply on github as well

[Isaac-Duarte]

@phooooon I have updated the script that may catch your error and tell you about it. Go ahead and look.

[d3d43]

@Fozie123 ill try later. ty for updating

[d3d43]

@AStupidRat Are you going to add a panic button or no visual recoil or fov slider?

[TheRatCode]

@phooooon Only 'panic button' is visuals toggle key. I don't plan to add any other features currently.