If you use programs like Cheat Engine to reverse Xigncod3 protected gamesyou will usually get a "Error: Suspicious program detected" message after a few seconds and the game will close.



HoweverI've recently noticed that signing any detected.exe program with a simple leaked OV cert from UC completely bypasses that detection.

For example just having the original Cheat Engine program running in Backgroundxigncode3 will detect it after a minute and closes the game with a warning.

So I just signed the original Cheat Engine.exe without changing anything and it no longer gets detected (thanks to @abhiontop for the cert - Can be downloaded here: Codesigning Certificate).



I tested it with six different games that were all protected by Xigncode3and it worked on all of them.
One of them is Paragonwhich was released only two weeks ago and is protected by the most recent Xigncode3.

While this is not a true "exploit" or "bypass" and just a lazy approach to get around the detectionI wonder why Xigncode3 no longer scans the process just because of a Cert.
Yessigning your driver or dll to stay "undetected" is nothing new. I'm just surprised that it works that well even tho the name of the program and the signature is still the same so why wouldn't they block it.

I also found a few string lists while reversingnot sure if they are for signature or process name based detections:
https://www.unknowncheats.me/forum/d...=file&id=38902

Few lines from that stringlist:
(Only using a Cert to bypass will probably get you banned in the long term tho.. right?)

__________________

File Approved

• SHA256: 1bd06c9f266bbcaf614358e18b7c42bcec0d8f9b8a14d6d72256938c990fbbcb - strings.txt

Interested in how we analyze files? Click here to find out.

Download: https://www.unknowncheats.me/forum/d...=file&id=38902

Thanks for sharing!

__________________

thanks +rep

That beautiful cert made me able to easily load my old public pasted spoofer driver while vanguard runs hihi

is that game "Paragon" good?

I played a very early version years agonot sure about the new

you got any cheat for it yet?

what's possible? Resources ? xp? Speed?
ESP / Aim for sure I guess

Hey thank you for posting this This is definitely a useful chunk of information to bear in mind!

is work in all anti cheat?

where u get signtool.exe

Download the SDK https://developer.microsoft.com/de-d...s/windows-sdk/

__________________

i got this error

can you try it here?
https://sf.infinitymarket.net/

Have you tried adding in either /fd SHA1 or /fd SHA256 to your command line parameters?

This will get you banned in a week or two as they still check for many other thingsdepends on which version of xigncode3 the game is usingI knew this lazy method almost 6 years ago

one of the reasons why it's not "detecting" cheat engine is related to them being lazy by temporarily whitelisting anything that is "Signed" regardless being revoked or not lol

think it will work for Ricochet? lol

it just defaults to SHA1 rather than SHA256. my signed file works tho. problem is everything is all signed with same hash and address of company lmao. so they could blacklist the certificate basically

Where can I find jajafix?

Thats what I thought

__________________

where is the file jaja.pfx ?

You can find it here Codesigning Certificate

__________________

if you use cheat engine on another windows profile while xigncode3 is running. it takes around 5+ mins for the game to close for suspicious programwish there was information on how to dump the manually mapped x3.mem [removed]

Thanks so much iBaseult
now not detected xc3

i bet There are not necessary anything for using Cheat Engine under the xigncode3.
not signing OV Cert + not detected + Pointer scan available.