What you need
FU Rootkit (attatched below)
Your hack and/or packet editor

How it works
We hide the process of the program/hack and PB is unable to detect it

Step 1: Installing The Rootkit
Download and extract FU Rootkit to C;\rootkit

Step 2: Loading The Rootkit

1. Open your hack.exe or your packet editor
2. Click Start > Run
3. Type cmd.exe and hit enter
4. Type CD\ and hit enter
It should return saying C;\
5. Type CD rootkit\FU_rootkit\EXE and hit enter
It should return saying C;\rootkit\FU_rootkit\EXE
6. Type fu and hit enter

Step 3: Hiding The Hack

1. Type fu -pl 100
You should now see a list of all your processes
2. Find your hack in the process window, in my case I'm use WPE Pro
For WPE you should see WPE: follow by a 4 digit number, this is the process ID (PID), so find your hack/packet editor and find the number beside it, memorize this number
3. Type fu -ph PID (Replace PID with that number you memorized)
4. All done, go have fun

As of right now, I dont know if this will work with injectors or whatnot, but I am currently trying stuff. All EXE based hacks that you don't have to inject a DLL work fine and is undetectable by Punk Buster.

I did not make this rootkit, I simply found out that this method works.
I do not take any responsibility if this method does not work for you. I am warning you now, anytime you hack/cheat there is always a chance you can be cought, banned, and prosecuted by federal law.

Happy Hacking
-JGregorio

FU Rootkit Download (https://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip)

I hope you all take caution now when messing with a rootkit. This is too extreme just to cheat in my opinion, but I guess its upto each individual just the same.

Rootkits are very powerful. If this rootkit operaters under certain restrictions, I see it as no problem. However, since it was not programmed by you, I suggest sending it to someone who can make sure it functions as it should, with no extras.

Yes you're right...it doesn't work when you try to hide an EXE that injects/load a dll. Other than that, great job.

Oh btw, what values do you actually search for?

Very nice work man! It works with every previously detected BF2 public hack I have tested.
Doesnt matter what kind it is!
Thats crazy! :) *happy*

Can u explain why that works?
Because I'm modifying the memory although, and PBs scans should although detect the changes by md5 hash or something... why is the rootkit able to hide the changes?

I honestly don't the exact reason this works but my theory is because you are hiding the process, PB scans the process list and finds nothing

last step didnt work for me..i have WPE pro too popped in the code 1356.. says
Hiding process failed.
The operation completed successfully.

would this work for Maplestory?

any answers or help?

make sure you got the # right, if it still dont work close WPE and start it back up and find the new PID

thanks..i think it worked though..all it said back was c:\rootkit\fu_rootkit\EXE>

soo i dont really get how to work this..i never used packet editing..i would like to use it for the game maplestory, you know if you could help me personally on aim or so?

yeah just click the aim icon under my name

it dosent work it tells to me accses is denied when i try open fu rootkit with cmd prompt

I honestly don't the exact reason this works but my theory is because you are hiding the process, PB scans the process list and finds nothing

Ok hiding a process is one thing, but what about the memory modifications e.g. MyOwnPrivateHack.exe does? PB cant know that exe, but if I hide it or not, the modifications of memory are still there...
it doesn't make much sense for me... but i don't have much experience with rootkits and those stuff...
so possibly someone involved could give an answer to all those question? =)

@nah: the access denying thing will be your virus scanner... mine pops up too everytime i execute "fu", but i click ignore and it works very well... no virus at all.. but detected as spyware/rootkit for me... never mind!

Well I've modified packets with Wa Rock and wasn't detected by PB, also used some detected BF2 hacks without problems

How many posts do thread need ofr stickeyd?

Hm, I think if an moderator thinks this should be stickied then it will...

I have to unfortunately tell you that my personal BF2 Server with PunkBuster dont reliably kick me in the last days... so possibly my previously posted informations shouldn't be trusted.
I hope they are true! :-/
But I'll figure that out!

okay, thanks yeah go try it out

Do I have to do this every time I wanna use my hack?

Yes, but i'm going to get with some guys and create a simple program that is more user friendly and quicker

Sweet thank you very muchI'm in hacker Heaven! oh and If it doesn't work with injected hacks will it work for hacks with loaders?

If it isn't inject it into the game.exe

ok thanks but when I looked up FU.A in virus encyclopedia i found this(not that I don't trust you jgregorio i just thought you may have been tricked)


Common name: FU.A

Technical name: Rootkit/FU.A

Threat level: Low

Alias: Trj/MiniLD.C

Type: Hacking Tool

Effects: It allows to carry out dangerous actions for the victims of attacks.


Affected platforms: Windows 2003/XP/2000/NT


First detected on: Oct. 28, 2005

Detection updated on: May 19, 2006

In circulation? No

Proactive protection: Yes, using TruPrevent Technologies



Brief Description


FU.A is a hacking tool. These programs allow hackers to carry out any of the following actions: port scanning, launch denial of service attacks, mass mailing of e-mail messages, etc.

Although these tools are not viruses, they are considered as dangerous for the victims of attacks.

There's always a risk when hacking but you are veyr very not likely to have anything happen, people have better things to hack than to hack u just to send a email or scan ports

Ok thank you for your help!

This works with SpeederXP and WarRock

i'm glad this is working for ya'll

Well chanhuff I believe the only reason SpeederXP was detected is because you're the one who told people about it...damn I got it a long time before you did and nothing happened at all. Of course, this is just what I think.

Anyway, good work jgregorio :)

also, keep this within these forums because if this spreads around, it'll be gone in no time

Well chanhuff I believe the only reason SpeederXP was detected is because you're the one who told people about it...damn I got it a long time before you did and nothing happened at all. Of course, this is just what I think.

Anyway, good work jgregorio :)

I am not the one that got it detected it was posted on WAROCK'S FORUMS that people were cheating with it so I started using it.

What are some BF2 .exe hacks that work with this. Every hack i find, its a .exe that injects a .dll into the process list

No it doesn't inject it loads the hack...

speeder with rootkit doesnt work anymore ...theyve just updated (><)

speeder with rootkit doesnt work anymore ...theyve just updated (><)
The SpeederXP hack never really worked anyway becuase it made it really hard to use jets and cars and to kill people and the game would lockup alot.

statement: i've heard of this many times since my gaming life. never used myself. heard some proggys can detect it though.

can someone list a few hacks and links that work with this on Battlefield 2

statement: though i cant seem to find the CE process i am also pretty handy with WPE.
Insult: PB must be feeling stupid because theres almost no chance for awhile of catchin this.

EDIT: found CE. forgot to take off stealth mode form my earlier days.

dont work on MU global:/

Couple games it wont work for but this works for a lot

sry i little know enhlish so its work on mu or not?

Will this bypass work for Call Of Duty 2?

Well jgregorio mind explaining how this isn't potentially harmful? I'm getting IMs from people calling me an ***** and saying this is going to **** up their computer.

nothing will heppaen.... just a simple rootkit

Yeah I know...rootkits are supposed to be harmless by themselves..?

Statement:alright. for no specific reason, i decided to try this with silkroad (WPE) and rakion (old Hack).

Description: anywho when i set it up and enter game, i get to server list or not even and my com crashes.

Inquiry:im guessing its not possible to use for gameguard and things?

not exactly sure about that

Does this work for gunz? with packet editing?

Thanks, Ill try it. I hate packet editing tho.

When I try and extract 'fu.exe' I get this error. 'The systen cannot find the file specified.' I was guessing it was a corrupted download so I tried a different source. Same problem, any fixes?

The weird thing is though, is I had it working perfectly fine before I reformatted my hardrive. Since I re formatted it's been giving me crap about rootkit.

I haven't read the whole thread, so if this is a repeat, then go ahead and delete it.

The reason this works is because a rootkit is designed to take over a system, and hide it's presence. It does this using many different methods. In this case, it has a patched(or it is dynamically injecting it's own code or something...very similiar to hacks....) into a system process program. For instance, since I have a *nix based computer, I can go into the command line and type ps. This will give me all running processes under my user. If I want more, I can type top, and it will give me all processes, and info on memory usage, cpu usage, time started, etc...

This way works because you're completely denying any program any access to find out if your hack is running. Sure, there's ways around this...but they are very exhaustive, and not in the scope of AC's.

Hope this explains it all well...

--Macpunk

I haven't read the whole thread, so if this is a repeat, then go ahead and delete it.

The reason this works is because a rootkit is designed to take over a system, and hide it's presence. It does this using many different methods. In this case, it has a patched(or it is dynamically injecting it's own code or something...very similiar to hacks....) into a system process program. For instance, since I have a *nix based computer, I can go into the command line and type ps. This will give me all running processes under my user. If I want more, I can type top, and it will give me all processes, and info on memory usage, cpu usage, time started, etc...

This way works because you're completely denying any program any access to find out if your hack is running. Sure, there's ways around this...but they are very exhaustive, and not in the scope of AC's.

Hope this explains it all well...

--Macpunk1. This was around way before most rootkit Tutorials/Threads.
2. That didn't help My problem.
3. That is very friggin usefuly information if I could get the damn Rootkit working agian.

My god. What an ass.

1. I said I didn't read the whole topic, and I don't really have time.
2. I was trying to help the community a little, rather than writing a non-contributing, ******* overtoned post like yours.
3. Useful*, and again*. Learn to spell.
4. I wasn't out there to help your problem. I was there to explain why this works.
5. Not my problem it doesn't work, so get off my case.

Sorry this post is "a non-contributing, ******* overtoned post like yours." You had it comin'.

My god. What an ass.

1. I said I didn't read the whole topic, and I don't really have time.
2. I was trying to help the community a little, rather than writing a non-contributing, ******* overtoned post like yours.
3. Useful*, and again*. Learn to spell.
4. I wasn't out there to help your problem. I was there to explain why this works.
5. Not my problem it doesn't work, so get off my case.

Sorry this post is "a non-contributing, ******* overtoned post like yours." You had it comin'.Did I not say it was a very friggin helpful post?

I give credit where credit is due, though you must have missed that part of my post. Otherwise your post was overtoned by hostility towards me simply because you didn't read a sentence? Thanks man your a real helper of the community.

I read the whole thing, you just made it sound like you were pissed off.

--Macpunk

When I try and extract 'fu.exe' I get this error. 'The systen cannot find the file specified.' I was guessing it was a corrupted download so I tried a different source. Same problem, any fixes?

The weird thing is though, is I had it working perfectly fine before I reformatted my hardrive. Since I re formatted it's been giving me crap about rootkit.i have the same problem. I am wondering if you are right about the curropt version....

i have the same problem. I am wondering if you are right about the curropt version....Turns out the other sources were corrupt too, but before I had a clean working fresh install. Can anybody host thier clean working version please?

I read the whole thing, you just made it sound like you were pissed off.

--MacpunkIf I came off pissed I'm sorry. Hard day yesterday, women cant live with them cant live without them. :sleeping:

Meh, it's okay. Been there, done that. Sorry I was an ass too.

--Macpunk

Is anybody ever going to find an awnser to my question?

Okay. You have to figure out some things for yourself. I mean, we're dealing with heavy stuff here. A ROOTKIT. If you are a noob to computer stuff, you should just forget about this method.

If someone hasn't answered your question already, then no one knows. Go figure it out for yourself.

--Macpunk

Okay. You have to figure out some things for yourself. I mean, we're dealing with heavy stuff here. A ROOTKIT. If you are a noob to computer stuff, you should just forget about this method.

If someone hasn't answered your question already, then no one knows. Go figure it out for yourself.

--MacpunkI know how to operate Rootkits just fine. The only problem I'm having is the '.zip' folder I keep downloading keeps giving me corrupted 'fu.exe' all I was asking was for somebody to simply host thier FU_rootkit folder. Once done that is to really see if the one hosted at rootkit.com was really corrupted or not. Thats really not too much of a thing to ask nor' too hard for anybody to do.

I know how to operate Rootkits just fine. The only problem I'm having is the '.zip' folder I keep downloading keeps giving me corrupted 'fu.exe' all I was asking was for somebody to simply host thier FU_rootkit folder. Once done that is to really see if the one hosted at rootkit.com was really corrupted or not. Thats really not too much of a thing to ask nor' too hard for anybody to do.
Errr....Virruscan. Now. :p

I know how to operate Rootkits just fine. The only problem I'm having is the '.zip' folder I keep downloading keeps giving me corrupted 'fu.exe' all I was asking was for somebody to simply host thier FU_rootkit folder. Once done that is to really see if the one hosted at rootkit.com was really corrupted or not. Thats really not too much of a thing to ask nor' too hard for anybody to do.

FUTo is a much better rootkit anyway the only thing different is that you need to go to view>selech columns>PID (Process Identifier)>check it and hit ok then get the PID from there because FUTo doesnt have pl only ph.

edit
http://www.rootkit.com/vault/petersilberman/FUTo_enhanced.zip

u can also try some of the others like AFX Rootkit 2005 but i found that to be way to laggy on my virtual machine

Errr....Virruscan. Now. :pImpossible seeing as I just re-formatted my hard drive and I only download/open files I know from trusted sites. The only possible file I could have contracted a virus from onto me compooter is probbably Fu_rootkit. That or HP supplies viruses with its cops. I'd probbably agree with the latter, but yeah I'll virus scan now.

Can somebody who has a bf2 server with punkbuster/knows how to start a server please test some hacks on it. I would but I don't know how to start a server.

Edit: It used to work for me but recently it doesn't. At the start after responding and finding the right file it says that fu isnt recognized as an external or internal command operable program or batch file. Any1 have any Ideas?

Can somebody who has a bf2 server with punkbuster/knows how to start a server please test some hacks on it. I would but I don't know how to start a server.

Edit: It used to work for me but recently it doesn't. At the start after responding and finding the right file it says that fu isnt recognized as an external or internal command operable program or batch file. Any1 have any Ideas?

same here. i think my anti virus software has removed something

lammy i fixed it. THe antivirus was removing it because of it looking like a trojan. so you have to turn off your antivirus re-extract it and do what he tells you at start of topic. You must keep the antivirus off as long as your hacking.

it worked :shocked::cow: !! but now punkbuster kicks me saying corrupted file memory...

:susel: punkbuster:susel:

Which hack did you try to get you that kick?
And next time try the Haxing4Life Commando V2 It has no dll to load or inject so memory won't be corrupted.
But I'm still working out how to test things for pb Proof ness asked around but the tut for it has been deleted because of age so im kinda stuck.

i tried uberhack v1.3. it has no dll inject. but maybe i have to try another hack, maybe only this one doesn't work.

Edit: commando v2 doesn't work at all, an with uberhack i just got the message :
you've been kicked (0 minutes)
restriction: service abnormality, even if i dont use hacks
does any1 know what this means?

Can you give the number of the violation please so I can find out what it is and why it kicked you?
Edit: or you can check yourself in the bf2 violations section (right at the bottom) at pb's site: http://www.evenbalance.com/publications/bf2-pl/index.htm
I think this is most likely an Integrity violation :When PunkBuster is unable to verify that a player's gaming environment is functioning properly and/or has not been alterred, an Integrity violation is raised. This also involves the detection of modified game or PunkBuster files. These violation numbers are between 10000 and 29999.
Edit2: there are only three hacks which don't have dll for bf2 v1.3
Commando V2
Uber Hack v1.3
Sticky Tags

it says corrupted file memory [81162] or violating gamehack.I can't find any usable information on pb site about this. i'm using uberhack v1.3. commando v2 doesn't work at all, even not in singleplayer. i think this rootkit just doesn't work (anymore). maybe pb can detect it.

I think the rootkit works fine but I have problems using COmmando V2 sometimes pretty buggy hack.
The rootkit worked on BF1942 i didnt use it got 2 min ban used it havent gotten another ban.

The FU Rootkit doesn't work in combination with StickyTags.

I started Sticky.exe, then i hid it with the FU Rootkit. Then I've started bf2.exe and connected to a server. After 5-10mins, I get every time the following Error Message:

CLICK ME (http://img79.imageshack.us/img79/7716/pberroron3.jpg)

Does anyone of you know a rootkit, that works with StickyTags?

deleted: Trojan program Rootkit.Win32.Fu File: C:\Documents and Settings\*******\FU_Rootkit.zip/FU_Rootkit/EXE/fu.exe

deleted: Trojan program Rootkit.Win32.Agent.l File: C:\Documents and Settings\*******\FU_Rootkit.zip/FU_Rootkit/EXE/msdirectx.sys

Sandokan We know there are certain aspects of this file that are detected by Anti-Virus software because rootkits can control your computer and watch it by other epople not if its just you.

the latest FU Rootkit, is more complex than older versions, be warned when using later versions of (all) rootkits.

Can this Rootkit can active AA hacks like PB downforce 0.2 or 0.32 because this maybe will be a nice way to prevent HW ban =)

sadly using WPE with it... WPE can't target the game... so sad.

When i type
fu -pl 100 Its says Acess Denied.
Why is this?

Whats the a/the command to make a .bat stay open at the end, because so far I have a .bat down that does 99% of the typing for you. All you do is type the PID and your done. Only problem is the .bat closes its self before you get to type.

sadly using WPE with it... WPE can't target the game... so sad.

1. Download my attachment.
2. Run WPE.
3. Run permedit.exe
4. Look for WPE on the list of running processes.
5. Select WPE and press Grant Permissions
6. Click OK and you're done.

WPE should be able to target your game after that.

When i type
fu -pl 100 Its says Acess Denied.
Why is this?

Anyone?

Anyone?

Does your Windows account have Administrator access? If it does, I'd have to say that the process you're trying to target has some kind of protection.

http://www.mpcforum.com/showthread.php?t=125479


Wow thanks for copying exactly what i released ages ago and repeating everything i said. -_-

Is there a diff program that does the same thing but accually works... Ive been trying for hours now to get it to work so now i give up so can anyone help me my xfire is : loopn .
or if someone knows a diff program that works can u post it plz.

dont download please this has a Trojan or a virus
my kaspersky internet security 6.0 detected it as a trojan

dont download please this has a Trojan or a virus
my kaspersky internet security 6.0 detected it as a trojan

And you obviously have read nothing.

XTrap always see when i mod any value and restart my PC ....

Ugh, lots of blind people in this thread, we're talking about a rootkit here, any half decent scanner will say it is a trojan/virus (or properly, rootkit), rootkits are powerful and you may not want to play with them if you lack the understanding.

doesnt work for war rock tried it attached process worked well...started recording USING WPE PRO. stopped recording BOOM punkbuster message saying that my account will be suspended

doesnt work for war rock tried it attached process worked well...started recording USING WPE PRO. stopped recording BOOM punkbuster message saying that my account will be suspended

I never get that message from Warrock, all i get is disconnected from server when i try sending the packets.

You probably didn't find all the WPE processes, i noticed sometimes there can be 2 or more. That's why i use fu -pl 500 and look for all possible traces.

https://www.rootkit.com/

using rootkits just too cheat is kinda overkill, and rootkits can damage systems badly. the binaries linked to here should be executed with causion because their modifying memory in ring 0, the binaries are also compiled for a specific version of windows, so chances are the system could be damaged serverely when attempting to patch the memory.


https://www.rootkit.com/vault/fuzen_op/FU_README.txt

hey, thanks for the rootkit, everything works perfectely, it hides my hack, wonderfull, but only one problem, when i start a server with punkbuster, in about two minutes it kicks me and says:

"RESTRICTIONS: Windows API Function" or something, what is the problem and what is a Windows API function, it kicks me for that reason, im wonderoing if its the command prompt i leave open once i hide the hack

can any help me please!!!

does work for me says driver cant be loaded... dont know why driver access error

bye

one problem i use sofbot.exe its a exe file yet i cant find the process on the list..i get SOF2MP.EXE..but nothing like sofbot.exe..urmm..HELP please

very nice thx rootkit is very powerfull ^^ O.O


:dead:

that rootkit that you are all praising is a bloody trojan horse!!!

what an idiot make sure you don't spread viruses liekt hat jgregorio

Dude wrong use Attach file ...

please can some1 upolad screenshots...for this???

i trywd to use it but nothing

trojaner in this file....