SS Guide

by Fazer - 13-03-2018, 06:47 PM
Novice
Posts:
30
Joined:
Feb 2018
Likes:
3
Credits:
59
Reputation:
0
1/2 Year of Service
#1
OP
Posted: 13-03-2018, 06:47 PM (This post was last modified: 13-03-2018, 06:47 PM by Fazer.)
This SS guide will give you the maximum chance of finding any sort of cheats when screen sharing a player on the network. If you follow this guide you are almost guaranteed to find if the player is using any cheats.

________________________


If you suspect a player of cheating then freeze them or use the command “/ss <Player>” and give them 3 minutes to join the Teamspeak. (ts.faithfulmc.com) If they fail to join the teamspeak then ban them for Refusal To Screen Share. Make sure to -s the ban. If at this point they have joined Teamspeak then ask them if they would like to admit for a shorter ban. If they do admit check the punishments (Here) and ban them accordingly. If they do not admit then from that point give them 3 minutes to download Anydesk ( https://anydesk.com/download ) and give you their anydesk address.

Once they give you the 9 digit code follow these steps below.





________________________

Once they’ve opened the Anydesk and allowed you mouse and keyboard access then check if they’re recording by clicking the the Up Arrow in the bottom right of their screen which looks like this https://gyazo.com/18967f9e7b99708f2f7411e987b9341f and check if you find any Recording Software looking icons. If you find any, simply open them and check if they’re recording then close the recording software incase. After that check if they have CCleaner. If they do, Check if they’ve ran it before the Screen share by opening ‘’File Explorer’’ then ‘’Recent Items’’ and if there’s nothing there they’ve used CCleaner before the joining Teamspeak and you can Ban them. If not go back to Minecraft.

________________________


(Step 1)

Minecraft

BEFORE SSING, CHECK RECORDING

Open up Minecraft and unfreeze the player. Click ‘’ESC’’ then options, then open up Snooper Settings and scroll down till you find ‘’launched_version’’ (almost at the bottom) and find out what version they launched their Minecraft in. If they are using a Hacked Client ( Jigsaw, Huzuni,

Pandora, Sigma, etc.. ) then ban them, but if they are using Forge etc... then continue by going into their .minecraft then into their mods folder and checking for any illegal mods/Reach/Client Mods. Make sure that all the mods have the correct file sizes. File sizes are below.


MOD SIZES


Mod Name

Version

File Size

Extra

Bspkrscore

6.16

194KB


Bspkrscore

6.16

194KB

205KB= Zuiy’s old client

Bspkrscore

6.14

194KB


Bspkrrscore

7.01 (1.8+)

62KB


ToggleSneak

1.7.10

30KB


ToggleSneak

3.0.5

22KB


ToggleSneak

3.0

21KB


ToggleSneak

3.1.1 (1.8+)

22KB


Powns ToggleSneak


35KB


TimeChanger

1.0

15KB

20KB = Misplace

Keystrokes

1.0 (original)

13KB


Keystrokes

3.0

14KB


Batty’s Coords

1.6.0

18-19KB


TCP No Delay

1.0

6KB


TCP (1.8)

2.0

5KB


TCP No Delay (1.7.10)

2.0

5KB

37.41-38KB = Client(Vea)

FastCraft

1.23

179KB


FastChat

1.0

5KB


TabbyChat

1.11.1.59

379KB


Rei’s MiniMap

3.6

178KB



CPS Mod

1.2 (1.8+)

10KB


CPS Mod

1.0

9KB


Optifine

HD_U_D6

974KB - 1,194KB


Optifine

HD_U_D7

1,356KB - 1,580KB


Optifine

HD_U_D3

947KB


Pot Counter

1.0

8.03KB


Status Effect

1.26 - 1.27

24KB - 27KB


Armor Status

1.27 - 1.28

26KB - 27KB


Armor Status

1.28 (1.8+)

28KB


ShinyPots

1.1

5KB


PlayerAPI

1.0 - 1.1

252KB - 260KB








(Step 2)

Other


After checking out their Mods and figuring out if they have any Mod Client/Reach Mod/Misplace client go back to their File Explorer and go through their Downloads, if you find any sort for Ghost Clients you may ban them. You can also open a random winrar file then right click on the logo 

[Image: yU0uKpimUwhhSeLcNdS4Ktvqfoeo5A8EjF7uSVBX...xGrjLr3Li2]

And check if they have recently opened some sketchy files/clients. After that you can also check Prefetch by going into This PC - Windows - Prefetch and going through it checking if they have any weird file names/Autoclickers recently opened. Once you’re done doing that you can move on to downloading some tools to help you with the Screenshare.



(Step 3)

Everything

(https://www.voidtools.com)


Download Everything by clicking the link above then clicking ‘Download Installer’ - Run - Select a language - I agree - Next- Next- Install - Finish.

Once Everything is opened and all his/her files is shown search for stuff like (Clicker - Autoclicker - XRay and other stuff depending on what you’re SSing them for.


(Step 4)

Process Hacker 2

(http://processhacker.sourceforge.net/downloads.php)


Download Process Hacker by clicking the link above then clicking ‘Installer’ - Run - Next - Next - Install - Finish


(Start)


Always start of the Process Hacker by going into his chrome.exe if that's their Net Browser of choice.

[Image: AHlGfKAgTs_46OFbv-pSQl9-vRziZU4CP2lHarBE...nib-Kp9H5u]

Right click on the top chrome.exe then click Properties - Uncheck ‘Hide free regions’ - Strings - Minimum length = 4 then tick Image and Mapped Click Filter - contains (case-insensitive)... - And search for stuff like

Clicker

Autoclicker

Vape

Vape Lite

Vape.gg

Demon

Demon.gg

Drek.io

GucciClient

BapeClient

BitClient

WetNoodle

Kurium

Trumpclient

Merge

mergeclient.xyz

Cyanide


To get a better idea of what they may be using.



(Autoclickers)


If you’re searching for an Autoclicker go into - dwm [dwm may need you to run Process hacker as an administrator to actually show strings] ([Image: GiZa7xW6-NzuTL-Gz0l-Wlv-U8n_mQVrq7uonR4c...FS2ddi2mxz]

- Uncheck ‘Hide free regions’ - Strings - Minimum length = 4 then tick Image and Mapped.

Click Filter - contains (case-insensitive)... - And search for stuff like

Autoclicker

Clicker

VeneClicker

Phantom

PixelClicker

7Clicker

nacl

Silent Clicker

Silent


You can also go through the same process by using explorer[Image: ZwTOlIyG0gNEoSb-KdlPKRylh1ny45geBM1mCp7Y...eaeV6lsRYP] instead of dwm


(Clients)


If you’re searching for a Ghost Client go into - (javaw[Image: debQEiBCINSw5P6fInixM4RVdPC8KER3ArKMoJHR...E_yGDEPRoU] - Uncheck ‘Hide free regions’ - Strings - Minimum length = 4 then tick Image and Mapped.

Click Filter - contains (case-insensitive)... - And go through these strings.


VapeV1/V2:

kc*[

YXY[

8Z[YXY*


Demon:

IIIID)V


WetNoodle:

d[<N6

_W_Y=6

YYX#*Z#%*Z#

&.EGO\^ijnoz|

5KPoq


Fusk:

(Lfastcraft/c[Image: clear.png]V


Cracked Vape:

>KRTal

,#I)!


Merge:

YTQBFIXVF

i[JQQI


Kurium:

10/10/40


Misplace Mod/Client:

bEEQ

"IQLw


TrumpClient: 

(>z<

S24d

ZF+N\

Zn)~

%B7:+

i%'Jb

f.Q!

ZRX44

[email protected]

\kOy

WIb~

W}TL1

<r?;

Drek:

ZnVuY18xNDg4MjFfYQ==

bmV4dEVsZW1lbnQ=

ZnVuY184MjE1MF9hag==


These strings will almost always ensure that you find the players Client if it’s one of the clients stated above(Possibly not the Vape Strings) .


More detail will be added as I find more detection methods.
CEO , MangaWorld
ProGrammer Python Script Lua
GERMANY
Lurker
Posts:
4
Joined:
Jun 2018
Likes:
0
Credits:
5
Reputation:
0
#2
Posted: 26-06-2018, 09:15 AM
Very good tutorial.  Very helpful.  10/10 would read again.  8/8 would negate the fate.
Newbie
Posts:
15
Joined:
Jun 2018
Likes:
1
Credits:
15
Reputation:
0
#3
Posted: 28-06-2018, 08:52 AM
Very good and helpful tutorial. Thank you a lot man! Smile
Junior Member
Posts:
58
Joined:
Jan 2017
Likes:
0
Credits:
1
Reputation:
0
1 Year of Service
#4
Posted: 28-06-2018, 01:21 PM
Very good tutorial, very complete and useful for a new trying to be a mod
The last reply on this thread is older than a month. Please do not unnecessarily bump it.
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
1 Guest(s)