AyakaNTEBypasser - NTE Signature Bypass 1.1.1a

A Mod for Neverness to Everness
Overview Updates (4) Reviews (9) History
AyakaNTEBypasser - NTE Signature Bypass Mod Preview Image

AyakaNTEBypasser
NTE Signature Bypass · Made by AyakaMods & Senku Aoki


> Join NTE Modding Discord Server <
https://discord.gg/ZE3DAAWu85


What is this?

AyakaNTEBypasser is a lightweight runtime patcher for Neverness to Everness that neutralises the game's built-in signature verification check. Without this bypass, the game detects modified or injected assets and refuses to load them. This tool patches a single function in HTGame.exe At startup, no game files are modified on disk.


How it works:

The bypass is injected as a .asi DLL via any standard ASI loader. On attach it:

  1. Checks the host process name, exits silently if it is notHTGame.exe, leaving crash reporters and launchers completely untouched
  2. Scans the loaded module for one of six known byte patterns that identify the signature verification function across game versions
  3. Follows the relative jump from the matched pattern to the actual check routine
  4. Writes a three-byte patch (MOV AL, 1 / RET) that forces the check to always return success

The entire operation completes in under one second and leaves no permanent changes to the game installation.


Stealth features:
  • PEB unlink: the module is removed from all three Windows loader lists (InLoadOrder, InMemoryOrder, InInitializationOrder) so module enumeration tools cannot see it
  • The header erases: the PE/MZ header page, which is zeroed in memory after injection, removing the on-disk signature from any memory scan
  • Compile-time string encryption: all sensitive strings (process name, log filename) are XOR-encrypted at compile time via a constexpr template and only decrypted at runtime
  • No debug symbols: Release builds ship with no PDB and no debug information


Multi-version pattern support:

The patcher carries six independent byte patterns covering different builds and updates of NTE. If the game updates and shifts the function, it will automatically fall through to the next pattern. When a match is found, the pattern number and resolved address are written to the log so you can verify it is working.


Installation:
  1. The Bypasser must be installed in the following folder C:\Program Files\Neverness To Everness\Client\WindowsNoEditor\HT\Binaries\Win64\
  2. The mod installed here: C:\Program Files\Neverness To Everness\Client\WindowsNoEditor\HT\Content\Paks\
  3. Create a ~mods folder and put it in the mod files.


Requirements:
  • Neverness to Everness (PC, HTGame.exe)
  • An ASI loader compatible with the game executable
  • Windows 10 / 11 x64
  • Visual C++ Redistributable 2026 (x64)


Upload Permission:
  • You are strictly forbidden from uploading this file to any other website.



Changelog:
  • Updated installation for beginners to understand. Thanks to @Gnaman77 for making installation better!

Credits by me (Senku Aoki)


AyakaNTEBypasser is provided for modding and preservation purposes.
This tool does not interact with any online services or other players.
  • Like
Reactions: smurfly, yaqwalker32, garychan9 and 10 others
31.1 MB
Log in or sign up to download
Uploaded by
Senku Aoki
Downloads
4,541
Views
43,347
First release
Last update
Platform
PC 
Version
1.1.1a
Total Size
31.1 MB
Rating
5.00 star(s) 8 ratings

Uploaded by

Senku Aoki
Senku Aoki
Creator
  • 4,541
  • 43,347

Ratings

5.00 star(s) 8 ratings

Tags

There are no tags available.

More mods from Senku Aoki

  • Snowbreak Decensor Mod

    PC Snowbreak Decensor

  • No Camera Fade & No Transparency Cull (Beta) Mod

    PC No Camera Fade & No Transparency Cull (Beta)

  • Mint Swimsuit Jacket Removal (+ Brown Skin Variant) Mod

    PC Mint Swimsuit Jacket Removal (+ Brown Skin Variant)

  • Mint Regular Outfit Replaced with Swimsuit (+ Brown Skin Variant) Mod

    PC Mint Regular Outfit Replaced with Swimsuit (+ Brown Skin Variant)

  • Neverness to Everness - HT INI Config File Decryptor Mod

    PC Neverness to Everness - HT INI Config File Decryptor

Share this mod

Latest updates

  1. v1.1.1a - README.md the installation updated

    The installation of README.md has been updated and corrected.

  2. v1.1.1 - False Positive Fix + Improved Detection Dialog

    Fixed: Fixed game closing silently with no pop-up for users running applications such as the...

  3. v1.1.0

    Fixed: Fixed startup crash when certain background processes were present. Fixed Security...
Read more
Senku Aoki

Senku Aoki

Admin
Staff member
Admin
Uploaders
Modder
Members
Mar 10, 2018
6,600
30,069
angrywater said:
Understood, thanks for the clarification.

I only shared those links because the binaries are open-source and their source code is publicly available on GitHub, which made them easier to verify on my side. I also noticed that the current .asi file consistently triggers Malware.AI detections across multiple scanners after extraction, so I thought it was worth mentioning for transparency.

I’m not making any claims about intent or safety here — just sharing my observations and the reason why I personally felt more comfortable referencing open-source alternatives.
Click to expand...
Those Malware.AI flags come up on anything that’s been packed or obfuscated, the scanners don’t know what the code does, they just see something unusual and flag it. None of them are pointing to an actual threat, just heuristics firing on the protection layer itself.

The reason it’s closed source and protected isn’t to hide anything shady. It’s pretty simple: the moment the bypass is public, it’s a matter of days before it gets patched. Happened to other loaders before. Keeping it protected buys time and keeps mods working longer for everyone.

If you’re more comfortable with the open source alternative, totally get it. Just know the stealth side won’t be there. It's up to you.
 
Senku Aoki

Senku Aoki

Admin
Staff member
Admin
Uploaders
Modder
Members
Mar 10, 2018
6,600
30,069
angrywater said:
Understood, thanks for the clarification.

I only shared those links because the binaries are open-source and their source code is publicly available on GitHub, which made them easier to verify on my side. I also noticed that the current .asi file consistently triggers Malware.AI detections across multiple scanners after extraction, so I thought it was worth mentioning for transparency.

I’m not making any claims about intent or safety here — just sharing my observations and the reason why I personally felt more comfortable referencing open-source alternatives.
Click to expand...

You have reported this mod,
Hello,

I would like to report a potential security concern regarding a mod loader currently being distributed on this platform.

After extracting the provided archive, the file `AyakaNTEModLoader.asi` is consistently flagged by multiple malware scanners, including Malwarebytes under the detection name `Malware.AI`. This behavior is reproducible both locally and through online scanning services.

I understand that game mod loaders and injection-based tools can sometimes trigger heuristic detections, so I am not making direct accusations of malicious intent. However, several aspects raised concern for me as a user:

* The distributed binary is closed-source and cannot be independently verified.
* Open-source alternatives exist which appear to provide similar functionality without triggering the same detections.
* Attempts to share those verifiable alternatives in discussion were removed.
* Earlier versions reportedly included checks against development/debugging tools such as `devenv.exe` (Visual Studio), which may indicate anti-analysis behavior.

Again, I am not claiming definitive malware activity without deeper reverse-engineering analysis. I simply believe the situation deserves review from a platform safety perspective, especially since users may not fully understand the risks of executing unsigned closed-source binaries with injection capabilities.

Thank you for your time and consideration.
Click to expand...

I am the owner of AyakaMods and one who made this mod loader. You can see I am an Admin.

1. VirusTotal detections
These are heuristic false positives from the binary protection layer, not actual malware. ESET's detection literally reads "Win64/Packed Suspicious Application", it is detecting the packer, not a threat. None of the 16 flagging engines identifies a specific known malware family.

2. Closed source
The binary is protected to prevent the bypass method from being publicly exposed. The moment the technique is open, it gets patched by the game developers within days. This has happened to other mod loaders in this space. Closed source protects the modding community's ability to use mods long-term.

3. Alternative links removed
Those links were removed because they were posted as a direct alternative in a discussion thread about this mod, not because they were open source. Standard moderation, not suppression.

4. devenv.exe check
This was a pre-launch popup warning with a Retry button, it did not silently block anything. It was removed in v1.1.0 after community feedback. Describing this as "anti-analysis behavior" misrepresents what it did.
 
Altrnt

Altrnt

Members
Members
Jun 7, 2025
0
1
all characters im using mods for are invisible in game. what could the problem be? mods are clearly "loading" but no assets load in.


UPDATE - iv gotten the mods to work basically one at a time? whichever character I have selected when logging in (IE whoever I am controlling when I logged out of the previous session) will have modded attire loaded. all others are invisible in game, but modded attires are visible in character menu.
 
Last edited:
GentleLight8758

GentleLight8758

AppealingBasedGames
Members
Jun 2, 2025
0
2
Altrnt said:
all characters im using mods for are invisible in game. what could the problem be? mods are clearly "loading" but no assets load in.


UPDATE - iv gotten the mods to work basically one at a time? whichever character I have selected when logging in (IE whoever I am controlling when I logged out of the previous session) will have modded attire loaded. all others are invisible in game, but modded attires are visible in character menu.
Click to expand...
disable the transparency mod. That one needs an update.
 
m16v123

m16v123

Members
Members
Jul 8, 2025
0
0
I updated to v1.1 along with game update 1.0.19, but everytime I launch the game, the AyakaNTEModLoader.asi is deleted from the Win64 folder. How do I fix this?
 
GentleLight8758

GentleLight8758

AppealingBasedGames
Members
Jun 2, 2025
0
2
m16v123 said:
I updated to v1.1 along with game update 1.0.19, but everytime I launch the game, the AyakaNTEModLoader.asi is deleted from the Win64 folder. How do I fix this?
Click to expand...
I'm no expert so you can wait for an official reply... but if you want to try something, right click on the asi file and go to properties and set as "read only." I'm thinking this might help.

Also, make sure your anti virus isn't deleting it.

Ensure you have Visual C++ Redistributable 2022/2025 x64 installed.
 
R

ralkey

Members
Members
May 4, 2026
0
2
After updating to 1.0.19, the game crashes on launch. Is this an issue with the sig bypass or a mod?
 
angrywater

angrywater

Members
Members
May 15, 2026
0
1
Senku Aoki said:
You have reported this mod,


I am the owner of AyakaMods and one who made this mod loader. You can see I am an Admin.

1. VirusTotal detections
These are heuristic false positives from the binary protection layer, not actual malware. ESET's detection literally reads "Win64/Packed Suspicious Application", it is detecting the packer, not a threat. None of the 16 flagging engines identifies a specific known malware family.

2. Closed source
The binary is protected to prevent the bypass method from being publicly exposed. The moment the technique is open, it gets patched by the game developers within days. This has happened to other mod loaders in this space. Closed source protects the modding community's ability to use mods long-term.

3. Alternative links removed
Those links were removed because they were posted as a direct alternative in a discussion thread about this mod, not because they were open source. Standard moderation, not suppression.

4. devenv.exe check
This was a pre-launch popup warning with a Retry button, it did not silently block anything. It was removed in v1.1.0 after community feedback. Describing this as "anti-analysis behavior" misrepresents what it did.
Click to expand...

Thanks for the clarification and detailed response.

I want to clarify that my original concern was mainly based on the repeated malware detections after extraction, combined with the fact that there are open-source alternatives providing similar functionality without triggering the same warnings on my side. From a user perspective, that naturally raised some security concerns for me.

I was not trying to accuse anyone of intentionally distributing malware or damage the project. At the time, I also did not realize you were both the developer and the site owner/admin.

The reason I shared those links originally was simply because I personally tend to trust software that can be independently verified through publicly available source code. If another implementation achieves similar results while avoiding AV detections, my instinct is usually to compare approaches and understand the difference.

I still think users should be aware that the loader may trigger malware warnings depending on the protection/packing method being used, but I appreciate you taking the time to explain your reasoning and the background behind the design choices.

No hard feelings on my side, and I don’t intend to continue the argument further.
 
Top Bottom