 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
sponge cake recipe
Grandmaster Cheater Supreme
![]() Reputation: 22
Joined: 24 Sep 2007
Posts: 1635
|
 Posted: Mon Nov 24, 2008 5:48 am Post subject: CE Name Spoofer? |
 |
|
I play Urban Terror but unfortunately the game blocks spaces and any ascii (pretty much anything that's not on your keyboard).
I was wondering if there is any way with the "Text" scan, that I could add symbols in my name so that other people in the server could see. Any help appreciated. Thanks in advance.
|
|
| Back to top |
|
 |
OSIRIS
Grandmaster Cheater
![]() Reputation: 0
Joined: 27 Aug 2006
Posts: 654
|
| Posted: Mon Nov 24, 2008 7:03 pm Post subject: |
|
|
Enable NumLock and pust ALT+0173.
That is a space and used to be used in MapleStory to bypass the swear filter.
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Thu Nov 27, 2008 3:26 pm Post subject: Re: CE Name Spoofer? |
|
|
| WhosWhoOfHoosville wrote: | I play Urban Terror but unfortunately the game blocks spaces and any ascii (pretty much anything that's not on your keyboard).
I was wondering if there is any way with the "Text" scan, that I could add symbols in my name so that other people in the server could see. Any help appreciated. Thanks in advance. |
Interrupt the text packet sent and alter the text to bypass the filter, then let it go.
You will see it as the original word you typed, but anyone else will see it differently. * Keep in mind you need to do this fairly quickly, so practice it on messengers first then do it for the game. If you take too long you get timed out connection to game server.
Here is a tutorial i did using Ollydbg and trillian.
Interupting packets with ollydbg and altering text.
--------------------------------------------------------------
First attach to the target. In this case it was Trillian messenger.
Press play to have a running process in olly as it is paused once you attach.
Type hello in trillian and do not push "Send" just yet.
Set a break point on send of a packet "bp send"
Now go to trillian and press "send"
You will break in olly,
Use step method to step the code (F and keep an eye open in the "pane window" for your message.
When you see it, right clickand follow it in "dump"
Now in the dump window you can change this message to any 5 letter word you want. I did it to fucko as you can confirm in this logged chat.
Hello
Hello Edited
What final looks like in dump.
Now what you do is remove the break point and press play on ollydbg to unpause the process.
* What you see in messenger window is not what the client will see. You will see hello, but they will see fucko.
There you have it, hope this helps others out.
Conversation to confirm packet change:
----------------------------------------------------
[19:44] £àߥ®ñtħ™: hello
[19:44] AFakeGun: its regular
[19:44] £àߥ®ñtħ™: ok now wait,
[19:45] £àߥ®ñtħ™: hello
[19:46] AFakeGun: what
[19:46] £àߥ®ñtħ™: what you seen ?
[19:46] £àߥ®ñtħ™: after ok now wait,
[19:46] AFakeGun: i seen "fucko"
[19:46] £àߥ®ñtħ™: lol, it works then lmfao
[19:46] AFakeGun: ok but id ont get it
[19:47] £àߥ®ñtħ™: i interupted the packet sent from me saying hello and changed it to fucko
[19:47] £àߥ®ñtħ™: with ollydbg 
[19:47] AFakeGun: cool
[20:04] £àߥ®ñtħ™: hello
[20:04] £àߥ®ñtħ™: hello or fucko ?
[20:04] AFakeGun: [21:05] £àߥ®ñtħ™: fucko
[20:04] £àߥ®ñtħ™: lol
[20:05] £àߥ®ñtħ™: what time you got ?
[20:05] AFakeGun: my time?
[20:05] £àߥ®ñtħ™: yep
[20:06] AFakeGun: 9:07
|
|
| Back to top |
|
|
sponge cake recipe
Grandmaster Cheater Supreme
![]() Reputation: 22
Joined: 24 Sep 2007
Posts: 1635
|
| Posted: Sat Nov 29, 2008 3:05 am Post subject: |
|
|
Nice thanks alot, I'll download ollydbg and give it a try.
Just btw I have no knowledge of the program or hex so... This might be difficult for me. Could you do the same with WPE pro?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25839
Location: The netherlands
|
| Posted: Sat Nov 29, 2008 8:12 am Post subject: |
|
|
Can also be done with ce.
Set a bp at send
then on bp memory browse to esp+8
go to the address stored at that location (4 byte)
and then scan that string for the text and change it
or just a code injection at send that scans the data buffer for the text hello and change it to fucko
Got bored so just had to do this:
| Code: |
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
label(repeat)
label(repeat2)
label(nomatch)
label(nomatch2)
label(endofroutine)
alloc(texttoscan,5) //non 5.4.4
alloc(texttoreplacewith,5)
define(stringlength,5)
texttoscan:
db 'hello'
texttoreplacewith:
db 'fucko'
ws2_32!send:
jmp newmem
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
//start off with a stackframe
push ebp
mov ebp,esp
//lets save the used registers
push eax
push ecx
push esi
push edi
mov esi,[ebp+0c] //buffer (I might have said esp+8 in the post, but due to the added stackframe(push ebp), it's all shifted 4 bytes)
mov edi,texttoscan
mov ecx,[ebp+10] //length of buffer
cmp ecx,stringlength
jl endofroutine
sub ecx,stringlength-1
repeat:
//edit: because 5.4 doesn't support cmp byte [esi],'t' I have to do it different than in 5.4.4
push ecx
mov ecx,stringlength-1
repeat2:
/*
sure, it compares from the back to front, but as long as it checks it's a match
I don't care
*/
mov al,[esi+ecx]
cmp al,[edi+ecx]
jne nomatch2
loop repeat2
//still here, so a match
push esi
push edi
mov edi,esi //I want the found buffer to be the destination, not source
mov esi,texttoreplacewith
mov ecx,stringlength
rep movsb //move the byte stored at [esi] into [edi] ecx times (so move texttoreplacewith to the found string
pop edi
pop esi
nomatch2:
pop ecx
nomatch:
inc esi
loop repeat
endofroutine:
//undo any register change
pop edi
pop esi
pop ecx
pop eax
/*
undo stackframe. Ok, in this situation the stackframe of the original function
could have been used, but I try to keep it understandable to readers.
*/
mov esp,ebp
pop ebp
originalcode:
mov edi,edi
push ebp
mov ebp,esp
exit:
jmp returnhere
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Sat Nov 29, 2008 12:56 pm; edited 2 times in total |
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Sat Nov 29, 2008 10:25 am Post subject: |
|
|
Oh, now thats nice DB.
-----------------------
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sat Nov 29, 2008 7:28 pm Post subject: |
|
|
whoa didn't know you could do this "ws2_32!send:"
sweet shit.
|
|
| Back to top |
|
|
sponge cake recipe
Grandmaster Cheater Supreme
![]() Reputation: 22
Joined: 24 Sep 2007
Posts: 1635
|
| Posted: Sat Nov 29, 2008 8:51 pm Post subject: |
|
|
Wow nice, thanks alot. Now to learn to do any of it...
Can anyone link me to a good tutorial that teaches you that, because I'm not going to let that go to waste.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
