Cheat Engine

[jonander50]

Hello everyone. First of all I want to clarify that this tutorial is not intended for users with some level of knowledge, but rather to those who use the WPE in a casual and inexperienced in general. To follow this mini-tutorial with precision is needed before knowing the basics of WPE and its dynamics to a lesser extent, that is, are the packages, differences between serverside / clientside and generally involve the use of modification as a tool WPE and uptake of packages, including the concept Checksum.

Note: All these concepts are very basic and if you do not know, there are some very direct references in the forum to teach you, something essential to provide a "cracking" a certain level in any game. That said, we can start.



The scenario consists of a video game (I have chosen a long-standing, although apparently with good checksums) in online mode, the tool WPE pro (no need to use the Permedit in this case) and a few packets to begin taking references and deduction. Note 2: This is the method I use, if someone can make something else do not hesitate to post it, I'll be very grateful.




I will skip a few obvious steps and I will go straight to the point:


Once inside the game, connected, will come to a merchant and opened its trading window, in this case the game is Neverwinter Nights, a pioneer in role playing and quite used despite its age.

In this case the trade window is:




If we've created a new character, usually will not have much money, so we will try to handle some packets of some cheap object. In this I have 7 gold, where a currency is the cornerstone of play money (no sub-currencies like WoW, for example) and the object "arrow" hard currency, so we can buy 7 arrows consistent with 7 packets, a number quite reasonable when taking patterns and detect checksums.

We open the WPE. Usually there are separate packets, shipping and receiving, linking the client with the server. We filter before these packets for improved detection of buying and selling packets. We selected the process and in an area without players or movement of any kind, give the play icon and started to crawl. The communication packets are usually not many offsets. In this case (after a scan) I have recorded three cycles of round-trip packet communication, as we see, very similar:





I will create a filter that specifically identify these packets and crash. This requires a minimum experience with filters, but if not there, I will detail a bit more graphically each of the parties to the process:


1 First of all we must identify some offsets that are in all the packets we want to block, so we'll save having to use multiple filters at once, which can be annoying or at least more annoying than using one for all. In this case (following the previous picture) we see that all the packets I got started by 4D, which in translation is equivalent to hexadecimal number 77 (you can decofidicar the hex in several languages from here: http://home2.paulschou.net/tools/xlate)

As in this case all packets of the game starting with 4D 4D we ask is that the label is a packet mark and therefore not valid, since if we block all packets whose first serious offset 4D would block the packets also purchase, and we could not buy items, which translates to not receiving packets and therefore can not analyze it, therefore we are not worth it. What we do see is that the offset of each packet 8 also is the number 10 in hex, and this, from personal experience, does not agree with packets of other processes of the game, so we can use.

Now, knowing that the packets that begin by 4D and have 10 in the 8th offset is only that packet communication with the server, I create a filter to block this type of packets (Note: Can not keep the filter turned on for too time since it arrived in a moment, the game would detect the lack of packets sent and received, particularly those that are responsible for it, and we would disconnect message with some related field.)

1 Go to the left column and open the Filters tab

2 Click on a vacuum filter, in this case, Filter 1 and open it.

3 º from the normal mode, we first check the position of the packets that, as mentioned above, the first was 4D and 8 ° was 10, so that the horizontal column linked to SEARCH, in cell 001 write 4D wrote on October 8th. Just below check the box "Block" (This will cause all packets that meet the requirements (in this case 4D in the first and 10 in the 8th) and will be sent or received) and click Apply.





4 After creating the filter as we did (Filter 1) Click on the Filter 1 box being selected, and then on the icon of the ON button, just above the right.


5 º Now is. Now as you can see, by clicking on Start, provided that the correct filter is enabled, will not receive the packets and in this particular example, we will be "decoupled" from the server, provided that the filter enabled.





Let us return to the merchant:


Recalling the scene, had seven gold coins, and each object, in this case arrows, was worth one coin. Before you start to sniff, in this case, try creating a filter to buy items that are not in the store, which gives us a clear advantage. These objects also tend to be objects of frame, inaccessible to players and do not have money, so we get all we want as long as the correct filter is enabled and buy "arrows", as I will explain now without pay. Of course this is not always so, but just being able to access them is a great advantage.

In this case when buying an object we are sending a packet, not an action of which depends on the server at first hand. The server only thing it does is return the packet of acceptance or not to buy gold when it checks the file available from the character of the host, so we look up all the WPE of the three options, File, View and Help. View and click in Option, and deselect all boxes minus the Send and SendTo. Not much to explain about that.

We now have another problem, and are the checksum. We need to identify offsets that regardless of the action is performed, even the same, change.


1 To do this go to the merchant and activating the first filter, we give Play and act and continued to buy three arrows (in this example).

2 Go back to WPE and give to Pause. We'll have a few packets. How to know which are the shopping and what not? As we've said, I bought three arrows, therefore we must find three similar but not identical packets, with an extension and similar offsets. In this case there was no more than the surrounding packets of connection, we have removed through the filter, and I've only received 3 of the purchase, which is very positive, since we will not have to waste time by linking the three similar :





At this point, we know we have three packets not identical, even if the item purchased, the gold used and the dealer, so we must identify that offsets are those who remain identical in the three packets, and thus we can create a filter once identified the offset of money, for example, or the object, without having to decode the checksum, but we must know that offset ensures that function in the offsets that persist in the three packets. We can identify them easily, I personally rip all the offsets of the three packets to the rodeo in red paint and they do not change, such as in this case:





There is something that confirms the presence of 4D in all packets and that these also come without any apparent relationship with the communication packets.



3 ° Now we buy an item several times to get several packets following the steps above, preferably the same price and the like, to go removing variables.

4 identified the persistent offsets in all packets of purchase of the new object

5 Finally, we compare the first object persistent offsets we buy (in this case my arrow) with persistent offsets of the second object. In the event that had the same price, there will be an offset in the entire packet to change, and that the ID of the object. (Later we find the offset that sets the price and change, but we must identiticar more direct things since there are no two same objects with different prices and we can not draw a clear dissonance)

6th Come to the window of the filters and this time we use Filter 2 (the one we already have taken to block the packets of connection). We must have that exact position is the offset marking the ID of the object in question, and place it in the appropriate box depending on your position. Then, go to the horizontal column MODIFY and change to any value, provided in a line, and to receive another object and not a bug that we lock the game in the worst case.

7th activate the filter and return to the game. We bought an arrow see the result. If we placed an existing ID will receive the object reference to that ID, and if not there, just do not receive or give us any error. For added convenience, you can try buying some more expensive items, picking up their ID's, now that we know on which position they are, in this way we save the errors.


Here ends the tutorial for entering the identification and modification of packets. One of the most positive, if not the best, to work with filters is that it completely ignores the checksum manually by not sending packets, which will save us many headaches.

The tutorial may have escape routes, is a method that I've been testing these days after a minimum study of the functioning of the WPE and has given me good results. If anyone has anything to add to complete the tutorial, or correct something, do it! My primary purpose is to disseminate such information and give people the opportunity to learn what she likes. Regards and good luck!

[noko_112]

you know about the IMG tag right?