| View previous topic :: View next topic |
| Author |
Message |
comon1234
How do I cheat?
![]() Reputation: 0
Joined: 12 Mar 2012
Posts: 3
|
 Posted: Mon Mar 12, 2012 11:05 pm Post subject: How to hack the "state" of the game? |
 |
|
Hi everyone, I have a doubt about hacking the state of the game. The state may be difficult to find, because of reasons below:
1. It isn't just a binary state.
2. You don't know whether it is increasing or not.
3. Nor do the data type.
For example, the hero of the game may have 3 state: sit, walk and run. Of course you can switch your state any time you are in the battle field. But system prohibits running in the downtown. The problem is how to hack the state in order to break the system's restriction.
Please give me some hints. Thanks a lot.
|
|
| Back to top |
|
 |
Freiza
Grandmaster Cheater
 Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Mar 13, 2012 3:34 am Post subject: |
|
|
States may be expressed as Enumeration data type.
Or it may be 3 different functions.
Scan When you are sit then rescan for run. This way you will come to some address. Try to reverse it.
Btw, What is the name of the game?
_________________
|
|
| Back to top |
|
|
comon1234
How do I cheat?
![]() Reputation: 0
Joined: 12 Mar 2012
Posts: 3
|
| Posted: Tue Mar 13, 2012 4:16 am Post subject: |
|
|
| Freiza wrote: | States may be expressed as Enumeration data type.
Or it may be 3 different functions.
Scan When you are sit then rescan for run. This way you will come to some address. Try to reverse it.
Btw, What is the name of the game? |
The "game" I talk about just a simplified model that can let us focus on the general method to hack it. Maybe it doesn't exist.
Generally, steps of your solution are:
1. Make the hero sit in the game, scan(rescan) "1" in byte form.
2. Make the hero run in the game, rescan "2" in byte form.
3. If the CE comes out a few address, mark them down and go to the NO.4 step. If not, go to NO.1 step(Should I change the way I scan?).
4. Make the hero's "state" change, sit->run, walk->run and so on. In the meanwhile, observe the values of memory in the addresses we marked down. If it changes as the "state" do, so here we find it. If not, go to the NO.1 step, and never mark down the addresses proved "fake".
Are they correct? Thanks a lot.
|
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Mar 13, 2012 7:15 am Post subject: |
|
|
Search for unknown values instead of specific literals like(1,2 etc).
When you are having less addresses. Do memory on access. And see you can somehow correlate the codes with your situation. If yes then you are done. Else pick another address and try analysing it.
_________________
|
|
| Back to top |
|
|
comon1234
How do I cheat?
![]() Reputation: 0
Joined: 12 Mar 2012
Posts: 3
|
| Posted: Tue Mar 13, 2012 9:18 am Post subject: |
|
|
| Freiza wrote: | Search for unknown values instead of specific literals like(1,2 etc).
When you are having less addresses. Do memory on access. And see you can somehow correlate the codes with your situation. If yes then you are done. Else pick another address and try analysing it. |
That sounds right. Maybe the "states" are stored in another form such as bitset. Thanks.
|
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Mar 13, 2012 10:18 am Post subject: |
|
|
| comon1234 wrote: | | Freiza wrote: | Search for unknown values instead of specific literals like(1,2 etc).
When you are having less addresses. Do memory on access. And see you can somehow correlate the codes with your situation. If yes then you are done. Else pick another address and try analysing it. |
That sounds right. Maybe the "states" are stored in another form such as bitset. Thanks. |
Usually they are stored as pointers. So you can also try 4byte for pointers.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
