| View previous topic :: View next topic |
| Author |
Message |
RogueHalo
How do I cheat?
![]() Reputation: 0
Joined: 12 Mar 2013
Posts: 4
|
 Posted: Tue Mar 12, 2013 7:34 am Post subject: Attribute hacking / Exp Loop |
 |
|
Hi there, I have recently been playing around with cheat engine and wpe pro on an mmorpg I have been on for 5 years, it has no anti-cheat protection as far as I can tell the problem I am having that I need help with is attributes on the game, I found the value and I changed it to 9999 as a 4 byte type and it worked! The problem is that it was only a visual change and when I hit "Ok" to reflect the changes it reverted back to the 3 points I had to start with and I have no idea if I can make those changes stick any help on this would be greatly appreciated, also I used wpe pro on this mmorpg, I was able to manipulate the trading windows so on both sides of the trade (Both my view and the other persons view") I can duplicate items I put in there with simple sniffing and resending, the drawback on that is that they are "fake" duplicates and only the original remains after the trade this confuses me but it would be good to use if you we're going to scam someone out of in-game items with fake duplicates of the currency. The third and final thing I need help understanding is the exp loop, I know that someone a very long time ago was able to hack the exp and he could do it to where after you kill something you can resend the exp over and over and you would get an infinite amount making leveling up as easy as just sitting there staring at your character. Thank you for your time and to anyone who helps me 
|
|
| Back to top |
|
 |
daspamer
Grandmaster Cheater Supreme
 Reputation: 54
Joined: 13 Sep 2011
Posts: 1588
|
| Posted: Tue Mar 12, 2013 7:36 am Post subject: |
|
|
Check what writes to that address, and inject it..
_________________
I'm rusty and getting older, help me re-learn lua. |
|
| Back to top |
|
|
RogueHalo
How do I cheat?
![]() Reputation: 0
Joined: 12 Mar 2013
Posts: 4
|
| Posted: Tue Mar 12, 2013 7:42 am Post subject: |
|
|
Inject it with what? And I tried checking what writes to it, it just stays checking with the flashing "stop"
Edit I found this! " 00589847 - 89 91 30030000 - mov [ecx+00000330],edx
00589634 - B9 13000000 - mov ecx,00000013
0058964A - 89 02 - mov [edx],eax" Now what do I inject and how?
|
|
| Back to top |
|
|
SteveAndrew
Master Cheater
 Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Tue Mar 12, 2013 8:29 am Post subject: |
|
|
| RogueHalo wrote: | Inject it with what? And I tried checking what writes to it, it just stays checking with the flashing "stop"
Edit I found this! " 00589847 - 89 91 30030000 - mov [ecx+00000330],edx
00589634 - B9 13000000 - mov ecx,00000013
0058964A - 89 02 - mov [edx],eax" Now what do I inject and how? |
Don't think that by making it into a script it's going to suddenly make it work! You're only changing the value in your client, aka a client sided effect...
However ignoring all that, you asked what to inject and how... That I'll answer... provided it's the first found instruction and not the 3rd, this script should have the same effect as you've seen just by freezing the value.
Basically you need '5' bytes for your hook (you overwrite the code with a jmp instruction which leads to your code, which still uses the original code but does something extra to it [usually] like insert a value into the register that's copying it's value into your desired memory location)
that's why I can only hook the first code you have there, it's the only one which has an instruction length of at least 5 bytes, the third one you will have to look at the disassembly at that address to see the next instruction(s) you have to overwrite to total 5 bytes...
Say you wanted to set the value to 9999 (# before the number to make it read it as decimal, else it's interpreted as hex (what the offsets are displayed as by CE)
Since the instruction your hooking is 6 bytes, after the 'jmp' instruction to your code, you have to put 1 nop... if it was 7 you'd put 2 nops, perfectly 5 and you don't put any etc... If you overwrote more than one instruction you would include it/them after the first instruction ('mov [ecx+330],edx' in this case)
| Code: |
[enable]
alloc(ClientSidedDisplayValueHack,64)
label(DisplayValueRet)
ClientSidedDisplayValueHack:
mov edx,#9999
mov [ecx+330],edx
//more instructions would be here if you overwrote them
jmp DisplayValueRet
589847:
jmp ClientSidedDisplayValueHack
nop
// more nops would be here if the instruction was longer
//overwritten instruction(s) length - 5 == how many nops you need
DisplayValueRet:
[disable]
589847:
mov [ecx+330],edx
dealloc(ClientSidedDisplayValueHack)
|
Also you should use module addresses rather then what you have there, (exename.exe+offset) if show module addresses is checked under ->view in memory viewer you should see them... [Ctrl+M while mem viewer is open]
So that's how you write scripts! Until you get the hang of it, you could use the template CE provides (open auto assembler [Ctrl + Alt + A] then ->Template ->Cheat table framework code, then from the same menu choose -> Code Injection.. and it will set up the script for you with the address you have selected, automatically hook it, figure out how many nops you need, etc)
I'd recommend sticking to offline games for cheat engine! You'll only find something if you get lucky and find an 'exploit' but that is unlikely! Even in a game which you say has no protection, that may be so, there might not be any anti-cheat. But it already is protected even if you don't realize it. Simply by having all important data stored on the server, that is in itself a form of protection 
_________________
|
|
| Back to top |
|
|
RogueHalo
How do I cheat?
![]() Reputation: 0
Joined: 12 Mar 2013
Posts: 4
|
| Posted: Tue Mar 12, 2013 10:48 am Post subject: |
|
|
| Thank you very much for your time and for all that you have told me :] However even if it has stuff stored on the server I still wont give up even if there is a tiny window for success I will keep researching this and find a way. Again thank you so much :]
|
|
| Back to top |
|
|
foxfire9
Advanced Cheater
![]() Reputation: 0
Joined: 23 Mar 2012
Posts: 57
|
| Posted: Wed Mar 13, 2013 12:11 am Post subject: |
|
|
| You need to practice Code Injections and AA Code Scripts, it will help you alot. Try practicing the Cheat Engine Tutorial.
|
|
| Back to top |
|
|
RogueHalo
How do I cheat?
![]() Reputation: 0
Joined: 12 Mar 2013
Posts: 4
|
| Posted: Wed Mar 13, 2013 9:51 pm Post subject: |
|
|
I will thanks! If anyone else is willing to lend me a hand in-game then please do! I would love all the help I can get! The game's title is Shin Megami Tensei: Online
Edit: After reading the in-depth tutorial that soulx` made about code injecting, I can completely understand that SteveAndrew was telling me given that there are a few things that still boggle my mind (Like Module address's) but I get the just of it! The only thing bothering me is how he told me to write the script as it says nothing of that in the code injection tut, I was planning on using the same things soulx` used just with the game clients address's and my value change to see if anything happened but then I read this and now I am confused on which format to use.
|
|
| Back to top |
|
|
foxfire9
Advanced Cheater
![]() Reputation: 0
Joined: 23 Mar 2012
Posts: 57
|
| Posted: Thu Mar 14, 2013 8:16 pm Post subject: |
|
|
Code Injection Scripts = AA Scripts = Lua Scripts
The only difference on those are the Language Codes you input.
To give you a tip there are many ways to create a "Script". These Tutorials gives you an Idea on how you make your own Script.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
