Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


jit compilation

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 57

PostPosted: Sun Mar 11, 2018 11:50 am    Post subject: jit compilation Reply with quote

I'm working with a flash game, which is jit compiled (just-in-time), and for the most part that wasn't a problem when I changed codes, if I did it after the game started (when you are still in a lobby). But now I wanted to change some code that get's used when you logon the game, and so it is already compiled very early, and I guess because of that the code that I try to swap, doesn't affect it anymore... So I guess I should be able to edit the code right after it is downloaded from the website, and before it compiles it... What would be the best way to do this? I've had this issue with another game too.

I notice if I try to edit/open the swf on the fly with ffdec, the code is still identical with the original code... Or would there be somewhere else in memory I could find the other code...

Thanks
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 141

Joined: 25 Jan 2006
Posts: 7491
Location: 127.0.0.1

PostPosted: Sun Mar 11, 2018 1:45 pm    Post subject: Reply with quote

Find and hook Flashes JIT handler and monitor it for the function/code you wish to modify. That way you will handle it as its loaded.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 57

PostPosted: Sun Mar 11, 2018 2:46 pm    Post subject: Reply with quote

atom0s wrote:
Find and hook Flashes JIT handler and monitor it for the function/code you wish to modify. That way you will handle it as its loaded.


Ok, could you provide me with a specific program or link? I googled it but didn't find much. I guess I'll have to rewrite the script I made for the game, but I'm happy there is a solution to this Smile
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 141

Joined: 25 Jan 2006
Posts: 7491
Location: 127.0.0.1

PostPosted: Sun Mar 11, 2018 7:04 pm    Post subject: Reply with quote

Some info on Flash hacking/reversing via JIT hooking:
https://www.blackhat.com/docs/eu-15/materials/eu-15-Pi-New-Tool-For-Discovering-Flash-Player-0-day-Attacks-In-The-Wild-From-Various-Channels.pdf

ActionScript virtual machine src it references:
https://github.com/adobe-flash/avmplus

Another flash hook (inline):
https://github.com/lifeblong/FlashPlayer_InlineHooker

Flash Exploit Detector (has similar Jit hooking)
https://github.com/StGlolry/FED

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 57

PostPosted: Fri Mar 16, 2018 8:52 pm    Post subject: Reply with quote

I read about it now but this is kinda complicated for me, I just made a whole bunch of aobswaps cuz i thought they would give me what I need, but it didn't Sad Isn't there some easy to use program for this jit hooking? :p I find a lot around this but nothing really conclusive, I'd like something I could use pretty quickly...

Also wouldn't it be in a pretty simple way possible to pause/stop the flash process when it's loaded in your memory? So it's not jit compiled then and I could still change stuff before that happens...
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 65

Joined: 06 Jul 2014
Posts: 2015
Location: Arcadian Suburbia

PostPosted: Fri Mar 16, 2018 10:00 pm    Post subject: Reply with quote

You should be more open to learning- there isn't always going to be someone to do things for you.

One alternative would be to use a proxy to swap the swf with a local copy you've modified. There seem to be many beginner-friendly videos on YouTube for you to follow along with.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 57

PostPosted: Sat Mar 17, 2018 4:37 am    Post subject: Reply with quote

ParkourPenguin wrote:
You should be more open to learning- there isn't always going to be someone to do things for you.

One alternative would be to use a proxy to swap the swf with a local copy you've modified. There seem to be many beginner-friendly videos on YouTube for you to follow along with.


I wanna learn, I just got a bit impatient since my game still freezes after I made a lot of aob swaps... That code which protects it is just all over the place so might be better to edit the source if I could change things in the logon. Using an edited swf will most likely not work because of cross domain protection I think.

Just a miss a bit of crucial info on that jit hooking, like do I just compile the source and can I run it with google chrome etc...
Back to top
View user's profile Send private message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 57

PostPosted: Sat Mar 17, 2018 2:18 pm    Post subject: Reply with quote

Now I found a useful link for this https://www.offensive-security.com/vulndev/fldbg-a-pykd-script-to-debug-flashplayer/
It's unclear sometimes what is already jit compiled and what not, I see for some code it works for some it doesn't... but really being able to change everything gives ma good hope Smile Thanks.
Back to top
View user's profile Send private message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 57

PostPosted: Mon Mar 19, 2018 9:30 am    Post subject: Reply with quote

A few interesting facts about this:

- It's something I used to be able to do with the help of a webdebugger, when the code was pretty much as simple as in that (older) sample that I posted here, without all those added protections/loops. I took advantage of that a bit too much I believe, so it's kinda my own fault that it is this hard now and a tough nut to crack... Smile

- I got confused wether I actually modified code that was related to this and that contained the instructions (and protecting code with it), or that I couldn't reach that code cuz it's already jit compiled... It's confusing cuz when I applied my code at first it froze my game, which would make you believe it actually modified it, and same kept happening when I modified other related codes to this. However it still didn't work and when I tried to change a small text, a pushstring in the same page of code (from the decompiled flash); it didn't work so I assume that was jit compiled already and exists in other bytecode...

- I wonder how difficult (or not) it might be to find the right values/code u need, with this jit hooking technique, since it's not like when u got the src and u can just look it all up. I'm working on it now but already facing obstacles just to run windbg with a python mod/script.

- It could become a lot easier if I could some specific code or variables that contains the key to use that function to post certain messages... If I modify the right values it probably goes through all those loops that check if you have the right privileges to use that function...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites