Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


XOR encryption

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
ionut_baluca
Cheater
Reputation: 0

Joined: 08 Jan 2016
Posts: 26
PostPosted: Tue Feb 24, 2026 10:43 am    Post subject: XOR encryption Reply with quote
Hey guys, how do you deal with XOR encrypted values? Games have evolved a lot, and certain games can't be fooled with increase/decrease scans. Also they generate a lot of false addresses and values to make it hard to narrow the searches with changed/unchanged. Are there any tools that might help with xor encrypted values?
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 98

Joined: 14 Jul 2007
Posts: 3360
PostPosted: Tue Feb 24, 2026 12:49 pm    Post subject: Reply with quote
You can either grab the key an use it, or implement null-key encryption.
The latter is better because you can then see all values unencrypted.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 153

Joined: 06 Jul 2014
Posts: 4740
PostPosted: Tue Feb 24, 2026 3:41 pm    Post subject: Reply with quote
If you've already found the value(s) through changed / unchanged scans and know for certain that the values are stored in memory obfuscated by an xor operation with a key, then it shouldn't be that hard to make a custom type for them. Most games I've seen that tried this stored the key next to the value in memory, making this easy to create a custom type for.

Aside from xor obfuscation, there's a million other reasons why increased / decreased scans might not be working for you.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
ionut_baluca
Cheater
Reputation: 0

Joined: 08 Jan 2016
Posts: 26
PostPosted: Wed Feb 25, 2026 10:52 am    Post subject: Reply with quote
Quote:
If you've already found the value(s) through changed / unchanged scans and know for certain that the values are stored in memory obfuscated by an xor operation with a key, then it shouldn't be that hard to make a custom type for them. Most games I've seen that tried this stored the key next to the value in memory, making this easy to create a custom type for.

Aside from xor obfuscation, there's a million other reasons why increased / decreased scans might not be working for you.


Well no, that's the problem, this game seems very protected and generates thousands of values with changed/unchanged(for resources only, the battle stats for example are exact type doubles). Can't narrow down from 1200+ values, and selecting multiple of them and freezing crash the game and I have to start over again. That's why I'm asking myself if there are any tricks to deal with XOR encrypted values.

Quote:

You can either grab the key an use it, or implement null-key encryption.
The latter is better because you can then see all values unencrypted.


Yeah but that means finding the key first of all. I'm asking if there are any methods/plug-ins that help on that matter. If I'm not wrong there is such a tool on mobile games, but looks like there is nothing on Cheat Engine to help on that matter so far.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 153

Joined: 06 Jul 2014
Posts: 4740
PostPosted: Wed Feb 25, 2026 2:08 pm    Post subject: Reply with quote
ionut_baluca wrote:
this game seems very protected and generates thousands of values with changed/unchanged
That's not unusual. Hanlon's razor could be applied to this: the game is more likely unoptimized than protected.

ionut_baluca wrote:
That's why I'm asking myself if there are any tricks to deal with XOR encrypted values.
My point is that you don't know the game is obfuscating values by using the xor operation. There's a million other things the game could be doing. It might not even be intentional: I've seen interpreters that treat every value as a constant and reallocate them to a new memory location on each mutation.

There is no good way for anyone to answer your question. In the simplest case, maybe you made a mistake when scanning or are doing something that causes the game to reallocate memory for the value (e.g. moving items in the inventory or changing levels may cause this).

Asking someone else to hack the game for you is the easiest option you have. Game requests aren't handled on these forums anymore; do so on some other site:
https://forum.cheatengine.org/thirdparty.php

If you really want to do it yourself, changed / unchanged is usually the goto. With enough experience, you can usually tell what type the value is by looking at its 4-byte / 8-byte integer representation- e.g. "random" data like you'd see with xor obfuscated values looks different from pointers or floats. If/when that doesn't work out, analyzing code is the next thing. Games run on a VM (e.g. dotnet) can usually be decompiled or at least have plenty of debug / reflection info that can be used to figure out what's going on. If it's statically compiled, maybe you can use ultimap / code filter to search for code, or find related values and start looking at the code near accesses to those values.
There's also weirder things you can do that might work. e.g. in the aforementioned interpreted game that reallocated values on mutation, I abused the pointer scanner to search for values and found a non-static pointer to the value I wanted (after value scanning and decompiling the game didn't work out).
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 98

Joined: 14 Jul 2007
Posts: 3360
PostPosted: Wed Feb 25, 2026 2:29 pm    Post subject: Reply with quote
Are you guys familiar with BTD6? There's a reason why it will slow down as you get more and more bloons on the screen Wink
They had the most sophisticated data protection I've seen so far - they may even have it today - until it was broken so cheaters ruined the game for everyone else.
I left that game behind.
The game internally uses doubles and they are all encrypted using one of 20 random (double) XOR keys.
They have a class called Konfuze managing each game variable and a set of the 20 xor keys along with an index of the key to use.
So, when you'd have a declarations like
Code:
int damage;

they declare it as
Code:
Konfuze damage;

The Konfuze class re-generates the 20 XOR keys and picks one to encrypt the values either when the value changes, or when a timer expires.
This gave a pretty good protection to BTD6 for a while.
However, once you tap into the code and enable the null-key encryption, all values gradually become unencrypted doubles. Do it in the executable code and all values will be unencrypted already at launch.
Great idea that turned to shit and ruined the entire online experience.
Anyhow, this is just to show you devs find creative ways trying to hide stuff, but once the genie is out of the bottle, they can't put it back.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites