Have you ever participated in the creation of cheats or bypasses for software/games?

All the time.

What's a Sup Forums approved RE book?

Yes.

One of the most distinct things I remember doing was hacking the animation files for the ragnarok online game to remove all battle animations. Since the only cooldown was enforced clientside, you could effectively use abilities as fast as you could press them this way. (Rather than at the rate enforced by your animation speed)

I didn't abuse it to the utmost because that would have been way too obvious, but I used it to slightly push the envelope of what would otherwise have been possible.

>nodelay
that shit alongside with WPE PRO usage was fucking terrible, when did they even fix it?

I once changed a jnz to jmp in the serial key check of a shitty shareware game and posted the exe to mininova.

Good times.

yes, github.com/McSwaggens/AimTux and some other shit

VAC on Linux is literally non-existent, anything ring0 goes through so you don't even have to understand how VAC works.

arma is terrible

I made cheats using TSearch for Battlefield 1942 back in the day.

Literally 2 minute pasting from uc

Wait for -rep fagit

>>>/reddit/

Which tools do you guys recommend? Olly + CE?

Olly + IDE
CE is okay I guess, most things detect it so I don't really see an use unless you've bypassed the security method the software/game is using.

>mfw cheated on a FOSS multiplayer game so hard that the next game became closed source

source: my ass

IDE or IDA? I heard that CE is good to identify structs and such, that's probably the thing I have most trouble with.

>Sup Forums
>intelligent enough to read
Half these impoverished ESL fucks couldn't spell book 5 years sgo

>inb4 south Korean honeypot

Yall niggaz goin to jail.

There is no such thing, just try it until you get it.

Yes, probably for longer than some of the posters here have been alive.

I've done numerous things over the years on my own and with others internationally including software cracking, reverse-engineering, cryptanalysis, and vulnerability discovery and exploit development in a range of sophisticated hardware and software setups from games consoles to FIPS 140-2 Level 4 embedded systems.

I am now retired, but I plan to reverse something maybe over this Christmas period for nostalgia's sake.

I consider cheating in online multiplayer games to be unsporting and I won't do it anymore - the last time was during a closed alpha with the developers' explicit permission.

There is no substitute for your own interest and experimentation, but there are plenty of good learning resources around nowadays. Try beginners.re/ (RE4B), as well as some of the older texts from the late +Fravia and +ORC for an idea of the kind of attitude (or alcohol) you might need to bring to the more advanced stuff.

Olly was great for a while but it's getting decidedly rusty now and it only works for 32-bit code (the 64-bit version is not progressing quickly). Using it now is a bit like trying to use SoftICE 15 years ago: you'll keep finding things it's not good at.

Try some more modern tools like x64dbg and radare2 - or the old standby IDA Pro, which is still my favourite when deadlisting.

shame they patched it, that exploit was hilarious

Early GTA IV console mods,
Wrote a few moderkillers as well as custom mods/spawn lists for people.
Before the age of scripting.

I wish x64dbg had better function call analysis, that's the only reason why I'm still using Olly for 32-bit.

The plugins I've tried don't come even close.

...

>boo hoo I can't buy reverse engineering skills from amazon.com back to Sup Forums you go
fuck off

I reverse engineered Illusion-Hacks' software and blew them the fuck out a week ago

I use gdb and scanmem

>reverse engineering
>cheating
>hacking

You need to be at least 18 years old to post here.

Well it depends on what you're doing. I don't find it substantially worse or better, but I agree it is a little easier to jump around in Olly.

Tip: If you want to figure out what changed between two versions of something (e.g. looking at a new feature, protection, whatever), then Zynamics BinDiff is the right way to go - and since Google acquihired them, they released it for free. zynamics.com/software.html

He's not wrong though, for a modern protection such as xigncode or VAC, most of the time spent is not making the "whatever term you use for TOS breaking modifications that give you an unfair advantage", but rather decompiling and observing how the anticheat functions and what it exactly does.

But good contribution to the thread user, always helpful as ever.

>xigncode
That shit is straight up malware, I remember some guy got so upset at how it worked that the made a fully functional emulator of it, that still works to this day and is open source.

>But good contribution to the thread user, always helpful as ever.
Ignore him, he's just salty there's an actual thread about technology on Sup Forums

>but rather decompiling and observing how the anticheat functions and what it exactly does.
Are there any good articles detailing examples of how anticheat software in past games has worked? I do wonder what exactly they're doing, and in particular how anticheat compares to e.g. DRM.

Does BinDiff work with my cracked version of IDA (6.8)? Radiff2 was quite ok when I needed to do that sort of thing.

>Are there any good articles detailing examples of how anticheat software in past games has worked?
Most are possibly buried in time, I remember there being a professional assembly engineer doing studies and articles on VAC3, but he removed everything after apparently steam started using his data to patch out holes and such, as he seemed to quite enjoy making lods of money from it.

Which is Sup Forums more comfortable with, external or internal?

anyone remember this meme?

hello Barclay

Yes.

Yeah, when the original crysis launched without anticheat I edited the unchecksummed client-side config files so I'd run around at 500 mph and shoot nukes out of my pistol in MP.

It was pretty fun for a few days. It's been a long time so I assume I got tipped off about it by... someone or something, maybe just another "hacker"

end ur life
t. namefag

noice

Delete this.

Or valve will fix it.

Can anyone explain basically how farming bots work in runescape?
Seeing as the map is static is it just simple commands to hit tree a / b / c till inventory is full then deposit in bank a * closest* ?

I played metro with the invincibility cheat on because I was bad at it.

mate runescape is dead, get over it :^)

this shit gets cloned 1234 times a day, valve knows about it

Writing scripts for a bot is really easy, it is one of the first things I programmed.
Writing the client is much harder.

Oh alright.

I might try hacking then with a friend's account lol

lol XD

Give example Pseudo code please ?

No

>playing cs 1.back in 2002/2003
>only 12 years old at the time
>get mildly interested in programming/decide to make a wall hack
>make a really shitty wall hack where only the walls were transparent but everything else still had it's original shading
>lose interest in programming
>next time i try my hand at it is when i had to in college in 2011
if only i stuck with it maybe i'd have a decent paying job now.

>also reverse engineered (if you could even call it that) thousands of shitty "free gold just input ur pass and username" software email + password combinations
kek i had a form like that hosted on some free website and domain. i made the mistake of having a game account registered under that email, but i only used that account to transfer items to my main account, i.e. middle man account, so i didn't lose much.

motivated by personal reasons or a manager being too stingy to buy the full version?

>make a living selling code to chinese

where could you possibly live to make the economics of this viable?

Xigncode3 is no joke to bypass, shit searches trough pretty much everything and is as intrusive as malware when it comes to accessing and looking into files (everything you've touched on the computer in the last 2 days is searched, decompiled, string searched, blacklist checking, byte and function overlooked and a bunch of other garbage), and there's entire "companies" in china dedicated to gold farming and selling trough the usage of illegal software/modifications who pay huge amounts of money per every update to keep their shithouse bots and miners working.

kys faggot

>I have done your mother

>VAC on Linux is literally non-existent
negro que

Can't be. The source is closed faggot.

not really a cheat per-se, but yesterday in an attempt to remove the 60fps cap on a game, the game just sped up overall
since it's an RPG, you could use it to farm xp/money in less real time, so there's that. wasn't the intention, though

Fun hint: Look for any cutscenes, main menu or any sequence that runs in 60 fps for babbies first 60fps entrance

entrance? what do you mean?

i am new to this, i did a bit of reading into how fps limiting is done in opengl (it's an opengl game), and tried to identify code that might correspond with it using IDA, but it is largely over my head
i ended up pretty much guessing which value to alter

the intro cutscene is prerendered video (which plays normal speed), and in-game cutscenes are VN-like

the game does actually render more than 60fps with a higher value, so maybe there's something else i can do to get the desired result

-- oh, and if you mean the game alternates between 60 and say, 30 fps, then no, it's 60fps all the time, even during videos it's outputting 60fps (though the video itself isn't)

...

interestingly, it does do vsync, and will go below 60fps

>medium/low settings
yes it is

game's badly optimized, no point in trying to go higher

Yes. Although I originally had a different approach when crafting, I used a program to record my mouse actions as a "lap" and let the software re-do everything 100 times (basically mimicking what I did with the mouse). I thought bots would be easily detected and this would be a safer approach.
This was 8 years ago though, I wouldn't know if this is still possible.

Valve here, archiving thread.

oh wow, i actually found it
looked around in IDA for functions that called glFlush, and found a value that appears to set the fps limit

i set it to 20 (well, 41A00000 since it's a 32bit float) and now the game's running 20fps, but normal speed

I made one of the best AI scripts for Granado Espada which had tons of useful features even if you didn't use it for botting.

Right so back in the days of Halo CE I modded all kinds of stuff. I made the AR shoot sniper rounds, made the Warthog drivable from the passenger seat, made the shotgun shoot tank rounds, took away the grenades gravity so they just went in a straight line forever and made the pistol "teleport" players into the sky where they then fell to their deaths. I also places teleportation triggers in random places so people could teleport to unreachable places on the map.

Through not trough

I am the guy that joins Urbanterror servers killing close to 500 people in minutes with my autoaim and making everyone unable to pay.

You all are amateurs. I make 3D java block game hax.

Yes. Yesterday made new hack for gta 5.

It's possible that there's a second value which you missed that controls the game tick rate in relation to the frame rate.

Oh man, now you reminded me (again) of Ragnarok Online and homunculus AI abuse.

I remember adding a method to the homunculus AI system that allowed you to bypass the API restrictions and control your character as well (instead of just the homunculus). That was pretty fun to both make and abuse.

I also made a battle AI which was capable of casting abilities faster than normal, and pretty much ripped people apart.

any hints as to what i should look for?

thought i got it in , but it only works for

>any hints as to what i should look for?
Sadly no, but if it only works for

To expand on this idea, if they can adjust the game speed to the framerate but only for framerates

>Maybe you could look at other examples of FPS-limited game loops to figure out how they work.
that's (only) what i've been doing, but it's difficult to correlate even C examples with disassembled junk, especially since i have no real C or x86 assembly knowledge

the game scales properly under 60fps, so i imagine there's somewhere in there that explicitly checks for framerates over 60, and pins the scaling code to that (maybe i should look around for the millisecond value of a 60fps frame, maybe it's looking for frame times under a value instead...)

>but it's difficult to correlate even C examples with disassembled junk, especially since i have no real C or x86 assembly knowledge
I think that's a bigger problem. RE relies very strongly on having a good understanding of how people write C code in practice, and then how the compiler translates typical C constructs to assembly.

That's pretty fucked considering they're moments away from death due to VMware's vSAN, etc.

i understand that'd be pretty crucial, but this is just for fun
can't learn anything if you only do things you already know

if you're having trouble understanding disassembled code you can try IDA with hex rays plugin that translates a disassembled function into a C one, it works fairly well but it's a crutch

i'll have a look

i found many bugs on lineage 2 most of them i either sold them or i used them to gain more adena(the ig currency) and then sell it
later on i find out that this game is so fucking pathetic in security that i can make more money by making a program to "block" bot programs than to actually have bots in gazzilion of servers...
and then the idea of smartguard came..

Not really interested in using any, but I would like to make some just for the fun of it. No idea how to start, though.