Log in

View Full Version : Memory/Packet Editing


SYNCOPATE
June 3rd, 2005, 13:43
Hi!

Finally I found the breakpoint for a special game.
Now, I'm currently stuck on the next part. I've heard
that I have to edit the memory and/or packets so
I can duplicate items. I hope that some here are able
to help me out just a bit (any kind of help will be appreciated)

- SYNCOPATE

SYNCOPATE
June 3rd, 2005, 14:43
Answer =P

Ricardo Narvaja
June 3rd, 2005, 20:55
i donīt answer if i donīt understand the question, i donīt speak english well, and donīt understand english well too, and donīt understand your question, sorry.

Ricardo Narvaja

bill
June 3rd, 2005, 22:28
could this game be...rose? lol

baxis
June 4th, 2005, 01:32
I see that many persons are currently working on rose debug

I think that i have find the place like you where the game construct the packet for item placing.
But the problem is what do we have to process in order to re-send the
packet ?

The goal is to do two different things, let rose send the packet, maje a jump to the good line and edit the content of the packet to modify the position.

My real question : How can i (in ollydbg) make a manually jump (because he don't let me add the line JMP FFFFFF).

SYNCOPATE
June 4th, 2005, 02:40
Probably.

baxis
June 4th, 2005, 03:32
Have you try to edit the program with ollydbg, i dunno how to make him send two packects instead of one.
Normally a simple jump instruction with an update of data will solve the problem.

baxis
June 4th, 2005, 03:51
A question for u Syncopate, i saw in another forum that u know that Matt has working hard to find, and have finally really find how to dupe.

But why did he didn't share with you what he found ?

Nonameo
June 5th, 2005, 10:30
If we're talking about game hacking, i would recommend using WPE Pro for the packets and tSearch for finding any memory values (i.e. money etc...)

hope this helps

-Nonameo-

baxis
June 6th, 2005, 02:58
Yes i agree with u Nonameo, but the encryption don't let us edit anything in the packet.

So we must find and code a seacond call to packet encription

Nonameo
June 6th, 2005, 16:18
oh right. sorry lol, havent played the game. but i played a game called MTA which is a multiplayer mod for GTA Vice City.

in MTA 0.5 they used a Rijndael (Aes) encryption on their packets.

the encrytion is government standard, but their client wasnt lol

we got it in the end ! was fun, the whole mod communtiy pulled together.

hope the same happens with your game

-Nonameo-

arioco
June 6th, 2005, 22:15
It's an online game where we found the breakpoint before the packet is encrypted and send to server, but we don't know how to edit it.
------------------------------------------
Ricardo, se trata de un juego online, donde han encontrado el breakpoint donde esta el paquete desencryptado (RAW paquet que lo llaman), luego se encripta y se envia al servidor a traves de WS2_32.send el problema es que no sabemos donde editarlo. puedes ayudar?

Vivi
June 7th, 2005, 02:27
I've also recently started to try and dupe on this game. I've found the trade packet that I need and I've tried to manipulate the position of the item and it's quantity but nothings working yet.

mikeb
August 17th, 2005, 18:22
ever try to decrypt and filter out your packet.You could possibly do a drop dupe , where you drop 1 of a certain item but u make server think u dropped 90 or whatever variable you wish?

phat
August 22nd, 2005, 10:30
mikeb: im trying to do that atm, i can see the number of items before being dropped, for ex. i drop 100 apples then change it to 10, but when i try to drop more than the max item i have, it will only drop the real amount i have.

also im trying the exp hack, i can see how much im getting when i kill an enemy but when i edit the packet i still get the original amount, i think i need to somehow resend the packet mulitiple times, or make olly recieve the packet multiple times? is there such a procedure or command?

i apologize if im talking non-sense, im just new to ollydbg =)

g3nuin3
August 23rd, 2005, 12:35
well, in order to decrypt roses packets theres alot of analysing, if youve managed to breakpoint right before the encryption routine, then youre on a good track, then theres the hard part of figuring out the decryption routine, You can use a software L.Spiro wrote to better analyze this thru his neat disass and debugger. you can also bp on the winsock dll's.

http://www.gwforum.ca/l-spiro/ ("http://www.gwforum.ca/l-spiro/")

phat
August 23rd, 2005, 19:17
o thanks for the reply g3nuin3 ^_^

g3nuin3
November 1st, 2005, 14:21
the new updated working link is http://www.memoryhacking.com ("http://www.memoryhacking.com") for anyone who cares