Techniques and Tips to Find and Backtrace Encrypted Values
Вставка
- Опубліковано 21 лис 2017
- The Best Source To Learn Game Hacking: guidedhacking.com/ Patreon: / cheatthegame
Techniques and Tips to Find and Backtrace Encrypted Values. Here a few techniques and tips to help you find these hard to find values, to find the values easier, when you keep crashing your game, this helps minimize that and to pick up where you left off when you do.
**FOR A LIMITED TIME I AM ALLOWING ACCESS TO HAVE ALL CTG CHEAT TABLES** nimbleinity.com/4uoA
================================================
Thank you to the CTG Partners:
GuidedHacking.Com
Seneeki
Alessandro Leitao
Mattia Leoni
Cheat The Game on Facebook: / cheatthegame
CTG Discord Channel: discordapp.com/invite/ndn4pqs
==================================================
Chris Fayte @ Cheat The Game
Cheat The Game FB Channel: / cheatthegame
CTG Members GameModder and Gamplayers Ytube Channels:
Cheat The Game: / bloodfayte
Stephen Chapman Code Assembly UA-cam Channel: / seowhistleblower
Fleep/Amandor Rake Guided UA-cam Channel: / l4dl4d2europe
FreeER Advanced Hacking Techniques and Programming: / @freeer
Cyberspace Camp instruction tutorials: / channel
War1ock Funny as hell Gameplays and Walkthrus: / @cipflixgaming
HellCandyx game and trainers: / hellcandyx
Cheats Game tutorial channel all levels: / @cheatsgames
Binomi89 Android Game App Expert UA-cam Channel: / channel
Kenneth MC Facebook Game Moding UA-cam Channel: / @cheatstrainers4665
John Kitzz Trainer Maker: / @johnkittz
Grim Doe game cheats,modding config files, and much more- / channel
John Canal Tabelas e Traines in espanol: / channel
Kala's youtube channel Cheat Tables: / @kalas4199 - Ігри
***FOR A LIMITED TIME I AM ALLOWING ACCESS TO HAVE ALL CTG CHEAT TABLES*** nimbleinity.com/4uoA
Thanks !
I've watched none of this yet and somehow I know it's everything I wanted to see. Especially since I asked about something similar on the comment section of another related video of yours recently... anyway thanks Chris. Hope you had a happy Thanksgiving
This is such a great tutorial series. I watched about all of the encrypted value related tuts and this one was the best and most helpful.
awesome work Chris, this is one of the most important things someone can learn
Awesome video pal, full of tips and tricks, i loved it
Thanks cris, you're so good at what you do, it tastes good to watch your videos, debugging depends a lot on one's knowledge of the subject, with only 9 digits "mov r12 # 99" you've simplified the script, not the function itself, but, the logic, the methodology the knowledge you have is well above average ...
thank you for all these information.i passed almost all the CE tutorials yet still feels shit in hacking. Now much better with your sharing. Thanks again.
Im glad I could help
Thanks your video's always have something new in them.
Thanx very much for your time and dedication! It helped me a lot!
You don't know how much this helped me, bro! World needs some of great instructor like you. Great job, Thanks again.
Thanks for teaching this hard proces. You got nice way to teach i think. Good job
keep going dont stop sharing your advices
Very good... You is the best
awesome tutorial very well explained GJ man keep it up
clear and fun and useful,thx a lot
thank u chris u answer my biggest question hahaha why i scan the value and when i scan it it will dissapear..when i press next scan button...
I bet you're really good at making trainers.
you are the best
Thanks..
soo i was playing a game with in-game currency on it, i tried to find it with the simplest technique but i simply could not find it, is this what they call encrypted values? cuz it seems from what you have explained is, you find the value but you cant change the value.
please reply :)
On PCSX2 folks had been trying on the forums to get at Star Ocean - End of Time. They said that not only was the memory encrypted and fooling folks with the display value, It also wrote it to random memory addresses. But with a little hard work folks are figuring things out. They are following your instructions to the letter and having unlimited money. I think it would help in your videos if you explained where to look for things in the event that it doesn't match up to what you are saying. R12 worked for you but might not be there for others. Using xor to encrypt and looking for the value on the screen that went a long way. ALso showing process of elimination helps when you are looking at values that screw up the target value but dont crash the game. If you break that down in the very beginning, whether the screen looks like yours or not, the person will have the tools to find what they need. Also answer me this: How could these skills apply to a real world job?
Great video. Thx. Who knew someone could get it on the first try.
Thx for you comment and suggestions.. Applying to the real world, is deductive reasoning.. Solving these type problems requires thought, insight, test parameters, reasoning etc.. Sometimes when a question appears not to have an answer,, it maybe because we look for those answers in the wrong places. This helps me to look for answers outside of the box as well.
These damn freaking modern games!! Convoluted AF!! I need to take a break now. Or my head's just gonna explode.
cool video :)
Great video! Would it be possible to start from the display value (not encrypted so easy to find), and go back to find the "original" / encrypted value? I tried but have no idea where to start :/
Yes it is possible but extremely difficult,, your assembly skills need to be fairly advanced to trace it back to the internal. Stephen Chapman gives an example of doing this here: ua-cam.com/video/06t_hoWGa5c/v-deo.html
Cheat The Game thanks a lot dude! ;)
I tried the hack today and it is fun :). I just have another question, if you could answer me this would be super cool :D.
Why is the encrypted ammo value appearing at 21:40, instead of the value we froze just before (the one which set munitions to 0)? I mean, this is with this last value that we came to the mov instruction, and the "find out what adresses this instruction access" seems to me like the inverse of "find out what writes to this adress" (=what we did before); so logically, we should come back to it.
If i'm right the value which, when you freeze it, sets ammos to 0 in your video, is a pointer to a function storing the encrypted ammos value, and I think because this has something to do with encrypted ammos value, the mov instruction modifying this pointer is considered like modifying the ammo value. Am i right ?
All I was doing was looking for any address that effected the ammo, you kinda lost me in what you were asking, it maybe just because Im tired as hell.. But yes we found what effected our ammo,, and we need to find what was writing to that address after it had been encrypted so that we go trace to the real value before the encryption occurs to modify it there.. Also remember and maybe I should have stated it better in the vid, but these vids are done over a couple days and not in one sitting session.. So one address found in another take maybe a day later I went found it again off camera and may not correlate to the previous address I found.. But that is totally irrelevant to the technique I was trying to teach.
Yes i wasn't clear at all sorry xD, I don't speak english very well. I think that in fact I just don't understand two things:
- what is the value which when freezed, sets ammos to 0. It isn't the encrypted ammo value, so what could it be?
- I think I don't undetstand really well the cheat engine functions "what access to this adress", or more probably the "what adresses this instruction access" one.
But maybe I should just search deeper on cheat engine website to get an answer for my second question.
Okay I got you.. Ok first of all it was the actual ammo encrypted value,,, the reason it went to 0 instead of just freezing it is because of the encryption.. If you saw all that Imult operands after the encryption, basically that is what that is for, to be able to keep amateurs from freezing the value.. If they tried it would register a zero.. I don't know all the math behind it but that was put in there on purpose and that is what is was designed to do to discourage cheating,,, but they didn't know they going to be dealing with me,, and found there real value before it encrypted.
What do I do if I can't find out what is accessing the address?
Hello @Cheat The Game
I'm trying this method on Payday 2.. everything is super encrypted. I've found a command that executes every time you fire your weapon: "mov [ecx],eax", but this is a shared op code... so I've managed to setup a breakpoint on the op code with a condition "ECX == 0x4F097658" and it works correctly.. then while the debugger is paused, I setup a break and trace on the next op code line then I go to debug > run. This works just fine.
My issue is, in the break and trace results, I cannot find the value of the ammo.. I don't have the same registers as you, no r8, r12, etc.. I only have EAX, EBX, ECX, etc.. and I have no idea how I can find my ammo in allll these break and trace results.. are there any tips you can give me?
When you break and trace the call structure it is displaying all the areas that the program returns to back up the call structure tree.. But it only gives information on everything that was run after the trace was hit,, and no information before the calls, that's when we have to manually go back to each call function and check what happened before the calls were hit, with more breaks and possibly stepping thru the code to see what is going on with the value we want to find.. I had to do this here when I first did a tut on encrypted values. It can become tedious and frustrating,, its basically the same method used in cracking software and more knowledge in assembly helps here: ua-cam.com/video/NOOWl1eOMKA/v-deo.html
A tad old of a post now, and maybe a bit off topic, but what is that program/widget called that you use to display/purge your RAM, please?
Advanced System Care by Iobit
@@ChrisFayte - Thank you
16:05, i don't get how you can be sure these values are not the encrypted ammo :/. I mean offsets don't seem to mean that much here.... Also, xmmo registers contain floats, but xmmo is overwritten by [rbx-30], which is a qword :/ i don't really understand, if [rbx-30] =5 (integer), then, xmmo is float, so 5 int will be converted and will no longer = 5... Am i wrong?
Im not sure what you are asking,, the address is just holding then value,, when its time to increase or decrease and set the display values, it takes that internal, decrypts it, either inc or dec, re-encrypts it,, then does more things takes the value again, decrypts it, sets the displays, re-encrypts and sets it back in the address. now to us this is practically instantaneous, but to computer it does a lot of stuff to that value before and after the change occurs,, I catch it at a specific point when it has decrypted the value and right before it re-encrypts it.. It does cycle between the stack and the FPU stack, basically because the value influences other things in the game.
Oh no sorry! I didn't understand, you eliminate all 8s because you tested them all, but none worked. I though you didn't tested them all but you were saying, because of the 8 offset, it won't work for sure, but i was wrong.
About xmmo, i was disappointed by the fact it seems to me an integer is put in xmmo. If we have 5 ammos, r12 will be 5, 5 is a integer. But it is put in xmmo, which is not an integer register. In this case, xmmo will not equal 5,0 or 5. could it be part of the encryption?
Btw I wanted to thank you for all your work, it helps me a lot :)
Well I just recently learned in certain situations that an integer can be placed into a xmm registry "64-Bit SIMD Integer Instructions (SSE)" docs.oracle.com/cd/E26502_01/html/E28388/eojde.html but Ive just never come across it myself, but it is possible.. I just never reversed it beyond the point of finding it before it gets encrypted again.
I think i saw it too, but there's still something that still seems wrong to me. I'd like to see what xmm0 and r12 equal there, but i uninstalled the game xd. I'm going to ask a question on stackoverflow and let you know if I have any answer.
But do you know if the integer is "converted" automatically to float here ? Will xmm0 contain r12 value but just as a float (like r12= 1, xmmo=1,0), or will it just contain the hex of r12, so a float corresponding to this hex that has nothing to do with r12 value?
Id have to go back and look at it,, I don't have the game anymore
could you show how to find like certian events of a game with cheat eninge? Like for example a "mission complete" event in a game or a ingame popup, and then bind a key to it so you could for example skip a mission immediatly with one press of a button???
It is possible even though that would be a hard find
Okay I'm looking forward for it if you decide to give it a try. another thing: will you possibly do a video about the tool ultimap in Cheatengine and explain how to correctly use it?.... :S thanks!
Ive already answered that question for you on your post on the bypassing the anti hack vid
dude im trying to change the values of the skill points for disney infinity 3.0 pc but nothing I tried 4 bytes,floats,doubles... can u help?
sounds like you found a display code and not the correct internal that controls displays. Im not sure if this game uses encrypted values, address shifts, or is server sided.. But you can backtrace the display value to see where it is getting the value from and try to manipulate it farther up the call structure.
@@ChrisFayte do u have some videos that explain how to backtrace?
ua-cam.com/video/xELXQM-Io8U/v-deo.html
ua-cam.com/video/8s_VsRsqV4s/v-deo.html
@@ChrisFayte Thanks I'll try my best
21:39 you didn't check if it was shared by the enemy! in some games the enemy and player have shared ammo instruction. Well i don't know if its like that in newer games but in GTA 3 and vice city it was shared
True, but in most games enemies usually always have inf ammo. Its the player who is limited, but in some games ammo is limited to the enemy players as well, in which you will want to compare out like you would for health.
I Truly hate the crashes
Please help me. There has been a game for Lords mobile for 3 months. I have been trying it. I wrote it before.
please find me clear about this game, your request will be enough for me
I will support your channel, break a record, seriously a lot of people are playing this game
can you do a tutorial on how to make invisible cheat???
I have many vids on my channel on that subject,, just search for Stealth on my channel - here is my most recent one: ua-cam.com/video/NFAsHHxbOpo/v-deo.html
video actually worth super long intro gg
Thank you, my newest vids do not have the super long intro.
Hey, could you make a Video about Far Cry 4? I am strugeling so hard with this game.
I think my version is 1.0.1 but not sure, my codes have not been tested thru out the entire game but you are welcome to my Cheat Table for Far Cry 4. I didn't finish hacking it because I got on to other projects and forgot about it. www.mediafire.com/file/xbeanodobbo38qn/FarCry4.zip
Cheat The Game Thanks for the CT, I will take a look at it. But with a finished CT, I can't understand how you found those values.
I originally gave the wrong link, and updated it via edit, make sure to redownload it for the good one.
If you want to find them yourself,, Breath Stamina and health are all going through the same opcode.. So go somewhere so you wont be attacked and go find stamina.. Float value 100 is max - Health Is float 100 - Breath Underwater is Float 100 - that should help you. Make sure to value search on offline mode
This is the better one: www.mediafire.com/file/xbeanodobbo38qn/FarCry4.zip
Hey do you know how to teleport hack in a game like Team Fortress 2?
All teleport hacks are done basically the same way as I show on my vids here,, the values of your coordinates have to be stored on your comp though, not on an online server.
Ok thanks.
can u make 1080p please
Camtasia only allows me up to 1280x720
Cheat The Game use obs
Considering I don't make anything and do all these vids on my own time, and don't charge anybody to do them,, Ill stick with what I got.