EvilZone
Programming and Scripting => Projects and Discussion => : Matriplex January 28, 2015, 12:00:49 AM
-
For a while now I've been teaching myself how to reverse engineer and subsequently I thought I'd try my hand at something like this. Low and behold it turned into a months long project in which I learned a lot. Since I've been very inactive lately I thought I'd share the progress with you guys. No, I'm not releasing it and I never will as it was a learning project but I may release some of the code (but not the reversed classes... sorry). Here's an imgur album (http://imgur.com/a/UhX4t) and one of the pics.
A list of some stuff I did with it, there's other things going on in the memory that doesn't show here:
- No recoil
- No sway (breath)
- 3D AABB ESP for entities (supply boxes, grenades, c4, missiles, etc), players, and vehicles
- ESP for health, distance, and various other things
- Skeleton ESP
- Smooth aimbot (that was a bitch to program)
- Proximity warnings (enemies behind you)
- Sky and fog disabler
- The GUI windows are collapsible and draggable.
I also played around with the rendering engine and got it to render things like just the normal buffer, depth buffer, ambient occlusion buffer, and other things. I found the buffer that stores the direction vectors for the motion blur and rendered that. Trippy af.
(http://i.imgur.com/bxrHzxo.jpg)
So that's it, just thought I'd pop in and say hi.
-
I personaly dont like cheats and those who use them to fu#$ other people.. but i apreciate those who make them because must be a hell of a work (and i have a lot of interest of how they do that). Anyways, good work sir.
-
Really nice job man. It really does look like you put a lot of work into this. Anything you wish you knew before you started this whole project? Also, what was the most troublesome thing to get sorted and worked out? (Assuming it's the smooth aimbot since you said it was difficult to program)
-
Really nice job man. It really does look like you put a lot of work into this. Anything you wish you knew before you started this whole project? Also, what was the most troublesome thing to get sorted and worked out? (Assuming it's the smooth aimbot since you said it was difficult to program)
It definitely took a while. Honestly there's not much I wish I would've known before; I learned a lot while doing it. I have a much more in depth understanding of memory, reverse engineering, IDA, and other things now.
The most difficult thing... Hm. I'd have to say gathering the information needed to actually start reversing the data structures. There's information out there but not enough. In terms of the most troublesome to program I'd have to say either the aimbot or the yaw pitch roll rotations for the AABBs. But really those weren't too difficult, the AABBs required rotation matrices and a little matrix math but other than that it was fine. The aimbot required a little more trigonometry, quaternion math (not necessary really but I wanted to keep some things close to what I've done in my 3D engine because I already had code for it), and a slerp function but again that wasn't too difficult.
-
Oh man, I thought I never see aimbots and wallhacks outside of Counter-Strike lol. Really cool work. Why don't you make the hack opensource and host it on github? I bet it would spark great interest :)
-
This is very cool.
Seconded Kulverstukas idea to open source it so I can take all your hard work and plagiarise it to hack a different game.
But seriously, would be really neat to see any code or hear more about the process.
Great work +1
-
I'd like to thank you, it's not often I see a programming project worth thinking about twice, I dont mean just here I mean everywhere. This thoroughly impressed me.
P.S. I understand not wanting to release the code, we all code for different reasons for different projects and if releasing it isnt in the cards I for one respect it :)
+1 and I'll do it again if i get the chance.
-
Thanks for the feedback, I never thought it would actually be well received. Since most of you that posted want me to upload the code, what would you want me to upload? The GUI code, memory library, math stuff? I'll upload any of that, however I'm not going to upload my SDK. I feel like that would just spawn a string of shitty hacks people make thinking they know what they're doing. But anything else is fine.
The code is pretty shitty; I haven't cleaned a lot of it up.
Edit: For clarification the reason I'm not uploading everything and I'm cautious about it is because of punkbuster's ability to recognize the sigs of hacks. One person gets caught using it and everyone else will be. I could upload it then change my code, change the PE shit, and some other stuff but it's not worth it imo.
-
superb :)
-
Great work, Matriplex.
This is the stuff I like to see here.
The GUI code is imo the least interesting of all. But the memory library sounds useful. What language did you use?
-
Oh man, I thought I never see aimbots and wallhacks outside of Counter-Strike lol. Really cool work. Why don't you make the hack opensource and host it on github? I bet it would spark great interest :)
Release it :)
-
my least favorite kind of game hack. i fucking hate no skill hacks. by this ofc i mean the tards out their dropping money on "hacks" then ruining others enjoyment, that said, obviously coding one from scratch isnt "easy" so grats on that. But if you release the code i will fart on your pillow and give you pinkeye.
-
Very nice project. It seems like you really learned a lot from it which is exactly what you should've done! :) +1 cookie for your valuable effort.
Also I second Deque's idea of releasing the memory library. That seems to be one of the more interesting aspects of this project.
-
Very nice project. It seems like you really learned a lot from it which is exactly what you should've done! :) +1 cookie for your valuable effort.
Also I second Deque's idea of releasing the memory library. That seems to be one of the more interesting aspects of this project.
HOLY SHIT YOU ARE ALIVE! :P
-
That's fucking awesome like really I do realize how mich hard work it is but do not dare to fucking release you should play and crush others with this just becauE u dis great work doing so unless someone else does it by himself he is not eligble to the club and if u release u'll be killing your work cz they'll discover it pretty quick the so keep the fun for yourself or I second darkvision for farting on your pillow
-
Dammit... sorry guys I didn't check it. For those screaming about this, I'm not releasing the hack, period. There are plenty of other public ones out there anyways.
Mordred, Deque, sure I'll upload the memory lib code. I did it in C# because I thought it would be a nice deviation from the usual C++ hacks. I had to learn more because I couldn't just use readprocessmemory. Stuff like writing bytes got.. interesting. I realized I had a bug where I'd overwrite 1 or 2 bytes further (can't remember which) because of the buffer C# returns with the Convert.ToByte method. Lots of frustration stemmed from that until I figured it out.
I'll upload the code tomorrow night, it's almost 1 am here and I have school tomorrow.
-
That's great Matriplex :). C# huh? I'm even more interested in it now that you mention it's not done with C++ :D.
-
so you can see through walls because you c sharp?
i know its bad. sorry i had too. Anyway figured id point out one of the other advantages to not releasing. Which is that it automatically becomes harder to detect, or from a business standpoint, more expensive to detect. Which is why for the major games(like WoW) farms pay VERY good money for private bots/hacks, because their operations have less down time then using a public hack. Anyway speaking of detection and aimbots, these next few years should have some interesting developments because i think we are going to start seeing auto detect for walls/aimbots built into the new(er) AAA FPSes. Especially considering their is already some half decent public detection scripts available for some of the larger ones for admins to load to their own server. Which just means that they(you :P) will have to figure out how to make your hack undetectable visually.
-
Sorry for being a noob here. But how the hell did you get the information by reversing it? I tried reversing a simple building game and it was 20,000,000+(decimal, not hex) lines of code. Was there somehow a way to jump to the more interesting code?
-
Yo Matriplex I completely missed this I had been thinking that there was not much game hacking on this forum but great job, will definitely check it out.
-
Sorry for being a noob here. But how the hell did you get the information by reversing it? I tried reversing a simple building game and it was 20,000,000+(decimal, not hex) lines of code. Was there somehow a way to jump to the more interesting code?
There are various techniques. You can for example find interesting variables in memory and then look at what code accesses it.
-
Sorry for being a noob here. But how the hell did you get the information by reversing it? I tried reversing a simple building game and it was 20,000,000+(decimal, not hex) lines of code. Was there somehow a way to jump to the more interesting code?
Well when I start reversing a game I look for a basic value in cheat engine. Take health for example.. Do a search for it in CE and do your everyday change, search again, change, search again technique. Then look for accessors of that point in memory. Say you find this accesses it:
mov r11, [eax+10h]
Well, obviously the last offset is 0x10. You then search for whatever eax is at that point in time (debug/breakpoint it) and do a search for it, dereferencing. Then check what accesses that. You build a whole pointer list up until you reach a static address, and then you know that's probably the base address of the game if it's something like health/money. For more complicated things you can dump the game and inspect it in IDA, and reverse the data structures and virtuals from there looking at the virtual tables and stuffs. It takes time to learn.
I'm going to upload all the code for my hack at some point. Maybe during the summer. I'll exclude the SDK.
Or I may just upload the memory lib. Don't have much time on my hands right now, AP tests are killing me.
I'm still working on this project. I've added a bunch of shit, including teleportation and pseudo flying. Calling some virtuals for raycasting using a stub because it's an external hack. I also have a 3D radar view (top down, renders basic player models in wiremesh I made) using some directx trickery. Fun stuff :)
Which just means that they(you :P) will have to figure out how to make your hack undetectable visually.
Well there's a reason I render everything on an external overlay ;)
On a little chams test I was doing using some code I found online, I had to create a simple internal hack (dll injection) to render the chams correctly ingame. Since it's an ingame rendering thing I had to hook into the anti cheat screenshot method to send a black screenshot. The anti-cheat doesn't do anything about black screenshots because they can be caused by bad drivers, so that's one method if you're using engine rendering.
-
Sorry for the necro, but I still wanna see as much of the source of this as you are willing to release Matriplex!
Any chance for an update? :)
-
lol awesome. Well done buddy.