Cheap Game & Reversing Programming
I worked with too many building systems.
Most of them were console based and it was a pain to follow them correctly sometimes.
It’s true that they used to show you a log but the bigger it is the bigger it will be messy to follow.
Recently I found out R2Build and I’ve to say that it is incredible.
You can visually “build” the steps behind your building system and so, the organization of the steps gets clean to humans.
So well, here is the link to their site: http://r2build.sourceforge.net/
And here is an screenshot of it:
Hope you enjoy it!
The first to do when you want to write a hack for a game is to analyze the client files.
I always try to find the lazy solution to all the games: monitor the screen and send input commands.
That’s a common approach to write a hack/tool/etc. However, it will require your computer to be “stacked” and if that game has a protection you won’t be able to do this.
If you still want to do something based on the screen then you need to research about the game rendering system. Why rendering system? Because you can write a proxy dll and intercept the drawing calls, for example: OpenGL. On Quake I, II and III, Half-Life it was the most common way of doing Colour based Bots (aka AimBot) and Wall Hacks. What’s the purpose of a proxy dll? How does it work? A proxy dll is an dll that’s between the game rendering system and the real rendering dll. OpenGL uses “opengl32.dll” so our dll is going to be called “opengl32.dll”. IMPORTANT: YOU DON’T NEED TO REPLACE THE ONE THAT’S UNDER WINDOWS\SYSTEM32, you just need to copy your proxy dll to the same path of the application.
This dll has to do two things:
- Load the real “opengl32.dll” that’s under WINDOWS\SYSTEM32
- Create the same methods as the real dll has
- For every method, call the method inside the real dll
This takes some time but once you’ve it done you will be able to do at least a Wall Hack.
All the above part is to have a fast solution but if you want to go further then you will need to do more research like:
- Debug the game’s executable
- Reverse the client data files
- Write a proxy
Debug the game’s executable
To achieve this goal we will need OllyDbg. It will works most of the times until you face a packed executable in which case you wouldn’t be able to understand anything. How to know if it’s packed? download the PEiD and you will know with which packer it was packed. Trace back and down the routines, strcmp and strcpy routines are easy to recognize.
Reverse the client data files
Recently I tried an mmo and its data files were SCRAMBLE. Scramble is not the best option to hide your files as with the minimum effort they can be reversed. Basically most of the times they rely on a modified version of the XOR encryption.
Write a proxy
Writing a proxy isn’t that difficult and it lets you take a look at your game’s packets. Proxies usually are between the Game Server and the Client itself. Many of them are encrypted and in most of the cases they do a previous handshake process in which they exchange encryption keys.
One day I was playing with AutoIt window finder when I move it to the publicity section of my MSN.
I got amazed when I saw it was an instance of IE (Internet Explorer) running there consuming resources and showing things that I’m not interested in.
I started to search for the properties of that control til I found it was receiving data from “rad.msn.com” (of course it generates tracking cookies… I think it’s because of market study. That’s why your AV (Anti Virus) will report tracking cookies).
Then I said “Well, I’ll kill that process” and I started to figure out things that might be a pain to code. After going any further I analyzed all the possibilites, one of those were the “host” file inside “C:\WINDOWS\System32\Drivers\etc\”. With that file you can map ip addresses to hostnames.
By editing the “host” file with just this:
… every time anything on your computer tries to connect to “rad.msn.com” it will connect to your own computer which might lead into no data to that little box of MSN.
When that box has no data or it cannot connect to “rad.msn.com” it doesn’t create any instance of Internet Explorer so more resources free.
That box will look like this:
After months and months of no activity I’ve decided to start all over again with this blog and add more interesting stuff to it.
I’m a programmer, I like to code whatever it crosses in my mind… but interesting ones.
In the past I’ve been writing logic for games and some engines but the last year was exclusively to reverse online games.
I’ve learned a lot from the different mmo communities and I want to share some of this knowledge with you.
I’ll stick to Python because it’s easy to read and understand.