How do people create hacks?

Discussion in 'Tutorials & Source Codes' started by xwalero, Jun 17, 2018.

Discuss How do people create hacks? in the Tutorials & Source Codes area at GameKiller.net

  1. xwalero

    xwalero Chile Elite Hacker

    Post Count:
    1,083
    Likes Received:
    2
    Stats
    Hi, I know C (not C++ tho, but I do know Java and a little C#, so I'm guessing it wouldn't be a problem to learn it), I kinda know how memory works, I kinda know how an OS works (Linux, not Win), I know there are packets in MapleStory that can be changed and all that stuff. BUT I can't seem to find an answer to how do people actually create hacks on a program they don't have the source code of. I mean, someone did release the source of older versions of MS, so to create new hacks did they create them in those versions and updated the pointers? How do things like AresMS exist now? Do they have an illegal source who's leaking the source code? How do we have bypasses? Do they have the source code of anti-cheating tools too? I mean, one thing is to know how to inject a dll and USE the scripts, but another one is to actually create the functions that manipulate the game a.k.a. scripts. The bypass thing is what surprises me the most... I don't think with just programming knowledge you can do those things so... what am I missing? Do most people just update tools that other very skilled people do? I feel like I'm missing something really important here. I don't even know what to learn to start hacking MS, 'cause the first step is to create a bypass (I know MIPS btw, which is kind of an assembly language, which means I know how the stack works and stuff to create functions in a very low level, but still I can't seem to find an answer to my questions).
     

    Mr. Ad Advertisement

     
  2. SunCat

    SunCat Australia Godly Hacker Coder Premium

    Post Count:
    650
    Likes Received:
    2,387
    Stats
    You don't need access to the source code to make hacks. Of course those leaks help people find functions in the game, but it can be done without.

    As far as making a bypass goes, I can't really help you there other than saying it's no different to making other hacks.
    I can explain a basic method that people find hacks though.

    You say you know the basics of memory editing, I'm assuming you mean like finding a value with cheat engine.

    NOTE: This explanation is just theoretical, I'm not speaking about any game in particular

    Say you are wanting to make a godmode for some game. You find the address of your health by just searching for the value as it changes.
    Once you've got the address, you can use a debugger to find out what address in the memory is writing to that address.
    This new address you've found is part of the function that updates your health. If you understand assembly, you should have a rough idea of how the function works.
    If you just wanted to make a super simple godmode for a game that is very basic, you'd just NOP this function, essentially removing it from the game.
    With that function removed, your health can no longer decrease.

    In practice, for most games it's is not quite this simple, but the concept stands.

    Hopefully this has given some sort of insight, feel free to PM me if you need help.
     
    BusyChinaMan and lalaefi like this.
  3. xwalero

    xwalero Chile Elite Hacker

    Post Count:
    1,083
    Likes Received:
    2
    Stats
    Thanks for your answer. I do know those things, I was asking with things like Kami in mind. Or even that GM detector. FMA too, for example, how would you know the position of every mob at any given time in any map? I think that might be beyond a simple pointer, as well as the case of a bypass. You have to actually know what the bypass does, how it's hooked, when it's hooked, what's the check that's using, etc. I'm really curious about how do people find that complicated stuff (complicated to me at least :P).
     
  4. SunCat

    SunCat Australia Godly Hacker Coder Premium

    Post Count:
    650
    Likes Received:
    2,387
    Stats
    I've recently written a kami script actually, so I could roughly explain that to you.
    It's worth noting that I didn't personally find the teleport function address as it was already available in a public script.

    Before I start on the kami part, I'll talk about how you would theoretically find the teleport function address.

    Similarly to above, you'd find your X or Y coordinate, then using a debugger you would find out what has made a change to this value when you use a teleport skill ingame.
    This will be either part of your teleport function, or part of a function that is part of the teleport function. Sometimes you have to backtrack further than other times to find the function you need. But you can always follow how a program has executed in memory.

    Okay, so now that we've got the teleport address, time to explain the kami.

    Firstly, we need to closely analyse the teleport function. You'd put a breakpoint in there with a debugger, use a teleport skill, then step through the function one step at a time.
    Your goal here is to identify the parameters it takes. You need to know how to get your X and your Y coordinates into that function.
    So once you've stepped through the function and found out which cpu registers or addresses are holding the values you need, you have everything needed to make a hack.

    You need to write your own function that will put the parameters into the right places, and then call the teleport function.
    When the function runs, it'll find the values you put in the right place and teleport you to that position.
    Essentially you want to mimic normal game function.

    Look up a Character Teleport cheat engine script to see how this last step works.

    Now you've got a teleport function that you can specify the coordinates for. From here, kami isn't too hard to figure out.

    You would need to go through a similar process to hook the mob positions. There's always something in memory that contains these values.
     
    dolbaeb, BusyChinaMan and AresGod like this.
  5. TheToymaker

    TheToymaker United States Lurker

    Post Count:
    1
    Likes Received:
    0
    Stats
    You don't actually need any programming knowledge. And it's merely an option to code a program to inject your hack. It simply helps and you'll automatically start to understand, or find yourself making educated guesses, at what the original coding looked like.

    When you run a game or application, the compiled code (originally C++/VB/Etc., now in the form of a binary final (.exe) and sometimes libraries (.dll)) is loaded from the Hard Drive (i.e. your Program Files folder) into RAM and Virtual Memory so your CPU can process it.

    In memory, hacks, or cheats like Game Shark or Game Genie codes, simply change values at addresses. Like the address pointing to the value of your gold, changing the value of gold there. Usually using the hexadecimal representation of the desired decimal amount (i.e. 1,000,000).

    Using memory searchers (like Cheat Engine) this is easy to do on the fly. Because most games nowadays use Dynamic Memory Allocation (DMA), however, those addresses change each time you load the game. So you have to find a more concrete address (or offset) by setting a breakpoint. Then you can trace the actual function in memory, using a debugger like OllyDbg, that handles the value of gold.

    With the knowledge of assembly/memory, and practice, and trial and error, you can figure out how to hack it from there. You may find that a particular address's operation is triggered by selling gold, that seems to MOVe a new value into a register. So you replace that value with the hexadecimal equivalent of 1,000,000 and bam, every time you buy something your gold stays constantly at 1,000,000, instead of reducing by the item's cost.

    Some hexadecimal bytes you write to memory aren't value conversions from decimal but actual opcodes (operation codes). Say there's a conditional jump that only fires when you have enough gold for something (based on an IF/ELSE programming code in the game's original source code), you change it to always jump, so you are writing the opcode EB to that address, meaning JMP. Now you don't need enough gold to buy whatever you want because it always is enough as far as the game is concerned.

    There's a lot of other aspects to memory also. For example, there are many API's you can call from a hack because Windows OS automatically includes User32.dll and Kernel32.dll in the games/applications loaded. User32.GetKeyState, Kernel32.ExitProcess, for some examples.

    A lot of hacks are injected/loaded into a target game/app, by the window name or process id, using either WriteProcessMemory or LoadLibrary.

    This is an exact example of how countless game hackers make game hacks/cheats. It works for many games and applications. It's the same approach to cracking an application use it without paying for it, and such. But of course newer better secured games/programs and more information being server-side has begun limiting how much you can do, without other approaches like exploits and packets.

    Simply make some programs in C++ and debug them and before you know it you'll have a decent handle on how code renders into memory, and play with it until you are able to hack, for fun cheats or to protect your game/application.
     
  6. leeweixuan

    leeweixuan Malaysia Informed Hacker

    Post Count:
    52
    Likes Received:
    10
    Stats
    Mr. SunCat can you teach me how to make a AutoRune Script. Cause i have no idea how to find the rune's AOB.
     
  7. SunCat

    SunCat Australia Godly Hacker Coder Premium

    Post Count:
    650
    Likes Received:
    2,387
    Stats
    Hey man, auto rune is probably the most difficult hack to make. There's encryption and VM'd code involved. If you're still new to this, you should start with simpler hacks.
     
    lalaefi and BusyChinaMan like this.
  8. leeweixuan

    leeweixuan Malaysia Informed Hacker

    Post Count:
    52
    Likes Received:
    10
    Stats
    ohh i see, how about auto login?
     
  9. SunCat

    SunCat Australia Godly Hacker Coder Premium

    Post Count:
    650
    Likes Received:
    2,387
    Stats
    Auto login is also not very easy to do in a CE script. You should probably start with something like godmode or no knockback and work your way up to those things.
    It's easier to write more complicated things in C++ rather than asm.
     
    BusyChinaMan likes this.
  10. leeweixuan

    leeweixuan Malaysia Informed Hacker

    Post Count:
    52
    Likes Received:
    10
    Stats
    aight , thx for the guide
     
  11. leeweixuan

    leeweixuan Malaysia Informed Hacker

    Post Count:
    52
    Likes Received:
    10
    Stats
    Btw can you teach me how to find the etc ids, skill ids, consume ids, and more?
     
  12. Retard

    Retard Israel Legendary Premium

    Post Count:
    1,031
    Likes Received:
    409
    Stats
    There are lists of all those online, if that's what you mean.
     
  13. killhit123

    killhit123 Canada Premium Premium

    Post Count:
    439
    Likes Received:
    217
    Stats
    Those IDs are stored inside .wz files so you can unpack them to see the list
     
  14. leeweixuan

    leeweixuan Malaysia Informed Hacker

    Post Count:
    52
    Likes Received:
    10
    Stats
    I mean I want to really learn how to find it, not only search online list
     
    Retard likes this.
  15. leeweixuan

    leeweixuan Malaysia Informed Hacker

    Post Count:
    52
    Likes Received:
    10
    Stats
    How
     
  16. leeweixuan

    leeweixuan Malaysia Informed Hacker

    Post Count:
    52
    Likes Received:
    10
    Stats
    i tried to use debugger on the health address that i found, but it crashes me everytime when i use the debugger.
     
  17. SunCat

    SunCat Australia Godly Hacker Coder Premium

    Post Count:
    650
    Likes Received:
    2,387
    Stats
    Your debugger needs to be in VEH mode. It’s in CE settings.
     
  18. leeweixuan

    leeweixuan Malaysia Informed Hacker

    Post Count:
    52
    Likes Received:
    10
    Stats
    aight thx
     

Share This Page

  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies.
    Dismiss Notice
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies.
    Dismiss Notice