Mortal Kombat 11 - table v: 1.0.8 CT

Upload your cheat tables here (No requests)
User avatar
HukpoFuJl
Noobzor
Noobzor
Posts: 7
Joined: Thu May 02, 2019 1:16 am
Reputation: 5

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by HukpoFuJl »

Guys, about my unlocker - version 1.1 is corrupted.
As I can see in reports on YouTube - version 1.2 is more stable than the previous 1.x
So, if someone have problem with previous versions - all of it fixed in version 1.2: http://%62it.ly/mk11unlock_v1-2

How to use this cheat table?
  1. Install Cheat Engine
  2. Double-click the .CT file in order to open it.
  3. Click the PC icon in Cheat Engine in order to select the game process.
  4. Keep the list.
  5. Activate the trainer options by checking boxes or setting values from 0 to 1
Last edited by HukpoFuJl on Sun Jun 02, 2019 11:40 pm, edited 1 time in total.

User avatar
SunBeam
Administration
Administration
Posts: 4915
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4608

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by SunBeam »

Apparently, it is one of my patches :D The one that deals with the CRC32 in the main profiling thread (RET-ing the function causes the clock to boost up the timing). I'll think of an alternate way to go about it ;)

User avatar
LeoNatan
Novice Cheater
Novice Cheater
Posts: 23
Joined: Fri May 24, 2019 6:00 pm
Reputation: 2

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by LeoNatan »

I didn't see a speed-up with vsync on. I did see a 100% GPU usage on the menu, which I assume is related.

User avatar
LeoNatan
Novice Cheater
Novice Cheater
Posts: 23
Joined: Fri May 24, 2019 6:00 pm
Reputation: 2

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by LeoNatan »

HukpoFuJl wrote:
Sun Jun 02, 2019 11:01 pm
Guys, about my unlocker - version 1.1 is corrupted.
As I can see in reports on YouTube - version 1.2 is more stable than the previous 1.x
So, if someone have problem with previous versions - all of it fixed in version 1.2: http://%62it.ly/mk11unlock_v1-2
Can confirm that version 1.2 worked well. Thank you as well for your effort!

User avatar
SunBeam
Administration
Administration
Posts: 4915
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4608

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by SunBeam »

I've figured out what they added extra in the main thread ;) Hotfix in a sec, should remove the speed crap :P

EDIT #1: Fixed. Download from the same post on this page: viewtopic.php?p=91982#p91982.

EDIT #2: Thanks, Tim ;) Quick comparison of the CRC32 function revealed they added a ton shit more code in there. Simple bypass of the whole mumbo-jump with a JMP to where it originally exited with no check-ups.

Post feedback :)

User avatar
thethiny
Expert Cheater
Expert Cheater
Posts: 56
Joined: Sat May 18, 2019 2:46 pm
Reputation: 22

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by thethiny »

SunBeam wrote:
Sun Jun 02, 2019 10:17 pm
Could you maybe check what I posted? There are 2 threads that need to be killed. Nothing else. And the CRC32 check which is in main thread (you can't kill the whole profiling thread). As for the rest that's crypto-related, I'm not interested. I only do software RE, not cryptography.
I did check what you posted. I was giving additional insight on other stuff they added in, not telling you how to patch this current problem. You can take a look and confirm by yourself that what I said is true. I didn't say it is related to this current problem. Anyways thanks for your patch.

User avatar
SunBeam
Administration
Administration
Posts: 4915
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4608

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by SunBeam »

^ Here you go; detailed, since you want my attention:

"First of all, how did you locate the thread function that triggers anti CE? I don't mean actually, I mean logically. When you sit down and say "let's find the anti-ce function" what do you do? Are there particular routines that you try? For me I just try to launch CE, get the message box, and trace the call stack and break on the caller function."

I've been doing RE for a long time that I kind of know what APIs to poke at to get stuff solved fast :) MessageBoxA/W or MessageBoxIndirectA/W in this case. Then most of the shit is most likely (as you've seen) triggered from threads; as such, using hardware breakpoints (to also avoid CRC32 corruptions, if using software bps -> 0xCC) on CreateThread and checking the thread functions helps. Then CE can be detected in several ways: certificate (easy to solve, as you've seen), window elements, opening the actual process and scanning for crap (enableDRM() in Lua helps with this) and lastly driver detection. That last step is like the final check. You know all other user-mode checks (replicated in kernel as well) won't help you with anything if bypassed, since the anti-cheat driver kicks in and nuts you. See EasyAntiCheat :)

So yeah, whichever: bp on notification APIs or back-tracing.

"Second of all, there are 5 looping threads:
- Thread 16 (what I posted earlier) in charge of Anti-CE
- Thread 17 (directly after thread 16) in charge of exiting the game on crc fail
- Thread 21/23 (I'm unsure) in charge of reading the running process names (open procmon you'll notice CreateFileW opens every process u have)
- Thread 80/81 (unsure) in charge of spamming CreateFileW on all hid devices
- Main Thread keeps looping around for some reason"

Like I said, using numbers is stupid, as the thread creation order isn't the same on 2 different CPUs. Both the Anti-CE and Memory Integrity threads are VERY EASY to spot because the fuckers @ Nether use Denuvo with crypt markers to shield those functions (if not virtualization, then mutation to deal with lag). When that happens, any protector puts its representative code in there, so you can fucking tell by just checking the ThreadStartAddress. You'll find some spaghetti push + ret + jmp crap that doesn't resemble any normal x64 ASM flow. That's how you know you're to kill those as the first try. I mean, they used mutation and other protection crap, but don't even bother checking if thread is still alive, killed or suspended T_T. No comment. As far as the other threads, I don't care about them. If you check the start addresses, they are legit. Killing them might fuck some game functionality.

"My other question is once I disabled Threads 16, 17, and 21/23 (simply terminate in x64dbg) the game would throw exception violation instead of crashing (which proves that I did sth right?), but I can't move forward as game cannot progress anymore. This deemed it impossible for me to run AOB Injections in CE since changing the code still forces game to quit, so can you tell me what approach did you do so that you caused the game to resume properly?"

Terminating threads like crazy will often result in crashes due to timing. Try suspending them first, resuming for sync, then killing them.

Not interested in crypto :)

"Your work interest me as Reverse Engineering is one of my favorite fields, and I feel like I can learn a lot from you. The video posted by Tim last week was my first attempt at x64dbg, and I would love to say that because of it I was able to create a Mod Loader for the game. Thanks to both of you for your amazing work."

You're welcome.

BR,
Sun

scphsega
Noobzor
Noobzor
Posts: 7
Joined: Mon May 27, 2019 10:22 am
Reputation: 0

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by scphsega »

SunBeam wrote:
Mon Jun 03, 2019 12:12 am
I've figured out what they added extra in the main thread ;) Hotfix in a sec, should remove the speed crap :P

EDIT #1: Fixed. Download from the same post on this page: viewtopic.php?p=91982#p91982.

EDIT #2: Thanks, Tim ;) Quick comparison of the CRC32 function revealed they added a ton shit more code in there. Simple bypass of the whole mumbo-jump with a JMP to where it originally exited with no check-ups.

Post feedback :)
Game behaved nicely now.

I assume there's gonna be a new version of the CT. Using 1.0.6, results in CE hanging.
HukpoFuJl wrote:
Sun Jun 02, 2019 11:01 pm
Guys, about my unlocker - version 1.1 is corrupted.
As I can see in reports on YouTube - version 1.2 is more stable than the previous 1.x
So, if someone have problem with previous versions - all of it fixed in version 1.2: http://%62it.ly/mk11unlock_v1-2
Tested your 1.2 version, works nicely now. I jumped from 1.0 to 1.2, so I did not face any of the problems mentioned for 1.1.

There's a pop-up message about "getF 4.1, 4.2, 4.3" that came up before unlocking the items. Is that expected?

TheArachne
What is cheating?
What is cheating?
Posts: 2
Joined: Sat Mar 02, 2019 9:23 am
Reputation: 0

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by TheArachne »

Was the Cheat Engine table updated for the newest version? I am getting three Error codes trying to load the main script, Protaining to Locating AOB scripts and such? Let me boot both up and Grab a screenshot
Error in Spoiler tag
Spoiler
I2CETLogger::CETlog - ERROR: string "--[==========================================..."]:592:
Error with "HealthHook.CEA", bytes don't match injection point.
At: 0000000140464229
Got: F30F10808C0B0000
Read: F30F1080940B0000
-------------------- CODE --------------------
14046420E - 48 8B FA - mov rdi,rdx
140464211 - 48 89 5C 24 48 - mov [rsp+48],rbx
140464216 - 33 D2 - xor edx,edx
140464218 - E8 A3A2EFFF - call 14035E4C0
14046421D - 48 8B D8 - mov rbx,rax
140464220 - 48 85 C0 - test rax,rax
140464223 - 0F84 86000000 - je 1404642AF
140464229 - F3 0F10 80 940B0000 - movss xmm0,[rax+00000B94] <<<---- Injection point
140464231 - 48 8B C8 - mov rcx,rax
140464234 - F3 0F11 44 24 40 - movss [rsp+40],xmm0
14046423A - E8 81B40B00 - call 14051F6C0
14046423F - 48 8D 54 24 58 - lea rdx,[rsp+58]
140464244 - F3 0F11 44 24 50 - movss [rsp+50],xmm0
14046424A - 48 8B CB - mov rcx,rbx
14046424D - E8 4E960C00 - call 14052D8A0
140464252 - 48 8D 54 24 20 - lea rdx,[rsp+20]
------------------ CODE END ------------------

I2CETLogger::CETlog - ERROR: autoAssembleFile:
Error assembling file: "HealthHook.CEA"

I2CETLogger::CETlog - ERROR: autoAssembleFile:
Error assembling file: "_Main.CEA"

User avatar
stek-kravari
Fearless Donors
Fearless Donors
Posts: 25
Joined: Sun May 12, 2019 4:20 pm
Reputation: 8

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by stek-kravari »

SunBeam wrote:
Sun Jun 02, 2019 6:12 pm
Mortal Kombat 11 (0.112-14-CL136412) Anti-CE & Memory Integrity Checks Bypass
  • Download the archive below and drop d3d11.dll into your 'Retail' folder (where MK11.exe is).
    e.g.: D:\SteamLibrary\steamapps\common\Mortal Kombat 11\Binaries\Retail
  • Run the game.
  • You can now use CE whenever, before or after game's run and can enable scripts without worry that some CRC32 check will catch the hooks.
Dedicated to the few ones left out there.

Download version 1.1 from below to resolve the speed-up crap!


d3d11.zip
(solved the speed-up issue)
(pass: SunBeamFRF)

BR,
Sun
Works great now thank you :)

User avatar
SunBeam
Administration
Administration
Posts: 4915
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4608

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by SunBeam »

^ Thanks! The rest are just leeching shit over :) Fucking bastards, no feedback, no nada :P

TroliusMaximus
Expert Cheater
Expert Cheater
Posts: 205
Joined: Thu May 25, 2017 3:10 pm
Reputation: 21

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by TroliusMaximus »

HaiTian wrote:
Sun Jun 02, 2019 1:17 am
Can someone help with me below errors? I used the MK11 unlock 1.1 and 1.0, after click 'check authorization' both cause this error, how to solve this?

Image
Try [Link]...

User avatar
LeoNatan
Novice Cheater
Novice Cheater
Posts: 23
Joined: Fri May 24, 2019 6:00 pm
Reputation: 2

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by LeoNatan »

LeoNatan wrote:
Mon Jun 03, 2019 12:02 am
I didn't see a speed-up with vsync on. I did see a 100% GPU usage on the menu, which I assume is related.
The 100% GPU usage is gone now with 1.1

User avatar
SunBeam
Administration
Administration
Posts: 4915
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4608

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by SunBeam »

Update #3: [plot twist] Nether adds a check for the dynamic link libraries in game's folder. If loading anything that isn't there, game crashes. SunBeam updates bypass.

Update #4: [plot twist] Nether adds another check to check-up on the killing of threads. SunBeam updates bypass.

Update #5: [plot twist] Nether adds-in EasyAntiCheat. SunBeam releases a new method.

Update #6: [plot twist] Nether adds server-checks (finally).

All this shit above are delayed decoys till they fucking do it properly. Let's help them get there! There's no challenge in playing an unprotected game :)

User avatar
thethiny
Expert Cheater
Expert Cheater
Posts: 56
Joined: Sat May 18, 2019 2:46 pm
Reputation: 22

Re: Mortal Kombat 11 - table v: 1.0.6 CT

Post by thethiny »

SunBeam wrote:
Mon Jun 03, 2019 1:42 am
...
Thank you. The point in asking you isn't so that u tell me the solution, it's so that u tell me the approach so that I learn how to think, which you pretty much did now. Thank you so much I'll keep those in mind whenever I'm trying. This really helps me. Thanks again :D

Edit:

With server side checks can't we do MITM? :P

Post Reply

Who is online

Users browsing this forum: admantx, AmazonBot, AwarioBot, BigJit901, Bing [Bot], Bloodybone, DrStalker, Enevox, funnyhoneybunny, Google [Bot], homerhead, Mikecho117, SemrushBot