Assassin's Creed: Origins

Upload your cheat tables here (No requests)
User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 59
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 28

Re: Assassin's Creed: Origins

Post by SunBeam » Sun Feb 11, 2018 8:10 am

If allowed, I may fiddle with your scripts :) Just let me know you agree to this (am asking everyone who's posted a script in this topic, including Cielos).

pigeon
Cheater
Cheater
Posts: 48
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 5

Re: Assassin's Creed: Origins

Post by pigeon » Sun Feb 11, 2018 12:17 pm

@SunBeam sure, you or anyone else can change it at your own taste and share with your own cheat tables :)

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 59
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 28

Re: Assassin's Creed: Origins

Post by SunBeam » Sun Feb 11, 2018 12:31 pm

^ Not my point. It's not for a table release, but to address issues you've been facing. Or stabilize some features. More eyes are better than two, as they say :)

pigeon
Cheater
Cheater
Posts: 48
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 5

Re: Assassin's Creed: Origins

Post by pigeon » Sun Feb 11, 2018 1:19 pm

@SunBeam, anyway, the more people work with free camera cheats, the more useful stuff we all will have :D

BTW, updated my post in previous page with the cheat table by adding spoiler with useful information and links. In case if someone already read it but interesting in experimenting with it in this or another games, you can find it useful.

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 59
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 28

Re: Assassin's Creed: Origins

Post by SunBeam » Sun Feb 11, 2018 6:20 pm

^ Yeaps, read it. And tested it. There are better ways to freeze everyone; an engine pause is doable, remember seeing or reading about it at some point. As for your XYZ and Rot H base pointer, it's called CameraManager:

Image

Then +A8 +0 leads to ACUPlayerCameraComponent.

I'll see if I can update your stuff to work properly and let engine update objects (and their textures).

Here's a much better place to use to stop Bayek from moving altogether:

Code: Select all

ACOrigins.exe+974C170 - 48 83 EC 28           - sub rsp,28
ACOrigins.exe+974C174 - E8 174388F8           - call ACOrigins.exe+1FD0490
ACOrigins.exe+974C179 - 80 B8 A9020000 00     - cmp byte ptr [rax+000002A9],00
ACOrigins.exe+974C180 - 74 28                 - je ACOrigins.exe+974C1AA
ACOrigins.exe+974C182 - 80 B8 6F050000 00     - cmp byte ptr [rax+0000056F],00
ACOrigins.exe+974C189 - 75 1F                 - jne ACOrigins.exe+974C1AA
ACOrigins.exe+974C18B - B0 01                 - mov al,01
ACOrigins.exe+974C18D - 48 83 C4 28           - add rsp,28
ACOrigins.exe+974C191 - C3                    - ret 
Setting both those two offsets to 1 will cause no movement. Structure is called PhotoModeManager. Also, in my table if you add [[pWorld] + 1458] and set value > 0 while in-game, you'll see world time stop.

pigeon
Cheater
Cheater
Posts: 48
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 5

Re: Assassin's Creed: Origins

Post by pigeon » Sun Feb 11, 2018 11:08 pm

Honestly, i can see on this your screenshot only some kind of magic, that i do not understand :D

About both offsets to 1, i'm misunderstand you with that or it just doesn't work for CPY version. I've try three kind of "set to 1", but no one stop anyone:
Show
Image
But i get your idea and try to find those "1" bytes manually while activating in-game PhotoMode! There is funny, actually, that there is already some kind of in-game free camera mod, which is exactly this Free Camera Mod... If we disable camera borders so camera can move everywhere without limits and move "render point" to camera - this is should be enough, but... Making camera mod by yourself is just like this:
Show
Image
:D
Oh, now i get this... In my case, if i still misunderstand you, it required to take both addresses from [rax+2a9] and [rax+56f]. And if i set first at "1", then it activate PhotoMode camera without interface, but with borders. If i set second to "1" it attach cemera back to Bayek. In both cases Bayek stop moves, but all around keep moving and enemies can see Bayek. But it is great! Probably, here is should be the same 0-1 value for invisible, stop enemies and probably something else!

BTW, [[pWorld] + 1458] doesn't work for me with your table, the whole table doesn't work though:
Show
Image
AOB looks unique, everything looks good as i can see with my acknowledges, but... Maybe because of, again, different versions? I can make more tests and post results in your thread, if you are interesting in it!

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 59
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 28

Re: Assassin's Creed: Origins

Post by SunBeam » Sun Feb 11, 2018 11:36 pm

^ You're supposed to press Numpad 0 after enabling those scripts. That's how the content gets populated. And [[pWorld]+1458] means you add a new address, tick Pointer, type in pWorld as address and first offset is 1458.

pigeon
Cheater
Cheater
Posts: 48
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 5

Re: Assassin's Creed: Origins

Post by pigeon » Mon Feb 12, 2018 4:46 am

Yes, sorry, that was super-stupid from me... :roll: You even wrote about "Numpad0" in description right after screenshot with your table... And yes, this is work:)
About [pWorld]+1458 i'm was bit overheated and do not pay attention for another [ ] around it, but it works even like that:)

wolfnight2302
What is cheating?
What is cheating?
Posts: 1
Joined: Mon Feb 12, 2018 7:04 am
Reputation: 0

Re: Assassin's Creed: Origins

Post by wolfnight2302 » Mon Feb 12, 2018 7:07 am

how to use it?? my Ability Points still 0

pigeon
Cheater
Cheater
Posts: 48
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 5

Re: Assassin's Creed: Origins

Post by pigeon » Mon Feb 12, 2018 12:23 pm

@SunBeam
can you check if those 2 pointers works for you?

PhotoMode Camera On (1 byte): [ACOrigins.exe+4B8E6F0]+2A9
Freeze World (could be one or 4 byte): [["ACOrigins.exe"+04B8FFD0]+280]+38

Instruction that write to freeze world address and few more (mov [rdi+38],edx):

Code: Select all

"ACOrigins.exe"+895838: 0F 28 C1                 -  movaps xmm0,xmm1
"ACOrigins.exe"+89583B: 0F 54 C2                 -  andps xmm0,xmm2
"ACOrigins.exe"+89583E: 0F 2F C3                 -  comiss xmm0,xmm3
"ACOrigins.exe"+895841: 76 05                    -  jna ACOrigins.exe+895848
"ACOrigins.exe"+895843: F3 0F 11 49 20           -  movss [rcx+20],xmm1
"ACOrigins.exe"+895848: 8B 49 38                 -  mov ecx,[rcx+38]
"ACOrigins.exe"+89584B: 8B 57 40                 -  mov edx,[rdi+40]
"ACOrigins.exe"+89584E: 03 D1                    -  add edx,ecx
"ACOrigins.exe"+895850: 89 4F 3C                 -  mov [rdi+3C],ecx
"ACOrigins.exe"+895853: 33 C9                    -  xor ecx,ecx
// ---------- INJECTING HERE ----------
"ACOrigins.exe"+895855: 89 57 38                 -  mov [rdi+38],edx
"ACOrigins.exe"+895858: 89 4F 40                 -  mov [rdi+40],ecx
// ---------- DONE INJECTING  ----------
"ACOrigins.exe"+89585B: 85 D2                    -  test edx,edx
"ACOrigins.exe"+89585D: 7E 05                    -  jle ACOrigins.exe+895864
"ACOrigins.exe"+89585F: 0F 57 F6                 -  xorps xmm6,xmm6
"ACOrigins.exe"+895862: EB 30                    -  jmp ACOrigins.exe+895894
"ACOrigins.exe"+895864: 38 4F 44                 -  cmp [rdi+44],cl
"ACOrigins.exe"+895867: 74 21                    -  je ACOrigins.exe+89588A
"ACOrigins.exe"+895869: F3 0F 59 77 24           -  mulss xmm6,[rdi+24]
"ACOrigins.exe"+89586E: 38 4F 45                 -  cmp [rdi+45],cl
"ACOrigins.exe"+895871: 74 21                    -  je ACOrigins.exe+895894
"ACOrigins.exe"+895873: F3 0F 59 77 28           -  mulss xmm6,[rdi+28]
And PhotoMode camera enabler instruction:

Code: Select all

"ACOrigins.exe"+1FFB1C8: 48 8B 8B 18 04 00 00  -  mov rcx,[rbx+00000418]
"ACOrigins.exe"+1FFB1CF: 48 85 C9              -  test rcx,rcx
"ACOrigins.exe"+1FFB1D2: 74 79                 -  je ACOrigins.exe+1FFB24D
"ACOrigins.exe"+1FFB1D4: 80 BB 20 04 00 00 00  -  cmp byte ptr [rbx+00000420],00
"ACOrigins.exe"+1FFB1DB: 75 70                 -  jne ACOrigins.exe+1FFB24D
"ACOrigins.exe"+1FFB1DD: E8 8E DC 36 FF        -  call ACOrigins.exe+1368E70
"ACOrigins.exe"+1FFB1E2: 48 8D 8B B0 02 00 00  -  lea rcx,[rbx+000002B0]
"ACOrigins.exe"+1FFB1E9: BA 04 00 00 00        -  mov edx,00000004
"ACOrigins.exe"+1FFB1EE: E8 4D 30 44 FF        -  call ACOrigins.exe+143E240
"ACOrigins.exe"+1FFB1F3: C6 83 6F 05 00 00 01  -  mov byte ptr [rbx+0000056F],01
// ---------- INJECTING HERE ----------
"ACOrigins.exe"+1FFB1FA: C6 83 A9 02 00 00 01  -  mov byte ptr [rbx+000002A9],01
// ---------- DONE INJECTING  ----------
"ACOrigins.exe"+1FFB201: EB 11                 -  jmp ACOrigins.exe+1FFB214
"ACOrigins.exe"+1FFB203: 33 D2                 -  xor edx,edx
"ACOrigins.exe"+1FFB205: C6 83 18 06 00 00 01  -  mov byte ptr [rbx+00000618],01
"ACOrigins.exe"+1FFB20C: 48 8B CB              -  mov rcx,rbx
"ACOrigins.exe"+1FFB20F: E8 2C 02 00 00        -  call ACOrigins.exe+1FFB440
"ACOrigins.exe"+1FFB214: 48 8B 0D 65 33 73 02  -  mov rcx,[ACOrigins.exe+472E580]
"ACOrigins.exe"+1FFB21B: 8B 91 B8 00 00 00     -  mov edx,[rcx+000000B8]
"ACOrigins.exe"+1FFB221: E8 AA E5 81 FE        -  call ACOrigins.exe+8197D0
"ACOrigins.exe"+1FFB226: 48 8B D8              -  mov rbx,rax
"ACOrigins.exe"+1FFB229: 48 85 C0              -  test rax,rax
btw, PhotoMode camera value required that during current gameplay photomode was enabled at least once, otherwise, camera will movein some "dark area" :)

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 59
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 28

Re: Assassin's Creed: Origins

Post by SunBeam » Mon Feb 12, 2018 1:14 pm

^ You need both BOOLs set to 1 (0x56F and 0x2A9) so Bayek doesn't move. I mentioned this already :P -> viewtopic.php?p=32199#p32199 (see bottom of the post, the code snippet).

pigeon
Cheater
Cheater
Posts: 48
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 5

Re: Assassin's Creed: Origins

Post by pigeon » Mon Feb 12, 2018 1:51 pm

@SunBeam i've found "render point"! :D

Check this instruction, see what addresses this access, NOP it and change values of this addresses:

Code: Select all

"ACOrigins.exe"+14697CF: 48 8B 79 08              -  mov rdi,[rcx+08]
"ACOrigins.exe"+14697D3: 48 C1 E7 20              -  shl rdi,20
"ACOrigins.exe"+14697D7: 48 C1 FF 3F              -  sar rdi,3F
"ACOrigins.exe"+14697DB: 48 23 39                 -  and rdi,[rcx]
"ACOrigins.exe"+14697DE: 48 85 FF                 -  test rdi,rdi
"ACOrigins.exe"+14697E1: 74 4A                    -  je ACOrigins.exe+146982D
"ACOrigins.exe"+14697E3: 48 8D 54 24 20           -  lea rdx,[rsp+20]
"ACOrigins.exe"+14697E8: 48 8B CF                 -  mov rcx,rdi
"ACOrigins.exe"+14697EB: E8 C0 6E EE FF           -  call ACOrigins.exe+13506B0
"ACOrigins.exe"+14697F0: 0F 28 00                 -  movaps xmm0,[rax]
// ---------- INJECTING HERE ----------
"ACOrigins.exe"+14697F3: 0F 29 83 00 02 00 00     -  movaps [rbx+00000200],xmm0
// ---------- DONE INJECTING  ----------
"ACOrigins.exe"+14697FA: 48 8B 4F 18              -  mov rcx,[rdi+18]
"ACOrigins.exe"+14697FE: 48 85 C9                 -  test rcx,rcx
"ACOrigins.exe"+1469801: 74 19                    -  je ACOrigins.exe+146981C
"ACOrigins.exe"+1469803: 48 83 C7 70              -  add rdi,70
"ACOrigins.exe"+1469807: 48 8B D7                 -  mov rdx,rdi
"ACOrigins.exe"+146980A: E8 61 9A 43 FF           -  call ACOrigins.exe+8A3270
"ACOrigins.exe"+146980F: 0F 28 47 10              -  movaps xmm0,[rdi+10]
"ACOrigins.exe"+1469813: 0F 29 83 20 02 00 00     -  movaps [rbx+00000220],xmm0
"ACOrigins.exe"+146981A: EB 2D                    -  jmp ACOrigins.exe+1469849
"ACOrigins.exe"+146981C: 0F 28 47 30              -  movaps xmm0,[rdi+30]
Not have much time to play with it at current moment, so the only thing i figure out is that it also block movements somehow.

Or if you can't find it by this AOB, here is how i get it:
- Make search for the some nearest to camera values, or the exact Bayek X value;
- Be sure that this values stable and does not changing when Bayek doesn't move and camera rotated;
- press V to switch for Senu. Yes, this is when "render point" moved from Bayek, to Senu! :)
- Making the same inc/dec searches and after you get something like ~24 addresses, you should NOP what write for every of them and by changing value, for examples, from 300 to 400 to 500 to 600 you will see that quality of nearest by Bayek meshes and textures decreased :)

pigeon
Cheater
Cheater
Posts: 48
Joined: Sat Mar 04, 2017 11:37 am
Reputation: 5

Re: Assassin's Creed: Origins

Post by pigeon » Mon Feb 12, 2018 6:13 pm

Figured out calculations for semi sides:

Code: Select all

 
globalalloc(speedmult,8)
speedmult:
db CD CC CC 3D

{$lua}

[ENABLE]

function checkKeys(timer)

local camx = readFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90") -- Camera X
local camy = readFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+98") -- Camera Y
local camz = readFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94") -- Camera Z
local radh = readFloat("[[[[ACOrigins.exe+4B139F0]+A8]+0]+340]+C4") -- Horizontal rotation in Rad
local mult = readFloat("speedmult") -- speed multiplier
local sinh = math.sin(radh)
local cosh = math.cos(radh)

  if isKeyPressed(VK_W) then  -- move Forward
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx - (sinh * mult))
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz - (cosh * mult))
  end
  if isKeyPressed(VK_S) then  -- move Back
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx + (sinh * mult))
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz + (cosh * mult))
  end
  if isKeyPressed(VK_A) then  -- Move Right
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx + (cosh * mult))
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz - (sinh * mult))
  end
  if isKeyPressed(VK_D) then  -- Move Left
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx - (cosh * mult))
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz + (sinh * mult))
  end
  
-- from here new part for semi-side moves

  if isKeyPressed(VK_W) and isKeyPressed(VK_D) then  -- move Forward-Right
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx - ((sinh + cosh) * mult))
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz - ((cosh - sinh) * mult))
  end
  if isKeyPressed(VK_W) and isKeyPressed(VK_A) then  -- move Forward-Left
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx - ((sinh - cosh) * mult))
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz - ((cosh + sinh) * mult))
  end
  if isKeyPressed(VK_S) and isKeyPressed(VK_D) then  -- move Back-Right
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx + ((sinh - cosh) * mult))
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz + ((cosh + sinh) * mult))
  end
  if isKeyPressed(VK_S) and isKeyPressed(VK_A) then  -- move Back-Left
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+90", camx + ((sinh + cosh) * mult))
    writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+94", camz + ((cosh - sinh) * mult))
  end
  
-- from here all the same

  if isKeyPressed(VK_R) then  -- Move Up
   writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+98", camy + (mult * 0.5))
  end
  if isKeyPressed(VK_F) then  -- Move Down
   writeFloat("[[[ACOrigins.exe+4B139F0]+A8]+0]+98", camy - (mult * 0.5))
  end

  if isKeyPressed(VK_SHIFT) then
   writeFloat("speedmult", readFloat("speedmult") + 0.01) -- Hold Shift for keep incresing speed
  elseif isKeyPressed(VK_CONTROL) then
   writeFloat("speedmult", 0.01) -- Hold Ctrl for decrease speed
  else
   writeFloat("speedmult", 0.15) -- When no Ctrl or Shift pressed, normal speed
  end

end

t=createTimer(nil)
timer_setInterval(t, 10)
timer_onTimer(t, checkKeys)
timer_setEnabled(t, true)

[DISABLE]

timer_setEnabled(t, false)
But it's just calculations.

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 59
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 28

Re: Assassin's Creed: Origins

Post by SunBeam » Tue Feb 13, 2018 11:43 am

Hey there, pigeon.

I got what you meant, see below video ;) It'll also indicate what structure this is we're dealing with :P



So I have several suggestions:

1) Use the pWorld + offset I mentioned to pause engine (if you don't want any movement at all).

2) Use the two offsets set to 1 for Photo Mode (will freeze Bayek).

3) From the Free Cam script you can also update Bayek's coordinates: freeze engine, detach cam, move to the spot you want, update Bayek's coordinates (XYZ), resume engine, disable cam. Boom: teleport to cam position :) I've done this in Prey, see video:



Which reminds me to fix that cam movement speed (quite an insane speed).

4) As far as rendering points updating as you move: instead of NOPing that location of yours, why not swap the pointer? Let me rephrase: let the 4 addresses update with the coordinates of our camera, instead of the coordinates of Bayek. You saw how, if I put the instruction back - the movaps - XYZ updated with Bayek's XYZ ;) So I'll backtrace to see where we can do the swap :P

BR,
Sun

User avatar
SunBeam
RCE Fanatics
RCE Fanatics
Posts: 59
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 28

Re: Assassin's Creed: Origins

Post by SunBeam » Tue Feb 13, 2018 12:06 pm

The update happens here:

Code: Select all

ACOrigins.exe+14697E8 - mov rcx,rdi <-- rdi here is pEntity (Bayek's)
ACOrigins.exe+14697EB - call ACOrigins.exe+13506B0 <-- this call returns Bayek's pEntity XYZ in [rax]
ACOrigins.exe+14697F0 - movaps xmm0,[rax] <-- xmm0 is updated with Bayek's XYZ
ACOrigins.exe+14697F3 - movaps [rbx+00000200],xmm0 <-- render points updated as well
Also there are 2 spots that need hooking. Posting script in a bit.

Also, note you've reversed Y and Z (Y is 0x94, Z is 0x98).

Post Reply

Who is online

Users browsing this forum: Ba’gamnan, Cenness, doc_haz, LegendZero88, xy13x