Assassin's Creed: Origins

Status
Not open for further replies.

borucic

Novice Cheater
SunBeam post_id=39208 time=1521936191 user_id=12587 said:
@budabum: Incoming list of all game items, names and descriptions :)
While impatiently waiting for it, I want to share some of my findings. Except for an outfit, they have no names. :lol:

164BA8191A3 Hood toggle changes hairstyle :!:

Only these have perks:

Not-Hercules' Gladius :?



DAC3C897C6 DAC3C897C9

Some are colossal: :eek:

78E7614AFA




78E7614AFC

Or even in early alpha [still dangerous, though ;) ]:

78E7614AFB Yes, it's Regular Sword :rolleyes:

You can mount new camels:

128E174C2EF 128E174C2F0

And wield stealthy blades:

78E76A1D33

Two weapons that cannot be wielded:

15952AE901D 15952AE8ED8

Many without thumbnail's pictures, stats & perks - you can equip these but you'll be "unarmed".
And tens that never appeared in my inventory despite their "category" was meaningful [@budabum GearEditor]...

Cheers!
 

SmolGui

What is cheating?
SunBeam post_id=39208 time=1521936191 user_id=12587 said:
@budabum: Incoming list of all game items, names and descriptions :)

@SmolGui: Get the table from my post and follow the instructions: http://fearlessrevolution.com/viewtopic.php?f=4&t=5983 (see comments for Update #3, "Inventory Item Swapper v2" script). Please be advised we don't easily fall for the "I am a noob, someone do it for me" routine. You have a mouse and can surf this board, figure your way out please.
You're a legend. Thanks.
 
borucic post_id=39267 time=1521982031 user_id=13906 said:
SunBeam post_id=39208 time=1521936191 user_id=12587 said:
@budabum: Incoming list of all game items, names and descriptions :)
While impatiently waiting for it, I want to share some of my findings. Except for an outfit, they have no names. :lol:

Hood toggle changes hairstyle :!:

Only these have perks:

Not-Hercules' Gladius :?


Some are colossal: :eek:





Or even in early alpha [still dangerous, though ;) ]:

Yes, it's Regular Sword :rolleyes:

You can mount new camels:

And wield stealthy blades:

Two weapons that cannot be wielded:

Many without thumbnail's pictures, stats & perks - you can equip these but you'll be "unarmed".
And tens that never appeared in my inventory despite their "category" was meaningful [@budabum GearEditor]...

Cheers!
Can You please tell us the hash id's of all of these items that you found ?
Thank You
 

SunBeam

RCE Fanatics
Talents
Fearless Donors
^ I too discovered those camels; they're camels from the prop, the ones you see wondering around dragged by their masters :p If you ride them, it looks goofy.. especially when you have a tiny tent you'd supposedly have to fit in :D I'll post some screenies later on, almost done with dumper of data.
 

SunBeam

RCE Fanatics
Talents
Fearless Donors
Alright, folks. Here comes the explanation (for researchers).

1) GetUIInventoryItem function is located here:
Code:
ACOrigins.exe+22266B0 - 40 53                 - push rbx
ACOrigins.exe+22266B2 - 48 83 EC 20           - sub rsp,20
ACOrigins.exe+22266B6 - 48 8B D9              - mov rbx,rcx
ACOrigins.exe+22266B9 - 48 8B 0D 48F29D02     - mov rcx,[ACOrigins.exe+4C05908]
ACOrigins.exe+22266C0 - 48 85 C9              - test rcx,rcx
ACOrigins.exe+22266C3 - 74 33                 - je ACOrigins.exe+22266F8
ACOrigins.exe+22266C5 - 48 8B 15 04293D02     - mov rdx,[ACOrigins.exe+45F8FD0]
ACOrigins.exe+22266CC - E8 FFD80200           - call ACOrigins.exe+2253FD0
ACOrigins.exe+22266D1 - 48 85 C0              - test rax,rax
ACOrigins.exe+22266D4 - 74 22                 - je ACOrigins.exe+22266F8
ACOrigins.exe+22266D6 - 4C 8B 00              - mov r8,[rax]
ACOrigins.exe+22266D9 - 48 8B D3              - mov rdx,rbx
ACOrigins.exe+22266DC - 48 8B C8              - mov rcx,rax
ACOrigins.exe+22266DF - 41 FF 90 A8000000     - call qword ptr [r8+000000A8]
ACOrigins.exe+22266E6 - 48 85 C0              - test rax,rax
ACOrigins.exe+22266E9 - 74 0D                 - je ACOrigins.exe+22266F8
ACOrigins.exe+22266EB - 48 8B C8              - mov rcx,rax
ACOrigins.exe+22266EE - E8 DDBFFEFF           - call ACOrigins.exe+22126D0
ACOrigins.exe+22266F3 - 48 85 C0              - test rax,rax
ACOrigins.exe+22266F6 - 75 02                 - jne ACOrigins.exe+22266FA
ACOrigins.exe+22266F8 - 33 C0                 - xor eax,eax
ACOrigins.exe+22266FA - 48 83 C4 20           - add rsp,20
ACOrigins.exe+22266FE - 5B                    - pop rbx
ACOrigins.exe+22266FF - C3                    - ret
With this function you can feed-in a hash and get the UIInventoryItem pointer buda mentioned. In fact, I am using this function in "Inventory Item Swapper v2" script, transcribed as follows:
Code:
GetUIInventoryItem:
sub rsp,28
mov rbx,rcx
call GetUIInventoryContext
test rax,rax
je short GetUIInventoryItem_exit_A
  mov r8,[rax]
  mov rdx,rbx
  mov rcx,rax
  call qword ptr [r8+A8]
  test rax,rax
  je short GetUIInventoryItem_exit_A
    mov rcx,rax
    call ACOrigins.exe+22126D0
    test rax,rax
    jne short GetUIInventoryItem_exit_B
GetUIInventoryItem_exit_A:
xor eax,eax
GetUIInventoryItem_exit_B:
add rsp,28
ret

GetUIInventoryContext:
sub rsp,28
mov rcx,[ACOrigins.exe+4C05908]
test rcx,rcx
je short GetUIInventoryContext_exit_A
  mov rdx,[ACOrigins.exe+45F8FD0]
  call ACOrigins.exe+2253FD0
  test rax,rax
  jne short GetUIInventoryContext_exit_B
GetUIInventoryContext_exit_A:
xor eax,rax
GetUIInventoryContext_exit_B:
add rsp,28
ret
2) Inside this function engine will iterate through all available items; am not yet sure if these are all items you have in your inventory, that are visible -- as in, you can hover mouse on to get information -- or just all game items. Will test later on to determine which scenario. I'll get back to this in just a bit, you'll see why.

The iterator is here:
Code:
ACOrigins.exe+22256F7 - 8B 6E 18              - mov ebp,[rsi+18]
ACOrigins.exe+22256FA - 48 8B 7E 10           - mov rdi,[rsi+10]
ACOrigins.exe+22256FE - C1 ED 11              - shr ebp,11
ACOrigins.exe+2225701 - C1 E5 03              - shl ebp,03
ACOrigins.exe+2225704 - 48 03 EF              - add rbp,rdi
ACOrigins.exe+2225707 - 48 3B FD              - cmp rdi,rbp
RSI+10 holds table start address; RSI+18 moved into EBP will be the table size; RBP+RDI becomes table end address. A table with pointers to pointers to UIInventoryItems. In my case, start is 0x000000016C51A600, size is 0x1D50 and end is 0x000000016C51C350. If you do the math, 0x1D50 / 8-byte pointers = 0x3AA, aka 938 UIInventoryItems. You can get yours via setting a break there and equipping an item; as soon as CE breaks, trace the 6 lines and extract what you need.



3) Now, the first pointer in my case is 0x000000005F1417C8. If I browse its memory, I see this:



First pointer you see highlighted, if ran through a query of mine that returns its name, would be:



Yup, UIInventoryItem ;)

Let's browse its memory:



Offsets 0x68 and 0x98, as per buda's observations, contain the indexes to name and description.

If I now feed these indexes to the decryptor I've ripped and moved to a threaded function of mine, I get these results:





Now, I said I would get back to 2) -- I've checked my inventory and I don't have that scroll or whatever it is (I'll adjust that as well, fetching item category, sub-category, rarity). So it's a list of all game items I guess, 938 so far.

Having said that, you can either wait for me to post a list of all items or intervene and create your own version of my 'ramblings' :p

BR,
Sun
 

budabum

Expert Cheater
ahh, nice.
I tossed backtracing on UIInventoryItem not being up enough to reverse GetUIInventoryItem.
you did this!

I've been asked to looking into Tom Clancy’s Ghost Recon Wildlands.
to see if Gear cheat can be applied there.

Sun, is Tom based on Anvil? I need to buy TCGRW to look though :)
 

SunBeam

RCE Fanatics
Talents
Fearless Donors
It's using the same Anvil build used for Assassin's Creed: Syndicate. The only problem in GRW is they wiped clean the GetName references -- you do have the function, but the appointed string is always a 0x20 (a space) :D So am not sure if you'll be able to work your way through with no structure names available :p Not to mention they use encryption for the resourcing system and player level (might be used for other crap as well).
 

SunBeam

RCE Fanatics
Talents
Fearless Donors
Play nice :p List of all items ;)

@Mac777:

• The Bringer of Chaos -> 0x78E76A1D3C (Scepter;Normal)
• Madu's Shield -> 0x78E76A1DF1 (Shield;Normal)
• Valkyrie's Operator -> not in the game
• Hou Yi’s Bow -> 0x15952AE8F0F or 0x15952AE8F28 (ShotgunBow;Legendary)

@all:

Checking e-store, I noticed all maps cost like 400H (or 600 if purchased separately). Well..



BR,
Sun
 

Attachments

Hi guys. First of all thanks for the great work that you have done for ACO. It is awesome.
Now, I have this annoying problem ... I've played the whole game two times and still the same issue.
It is about "Stealthy Shrub Papyrus" and "Good Things Come... Papyrus". Thing is that "Good Things Come... Papyrus" show its name as "Stealthy Shrub". Anyone have this issue? It's maybe a game bug that need to be fixed by ubi ? Any chance to fix the name some how?
And by the way, @budabum .. you have found something regarding the 99% uplay progress stuck?

Here is Good Things Come... Papyrus, like it's shown in my game:


Here is Stealthy Shrub Papyrus, the correct one:
 

SunBeam

RCE Fanatics
Talents
Fearless Donors
^ Yeaps, you are correct. Each Papyrus comes with a PapyrusReward. "Stealthy Shrub"'s appearing 3 times :)



I'll see if changing the name index in the UIInventoryItem for the faulty one fixes the problem. I know Anvil iterates through all inventory items when it computes quantities or progress %. It might have to do with the two not matching, thus 99%. Another thing I would do, as an alternative, is to figure out how the developer "Toggle Full Progress Tracker Unlock" option works in Black Flag/Unity/Syndicate and port it here. Just for the kicks :p

BR,
Sun
 

Rankti

What is cheating?
Hi guys!
Also from me a big thanks for your great work on ACO.

Regarding the Papyrus, I also have an annoying issue.

I have 4 bugged Papyrus in my inventory that are both showing as unsolved "?" and as solved "!" due to the fact that I forgot to disable a function of the trainer I was using at the time.

Is there a possibility to remove these bugged "?" Papyrus from the inventory? As well as any other quests items that remained in my inventory due to the same reason stated above?

This is not a very big issue but thought I'd ask here and if it would be possible somehow then I could clean the inventory on my save file.

Thank you
 

budabum

Expert Cheater
for my 99%, the club site shows 100% main missions, 98% side missions -> in total 99%
when I dumped string objects through brute force iterating from 30000 to 1400000 I also fished Quest(Anvil:Mission) objects like
0000014F744D51C1 001084FB A Gift from the Gods

I'm thinking about iterator reversing around Mission objects to get that 99% annoying bug nailed down
 
The weekly challenges popping up as quests? So that's what's affecting total completion then having two to three of these every week.

Can't be too many of them left now, item database doesn't seem to have much else that can be unlocked and lately they've been very active with these challenges so it should just be that last outfit and probably one more weapon I'm thinking unless they patch in more stuff with 1.42 or what the next patch will be.
 

SunBeam

RCE Fanatics
Talents
Fearless Donors
Aside from the UPlay stats, where else in the game are these shown? Cuz I can't seem to find a pane in-game for some reason. Or there isn't any?...
 
SunBeam post_id=39456 time=1522067176 user_id=12587 said:
Aside from the UPlay stats, where else in the game are these shown? Cuz I can't seem to find a pane in-game for some reason. Or there isn't any?...
There is no stats in the game shown. Only in uplay. :(
 
Status
Not open for further replies.
Top Bottom