[COMPLETED] The Universim v25

Mikejuh

What is cheating?
Oct 2, 2017
3
0
1
#21
srattex post_id=19539 time=1507512816 user_id=7367 said:
Mikejuh post_id=18932 time=1506916409 user_id=8983 said:
I have no experience with this at all,
but it only took me an hour or so to figure out how to update the numbers.
Can you possibly do a tutorial on how to do these updates? Thanks in advance!
I used the info i got from page 1.
I'm not creating a CT, merely updating it (for as far as i can).
 
Jul 24, 2017
47
0
6
#22
The new table isn't working for me on V20 for some reason I can't enable it... :shock:
 

whopperg

What is cheating?
May 8, 2017
2
0
1
#25
Well,
here is my first attempt to make such table for this game:

Version: 0.21.10090
Cheats:
Happiness
Health
Stamina
Thirst

Special:
Everything ;-)
Side Note: I guess by mistake i found some code that changes everything to 100 - also like Health of Buildings ;-)
Activate ONLY the "Everything" Script.
After that, click on the Nugget list (right upper corner) to set the values. do this like every 5 min or so to reset the Stats to 100.

Also, sometimes you need two tries to activate it. Eventually it does not work with saved games.

Feel free to mod my table, but please post your new table here as i am still getting use to ASM.
Dont blame me if anything goes wrong.
Tested with CE 6.7, Win10 (1703) 64 Bit
 

Attachments

Jul 24, 2017
47
0
6
#26
whopperg post_id=24335 time=1510319283 user_id=4774 said:
Well,
here is my first attempt to make such table for this game:

Version: 0.21.10090
Cheats:
Happiness
Health
Stamina
Thirst

Special:
Everything ;-)
Side Note: I guess by mistake i found some code that changes everything to 100 - also like Health of Buildings ;-)
Activate ONLY the "Everything" Script.
After that, click on the Nugget list (right upper corner) to set the values. do this like every 5 min or so to reset the Stats to 100.

Also, sometimes you need two tries to activate it. Eventually it does not work with saved games.

Feel free to mod my table, but please post your new table here as i am still getting use to ASM.
Dont blame me if anything goes wrong.
Tested with CE 6.7, Win10 (1703) 64 Bit
Thank you !!!! I will try this out today!!! :D :D
 

Griffihn

Novice Cheater
Mar 25, 2017
15
0
1
#27
for some reason, only health and happiness works for me and the _Everything script refuses to activate for me. i'm running the pumpkin patch version if that helps in any way.
 

whopperg

What is cheating?
May 8, 2017
2
0
1
#28
Hi Nuggets!
i just updated the table to 0.22.11143 - but this time only the all in one hack cuz i'm to lazy to find all the other addresses ;-)

Enjoy!
 

Attachments

jungletek

Reality Bytes
Oct 17, 2017
158
6
18
#29
seikur0 post_id=17162 time=1505075161 user_id=8101 said:
Try using wildcards in your AOBs,
for example in the "INF. Stamina/Thirst/Hunger (float)" cheat:

0.0.17.6500:
F3 0F 11 AE 88 01 00 00 - movss [rsi+00000188],xmm5
F3 0F 10 86 88 01 00 00 - movss xmm0,[rsi+00000188]
So you used F3 0F 11 AE 88 01 00 00 F3 0F 10 86 as AOB.

0.0.18.7468:
F3 0F 11 AE A8 01 00 00 - movss [rsi+000001A8],xmm5
F3 0F 10 86 A8 01 00 00 - movss xmm0,[rsi+000001A8]
And you used F3 0F 11 AE A8 01 00 00 F3 as AOB.

The only thing that changed in between versions and will probably be changing in the future as well is the offset to rsi.
It changed from 188 to 1a8. The offset should be replaced with wildcards in the AOB, so it looks like this:
F3 0F 11 AE ** ** 00 00 F3 0F 10 86 or if it's still unique
F3 0F 11 AE ** ** ** ** F3 0F 10 86.

With wildcards your AOBs become update-safe.

Also the injection points between your 3 scripts should be called differently since you register them as symbols and symbols are global.
These symbols are telling the script where to undo the changes, so using the same symbol name will prevent them from being deactivated (since it'll be unregistered once and the game doesn't know where to look for the next changes) or likely crash the game (when the real code of cheat A gets written to the place where the real code of cheat B belongs) if you use more of them at once.
This is sort of useful, but if the offsets change, then you're going to write the wrong offsets back when you disable the cheat, assuming you don't update them in the disable section too (which negates the purpose of using wildcards to keep the table working between updates).
 

seikur0

Expert Cheater
Table Maker
Aug 26, 2017
205
37
28
#30
jungletek post_id=27357 time=1512606436 user_id=9475 said:
seikur0 post_id=17162 time=1505075161 user_id=8101 said:
Try using wildcards in your AOBs,
for example in the "INF. Stamina/Thirst/Hunger (float)" cheat:

0.0.17.6500:
F3 0F 11 AE 88 01 00 00 - movss [rsi+00000188],xmm5
F3 0F 10 86 88 01 00 00 - movss xmm0,[rsi+00000188]
So you used F3 0F 11 AE 88 01 00 00 F3 0F 10 86 as AOB.

0.0.18.7468:
F3 0F 11 AE A8 01 00 00 - movss [rsi+000001A8],xmm5
F3 0F 10 86 A8 01 00 00 - movss xmm0,[rsi+000001A8]
And you used F3 0F 11 AE A8 01 00 00 F3 as AOB.

The only thing that changed in between versions and will probably be changing in the future as well is the offset to rsi.
It changed from 188 to 1a8. The offset should be replaced with wildcards in the AOB, so it looks like this:
F3 0F 11 AE ** ** 00 00 F3 0F 10 86 or if it's still unique
F3 0F 11 AE ** ** ** ** F3 0F 10 86.

With wildcards your AOBs become update-safe.

Also the injection points between your 3 scripts should be called differently since you register them as symbols and symbols are global.
These symbols are telling the script where to undo the changes, so using the same symbol name will prevent them from being deactivated (since it'll be unregistered once and the game doesn't know where to look for the next changes) or likely crash the game (when the real code of cheat A gets written to the place where the real code of cheat B belongs) if you use more of them at once.
This is sort of useful, but if the offsets change, then you're going to write the wrong offsets back when you disable the cheat, assuming you don't update them in the disable section too (which negates the purpose of using wildcards to keep the table working between updates).
That is true. To keep the offsets for the disable you'd have to do some lua scripting or inject a few lines lower where there is no offset while still using the same aob.
 

jungletek

Reality Bytes
Oct 17, 2017
158
6
18
#31
I've actually been wondering recently if you can do an AOB wildcard scan, copy the relevant bytes from the matched AOB to a variable that the script checks for and uses in the logic, and also writes back the correct bytes on disable.

Might have to try it out, though there might be issues with the AA not being able to generate code because it can't figure out what to generate.
 

seikur0

Expert Cheater
Table Maker
Aug 26, 2017
205
37
28
#32
I did that before, because I really had to for one certain thing. Since you backup the assembler code directly, AA isn't involved at all. In general I'd avoid doing it, use the wildcards to scan for a location but then inject slightly lower, where offsets don't change in the code.
 

narcolepticnerd

Novice Cheater
Sep 1, 2017
24
0
1
#33
god power is offset 5C and its usually shown with rdi or rsi it looks like its a float. something like movss [rsi+5C], it might actually be easier to hack god power by using mono dissector that way you dont have to mess with aob scans
 

narcolepticnerd

Novice Cheater
Sep 1, 2017
24
0
1
#34
ok this code words infinite god power, you must have at least 2 already then you activate the script and pull a tree and poof infinite 999 god power and i tested it on everything.

I would search for the value first before using this cause if you try to use it before you have any power it shows a NaN

Code:
{ Game   : The Universim.exe
  Version: 
  Date   : 2017-12-21
  Author : Forrest

  This script does blah blah blah
}

[ENABLE]

aobscan(godpower,F3 0F 11 6F 5C B8) // should be unique
alloc(newmem,$1000,F8C1B8B3)

label(code)
label(return)

alloc(godp,4)

godp:
dd (float)999
newmem:


code:
fld dword ptr [godp]
fstp dword ptr [rdi+5C]
//  movss [rdi+5C],xmm5
  jmp return

godpower:
  jmp newmem
return:
registersymbol(godpower)

[DISABLE]

godpower:
  db F3 0F 11 6F 5C

unregistersymbol(godpower)
dealloc(newmem)
dealloc(godp)
{
// ORIGINAL CODE - INJECTION POINT: F8C1B8B3

F8C1B887: F3 0F 11 6D EC                 -  movss [rbp-14],xmm5
F8C1B88C: F3 0F 10 45 EC                 -  movss xmm0,[rbp-14]
F8C1B891: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
F8C1B895: F2 0F 2A CE                    -  cvtsi2sd xmm1,esi
F8C1B899: F2 0F 5C C1                    -  subsd xmm0,xmm1
F8C1B89D: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
F8C1B8A1: F3 0F 11 6D EC                 -  movss [rbp-14],xmm5
F8C1B8A6: F3 0F 10 45 EC                 -  movss xmm0,[rbp-14]
F8C1B8AB: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
F8C1B8AF: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
// ---------- INJECTING HERE ----------
F8C1B8B3: F3 0F 11 6F 5C                 -  movss [rdi+5C],xmm5
// ---------- DONE INJECTING  ----------
F8C1B8B8: B8 01 00 00 00                 -  mov eax,00000001
F8C1B8BD: 48 8D 65 F0                    -  lea rsp,[rbp-10]
F8C1B8C1: 5F                             -  pop rdi
F8C1B8C2: 5E                             -  pop rsi
F8C1B8C3: C9                             -  leave 
F8C1B8C4: C3                             -  ret 
F8C1B8C5: 00 00                          -  add [rax],al
F8C1B8C7: 00 00                          -  add [rax],al
F8C1B8C9: 00 00                          -  add [rax],al
F8C1B8CB: 00 B5 00 00 00 C4              -  add [rbp-3C000000],dh
}
 

Blayde

Expert Cheater
Aug 25, 2017
229
1
16
#35
narcolepticnerd post_id=28606 time=1513898195 user_id=8233 said:
code:
fld dword ptr [godp]
fstp dword ptr [rdi+5C]
// movss [rdi+5C],xmm5
jmp return
You dont need this
--------------------
alloc(godp,4)
godp:
dd (float)999
newmem:

Just
----
code:
mov [rdi+5C],(float)999
jmp return
 

narcolepticnerd

Novice Cheater
Sep 1, 2017
24
0
1
#36
Blayde post_id=28608 time=1513901469 user_id=8084 said:
narcolepticnerd post_id=28606 time=1513898195 user_id=8233 said:
code:
fld dword ptr [godp]
fstp dword ptr [rdi+5C]
// movss [rdi+5C],xmm5
jmp return
You dont need this
--------------------
alloc(godp,4)
godp:
dd (float)999
newmem:

Just
----
code:
mov [rdi+5C],(float)999
jmp return
cool now I just need to find a better aob injection location, that one I have is not very stable it changes cause of some of the bytes changing.
 

fantomas

Expert Cheater
Table Maker
Mar 25, 2017
328
43
28
#37
narcolepticnerd post_id=28606 time=1513898195 user_id=8233 said:
ok this code words infinite god power, you must have at least 2 already then you activate the script and pull a tree and poof infinite 999 god power and i tested it on everything.

I would search for the value first before using this cause if you try to use it before you have any power it shows a NaN

Code:
{ Game   : The Universim.exe
  Version: 
  Date   : 2017-12-21
  Author : Forrest

  This script does blah blah blah
}

[ENABLE]

aobscan(godpower,F3 0F 11 6F 5C B8) // should be unique
alloc(newmem,$1000,F8C1B8B3)

label(code)
label(return)

alloc(godp,4)

godp:
dd (float)999
newmem:


code:
fld dword ptr [godp]
fstp dword ptr [rdi+5C]
//  movss [rdi+5C],xmm5
  jmp return

godpower:
  jmp newmem
return:
registersymbol(godpower)

[DISABLE]

godpower:
  db F3 0F 11 6F 5C

unregistersymbol(godpower)
dealloc(newmem)
dealloc(godp)
{
// ORIGINAL CODE - INJECTION POINT: F8C1B8B3

F8C1B887: F3 0F 11 6D EC                 -  movss [rbp-14],xmm5
F8C1B88C: F3 0F 10 45 EC                 -  movss xmm0,[rbp-14]
F8C1B891: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
F8C1B895: F2 0F 2A CE                    -  cvtsi2sd xmm1,esi
F8C1B899: F2 0F 5C C1                    -  subsd xmm0,xmm1
F8C1B89D: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
F8C1B8A1: F3 0F 11 6D EC                 -  movss [rbp-14],xmm5
F8C1B8A6: F3 0F 10 45 EC                 -  movss xmm0,[rbp-14]
F8C1B8AB: F3 0F 5A C0                    -  cvtss2sd xmm0,xmm0
F8C1B8AF: F2 0F 5A E8                    -  cvtsd2ss xmm5,xmm0
// ---------- INJECTING HERE ----------
F8C1B8B3: F3 0F 11 6F 5C                 -  movss [rdi+5C],xmm5
// ---------- DONE INJECTING  ----------
F8C1B8B8: B8 01 00 00 00                 -  mov eax,00000001
F8C1B8BD: 48 8D 65 F0                    -  lea rsp,[rbp-10]
F8C1B8C1: 5F                             -  pop rdi
F8C1B8C2: 5E                             -  pop rsi
F8C1B8C3: C9                             -  leave 
F8C1B8C4: C3                             -  ret 
F8C1B8C5: 00 00                          -  add [rax],al
F8C1B8C7: 00 00                          -  add [rax],al
F8C1B8C9: 00 00                          -  add [rax],al
F8C1B8CB: 00 B5 00 00 00 C4              -  add [rbp-3C000000],dh
}
Hi

The GodPowerPoints maxValue is 1000 - You can find that value at this address: Game.Faith:FaithController:UpdateGodPowerPoints+1ef

You'll have to active mono feature (Mono tab) to see it. The opcode is movss xmm1,[rax+54] and the array of byte is F3 0F 10 48 54.

Here the script:
Code:
// Game: The Universim
// Version: 0.0.23.12027 EL PACINO

[ENABLE]
Game.Faith:FaithController:UpdateGodPowerPoints+199:
  db EB 4F 90 90 90
//jmp Game.Faith:FaithController:UpdateGodPowerPoints+1ef    //a.k.a movss xmm1,[rsi+54]  <== maxGodPowerPoints [1000]
 
[DISABLE]
Game.Faith:FaithController:UpdateGodPowerPoints+199:
  db F3 0F 11 6E 5C
//movss [rsi+5C],xmm5      <== currentGodPowerPoints
 
Top Bottom