Cheat by function patching

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
Post Reply
panraven
Table Makers
Table Makers
Posts: 121
Joined: Fri Mar 03, 2017 12:03 am
Reputation: 108

Cheat by function patching

Post by panraven »

In this thread, a cheat method by function patching (*) is illustrated.
It can be used in native code, but here we used a simpler example,
javascript on [Legends of Idleon] (Steam version).

(*)There may be a more proper naming, pls suggest.

function patching has the following features:
1. the internal detail is not need to know;
2. need good understanding of input (the function parameters) and output(return value or its effect);

with this, it can show that making cheat using this method may be easier in some cases.

The 1st example on [Legends of Idleon] is to modify how it drop item (in certain situation).
The target function is [_customBlock_DropSomething], this function is one way premium currency drop, so should be a interesting choice.

Preparation:

We need to modify the Z.js file. How?
Detail check viewtopic.php?f=2&t=14407

Here a quick guide: ('.\' is the game directory)
1. we need to expand .\resource\app.asar file, which need 7z and 7z's asar format plugins
1.1 download and install 7z and asar plugins (google),
1.2 make directory 'Formats' in 7z directory if not already, drop asar's dll there;
1.3 now 7z should be able to open and extract asar file;
2. expand .\resource\app.asar to .\resource\app\, rename ./resource/app.asar to other, eg. add a '1' before -> '1app.asar' so that the game will use the expanded files instead ;
3. we can now edit target file at .\resources\app\distBuild\static\game\Z.js


Modify Steps:

0. back up the Z.js in case anything go wrong;

Our target is [_customBlock_DropSomething],

1.search Z.js for
[_customBlock_DropSomething=] or
[_customBlock_DropSomething =] if the Z.js has been prettified.
there should be a 'function' follow.

2.press-return some times AFTER the '=' above, to mark beginning of our target function (**A),

3.search another 'function' AFTER the 'function' mention in #1,

4 then go back a little to found the 1st character '}',

5.press-return some times AFTER the '}' at #4, to mark ending of our target function (**Z),

6.now we have the (**A)and (**Z) enclosing our target function, paste following in respective mark:
1st part BEFORE (**A), 2nd part AFTER (**Z)

Code: Select all

(function(f) { return function(t,s,a,A,r,l,i,o,u){  
      var q = 50 ;
      for (var j = -q ; j <= q ; j++ ) { f(t,s,a,A,r,l,i,o+j,u); } ;
        f("PremiumGem",  200,0,0,0,0,0,o,u);                      
        f("DungCredits1",100,0,0,0,0,0,o,u);                      
        f("DungCredits2",100,0,0,0,0,0,o,u);                      
    };} )(
(**A)

Code: Select all

... original code, no modify ...
(**Z)

Code: Select all

)/*yes, it is just a single ')', similar patching will be the same at ending */
7.save and try load the game, the effect can be seen only on certain drop, eg. drop card or gems.

It may not load at all if there is syntax error. May try the steps again.

8. extra example on [_customBlock_MaxCapacity],

Code: Select all

(function(f){ return function(s) {
    var n = f(s);
    return "AllCapBonuses" == s ? n : /// act accordingly from input info
           "a" == s.charAt(0) ? n : 
           "number" != typeof n ? n : 
             5000+n  ; 
  };} )(
(**A)

Code: Select all

... original code, no modify ...
(**Z)

Code: Select all

)/* a single ')' */
Result of this one can been seen more readily.

Explaination:

Above modifications in commented psedo form :

Code: Select all

_customBlock_MaxCapacity=
(function(f) { // this f is a psedo copy of the original function
  return function(s){  // <@@> this patching function, has access to the psedo original function f
//... here do something on input parameter ...
  var result = f(s)  /// call the psedo original, and get return
//... here do something on output value 'result' ...                    
  return result  
    };} 
)(  /* <++> make the call with original function as parameter f */

/*(**A) begin of original function*/
//... original code, no modify ...
}/*(**Z) end of original function*/  ) /*end of <++>*/

What we added before (**A) is a function <@@> that patching the original function (that between (**A)(**Z)),
so that we can manipulate the function usage without touching its internal.

(to be continue)

---
That's it hope you enjoy the topic.
---
An simpler native code example may added later.

Post Reply

Who is online

Users browsing this forum: No registered users