FearLess Cheat Engine

Community Cheat Tables of Cheat Engine
https://fearlessrevolution.com/

how to restore a script?

https://fearlessrevolution.com/viewtopic.php?f=15&t=11622

Page 1 of 1

how to restore a script?

Posted: Sun Feb 16, 2020 9:59 am
by Insterluda
Hello fellas,


Maybe someone knows a guide about this too, that would be great.
This is something harder to cheat than I've thought and still I wanna try and spent hours in.

Currently I try to restore an old script about bloons: Adventure Time TD game
The creator of the code said I can use it and try my best.

Code: Select all

// Game   : btdadventuretime.exe
// Version:
// Date   :
// Author : Cs
[ENABLE]
aobscanmodule(aobCashGrabber,GameAssembly.dll,01 48 8B 0D ?? ?? ?? ?? 48 8B 9B 10 02 00 00)

alloc(newmemCashGrabber,4096,aobCashGrabber)

label(aobCashGrabber_r)
label(aobCashGrabber_i)
registersymbol(aobCashGrabber_r)
registersymbol(aobCashGrabber_i)

label(lblCashGrabber)
label(lblCashGrabberSkip)
label(lblCashGrabberRet)

label(bEnableMinCash)
label(dMinCash)
registersymbol(bEnableMinCash)
registersymbol(dMinCash)

newmemCashGrabber:
bEnableMinCash:
dd 1
dMinCash:
dq (double)999999.0

lblCashGrabber:
readmem(aobCashGrabber+08,7)
push rax
push rcx
push rdx
push r10
cmp dword ptr [bEnableMinCash],1
jne short lblCashGrabberSkip
mov rax,[GameAssembly.dll+1ED25F8]
mov rax,[rax+000000B8]
mov rcx,[rax]
mov rax,[rbx+10]
mov rdx,[rax+20]
movsxd rax,[rbx+18]
mov rcx,[rcx+rax*8+20]
mov r10,[rcx+20]
xor rdx,r10
mov rax,[dMinCash]
cmp rdx,rax
jge short lblCashGrabberSkip
mov rdx,rax
xor rdx,r10
mov rax,[rbx+10]
mov [rax+20],rdx
lblCashGrabberSkip:
pop r10
pop rdx
pop rcx
pop rax
jmp lblCashGrabberRet
aobCashGrabber_i:
readmem(aobCashGrabber+08,7)

aobCashGrabber+08:
aobCashGrabber_r:
jmp lblCashGrabber
nop
nop
lblCashGrabberRet:

[DISABLE]
aobCashGrabber_r:
readmem(aobCashGrabber_i,7)

unregistersymbol(aobCashGrabber_r)
unregistersymbol(aobCashGrabber_i)

unregistersymbol(bEnableMinCash)
unregistersymbol(dMinCash)

dealloc(newmemCashGrabber)

I know this:
The game uses the CryptVarDouble class to store the cash.
CryptVarDouble is a proprietary class.
It uses a System.Byte[] to store a the byte sausage.
The byte sausage itself is 8 bytes, representing the double.
The byte sausage is continually re-encrypted using a collection of 16 random XOR keys.

I'm curious how to restore the "?? ?? ?? ??" in the code
I feel I'm close to the solution.
currently I try to find the stack value in Tracer (Break and Trace instruction)


Maybe someone has an idea or guides.
ty.

Re: how to restore a script?

Posted: Sun Feb 16, 2020 10:30 am
by GreenHouse
What do you mean how to restore the "?? ?? ?? ??"?
The "??" mean that it's unknown, so try doing an aob scan of the entire aob and try replacing the offsets with ?? too, as the update may have changed them. Or just search for similar ones.

Re: how to restore a script?

Posted: Sun Feb 16, 2020 10:45 am
by Insterluda
Hi,
Thank you for your support.
I will try right now an aob scan.

if it's not working is there a possible way to scan a display value with aob?

Re: how to restore a script?

Posted: Sun Feb 16, 2020 11:59 am
by GreenHouse
Insterluda wrote:
Sun Feb 16, 2020 10:45 am
 if it's not working is there a possible way to scan a display value with aob?
Scan a display value with aob? It's a value, meaning that you can see it as an aob. So the answer is yes.

Re: how to restore a script?

Posted: Sun Feb 16, 2020 12:16 pm
by Insterluda
GreenHouse wrote:
Sun Feb 16, 2020 11:59 am
Insterluda wrote:
Sun Feb 16, 2020 10:45 am
 if it's not working is there a possible way to scan a display value with aob?
Scan a display value with aob? It's a value, meaning that you can see it as an aob. So the answer is yes.
hi,
Thanks for the answer.
I got one more question this will be the last for sure.
I'm not a pro with aob scans.

The value type is double and its only the "display value" you see as cash, but you can't change the value because it changes back in his original form.
this means the "display value" is encrypted.
does aob. scan still work?

I have seen no tutorials yet which uses aob. scan at encrypted values.


ty.

Re: how to restore a script?

Posted: Sun Feb 16, 2020 2:33 pm
by GreenHouse
Insterluda wrote:
Sun Feb 16, 2020 12:16 pm
 The value type is double and its only the "display value" you see as cash, but you can't change the value because it changes back in his original form.
this means the "display value" is encrypted.
does aob. scan still work?

I have seen no tutorials yet which uses aob. scan at encrypted values.


ty.
I mean, if you're trying to use an aobscan to search the literal value, then no, as the value keeps changing.
As for the aobscan from that script, I got the game and the aob that you're looking for is: 01 48 8B 0D 5D 87 79 01 48 8B 9B 10 02 00 00 (On the last game update from Steam only). That's the function that accesses your health, and from there you can access the cash and do whatever the script does.

Re: how to restore a script?

Posted: Sun Feb 16, 2020 6:15 pm
by Insterluda
GreenHouse wrote:
Sun Feb 16, 2020 2:33 pm
Insterluda wrote:
Sun Feb 16, 2020 12:16 pm
 The value type is double and its only the "display value" you see as cash, but you can't change the value because it changes back in his original form.
this means the "display value" is encrypted.
does aob. scan still work?

I have seen no tutorials yet which uses aob. scan at encrypted values.


ty.
I mean, if you're trying to use an aobscan to search the literal value, then no, as the value keeps changing.
As for the aobscan from that script, I got the game and the aob that you're looking for is: 01 48 8B 0D 5D 87 79 01 48 8B 9B 10 02 00 00 (On the last game update from Steam only). That's the function that accesses your health, and from there you can access the cash and do whatever the script does.

Thank you so much... meh its so sad I couldn't even grab the address and you got it like in 2min...
Is there a better way to improve my knowledege about this?
Could you maybe recommend me anything?

Is there anything you wanna have for this effort?
You wanna some donating cash as exchange?
I mean I couldnt find a soluation even after 10hours+

Re: how to restore a script?

Posted: Sun Feb 16, 2020 6:19 pm
by Insterluda
Insterluda wrote:
Sun Feb 16, 2020 6:15 pm
GreenHouse wrote:
Sun Feb 16, 2020 2:33 pm
Insterluda wrote:
Sun Feb 16, 2020 12:16 pm
 The value type is double and its only the "display value" you see as cash, but you can't change the value because it changes back in his original form.
this means the "display value" is encrypted.
does aob. scan still work?

I have seen no tutorials yet which uses aob. scan at encrypted values.


ty.
I mean, if you're trying to use an aobscan to search the literal value, then no, as the value keeps changing.
As for the aobscan from that script, I got the game and the aob that you're looking for is: 01 48 8B 0D 5D 87 79 01 48 8B 9B 10 02 00 00 (On the last game update from Steam only). That's the function that accesses your health, and from there you can access the cash and do whatever the script does.

Thank you so much... meh its so sad I couldn't even grab the address and you got it like in 2min...
Is there a better way to improve my knowledege about this?
Could you maybe recommend me anything?

Is there anything you wanna have for this effort?
You wanna some donating cash as exchange?
I mean I couldnt find a soluation even after 10hours+


*) The next step is to get the script working again or?
So its not enough to just simple copy & paste that aob right?

Re: how to restore a script?

Posted: Mon Feb 17, 2020 11:48 pm
by Insterluda
Hi fellas,

just wanna let you know I MADE IT.

Coins, life, gems, crystals, cash.
and all upgrade resources you need.

No idea how to grab "cosmic essence" or usable abilites.
No idea how to increase damage output, speed of a unit.

and aob scan 01 48 8B 0D 5D 87 79 01 48 8B 9B 10 02 00 00 is bullshit throw it away.
best tutorial to beat encrypted values + unity game


Maybe I will upload a guide how, but I'm sure some losers will go online with the cheats and fuck up the devs. again and they will encrypt this shit even more.
Since it feels like almost zero one can beat encrypted values....
so many hours wasted.

Re: how to restore a script?

Posted: Tue Feb 18, 2020 12:26 am
by GreenHouse
Insterluda wrote:
Mon Feb 17, 2020 11:48 pm
 just wanna let you know I MADE IT.
Nicely done. I've been checking the game myself too and I've done 3 scripts. One is so none of the currencies decrease on purchase or use, from in match coins to gems and shards, a script to be immortal, and a script to auto-complete quests.
There's a lot of stuff that you can do pretty easily, as they're not server sided.

Re: how to restore a script?

Posted: Tue Feb 18, 2020 7:34 pm
by Insterluda
GreenHouse wrote:
Tue Feb 18, 2020 12:26 am
Insterluda wrote:
Mon Feb 17, 2020 11:48 pm
 just wanna let you know I MADE IT.
Nicely done. I've been checking the game myself too and I've done 3 scripts. One is so none of the currencies decrease on purchase or use, from in match coins to gems and shards, a script to be immortal, and a script to auto-complete quests.
There's a lot of stuff that you can do pretty easily, as they're not server sided.
Don't play online with your scripts.
We are only at this bad situation cuz people went online with cheats.
They have hard encrypted the values cuz of too many cheater reports.

No clue how good you are, but I'm using cheatengine for 3+ years now and this was the biggest challenge I've ever tried.
I have almost given up.

good luck mate.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited