[REQ] Rance IX – The Helmanian Revolution
Re: [REQ] Rance IX – The Helmanian Revolution
If this is not too much work - maybe some light write-up how this table was done.
Re: [REQ] Rance IX – The Helmanian Revolution
Hello everyone, here's the release...
Abstract:
This table was tested on version 1.00 of Rance IX using Cheat Engine 7.4. Make sure to toggle "Hook VM" first. Each script does it what it says and must be enabled one at a time.
Since I didn't have a full save, I had to make some guesses regarding which characters occupied the character structure, so let me know if they are wrong.
If you crash, let me know what version of cheat engine you're using, what version of the game you're running, and how to consistently replicate the crash.
This table was tested on version 1.00 using Cheat Engine 7.4. All the heavy lifting was provided by these cool individuals...
cheers!
happyTugs
Abstract:
This table was tested on version 1.00 of Rance IX using Cheat Engine 7.4. Make sure to toggle "Hook VM" first. Each script does it what it says and must be enabled one at a time.
Since I didn't have a full save, I had to make some guesses regarding which characters occupied the character structure, so let me know if they are wrong.
If you crash, let me know what version of cheat engine you're using, what version of the game you're running, and how to consistently replicate the crash.
This table was tested on version 1.00 using Cheat Engine 7.4. All the heavy lifting was provided by these cool individuals...
- nunuhara, kichikuou, OPNA2608 toufuguy - Thank you all for your work regarding Alicesoft's proprietary engine and file formats. I would not have been able to make any key analyses without the use of your tools. Thank you so much for sharing your work since I have definitely learned a lot about virtual machine architecture and the System engine. [Link]
- SomeLoliCatGirl - Thank you for the wonderful AIN to bytecode decompiler. Your decompiler helped me tremendously with my analysis because I was able to locate where the bytecode was being interpreted and where it was being stored. As a result, I was able to craft my own custom bytecode injections, and effectively localize myself within the System VM architecture without doing much guessing.
- Tim Blazytko - Great educational video regarding analysis on VM architecture! [Link]
- FamousAnos - Thank you for the save!
- Darkbyte and contributors - Obviously...
cheers!
happyTugs
Re: [REQ] Rance IX – The Helmanian Revolution
Hi, Thanks for your efforts! i hope you could make this work for CE 7.2, it says i required 7.4 for this i have troubling installing the new version of cheat engine cause my anti virus is going crazy
-
- What is cheating?
- Posts: 1
- Joined: Mon Feb 27, 2023 5:54 pm
- Reputation: 0
Re: [REQ] Rance IX – The Helmanian Revolution
just turn of your anti-virus or add exception temporarily
that's what i had to do
Re: [REQ] Rance IX – The Helmanian Revolution
If you open up the "Hook VM" script, you will see the following line...
Code: Select all
{$LUA}
if syntaxcheck then return end
if getCEVersion() < 7.4 then showMessage("Update Cheat Engine to 7.4.") return end
{$ASM}
if getCEVersion() < 7.4 then showMessage("Update Cheat Engine to 7.4.") return end
so that it looks like the following.
Code: Select all
{$LUA}
if syntaxcheck then return end
--if getCEVersion() < 7.4 then showMessage("Update Cheat Engine to 7.4.") return end
{$ASM}
System is a virtual machine that interprets Alicesoft's proprietary game files (ain, jaf, jam, etc,). The video by Tim Blazytko explained virtual machine architecture incredibly well. Moreover, I also have some experience cracking virtual machines like The Enigma Protector (which if you have cracked 6.0 and above, would you mind sending me some hints? ).matpar wrote:If this is not too much work - maybe some light write-up how this table was done.
Anyway, you already know you are dealing with some form of obfuscation/virtualization if you are met with this control flow...
This entire graph is a portion of the System interpreter; it's a huge switch-case statement, and each case pertains to a particular bytecode that the System interpreter will execute. The execution units that are assigned to a specific bytecode are commonly referred to as handlers.
A common practice in reversing virtualized malware, or virtual machines is to follow a process called lifting, translating, and repackaging; whereby, the reverse engineer determines exactly what each handler does (lifting), somehow convert the information into a language that the CPU and disassemblers understand (translating), and finally repackaging the binary (repackaging). It's tedious and complicated, but there already are existing tools for the System interpreter like the tools that I had mentioned in my post.
Looking through those tools, I figured out where and how the System interpreter fetches instructions, how these instructions are decoded, and finally writing my own scripts to rewrite how these instructions are executed. This only took me a day or two.
If you look through the links I have sent and understood this far, then you should be able look at my scripts (which I have left the comments in) and determine the messy framework for the exploit. However, I have made it completely extensible, which I think is useful for future/past System games.
Talking about all of this made me realize something fatal in my code...
Code: Select all
jnle @f
//todo: warn user that thread tried to access shared resource
mov dword ptr ds:[lock_vm],00
ret
@@:
Such case are rare though, but I will fix that in a future release...
cheers!
happyTugs
-
- Expert Cheater
- Posts: 63
- Joined: Fri Apr 08, 2022 4:58 am
- Reputation: 13
Re: [REQ] Rance IX – The Helmanian Revolution
No infinite skill use ?
Re: [REQ] Rance IX – The Helmanian Revolution
I will start operating on a "like" basis. So, 20 likes on the table before I add anything else.
Otherwise, you can add it yourself, since it's open-source anyway.
Re: [REQ] Rance IX – The Helmanian Revolution
thanks for the table @happyTugs !
altho the character stat editor didn't work as i though, the value didnt save, but other option works well!!
altho the character stat editor didn't work as i though, the value didnt save, but other option works well!!
Re: [REQ] Rance IX – The Helmanian Revolution
Which values are you trying to save? They are saving for me, but if you want be sure, then you can save your game immediately after you make an edit.
-
- Expert Cheater
- Posts: 63
- Joined: Fri Apr 08, 2022 4:58 am
- Reputation: 13
Re: [REQ] Rance IX – The Helmanian Revolution
most of the guys who joined this forum only wants to download the table and dgaf about like, reaction or comment, well, you gain another one, 6 more to go
Re: [REQ] Rance IX – The Helmanian Revolution
yeah so SP is actually special moves uses and special moves uses is range (as in attack range), im using c.e 7.5, is it typo or should i use 7.4?
found it funny when patton suddenly can attack from 5 tile away
Re: [REQ] Rance IX – The Helmanian Revolution
I am well aware that people "dgaf"; there is nothing wrong with that.wiseblue1989 wrote: ↑Mon Mar 06, 2023 5:59 ammost of the guys who joined this forum only wants to download the table and dgaf about like, reaction or comment, well, you gain another one, 6 more to go
If I so wanted to, I can stop updating this post or delete everything altogether; I also "dgaf".
Oops, it seems I made a typo.
Just rename it for now, and let me know if there is anything else.
cheers!
Re: [REQ] Rance IX – The Helmanian Revolution
Yeeeah, don't do that because some pleb w/ no tact mouths off about shit he's assuming. There are still those of us who give plenty of fucks. Hell I have a surplus of fucks to give out tbh.. at any rate, thanks for the table Happytugs. Very helpful.happyTugs wrote: ↑Mon Mar 06, 2023 8:38 amI am well aware that people "dgaf"; there is nothing wrong with that.wiseblue1989 wrote: ↑Mon Mar 06, 2023 5:59 ammost of the guys who joined this forum only wants to download the table and dgaf about like, reaction or comment, well, you gain another one, 6 more to go
If I so wanted to, I can stop updating this post or delete everything altogether; I also "dgaf".
Also I can also confirm that 'Special Move' modifier is actually 'Attack Range(by spaces), and 'SP' is really "Special Move Uses". I just relabeled them on the table. ain't no thing. ¯\_(ツ)_/¯
I have an odd request but I got myself stuck on a 3 part deployment quest in the story campaign where, for some reason the game allows you to deploy all of your members on the first two parts, thus not needing a third deployment, hwoever now I'm on the 3rd final part with no one left to deploy, which just puts my game in odd bugged standstill. which I don't see how should even be possible, but if i could make characters re-deployable or have a character I haven't collected in story yet added, deploying it might actually get me past this section.. if it's a pain to find the addresses for character availability, forget about it. I'll just start over.. but otherwise adding an option for "full character unlock" or something of that nature to the table would be much obliged.
Cheers.
Re: [REQ] Rance IX – The Helmanian Revolution
Sure, I can take a look in my free time.pr0dukt wrote: ↑Wed Mar 08, 2023 2:09 amI have an odd request but I got myself stuck on a 3 part deployment quest in the story campaign where, for some reason the game allows you to deploy all of your members on the first two parts, thus not needing a third deployment, hwoever now I'm on the 3rd final part with no one left to deploy, which just puts my game in odd bugged standstill. which I don't see how should even be possible, but if i could make characters re-deployable or have a character I haven't collected in story yet added, deploying it might actually get me past this section.. if it's a pain to find the addresses for character availability, forget about it. I'll just start over.. but otherwise adding an option for "full character unlock" or something of that nature to the table would be much obliged.
Cheers.
What you're asking for is to find some way to redeploy characters, right?
greetz
Re: [REQ] Rance IX – The Helmanian Revolution
hello
if possible, cheat for unlock max (6) item slot would be nice. and rare item list.
if possible, cheat for unlock max (6) item slot would be nice. and rare item list.