Alien shooter 2 the legend

Ask about cheats/tables for single player games here
User avatar
SunBeam
Administration
Administration
Posts: 3195
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 1590

Re: Alien shooter 2 the legend

Post by SunBeam » Sat Jan 25, 2020 5:32 pm

Will have to find a way to get at the raw text files in Legend. Seems they've changed the mechanism (.lgd files aren't raw text anymore).

User avatar
SunBeam
Administration
Administration
Posts: 3195
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 1590

Re: Alien shooter 2 the legend

Post by SunBeam » Sat Jan 25, 2020 5:37 pm

So.. just so I get this right.. Legend is Reloaded, but the "remastered" version? :D :D

DrPepote
What is cheating?
What is cheating?
Posts: 3
Joined: Sat Jan 25, 2020 3:57 pm
Reputation: 1

Re: Alien shooter 2 the legend

Post by DrPepote » Sat Jan 25, 2020 5:40 pm

EnterpriseNL wrote:
Sat Jan 25, 2020 5:22 pm
I did something wrong I think, my money is now in minus amount like -8949983, so can't buy anything and selling stuff won't cut it unfortunately

EDIT: Nevermind the negative money value is an issue of the game, that's nice
That happens If you enter a value too high xD You can change them again if you find the addresses :)

User avatar
EnterpriseNL
Fearless Donors
Fearless Donors
Posts: 213
Joined: Fri Sep 01, 2017 1:35 pm
Reputation: 36

Re: Alien shooter 2 the legend

Post by EnterpriseNL » Sat Jan 25, 2020 8:51 pm

SunBeam wrote:
Sat Jan 25, 2020 5:37 pm
So.. just so I get this right.. Legend is Reloaded, but the "remastered" version? :D :D
Looks like it yeah, the screenshots on the steam page of reloaded looks like the same maps as in Legend, but the legend is bigger, and things are revamped
DrPepote wrote:
Sat Jan 25, 2020 5:40 pm
EnterpriseNL wrote:
Sat Jan 25, 2020 5:22 pm
I did something wrong I think, my money is now in minus amount like -8949983, so can't buy anything and selling stuff won't cut it unfortunately

EDIT: Nevermind the negative money value is an issue of the game, that's nice
That happens If you enter a value too high xD You can change them again if you find the addresses :)
Could be, but finding the address was a pain in the ass, maybe you can help me
Live long and prosper

User avatar
SunBeam
Administration
Administration
Posts: 3195
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 1590

Re: Alien shooter 2 the legend

Post by SunBeam » Sat Jan 25, 2020 9:01 pm

^ Yeah, looks like it. See "..\Alien Shooter 2 - The Legend\maps\addon0" folder :) Those names are dead obvious (Conscription + Reloaded).

gunofdis
What is cheating?
What is cheating?
Posts: 4
Joined: Tue Oct 03, 2017 1:48 am
Reputation: 0

Re: Alien shooter 2 the legend

Post by gunofdis » Sat Jan 25, 2020 11:45 pm

The Legend is a phone port that turned it into a gacha game. Then they ported it back to pc with the gacha removed but none of the player hating bullshit designed to make you spend on the gacha rebalanced. Just play reloaded, or even the original 2007 version Alien Shooter: Vengeance.

Veav
Cheater
Cheater
Posts: 43
Joined: Wed Feb 28, 2018 3:28 am
Reputation: 8

Re: Alien shooter 2 the legend

Post by Veav » Sun Jan 26, 2020 12:01 am

gunofdis wrote:
Sat Jan 25, 2020 11:45 pm
Just play reloaded, or even the original 2007 version Alien Shooter: Vengeance.
I have. And the Zombie Shooter games too! I have fond memories of them all. That's why I want to play this, but without grinding for money.

alphabeta135
What is cheating?
What is cheating?
Posts: 1
Joined: Sun Jan 26, 2020 7:22 pm
Reputation: 0

Re: Alien shooter 2 the legend

Post by alphabeta135 » Sun Jan 26, 2020 7:25 pm

Hello, for HP it's ok but for grenade i got this issued, how can i fix this? Thank you!

"Warning:
Not all code is injectable.
(Error in line 14 (nop 2): This instruction can't be compiled)
Are you sure you wan't to edit it to this?"

LiamLi
Cheater
Cheater
Posts: 30
Joined: Tue Aug 27, 2019 2:54 pm
Reputation: 5

Re: Alien shooter 2 the legend

Post by LiamLi » Mon Jan 27, 2020 2:40 am

alphabeta135 wrote:
Sun Jan 26, 2020 7:25 pm
Hello, for HP it's ok but for grenade i got this issued, how can i fix this? Thank you!

"Warning:
Not all code is injectable.
(Error in line 14 (nop 2): This instruction can't be compiled)
Are you sure you wan't to edit it to this?"
Update Cheat Engine

User avatar
SunBeam
Administration
Administration
Posts: 3195
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 1590

Re: Alien shooter 2 the legend

Post by SunBeam » Mon Jan 27, 2020 8:08 am

The reason you can't find Money is the fuckers use the rand() function to store the outcome of a transaction. I was able to find my amount by scanning for "All" type at first, then "Changed value" and/or "Unchanged value".
DrPepote wrote:
Sat Jan 25, 2020 4:04 pm
Veav wrote:
Fri Jan 24, 2020 1:22 pm
Agreed, money is key.
I have registered to say that money can be found with "Unknown initial value" and value type "All". Go to a shop a begin to buy and sell, look for the money using "increased value by.." and "decreased value by...". Do it until You find 7 pointers (in my game they were all "Double" pointers) , change all then at the same time with a low value "1000" or so, and you will get like 2912038959018918 money

Sorry for my AWFUL english :lol:
The above is pure randomness. How would you know the AMOUNT by which you scan "Increased value by"/"Decreased value by"? You don't know the type to begin with, let alone be sure that what you see on-screen when you buy/sell something is also applied as such. Not to mention the last part of your statement clearly hints you're doing random stuff to get things to happen in-game :D (e.g.: if you buy something worth 800, you'd say 'now I will scan "increased by 800"'; like I said, it doesn't work like that).

Now let's dig into this.

I'm currently here:

Image

My current amount is 16773. A POWER CELL PWG/800 costs 800.

Back to Cheat Engine, I found an address that holds my on-screen value as a string:

Image

However, the address that I discovered to work when frozen and buying/selling is this one:

Image

Notice the value: FFFFD413. Has nothing to do with any logic you'd devise to increase/decrease/increase by/decrease by. Also it really makes no sense to use that value of mine as a reference and say "so you have to look for FFFFD413 as the equivalent of 16773?" No. rand() means the value is going to be randomized when displayed on-screen. So 16773 can be shown differently on a 2nd or 3rd cycle. Not FFFFD413.

Now if I freeze that address and buy the cell, this happens:

Image

Game basically fucked me up :) But.. if I now sell what I just bought..

Image

I now have almost double the amount I initially had (16773 -> 30650).

So.. having said all of that, it's time to see what the fuck happens when we buy something from the shop (or sell). I debugged that address on write and bought a cell; then sold it. I got this in the debugger:

Image

Now how do I know about rand().. Well, follow that address in the dissassembler and you'll see this:

Image

Huh? Where do you see rand() in there? :) Well, go to View menu and enable "Show symbols". Now you'll see this:

Image

Now.. problem: the function you see above is executed constantly, as I'm assuming is the main "encryption" for all integer/floats or what not. Try to break at the function's prologue and you'll see. So how do we catch ours? How do we get to the "ShopBuy" or "ShopSell" functions? If you check the debug window, clicking on "mov [esi+04],eax" row, you will see what your ESI address is. Mine is 1C913C94:

Image

We'll now use CONDITIONAL BREAKPOINTS.

Head to that location in the disassembler, hit F5 on the line and CE will break. Right-click and "Set/Change break condition". Then type in ESI == 0x1C913C94 (I don't need to remind you, I hope, that 1C913C94 is MY ADDRESS and it won't work on your end; you will have to either find yours or wait for the conclusion of this post). Once set, F9 so CE resumes.

Back in-game, buy a POWER CELL PWG/800. Game freezes, CE breaks. And I see this:

Image

Time to exit the function by tracing the code with F7/F8 (I usually use F8, but pay attention that F8 steps over; so when you reach a CALL line, if you want to investigate inside the call, do F7, not F8). And we exit here:

Image

Seems like a wrapper leading to the rand(); as in a composite function we still have to get out of to reach the main transaction point. So, F8 till RET and don't exit yet. We stop because I looked at the stack and saw this:

Image

I wonder if going back in-game now will show I have 28490 money left. Actually.. it's pretty easy to do the math: I had 30650; bought then sold a CELL, so I got 29290. Then 29290 minus 800 -> 28490. What do you know.. ;) :D

Let's continue thought and exit now through the RET (F8 on it):

Image

And we see some more information, something to do with "strncmp". Continuing and exiting this as well:

Image

What could a developer be doing with the -999999 value? Smells of custom encoding of values :P Let's continue and exit this one as well:

Image

According to the internet, atol does this: "converts a C-type string, passed as an argument to function call, to a long integer.". Remember when I said I found the TEXT of my money? OK. Let's continue and exit this one as well:

Image

So we stop here for a while. Note those markers. Seems like the handler for a script execution, where the markers indicate what kind of event happens. Now that we have all of that information, time to see if any of those points breaks ONLY when we buy/sell. That way we can isolate spots in the game's code that help us pin-point our RIGHT address ;)

Will be back with more information in a bit. Work in progress.

BR,
Sun

User avatar
SunBeam
Administration
Administration
Posts: 3195
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 1590

Re: Alien shooter 2 the legend

Post by SunBeam » Mon Jan 27, 2020 8:52 am

Continuing in another post with the CONCLUSION.

If you want to edit your money properly, here's the function that gets triggered on sell/buy:

Code: Select all

AlienShooter.exe+CDBF0 - 55                    - push ebp
AlienShooter.exe+CDBF1 - 8B EC                 - mov ebp,esp
AlienShooter.exe+CDBF3 - 6A FF                 - push -01 { 255 }
AlienShooter.exe+CDBF5 - 68 0885F600           - push AlienShooter.exe+388508
AlienShooter.exe+CDBFA - 64 A1 00000000        - mov eax,fs:[00000000]
AlienShooter.exe+CDC00 - 50                    - push eax
AlienShooter.exe+CDC01 - 83 EC 0C              - sub esp,0C
AlienShooter.exe+CDC04 - 56                    - push esi
AlienShooter.exe+CDC05 - 57                    - push edi
AlienShooter.exe+CDC06 - A1 EC8F0801           - mov eax,[AlienShooter.exe+4A8FEC]
AlienShooter.exe+CDC0B - 33 C5                 - xor eax,ebp
AlienShooter.exe+CDC0D - 50                    - push eax
AlienShooter.exe+CDC0E - 8D 45 F4              - lea eax,[ebp-0C]
AlienShooter.exe+CDC11 - 64 A3 00000000        - mov fs:[00000000],eax
AlienShooter.exe+CDC17 - 8B F1                 - mov esi,ecx
AlienShooter.exe+CDC19 - 8B 55 08              - mov edx,[ebp+08]
AlienShooter.exe+CDC1C - 8D 4D E8              - lea ecx,[ebp-18]
AlienShooter.exe+CDC1F - E8 3CFBFFFF           - call AlienShooter.exe+CD760
AlienShooter.exe+CDC24 - C7 45 FC 00000000     - mov [ebp-04],00000000
AlienShooter.exe+CDC2B - 8D 55 E8              - lea edx,[ebp-18]
AlienShooter.exe+CDC2E - 8B 4E 04              - mov ecx,[esi+04]
AlienShooter.exe+CDC31 - 68 C1BDF0FF           - push FFF0BDC1 { -999999 }
AlienShooter.exe+CDC36 - 52                    - push edx
AlienShooter.exe+CDC37 - 8B 01                 - mov eax,[ecx]
AlienShooter.exe+CDC39 - FF 50 0C              - call dword ptr [eax+0C]
AlienShooter.exe+CDC3C - 8B 7D 0C              - mov edi,[ebp+0C]
AlienShooter.exe+CDC3F - 3B F8                 - cmp edi,eax
AlienShooter.exe+CDC41 - 74 19                 - je AlienShooter.exe+CDC5C
AlienShooter.exe+CDC43 - 8B 4E 04              - mov ecx,[esi+04]
AlienShooter.exe+CDC46 - 57                    - push edi
AlienShooter.exe+CDC47 - FF 75 08              - push [ebp+08]
AlienShooter.exe+CDC4A - 8B 01                 - mov eax,[ecx]
AlienShooter.exe+CDC4C - FF 50 10              - call dword ptr [eax+10]
AlienShooter.exe+CDC4F - 8B 4E 04              - mov ecx,[esi+04]
AlienShooter.exe+CDC52 - 8D 55 E8              - lea edx,[ebp-18]
AlienShooter.exe+CDC55 - 57                    - push edi
AlienShooter.exe+CDC56 - 52                    - push edx
AlienShooter.exe+CDC57 - 8B 01                 - mov eax,[ecx]
AlienShooter.exe+CDC59 - FF 50 10              - call dword ptr [eax+10]
AlienShooter.exe+CDC5C - 8B 75 E8              - mov esi,[ebp-18]
AlienShooter.exe+CDC5F - 81 FE 887F0901        - cmp esi,AlienShooter.exe+4B7F88
AlienShooter.exe+CDC65 - 74 0E                 - je AlienShooter.exe+CDC75
AlienShooter.exe+CDC67 - E8 84BAF7FF           - call AlienShooter.exe+496F0
AlienShooter.exe+CDC6C - 56                    - push esi
AlienShooter.exe+CDC6D - E8 DA532A00           - call AlienShooter.exe+37304C
AlienShooter.exe+CDC72 - 83 C4 04              - add esp,04
AlienShooter.exe+CDC75 - 8B 4D F4              - mov ecx,[ebp-0C]
AlienShooter.exe+CDC78 - 64 89 0D 00000000     - mov fs:[00000000],ecx
AlienShooter.exe+CDC7F - 59                    - pop ecx
AlienShooter.exe+CDC80 - 5F                    - pop edi
AlienShooter.exe+CDC81 - 5E                    - pop esi
AlienShooter.exe+CDC82 - 8B E5                 - mov esp,ebp
AlienShooter.exe+CDC84 - 5D                    - pop ebp
AlienShooter.exe+CDC85 - C2 0800               - ret 0008
Yup, the one in the previous post.. with -999999 :) The screenshot before last in the above post.

Will post more on how to manipulate this to give you your desired amount.

TheStranger81
Noobzor
Noobzor
Posts: 9
Joined: Fri Aug 11, 2017 4:22 pm
Reputation: 0

Re: Alien shooter 2 the legend

Post by TheStranger81 » Mon Jan 27, 2020 9:26 am

What is going on with this game people? Not even blockbusters have such protection :(

User avatar
SunBeam
Administration
Administration
Posts: 3195
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 1590

Re: Alien shooter 2 the legend

Post by SunBeam » Mon Jan 27, 2020 9:38 am

All of the values are "scrambled". Game was initially designed for smartphones, hence the "protection", so you can't cheat at it with normal Android scan tools and buy the in-game currency with real $. Anyway, here's a script that constantly keeps your Money at 5.000.000 :) I've left explanations, just in case you're curious :P

The scrambling feature processes everything, from category, quantity, ammo, price, perks, etc. All of that shit. So don't expect to find any "simple" on-screen value through the classic "scan for X" method :)

AlienShooter.CT
5.000.000 Money / Steam
(7.14 KiB) Downloaded 300 times
AlienShooter.CT
5.000.000 Money / aobscanmodule
(7.25 KiB) Downloaded 460 times

BR,
Sun

P.S.: Updated script to now dynamically find the hook spot (regardless of your version, Steam or different .exe).

TheStranger81
Noobzor
Noobzor
Posts: 9
Joined: Fri Aug 11, 2017 4:22 pm
Reputation: 0

Re: Alien shooter 2 the legend

Post by TheStranger81 » Mon Jan 27, 2020 9:53 am

SunBeam wrote:
Mon Jan 27, 2020 9:38 am
All of the values are "scrambled". Game was initially designed for smartphones, hence the "protection", so you can't cheat at it with normal Android scan tools and buy the in-game currency with real $. Anyway, here's a script that constantly keeps your Money at 5.000.000 :) I've left explanations, just in case you're curious :P

The scrambling feature processes everything, from category, quantity, ammo, price, perks, etc. All of that shit. So don't expect to find any "simple" on-screen value through the classic "scan for X" method :)


AlienShooter.CT


BR,
Sun
Doesn't work for me, CTD once i enable it :(

User avatar
SunBeam
Administration
Administration
Posts: 3195
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 1590

Re: Alien shooter 2 the legend

Post by SunBeam » Mon Jan 27, 2020 10:06 am

^ I'm using the Steam version, the hook address is hard-coded. Use the script content to find it for your version (you're clearly playing the a cracked/torrented version).

Post Reply

Who is online

Users browsing this forum: No registered users