Far Cry 6 cheat table

Upload your cheat tables here (No requests)
Post Reply
2waq
Noobzor
Noobzor
Posts: 6
Joined: Mon Oct 11, 2021 3:13 pm
Reputation: 0

Re: Far Cry 6 cheat table

Post by 2waq »

Boru wrote:
Wed Oct 20, 2021 2:52 pm
Is there any way to get infinite far cry credits?
serversided ...

How to use this cheat table?
  1. Install Cheat Engine
  2. Double-click the .CT file in order to open it.
  3. Click the PC icon in Cheat Engine in order to select the game process.
  4. Keep the list.
  5. Activate the trainer options by checking boxes or setting values from 0 to 1

User avatar
SunBeam
Administration
Administration
Posts: 4704
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4287

Re: Far Cry 6 cheat table

Post by SunBeam »

Tuuuup! wrote:
Sat Oct 09, 2021 12:48 pm
...
Just letting you know the "Quick (E) Interact button" fucks up every key/action timer passing through there :) For example, when you move left (hold A), right (hold D), forward (hold W), backward (hold S) or press and hold C to crouch or get up.. and even when you hold E without an event notification in the middle of the screen (in thin air). If you break here, you'll see what I mean (set breakpoint, press C key):

Code: Select all

FC_m64d3d12.dll+1098510 - F3 0F11 4F 04         - movss [rdi+04],xmm1
So it's not doing your "movss xmm2,xmm0" for just E action when, for example, you want to disable an alarm in a base. You have to filter this piece of code, else I don't know what the side-effects are. Sure, you might not have noticed anything and maybe you don't use it that much -- these would be excuses -- though bad practice shouldn't be the way to do it.

I've done some investigation, so here it is:

Code: Select all

FC_m64d3d12.dll+10A7430 - 4C 69 E8 70010000     - imul r13,rax,00000170
FC_m64d3d12.dll+10A7437 - 8B 45 B0              - mov eax,[rbp-50]
FC_m64d3d12.dll+10A743A - 4D 03 AF 401C0000     - add r13,[r15+00001C40]
FC_m64d3d12.dll+10A7441 - 4C 89 6D A8           - mov [rbp-58],r13
FC_m64d3d12.dll+10A7445 - 41 39 45 14           - cmp [r13+14],eax
The above is an iterator through all the processed key/hold/action timers. In my case, the offset for the E-action event is 0x48. Won't be the same for everyone. Am just mentioning it, so it's said. We won't use that offset.

Then:

Code: Select all

FC_m64d3d12.dll+10A8D55 - 41 89 8D 40010000     - mov [r13+00000140],ecx
This is the piece of code that constantly writes 0 to the timers for key events. Notice the offset is 0x140, meaning that sometime before this CALL..

Code: Select all

FC_m64d3d12.dll+10A6F82 - E8 2915FFFF           - call FC_m64d3d12.dll+10984B0
..our R8 (cuz that's where the timer ptr is in that function; and it's then moved in RDI) will be offset by 0x140.

Then:

Code: Select all

FC_m64d3d12.dll+10A8D90 - 41 8B 85 3C010000     - mov eax,[r13+0000013C] // hash
FC_m64d3d12.dll+10A8D97 - 48 8D 55 00           - lea rdx,[rbp+00]
FC_m64d3d12.dll+10A8D9B - F3 41 0F10 5D 1C      - movss xmm3,[r13+1C]
FC_m64d3d12.dll+10A8DA1 - 49 8B CF              - mov rcx,r15
FC_m64d3d12.dll+10A8DA4 - F3 41 0F10 95 40010000  - movss xmm2,[r13+00000140]
FC_m64d3d12.dll+10A8DAD - 89 45 00              - mov [rbp+00],eax
FC_m64d3d12.dll+10A8DB0 - 41 0FB6 85 5C010000   - movzx eax,byte ptr [r13+0000015C]
Finally, this is where it forms up the args list and calls the perform action function when timer > 0. The point in all of the above is you can check the timer hash when a key is pressed. I believe these are unique. Here's my script:

Practical Example:

Now, in my case, when I "Find out what addresses this instruction accesses" at:

Code: Select all

FC_m64d3d12.dll+1098510 - F3 0F11 4F 04         - movss [rdi+04],xmm1
I get the following:

Image

Out of that list, the only one that, when frozen, doesn't allow the horizontal white bar underneath E to increase is this one: 28EBDAF3290. If you look at the instruction -- movss [rdi+04],xmm1 -- that means my base (rdi) would be 28EBDAF3290 - 0x4. So 28EBDAF328C.

Then we set a breakpoint at the prologue of this function to determine where it exits:

Code: Select all

FC_m64d3d12.dll+10984B0 - 40 55                 - push rbp
Press E and CE breaks. Then F5 to remove breakpoint, Ctrl+G > [rsp], then F9 to resume. And you can see where the return is:

Code: Select all

FC_m64d3d12.dll+10A6F7B - F3 44 0F11 6C 24 20   - movss [rsp+20],xmm13
FC_m64d3d12.dll+10A6F82 - E8 2915FFFF           - call FC_m64d3d12.dll+10984B0 <<
FC_m64d3d12.dll+10A6F87 - E9 94F9FFFF           - jmp FC_m64d3d12.dll+10A6920
So above that CALL, somewhere, our 28EBDAF328C will be calculated from another base + 0x140. Remember this:

Code: Select all

FC_m64d3d12.dll+10A8D55 - 41 89 8D 40010000     - mov [r13+00000140],ecx
If I debug that, I see that r13 is: 28EBDAF3150.

If we do a bit of math: our 28EBDAF328C vs. 28EBDAF3150. Subtraction: 0x13C. So not 0x140. Let's see why.

Our 28EBDAF328C is written to r8 here, from r14:

Code: Select all

FC_m64d3d12.dll+10A6F45 - 4D 8B C6              - mov r8,r14 <<
FC_m64d3d12.dll+10A6F48 - 8B 4C 24 54           - mov ecx,[rsp+54]
FC_m64d3d12.dll+10A6F4C - 41 0FB6 D5            - movzx edx,r13l
Just a bit above the CALL. So I set a bp at FC_m64d3d12.dll+10A6F48, then applied the condition "r8 == 0x28EBDAF328C":

Image

CE breaks as soon as I press E on the alarm box. So what we need now to do is determine where r14 comes from. And that's from here:

Code: Select all

FC_m64d3d12.dll+10A6A5C - 4D 8D B7 3C010000     - lea r14,[r15+0000013C] <<
FC_m64d3d12.dll+10A6A63 - 83 FB 02              - cmp ebx,02
FC_m64d3d12.dll+10A6A66 - 0F85 9B010000         - jne FC_m64d3d12.dll+10A6C07
FC_m64d3d12.dll+10A6A6C - 41 8B 06              - mov eax,[r14]
In case you wonder how I got there, I used x64dbg, I've highlighted R14 and scrolled up, moving backwards through code -- visually, not with breakpoints; so a manual process -- like so:

Image

P.S.1: Right-click > Open the GIF above in another tab to see it in full size.
P.S.2: You can highlight a register by pressing H, so the red rectangle shows, then click on the register you want to highlight.

So we want now to check r15 register when our break hits:

Image

Bingo: 28EBDAF3150.

Now, based on the remark I made here:

Code: Select all

FC_m64d3d12.dll+10A8D90 - 41 8B 85 3C010000     - mov eax,[r13+0000013C] // hash
If we now look at 28EBDAF3150 + 13C, we see this:

Image

If I do a "Find out what addresses this instruction accesses" at..

Code: Select all

FC_m64d3d12.dll+10A8D90 - 41 8B 85 3C010000     - mov eax,[r13+0000013C] // hash
FC_m64d3d12.dll+10A8D97 - 48 8D 55 00           - lea rdx,[rbp+00]
FC_m64d3d12.dll+10A8D9B - F3 41 0F10 5D 1C      - movss xmm3,[r13+1C] << this
FC_m64d3d12.dll+10A8DA1 - 49 8B CF              - mov rcx,r15
FC_m64d3d12.dll+10A8DA4 - F3 41 0F10 95 40010000  - movss xmm2,[r13+00000140] << and this
..the two addresses I marked above (+10A8D9B and +10A8DA4), I get these:

Max Timers:

Image

Hashes:

Image

As you can see, there aren't any duplicate hash values in that list ;)

In my case, the ones I am looking for to filter just the E hold action on the alarm box or a supply drop are these:

Image

So, from all the above, I can say the E hold action lasts 6 seconds and its hash is 0x4E1A8F19. And all of the above says you can hot-patch the timer max values on access (so no need to do it on write, when you actually press E) and you're good to go :)

BR,
Sun

P.S.#1: I've not checked if supply drop hold action has the same hash; but if it doesn't, I'll just add more hashes to the list ;)

L.E.: Yeah, the supply drop has a different hash -> 0x2AFFAB03. Timer is 7.5s. There's another one I found with 8s, but I don't know what it is for yet (hash is 0x3D4C0F7A).

Tuuuup!
Table Makers
Table Makers
Posts: 228
Joined: Sat Sep 26, 2020 9:54 am
Reputation: 1366

Re: Far Cry 6 cheat table

Post by Tuuuup! »

SunBeam wrote:
Thu Oct 21, 2021 9:55 pm

Just letting you know the "Quick (E) Interact button" fucks up every key/action timer passing through there..
Thanks for all the info. This is the stuff that I need. This going to take me some time to dig trough and understand.
I really appreciate the time you spend posting/explaining this.

User avatar
SunBeam
Administration
Administration
Posts: 4704
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4287

Re: Far Cry 6 cheat table

Post by SunBeam »

Now.. what the actual fuck? I loaded the map on that oil rig and my guy was swimming, then he drowned, then this:

Image

And guess what, I can actually open the trade dialog :D :D :D

Also, I believe the resources are encrypted (just like in Wildlands) and the read/write functions mutated via VMProtect. See:

Code: Select all

FC_m64d3d12.dll+2A439D0 - 40 56                 - push rsi
FC_m64d3d12.dll+2A439D2 - 57                    - push rdi
FC_m64d3d12.dll+2A439D3 - 48 83 EC 28           - sub rsp,28
FC_m64d3d12.dll+2A439D7 - 48 8B F1              - mov rsi,rcx
FC_m64d3d12.dll+2A439DA - 8B FA                 - mov edi,edx
FC_m64d3d12.dll+2A439DC - 48 8B 49 70           - mov rcx,[rcx+70]
FC_m64d3d12.dll+2A439E0 - 48 85 C9              - test rcx,rcx
FC_m64d3d12.dll+2A439E3 - 74 10                 - je FC_m64d3d12.dll+2A439F5
FC_m64d3d12.dll+2A439E5 - 48 8B 01              - mov rax,[rcx]
FC_m64d3d12.dll+2A439E8 - 48 83 C4 28           - add rsp,28
FC_m64d3d12.dll+2A439EC - 5F                    - pop rdi
FC_m64d3d12.dll+2A439ED - 5E                    - pop rsi
FC_m64d3d12.dll+2A439EE - 48 FF A0 10020000     - jmp qword ptr [rax+00000210]
FC_m64d3d12.dll+2A439F5 - 48 8B 46 40           - mov rax,[rsi+40]
FC_m64d3d12.dll+2A439F9 - 48 8D 4E 40           - lea rcx,[rsi+40]
FC_m64d3d12.dll+2A439FD - 48 89 6C 24 20        - mov [rsp+20],rbp
FC_m64d3d12.dll+2A43A02 - FF 50 18              - call qword ptr [rax+18] <<
FC_m64d3d12.dll+2A43A05 - 84 C0                 - test al,al
In RDX you have the item cost amount. It then gets written to edi (mov edi,edx), then here's the read:

Code: Select all

FC_m64d3d12.dll+2A43A09 - 48 8D 54 24 40        - lea rdx,[rsp+40]
FC_m64d3d12.dll+2A43A0E - 48 8D 4E 58           - lea rcx,[rsi+58]
FC_m64d3d12.dll+2A43A12 - E8 B95593FD           - call FC_m64d3d12.AK::ReadBytesSkip::Count+6510
FC_m64d3d12.dll+2A43A17 - 8B 44 24 40           - mov eax,[rsp+40]
Once the function exits, your Pesos amount will be in eax. Note that I've not done this with other trades, the function might be universal for all I care. I tested it only with buying weapons from that shop-cart guy :)

And the mutated function:

Code: Select all

FC_m64d3d12.dll+2A43A12 - E8 B95593FD           - call FC_m64d3d12.AK::ReadBytesSkip::Count+6510
..
FC_m64d3d12.AK::ReadBytesSkip::Count+6510 - E9 8BC8001E           - jmp FC_m64d3d12.dll+1E385860
..
FC_m64d3d12.dll+1E385860 - 48 89 5C 24 10        - mov [rsp+10],rbx
FC_m64d3d12.dll+1E385865 - 66 41 F7 C7 0C42      - test r15w,420C { 16908 }
FC_m64d3d12.dll+1E38586B - 66 C1 C0 05           - rol ax,05 { 5 }
FC_m64d3d12.dll+1E38586F - 48 89 6C 24 18        - mov [rsp+18],rbp
FC_m64d3d12.dll+1E385874 - 49 F7 D0              - not r8
FC_m64d3d12.dll+1E385877 - F5                    - cmc 
FC_m64d3d12.dll+1E385878 - 44 86 C0              - xchg al,r8l
FC_m64d3d12.dll+1E38587B - 48 89 74 24 20        - mov [rsp+20],rsi
FC_m64d3d12.dll+1E385880 - 66 D3 DB              - rcr bx,cl
FC_m64d3d12.dll+1E385883 - 44 0FC0 C5            - xadd bpl,r8l
FC_m64d3d12.dll+1E385887 - 57                    - push rdi
FC_m64d3d12.dll+1E385888 - 48 83 EC 30           - sub rsp,30 { 48 }
FC_m64d3d12.dll+1E38588C - B8 0C2CAC67           - mov eax,67AC2C0C { 1739336716 }
FC_m64d3d12.dll+1E385891 - C7 44 24 40 72000000  - mov [rsp+40],00000072 { 114 }
FC_m64d3d12.dll+1E385899 - 48 63 EF              - movsxd  rbp,edi
FC_m64d3d12.dll+1E38589C - 48 8B F1              - mov rsi,rcx
FC_m64d3d12.dll+1E38589F - 8B 44 24 40           - mov eax,[rsp+40]
FC_m64d3d12.dll+1E3858A3 - 80 D9 7E              - sbb cl,7E { 126 }
FC_m64d3d12.dll+1E3858A6 - 4C 23 C3              - and r8,rbx
FC_m64d3d12.dll+1E3858A9 - 48 8B EA              - mov rbp,rdx
FC_m64d3d12.dll+1E3858AC - 49 0FBA E0 92         - bt r8,-6E { 146 }
FC_m64d3d12.dll+1E3858B1 - 41 0FBF C9            - movsx ecx,r9w
FC_m64d3d12.dll+1E3858B5 - 89 44 24 40           - mov [rsp+40],eax
FC_m64d3d12.dll+1E3858B9 - 66 C1 C9 E5           - ror cx,-1B { 229 }
FC_m64d3d12.dll+1E3858BD - 44 0FAB F8            - bts eax,r15d
FC_m64d3d12.dll+1E3858C1 - 1A DE                 - sbb bl,dh
FC_m64d3d12.dll+1E3858C3 - 48 8D 05 E8B22CE8     - lea rax,[FC_m64d3d12.dll+6650BB2] { (0) }
FC_m64d3d12.dll+1E3858CA - C0 E5 DC              - shl ch,-24 { 220 }
FC_m64d3d12.dll+1E3858CD - 41 32 CF              - xor cl,r15l
FC_m64d3d12.dll+1E3858D0 - 0FC9                  - bswap ecx
FC_m64d3d12.dll+1E3858D2 - 4C 63 44 24 40        - movsxd  r8,dword ptr [rsp+40]
..
Of course, you can debug through it, skipping all the junk code and focusing on the important parts. I'll see if I can dig out the whole routine. Why Ubisoft goes to these lengths to crap like this is beyond me...

And this is the decryption routine (FC_m64d3d12.dll+1E3855B5):

Code: Select all

00007FFA6F9455B5 | 46:0FB6141F                     | MOVZX R10D,BYTE PTR DS:[RDI+R11]                           |
00007FFA6F9455BA | D2FE                            | SAR DH,CL                                                  |
00007FFA6F9455BC | 4D:8D5B 01                      | LEA R11,QWORD PTR DS:[R11+1]                               |
00007FFA6F9455C0 | C0D1 06                         | RCL CL,6                                                   |
00007FFA6F9455C3 | 41:0FC0C8                       | XADD R8B,CL                                                |
00007FFA6F9455C7 | 41:84DF                         | TEST R15B,BL                                               |
00007FFA6F9455CA | 0FB6D3                          | MOVZX EDX,BL                                               |
00007FFA6F9455CD | 4C:63C3                         | MOVSXD R8,EBX                                              |
00007FFA6F9455D0 | 6641:C1C0 A3                    | ROL R8W,A3                                                 |
00007FFA6F9455D5 | 81D9 EE5E8F6D                   | SBB ECX,6D8F5EEE                                           |
00007FFA6F9455DB | 8BCB                            | MOV ECX,EBX                                                |
00007FFA6F9455DD | 6641:D3F0                       | SHL R8W,CL                                                 |
00007FFA6F9455E1 | 49:81D0 5601FC1A                | ADC R8,1AFC0156                                            |
00007FFA6F9455E8 | 81E1 00FFFFFF                   | AND ECX,FFFFFF00                                           |
00007FFA6F9455EE | 45:0AC4                         | OR R8B,R12B                                                |
00007FFA6F9455F1 | C1E8 02                         | SHR EAX,2                                                  |
00007FFA6F9455F4 | 6641:C1E0 D5                    | SHL R8W,D5                                                 |
00007FFA6F9455F9 | 41:33C2                         | XOR EAX,R10D                                               |
00007FFA6F9455FC | 4C:0FB7C1                       | MOVZX R8,CX                                                |
00007FFA6F945600 | 45:8AC3                         | MOV R8B,R11B                                               |
00007FFA6F945603 | 45:0FBFC2                       | MOVSX R8D,R10W                                             |
00007FFA6F945607 | FFC3                            | INC EBX                                                    |
00007FFA6F945609 | 44:22C6                         | AND R8B,SIL                                                |
00007FFA6F94560C | 46:0FB60432                     | MOVZX R8D,BYTE PTR DS:[RDX+R14]                            |
00007FFA6F945611 | 44:03C1                         | ADD R8D,ECX                                                |
00007FFA6F945614 | 66:0F47D3                       | CMOVA DX,BX                                                |
00007FFA6F945618 | 66:99                           | CWD                                                        |
00007FFA6F94561A | 0FB6D0                          | MOVZX EDX,AL                                               |
00007FFA6F94561D | 49:F7C1 1F76966C                | TEST R9,6C96761F                                           |
00007FFA6F945624 | 41:0FB60C28                     | MOVZX ECX,BYTE PTR DS:[R8+RBP]                             |
00007FFA6F945629 | 4C:3BF7                         | CMP R14,RDI                                                |
00007FFA6F94562C | 42:320C32                       | XOR CL,BYTE PTR DS:[RDX+R14]                               |
00007FFA6F945630 | 41:32CA                         | XOR CL,R10B                                                |
00007FFA6F945633 | 80FA 4A                         | CMP DL,4A                                                  | 4A:'J'
00007FFA6F945636 | 41:884B FF                      | MOV BYTE PTR DS:[R11-1],CL                                 |
00007FFA6F94563A | 48:83EE 01                      | SUB RSI,1                                                  |
00007FFA6F94563E | 0F85 71FFFFFF                   | JNE fc_m64d3d12.7FFA6F9455B5                               |

User avatar
SunBeam
Administration
Administration
Posts: 4704
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4287

Re: Far Cry 6 cheat table

Post by SunBeam »

How to get Pesos & Depleted Uranium fast

Oh, this is sweet :D You can tell the game to subtract negative values :D

For example:

Image

I set a breakpoint at:

Code: Select all

FC_m64d3d12.dll+2A43A37 - 89 44 24 40           - mov [rsp+40],eax
My Depleted Uranium amount: 25120
Venom Salvo Supremo cost: 100

Now when I want to buy that Venom Salvo Supremo, CE will break and show this:

Image

RAX shows 0x64 (100d), which is the cost value. So let's say I want 40000, therefore I do the math:

Image

So now I change RAX to FFFC0000 and let the game run. I see this now:

Image

Oh shit, I did 40000 in hexa, instead of doing decimal :D :D Cuz 0x40000 = 262,144d. But anyway, you get the idea :P Happy fucking around.

P.S.: Watch CH miraculously update their trainer with shit from this forum... in 3.. 2.. 1.. :) At the time of writing this post they don't have individual resourcing options in their trainer. Let's see if I'm right or not; cuz honestly, this fucking around with "we were first", then updating their trainers with the work of others 1-2 weeks/months later is pure trolling. On one hand they want credit for releasing first, on the other they steal later on, when waters cool off and people start diverging from the hype of the game to other pastures.

User avatar
SunBeam
Administration
Administration
Posts: 4704
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4287

Re: Far Cry 6 cheat table

Post by SunBeam »

And this function breaks when you pick up stuff (metal, gasolina, etc.):

Code: Select all

FC_m64d3d12.dll+29EBB00 - 40 53                 - push rbx
FC_m64d3d12.dll+29EBB02 - 57                    - push rdi
FC_m64d3d12.dll+29EBB03 - 48 83 EC 28           - sub rsp,28 { 40 }
FC_m64d3d12.dll+29EBB07 - 48 8B F9              - mov rdi,rcx
FC_m64d3d12.dll+29EBB0A - 8B DA                 - mov ebx,edx
FC_m64d3d12.dll+29EBB0C - 48 8B 49 70           - mov rcx,[rcx+70]
FC_m64d3d12.dll+29EBB10 - 48 85 C9              - test rcx,rcx
FC_m64d3d12.dll+29EBB13 - 74 10                 - je FC_m64d3d12.dll+29EBB25
FC_m64d3d12.dll+29EBB15 - 48 8B 01              - mov rax,[rcx]
FC_m64d3d12.dll+29EBB18 - 48 83 C4 28           - add rsp,28 { 40 }
FC_m64d3d12.dll+29EBB1C - 5F                    - pop rdi
FC_m64d3d12.dll+29EBB1D - 5B                    - pop rbx
FC_m64d3d12.dll+29EBB1E - 48 FF A0 08020000     - jmp qword ptr [rax+00000208]
FC_m64d3d12.dll+29EBB25 - 48 8D 54 24 58        - lea rdx,[rsp+58]
FC_m64d3d12.dll+29EBB2A - 48 89 74 24 20        - mov [rsp+20],rsi
FC_m64d3d12.dll+29EBB2F - 48 8D 4F 58           - lea rcx,[rdi+58]
FC_m64d3d12.dll+29EBB33 - E8 98D498FD           - call FC_m64d3d12.AK::ReadBytesSkip::Count+6510
FC_m64d3d12.dll+29EBB38 - 48 8B 47 40           - mov rax,[rdi+40]
FC_m64d3d12.dll+29EBB3C - 48 8D 4F 40           - lea rcx,[rdi+40]
FC_m64d3d12.dll+29EBB40 - FF 50 18              - call qword ptr [rax+18]
FC_m64d3d12.dll+29EBB43 - 84 C0                 - test al,al
FC_m64d3d12.dll+29EBB45 - 0F85 95000000         - jne FC_m64d3d12.dll+29EBBE0
FC_m64d3d12.dll+29EBB4B - 48 8B CF              - mov rcx,rdi
FC_m64d3d12.dll+29EBB4E - 48 89 6C 24 48        - mov [rsp+48],rbp
FC_m64d3d12.dll+29EBB53 - E8 F8E6FEFF           - call FC_m64d3d12.dll+29DA250
FC_m64d3d12.dll+29EBB58 - 48 8D 54 24 40        - lea rdx,[rsp+40]
FC_m64d3d12.dll+29EBB5D - 8B E8                 - mov ebp,eax
FC_m64d3d12.dll+29EBB5F - 48 8D 4F 58           - lea rcx,[rdi+58]
FC_m64d3d12.dll+29EBB63 - E8 68D498FD           - call FC_m64d3d12.AK::ReadBytesSkip::Count+6510
FC_m64d3d12.dll+29EBB68 - 39 6C 24 40           - cmp [rsp+40],ebp
FC_m64d3d12.dll+29EBB6C - 77 1A                 - ja FC_m64d3d12.dll+29EBB88
FC_m64d3d12.dll+29EBB6E - 48 8D 54 24 40        - lea rdx,[rsp+40]
FC_m64d3d12.dll+29EBB73 - 48 8D 4F 58           - lea rcx,[rdi+58]
FC_m64d3d12.dll+29EBB77 - E8 54D498FD           - call FC_m64d3d12.AK::ReadBytesSkip::Count+6510
FC_m64d3d12.dll+29EBB7C - 8B CD                 - mov ecx,ebp
FC_m64d3d12.dll+29EBB7E - 2B 4C 24 40           - sub ecx,[rsp+40]
FC_m64d3d12.dll+29EBB82 - 3B D9                 - cmp ebx,ecx
FC_m64d3d12.dll+29EBB84 - 73 04                 - jae FC_m64d3d12.dll+29EBB8A
FC_m64d3d12.dll+29EBB86 - EB 04                 - jmp FC_m64d3d12.dll+29EBB8C
FC_m64d3d12.dll+29EBB88 - 33 C9                 - xor ecx,ecx
FC_m64d3d12.dll+29EBB8A - 8B D9                 - mov ebx,ecx
FC_m64d3d12.dll+29EBB8C - 4C 8D 4C 24 40        - lea r9,[rsp+40]
FC_m64d3d12.dll+29EBB91 - 89 5C 24 40           - mov [rsp+40],ebx
FC_m64d3d12.dll+29EBB95 - 4C 8D 05 9442F9FF     - lea r8,[FC_m64d3d12.dll+297FE30] { (16843403) }
FC_m64d3d12.dll+29EBB9C - 48 8D 54 24 50        - lea rdx,[rsp+50]
FC_m64d3d12.dll+29EBBA1 - 48 8D 4F 58           - lea rcx,[rdi+58]
FC_m64d3d12.dll+29EBBA5 - E8 660E9AFD           - call FC_m64d3d12.dll+38CA10
FC_m64d3d12.dll+29EBBAA - 48 8D 54 24 40        - lea rdx,[rsp+40]
FC_m64d3d12.dll+29EBBAF - 48 8D 4F 58           - lea rcx,[rdi+58]
FC_m64d3d12.dll+29EBBB3 - E8 18D498FD           - call FC_m64d3d12.AK::ReadBytesSkip::Count+6510
FC_m64d3d12.dll+29EBBB8 - 8B 44 24 40           - mov eax,[rsp+40]
FC_m64d3d12.dll+29EBBBC - 48 8D 54 24 50        - lea rdx,[rsp+50]
FC_m64d3d12.dll+29EBBC1 - 3B C5                 - cmp eax,ebp
FC_m64d3d12.dll+29EBBC3 - C7 44 24 40 00000000  - mov [rsp+40],00000000 { 0 }
FC_m64d3d12.dll+29EBBCB - 48 8D 4F 58           - lea rcx,[rdi+58]
FC_m64d3d12.dll+29EBBCF - 0F42 E8               - cmovb ebp,eax
FC_m64d3d12.dll+29EBBD2 - 89 6C 24 50           - mov [rsp+50],ebp
FC_m64d3d12.dll+29EBBD6 - E8 35CF9AFD           - call FC_m64d3d12.dll+398B10
FC_m64d3d12.dll+29EBBDB - 48 8B 6C 24 48        - mov rbp,[rsp+48]
FC_m64d3d12.dll+29EBBE0 - 85 DB                 - test ebx,ebx
FC_m64d3d12.dll+29EBBE2 - 74 2C                 - je FC_m64d3d12.dll+29EBC10
FC_m64d3d12.dll+29EBBE4 - 48 8D 54 24 40        - lea rdx,[rsp+40]
FC_m64d3d12.dll+29EBBE9 - 48 8D 4F 58           - lea rcx,[rdi+58]
FC_m64d3d12.dll+29EBBED - E8 DED398FD           - call FC_m64d3d12.AK::ReadBytesSkip::Count+6510
FC_m64d3d12.dll+29EBBF2 - 44 8B 44 24 40        - mov r8d,[rsp+40]
FC_m64d3d12.dll+29EBBF7 - 48 8B CF              - mov rcx,rdi
FC_m64d3d12.dll+29EBBFA - 4C 8B 0F              - mov r9,[rdi]
FC_m64d3d12.dll+29EBBFD - 8B 54 24 58           - mov edx,[rsp+58]
FC_m64d3d12.dll+29EBC01 - C7 44 24 40 00000000  - mov [rsp+40],00000000 { 0 }
FC_m64d3d12.dll+29EBC09 - 41 FF 91 20020000     - call qword ptr [r9+00000220]
FC_m64d3d12.dll+29EBC10 - 48 8B 74 24 20        - mov rsi,[rsp+20]
FC_m64d3d12.dll+29EBC15 - 8B C3                 - mov eax,ebx
FC_m64d3d12.dll+29EBC17 - 48 83 C4 28           - add rsp,28 { 40 }
FC_m64d3d12.dll+29EBC1B - 5F                    - pop rdi
FC_m64d3d12.dll+29EBC1C - 5B                    - pop rbx
FC_m64d3d12.dll+29EBC1D - C3                    - ret 
The picked up amount is in RDX.

User avatar
SunBeam
Administration
Administration
Posts: 4704
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4287

Re: Far Cry 6 cheat table

Post by SunBeam »

And so it begins...

Code: Select all

002007655ADF62AD // metal
002007655ADF288B // gasolina
002007675AE3A9A8 // medicine
00200745239E3150 // pesos
0020077873AE84B8 // recycled fasteners
0020077873A3E653 // recycled glass
00200783CC515350 // durable plastic
0020078A7BB27142 // gun powder
0020078C9308047F // spray can
0020077873D56AB9 // black hawk meat
0020077693D4784B // los bandidos recruits

Armedwolf
Noobzor
Noobzor
Posts: 13
Joined: Fri Oct 15, 2021 2:15 pm
Reputation: 0

Re: Far Cry 6 cheat table

Post by Armedwolf »

SunBeam wrote:
Fri Oct 22, 2021 2:59 am
...
i dont understand shit but you are pure genius

Fullcodes
Cheater
Cheater
Posts: 29
Joined: Tue May 26, 2020 12:58 pm
Reputation: 52

Re: Far Cry 6 cheat table

Post by Fullcodes »

SunBeam wrote:
Fri Oct 22, 2021 12:35 am
...
how can u find FC_m64d3d12.dll+2A43A37?

AkashiGamer
Expert Cheater
Expert Cheater
Posts: 85
Joined: Thu Mar 15, 2018 10:44 pm
Reputation: 4

Re: Far Cry 6 cheat table

Post by AkashiGamer »

SunBeam wrote:
Fri Oct 22, 2021 2:59 am
And so it begins...

Code: Select all

002007655ADF62AD // metal
002007655ADF288B // gasolina
002007675AE3A9A8 // medicine
00200745239E3150 // pesos
0020077873AE84B8 // recycled fasteners
0020077873A3E653 // recycled glass
00200783CC515350 // durable plastic
0020078A7BB27142 // gun powder
0020078C9308047F // spray can
0020077873D56AB9 // black hawk meat
0020077693D4784B // los bandidos recruits
:-D

User avatar
SunBeam
Administration
Administration
Posts: 4704
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4287

Re: Far Cry 6 cheat table

Post by SunBeam »

I've made some progress with the above, just need to find a stable run point (thread async crashes). Also figured how game unlocks items, their ids and hashes. Hold tight.

ProscriX
What is cheating?
What is cheating?
Posts: 4
Joined: Mon Mar 29, 2021 7:55 am
Reputation: 0

Re: Far Cry 6 cheat table

Post by ProscriX »

Is it possible to make a cheat for removing the fog of war and revealing the whole map with all the locations at once?

AkashiGamer
Expert Cheater
Expert Cheater
Posts: 85
Joined: Thu Mar 15, 2018 10:44 pm
Reputation: 4

Re: Far Cry 6 cheat table

Post by AkashiGamer »

SunBeam wrote:
Sat Oct 23, 2021 10:44 am
I've made some progress with the above, just need to find a stable run point (thread async crashes). Also figured how game unlocks items, their ids and hashes. Hold tight.
Cool, what would we do without you, master of our craft)

User avatar
SunBeam
Administration
Administration
Posts: 4704
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 4287

Re: Far Cry 6 cheat table

Post by SunBeam »

Happy to report success:


AkashiGamer
Expert Cheater
Expert Cheater
Posts: 85
Joined: Thu Mar 15, 2018 10:44 pm
Reputation: 4

Re: Far Cry 6 cheat table

Post by AkashiGamer »

SunBeam wrote:
Mon Oct 25, 2021 4:02 am
Happy to report success:

Great, this is almost a victory

Post Reply

Who is online

Users browsing this forum: anthony9786, Bing [Bot], dabui, DotBot, Fixz1n, Google [Bot], Google Adsense [Bot], Majestic-12 [Bot], sombra, TheBigWeeb, YandexBot