Alien shooter 2 the legend
Re: Alien shooter 2 the legend
Will have to find a way to get at the raw text files in Legend. Seems they've changed the mechanism (.lgd files aren't raw text anymore).
Re: Alien shooter 2 the legend
So.. just so I get this right.. Legend is Reloaded, but the "remastered" version?
Re: Alien shooter 2 the legend
That happens If you enter a value too high xD You can change them again if you find the addressesEnterpriseNL wrote: ↑Sat Jan 25, 2020 5:22 pmI did something wrong I think, my money is now in minus amount like -8949983, so can't buy anything and selling stuff won't cut it unfortunately
EDIT: Nevermind the negative money value is an issue of the game, that's nice
- EnterpriseNL
- Expert Cheater
- Posts: 202
- Joined: Fri Sep 01, 2017 1:35 pm
- Reputation: 43
Re: Alien shooter 2 the legend
Looks like it yeah, the screenshots on the steam page of reloaded looks like the same maps as in Legend, but the legend is bigger, and things are revamped
Could be, but finding the address was a pain in the ass, maybe you can help meDrPepote wrote: ↑Sat Jan 25, 2020 5:40 pmThat happens If you enter a value too high xD You can change them again if you find the addressesEnterpriseNL wrote: ↑Sat Jan 25, 2020 5:22 pmI did something wrong I think, my money is now in minus amount like -8949983, so can't buy anything and selling stuff won't cut it unfortunately
EDIT: Nevermind the negative money value is an issue of the game, that's nice
Re: Alien shooter 2 the legend
^ Yeah, looks like it. See "..\Alien Shooter 2 - The Legend\maps\addon0" folder Those names are dead obvious (Conscription + Reloaded).
Re: Alien shooter 2 the legend
The Legend is a phone port that turned it into a gacha game. Then they ported it back to pc with the gacha removed but none of the player hating bullshit designed to make you spend on the gacha rebalanced. Just play reloaded, or even the original 2007 version Alien Shooter: Vengeance.
-
- What is cheating?
- Posts: 1
- Joined: Sun Jan 26, 2020 7:22 pm
- Reputation: 0
Re: Alien shooter 2 the legend
Hello, for HP it's ok but for grenade i got this issued, how can i fix this? Thank you!
"Warning:
Not all code is injectable.
(Error in line 14 (nop 2): This instruction can't be compiled)
Are you sure you wan't to edit it to this?"
"Warning:
Not all code is injectable.
(Error in line 14 (nop 2): This instruction can't be compiled)
Are you sure you wan't to edit it to this?"
Re: Alien shooter 2 the legend
Update Cheat Enginealphabeta135 wrote: ↑Sun Jan 26, 2020 7:25 pmHello, for HP it's ok but for grenade i got this issued, how can i fix this? Thank you!
"Warning:
Not all code is injectable.
(Error in line 14 (nop 2): This instruction can't be compiled)
Are you sure you wan't to edit it to this?"
Re: Alien shooter 2 the legend
The reason you can't find Money is the fuckers use the rand() function to store the outcome of a transaction. I was able to find my amount by scanning for "All" type at first, then "Changed value" and/or "Unchanged value".
Now let's dig into this.
I'm currently here:
My current amount is 16773. A POWER CELL PWG/800 costs 800.
Back to Cheat Engine, I found an address that holds my on-screen value as a string:
However, the address that I discovered to work when frozen and buying/selling is this one:
Notice the value: FFFFD413. Has nothing to do with any logic you'd devise to increase/decrease/increase by/decrease by. Also it really makes no sense to use that value of mine as a reference and say "so you have to look for FFFFD413 as the equivalent of 16773?" No. rand() means the value is going to be randomized when displayed on-screen. So 16773 can be shown differently on a 2nd or 3rd cycle. Not FFFFD413.
Now if I freeze that address and buy the cell, this happens:
Game basically fucked me up But.. if I now sell what I just bought..
I now have almost double the amount I initially had (16773 -> 30650).
So.. having said all of that, it's time to see what the fuck happens when we buy something from the shop (or sell). I debugged that address on write and bought a cell; then sold it. I got this in the debugger:
Now how do I know about rand().. Well, follow that address in the dissassembler and you'll see this:
Huh? Where do you see rand() in there? Well, go to View menu and enable "Show symbols". Now you'll see this:
Now.. problem: the function you see above is executed constantly, as I'm assuming is the main "encryption" for all integer/floats or what not. Try to break at the function's prologue and you'll see. So how do we catch ours? How do we get to the "ShopBuy" or "ShopSell" functions? If you check the debug window, clicking on "mov [esi+04],eax" row, you will see what your ESI address is. Mine is 1C913C94:
We'll now use CONDITIONAL BREAKPOINTS.
Head to that location in the disassembler, hit F5 on the line and CE will break. Right-click and "Set/Change break condition". Then type in ESI == 0x1C913C94 (I don't need to remind you, I hope, that 1C913C94 is MY ADDRESS and it won't work on your end; you will have to either find yours or wait for the conclusion of this post). Once set, F9 so CE resumes.
Back in-game, buy a POWER CELL PWG/800. Game freezes, CE breaks. And I see this:
Time to exit the function by tracing the code with F7/F8 (I usually use F8, but pay attention that F8 steps over; so when you reach a CALL line, if you want to investigate inside the call, do F7, not F8). And we exit here:
Seems like a wrapper leading to the rand(); as in a composite function we still have to get out of to reach the main transaction point. So, F8 till RET and don't exit yet. We stop because I looked at the stack and saw this:
I wonder if going back in-game now will show I have 28490 money left. Actually.. it's pretty easy to do the math: I had 30650; bought then sold a CELL, so I got 29290. Then 29290 minus 800 -> 28490. What do you know..
Let's continue thought and exit now through the RET (F8 on it):
And we see some more information, something to do with "strncmp". Continuing and exiting this as well:
What could a developer be doing with the -999999 value? Smells of custom encoding of values Let's continue and exit this one as well:
According to the [Link], atol does this: "converts a C-type string, passed as an argument to function call, to a long integer.". Remember when I said I found the TEXT of my money? OK. Let's continue and exit this one as well:
So we stop here for a while. Note those markers. Seems like the handler for a script execution, where the markers indicate what kind of event happens. Now that we have all of that information, time to see if any of those points breaks ONLY when we buy/sell. That way we can isolate spots in the game's code that help us pin-point our RIGHT address
Will be back with more information in a bit. Work in progress.
BR,
Sun
The above is pure randomness. How would you know the AMOUNT by which you scan "Increased value by"/"Decreased value by"? You don't know the type to begin with, let alone be sure that what you see on-screen when you buy/sell something is also applied as such. Not to mention the last part of your statement clearly hints you're doing random stuff to get things to happen in-game (e.g.: if you buy something worth 800, you'd say 'now I will scan "increased by 800"'; like I said, it doesn't work like that).DrPepote wrote: ↑Sat Jan 25, 2020 4:04 pmI have registered to say that money can be found with "Unknown initial value" and value type "All". Go to a shop a begin to buy and sell, look for the money using "increased value by.." and "decreased value by...". Do it until You find 7 pointers (in my game they were all "Double" pointers) , change all then at the same time with a low value "1000" or so, and you will get like 2912038959018918 money
Sorry for my AWFUL english
Now let's dig into this.
I'm currently here:
My current amount is 16773. A POWER CELL PWG/800 costs 800.
Back to Cheat Engine, I found an address that holds my on-screen value as a string:
However, the address that I discovered to work when frozen and buying/selling is this one:
Notice the value: FFFFD413. Has nothing to do with any logic you'd devise to increase/decrease/increase by/decrease by. Also it really makes no sense to use that value of mine as a reference and say "so you have to look for FFFFD413 as the equivalent of 16773?" No. rand() means the value is going to be randomized when displayed on-screen. So 16773 can be shown differently on a 2nd or 3rd cycle. Not FFFFD413.
Now if I freeze that address and buy the cell, this happens:
Game basically fucked me up But.. if I now sell what I just bought..
I now have almost double the amount I initially had (16773 -> 30650).
So.. having said all of that, it's time to see what the fuck happens when we buy something from the shop (or sell). I debugged that address on write and bought a cell; then sold it. I got this in the debugger:
Now how do I know about rand().. Well, follow that address in the dissassembler and you'll see this:
Huh? Where do you see rand() in there? Well, go to View menu and enable "Show symbols". Now you'll see this:
Now.. problem: the function you see above is executed constantly, as I'm assuming is the main "encryption" for all integer/floats or what not. Try to break at the function's prologue and you'll see. So how do we catch ours? How do we get to the "ShopBuy" or "ShopSell" functions? If you check the debug window, clicking on "mov [esi+04],eax" row, you will see what your ESI address is. Mine is 1C913C94:
We'll now use CONDITIONAL BREAKPOINTS.
Head to that location in the disassembler, hit F5 on the line and CE will break. Right-click and "Set/Change break condition". Then type in ESI == 0x1C913C94 (I don't need to remind you, I hope, that 1C913C94 is MY ADDRESS and it won't work on your end; you will have to either find yours or wait for the conclusion of this post). Once set, F9 so CE resumes.
Back in-game, buy a POWER CELL PWG/800. Game freezes, CE breaks. And I see this:
Time to exit the function by tracing the code with F7/F8 (I usually use F8, but pay attention that F8 steps over; so when you reach a CALL line, if you want to investigate inside the call, do F7, not F8). And we exit here:
Seems like a wrapper leading to the rand(); as in a composite function we still have to get out of to reach the main transaction point. So, F8 till RET and don't exit yet. We stop because I looked at the stack and saw this:
I wonder if going back in-game now will show I have 28490 money left. Actually.. it's pretty easy to do the math: I had 30650; bought then sold a CELL, so I got 29290. Then 29290 minus 800 -> 28490. What do you know..
Let's continue thought and exit now through the RET (F8 on it):
And we see some more information, something to do with "strncmp". Continuing and exiting this as well:
What could a developer be doing with the -999999 value? Smells of custom encoding of values Let's continue and exit this one as well:
According to the [Link], atol does this: "converts a C-type string, passed as an argument to function call, to a long integer.". Remember when I said I found the TEXT of my money? OK. Let's continue and exit this one as well:
So we stop here for a while. Note those markers. Seems like the handler for a script execution, where the markers indicate what kind of event happens. Now that we have all of that information, time to see if any of those points breaks ONLY when we buy/sell. That way we can isolate spots in the game's code that help us pin-point our RIGHT address
Will be back with more information in a bit. Work in progress.
BR,
Sun
Re: Alien shooter 2 the legend
Continuing in another post with the CONCLUSION.
If you want to edit your money properly, here's the function that gets triggered on sell/buy:
Yup, the one in the previous post.. with -999999 The screenshot before last in the above post.
Will post more on how to manipulate this to give you your desired amount.
If you want to edit your money properly, here's the function that gets triggered on sell/buy:
Code: Select all
AlienShooter.exe+CDBF0 - 55 - push ebp
AlienShooter.exe+CDBF1 - 8B EC - mov ebp,esp
AlienShooter.exe+CDBF3 - 6A FF - push -01 { 255 }
AlienShooter.exe+CDBF5 - 68 0885F600 - push AlienShooter.exe+388508
AlienShooter.exe+CDBFA - 64 A1 00000000 - mov eax,fs:[00000000]
AlienShooter.exe+CDC00 - 50 - push eax
AlienShooter.exe+CDC01 - 83 EC 0C - sub esp,0C
AlienShooter.exe+CDC04 - 56 - push esi
AlienShooter.exe+CDC05 - 57 - push edi
AlienShooter.exe+CDC06 - A1 EC8F0801 - mov eax,[AlienShooter.exe+4A8FEC]
AlienShooter.exe+CDC0B - 33 C5 - xor eax,ebp
AlienShooter.exe+CDC0D - 50 - push eax
AlienShooter.exe+CDC0E - 8D 45 F4 - lea eax,[ebp-0C]
AlienShooter.exe+CDC11 - 64 A3 00000000 - mov fs:[00000000],eax
AlienShooter.exe+CDC17 - 8B F1 - mov esi,ecx
AlienShooter.exe+CDC19 - 8B 55 08 - mov edx,[ebp+08]
AlienShooter.exe+CDC1C - 8D 4D E8 - lea ecx,[ebp-18]
AlienShooter.exe+CDC1F - E8 3CFBFFFF - call AlienShooter.exe+CD760
AlienShooter.exe+CDC24 - C7 45 FC 00000000 - mov [ebp-04],00000000
AlienShooter.exe+CDC2B - 8D 55 E8 - lea edx,[ebp-18]
AlienShooter.exe+CDC2E - 8B 4E 04 - mov ecx,[esi+04]
AlienShooter.exe+CDC31 - 68 C1BDF0FF - push FFF0BDC1 { -999999 }
AlienShooter.exe+CDC36 - 52 - push edx
AlienShooter.exe+CDC37 - 8B 01 - mov eax,[ecx]
AlienShooter.exe+CDC39 - FF 50 0C - call dword ptr [eax+0C]
AlienShooter.exe+CDC3C - 8B 7D 0C - mov edi,[ebp+0C]
AlienShooter.exe+CDC3F - 3B F8 - cmp edi,eax
AlienShooter.exe+CDC41 - 74 19 - je AlienShooter.exe+CDC5C
AlienShooter.exe+CDC43 - 8B 4E 04 - mov ecx,[esi+04]
AlienShooter.exe+CDC46 - 57 - push edi
AlienShooter.exe+CDC47 - FF 75 08 - push [ebp+08]
AlienShooter.exe+CDC4A - 8B 01 - mov eax,[ecx]
AlienShooter.exe+CDC4C - FF 50 10 - call dword ptr [eax+10]
AlienShooter.exe+CDC4F - 8B 4E 04 - mov ecx,[esi+04]
AlienShooter.exe+CDC52 - 8D 55 E8 - lea edx,[ebp-18]
AlienShooter.exe+CDC55 - 57 - push edi
AlienShooter.exe+CDC56 - 52 - push edx
AlienShooter.exe+CDC57 - 8B 01 - mov eax,[ecx]
AlienShooter.exe+CDC59 - FF 50 10 - call dword ptr [eax+10]
AlienShooter.exe+CDC5C - 8B 75 E8 - mov esi,[ebp-18]
AlienShooter.exe+CDC5F - 81 FE 887F0901 - cmp esi,AlienShooter.exe+4B7F88
AlienShooter.exe+CDC65 - 74 0E - je AlienShooter.exe+CDC75
AlienShooter.exe+CDC67 - E8 84BAF7FF - call AlienShooter.exe+496F0
AlienShooter.exe+CDC6C - 56 - push esi
AlienShooter.exe+CDC6D - E8 DA532A00 - call AlienShooter.exe+37304C
AlienShooter.exe+CDC72 - 83 C4 04 - add esp,04
AlienShooter.exe+CDC75 - 8B 4D F4 - mov ecx,[ebp-0C]
AlienShooter.exe+CDC78 - 64 89 0D 00000000 - mov fs:[00000000],ecx
AlienShooter.exe+CDC7F - 59 - pop ecx
AlienShooter.exe+CDC80 - 5F - pop edi
AlienShooter.exe+CDC81 - 5E - pop esi
AlienShooter.exe+CDC82 - 8B E5 - mov esp,ebp
AlienShooter.exe+CDC84 - 5D - pop ebp
AlienShooter.exe+CDC85 - C2 0800 - ret 0008
Will post more on how to manipulate this to give you your desired amount.
-
- Novice Cheater
- Posts: 16
- Joined: Fri Aug 11, 2017 4:22 pm
- Reputation: 2
Re: Alien shooter 2 the legend
What is going on with this game people? Not even blockbusters have such protection
Re: Alien shooter 2 the legend
All of the values are "scrambled". Game was initially designed for smartphones, hence the "protection", so you can't cheat at it with normal Android scan tools and buy the in-game currency with real $. Anyway, here's a script that constantly keeps your Money at 5.000.000 I've left explanations, just in case you're curious
The scrambling feature processes everything, from category, quantity, ammo, price, perks, etc. All of that shit. So don't expect to find any "simple" on-screen value through the classic "scan for X" method
BR,
Sun
P.S.: Updated script to now dynamically find the hook spot (regardless of your version, Steam or different .exe).
The scrambling feature processes everything, from category, quantity, ammo, price, perks, etc. All of that shit. So don't expect to find any "simple" on-screen value through the classic "scan for X" method
BR,
Sun
P.S.: Updated script to now dynamically find the hook spot (regardless of your version, Steam or different .exe).
-
- Novice Cheater
- Posts: 16
- Joined: Fri Aug 11, 2017 4:22 pm
- Reputation: 2
Re: Alien shooter 2 the legend
Doesn't work for me, CTD once i enable itSunBeam wrote: ↑Mon Jan 27, 2020 9:38 amAll of the values are "scrambled". Game was initially designed for smartphones, hence the "protection", so you can't cheat at it with normal Android scan tools and buy the in-game currency with real $. Anyway, here's a script that constantly keeps your Money at 5.000.000 I've left explanations, just in case you're curious
The scrambling feature processes everything, from category, quantity, ammo, price, perks, etc. All of that shit. So don't expect to find any "simple" on-screen value through the classic "scan for X" method
AlienShooter.CT
BR,
Sun
Re: Alien shooter 2 the legend
^ I'm using the Steam version, the hook address is hard-coded. Use the script content to find it for your version (you're clearly playing the a cracked/torrented version).
Who is online
Users browsing this forum: nhockpo321, Sethalidos