Bloons TD6 [+24]

[claptonrul3z]

Doesn't work, only used auto collect script and my account was immediately flagged.

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[GreenHouse]

Added table for version 22.0.
There have been lots of changes, code-wise, in the table. It won't support Cheat Engine versions older than 7.1, so make sure to be up to date. PLEASE, make sure to report any kind of problem you encounter, as I might have missed something. But in general everything should work perfectly fine. Enjoy

[claptonrul3z]

Added table for version 22.0.
There have been lots of changes, code-wise, in the table. It won't support Cheat Engine versions older than 7.1, so make sure to be up to date. PLEASE, make sure to report any kind of problem you encounter, as I might have missed something. But in general everything should work perfectly fine. Enjoy

What gamemodes would you say can guarantee a ban? i just played co-op with autopickup on and now i have 2 leafs on my settings (aka banned).

[GreenHouse]

What gamemodes would you say can guarantee a ban? i just played co-op with autopickup on and now i have 2 leafs on my settings (aka banned).

I have no idea. Try downloading the new version again, I added something related to the anti-cheat. It's kind of trashy how it works, but well... Enable the script, click Co-op, and then go back. The leafs shouldn't be there temporarily until you reset and keep the script enabled. I don't really know if that allows you to play as if you weren't banned.

[Jackal]

Added table for version 22.0.
There have been lots of changes, code-wise, in the table. It won't support Cheat Engine versions older than 7.1, so make sure to be up to date. PLEASE, make sure to report any kind of problem you encounter, as I might have missed something. But in general everything should work perfectly fine. Enjoy

Banana Auto-pickup doesn't seem to work. Thanks again for the update, good stuff!

[GreenHouse]

Banana Auto-pickup doesn't seem to work. Thanks again for the update, good stuff!

Download again. It should be fixed.

[kci60]

It doesn't work with version 7.2 cheat engine

[Lunaros]

The infinite insta monkeys doesn't work now for some reason, it was fine this morning

[GreenHouse]

It doesn't work with version 7.2 cheat engine

The table was made on that version, so that should tell you everything.

The infinite insta monkeys doesn't work now for some reason, it was fine this morning

I just tried and it works as it should.

[ygbot17]

I'm not sure if I'm doing anything wrong but I can't get no ability cooldown to work. I tried restarting the game, and I tried restarting the match.

Edit: Ah nevermind found out how to get it work and now i feel like an idiot

[vaelophisnyx]

So I've installed CE7.2. Got Bloons loaded & hooked

And nothing works

every single script has lua errors preventing their use.

They *did* just drop a hotfix update today though, as of about 30m ago

all errors:

[[Enable]]:

Code: Select all

[ENABLE]
{$lua}
if syntaxcheck then return end
  if process and readInteger(process) ~= 0 then LaunchMonoDataCollector()
  else
      local msg = 'No process detected.'
      print(msg)
      error(msg)
  end
while not monoSymbolList.FullyLoaded do sleep(5) end
{$asm}
aobscanregion(get_Content,Assets.Scripts.Unity.UI_New.Main.Home.KnowledgeEnabledChecker.Update,Assets.Scripts.Unity.UI_New.Main.Home.KnowledgeEnabledChecker.Update+100,0F B6 50 49 45 33 C0)
aobscanregion(get_Simulation,Assets.Scripts.Simulation.Simulation.get_Health,Assets.Scripts.Simulation.Simulation.get_Health+20,48 8B 89 28 02 00 00 48 85 C9 74 0B)
aobscanregion(get_HackerDetected,Assets.Scripts.Unity.Analytics.AnalyticsManager.HackerDetected,Assets.Scripts.Unity.Analytics.AnalyticsManager.HackerDetected+20,48 89 6C 24)
aobscanregion(get_PlayerS,Assets.Scripts.Unity.Player.Btd6Player.CheckHakrStatus,Assets.Scripts.Unity.Player.Btd6Player.CheckHakrStatus+10,48 89 5C 24 08)
aobscanregion(get_CTDFix,System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd,System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd+50,0F 84 A5 00 00 00 33)
registersymbol(get_HackerDetected)
registersymbol(get_CTDFix)
alloc(newmem,$1000,GameAssembly.dll)
globalalloc(Content,8)
globalalloc(Simulation,8)
label(code)
label(code2)
label(PlayerS)
label(return)
label(return2)
label(PlayerSRet)

newmem:

code:
  movzx edx,byte ptr [rax+49]
  mov [Content],rax
  xor r8d,r8d
  jmp return

code2:
  push rax
  mov rax,Simulation
  mov [rax],rcx
  pop rax
  mov rcx,[rcx+228]
  jmp return2

PlayerS:
  mov rbx,[rax+48]
  mov [rbx+B8],0
  mov rbx,FFFFFFFF
  ret
  jmp PlayerSRet

get_Content:
  jmp code
  nop 2
return:
registersymbol(get_Content)

get_Simulation:
  jmp code2
  nop 2
return2:
registersymbol(get_Simulation)

get_HackerDetected:
  db C3

get_CTDFix:
  db E9 A6 00 00 00 90 33

get_PlayerS:
  jmp PlayerS
PlayerSRet:
registersymbol(get_PlayerS)

[DISABLE]
get_Content:
  db 0F B6 50 49 45 33 C0

get_Simulation:
  db 48 8B 89 28 02 00 00

get_HackerDetected:
  db 48

get_CTDFix:
  db 0F 84 A5 00 00 00 33

get_PlayerS:
  db 48 89 5C 24 08

unregistersymbol(get_Content)
unregistersymbol(get_Simulation)
unregistersymbol(get_HackerDetected)
unregistersymbol(get_PlayerS)
dealloc(newmem)

Infinite Insta-Monkeys:

Code: Select all

[ENABLE]
Assets.Scripts.Unity.Player.Btd6Player.ConsumeInstaTower:
db C3

[DISABLE]
Assets.Scripts.Unity.Player.Btd6Player.ConsumeInstaTower:
db 48

Infinite In-Game Cash:

Code: Select all

[ENABLE]
Assets.Scripts.Simulation.Simulation.RemoveCash:
db C3

[DISABLE]
Assets.Scripts.Simulation.Simulation.RemoveCash:
db 44

Infinite Monkey Money:

Code: Select all

[ENABLE]
Assets.Scripts.Unity.Player.Btd6Player.SpendMonkeyMoney:
db C3

[DISABLE]
Assets.Scripts.Unity.Player.Btd6Player.SpendMonkeyMoney:
db 48

Unlock All Towers/Upgrades/Heroes

Code: Select all

[ENABLE]
aobscanregion(get_HasUpgrade,Assets.Scripts.Unity.Player.Btd6Player.HasUpgrade,Assets.Scripts.Unity.Player.Btd6Player.HasUpgrade+50,80 BB 98 00 00 00 00)
alloc(newmem,$1000,GameAssembly.dll)
label(code)
label(return)

newmem:

code:
mov byte ptr [rbx+00000098],1 //debugUnlockAllUpgrades
mov byte ptr [rbx+00000099],1 //debugUnlockAllTowers
//mov byte ptr [rbx+0000009A],1 //debugSeenAllRounds
//mov byte ptr [rbx+0000009B],1 //debugUnlockAllModes
cmp byte ptr [rbx+00000098],00
jmp return

get_HasUpgrade:
  jmp code
  nop 2
return:
registersymbol(get_HasUpgrade)

Assets.Scripts.Unity.Player.Btd6Player.HasUnlockedHero:
db B0 01 C3

[DISABLE]
get_HasUpgrade:
db 80 BB 98 00 00 00 00

Assets.Scripts.Unity.Player.Btd6Player.HasUnlockedHero:
db 48 89 5C

unregistersymbol(get_HasUpgrade)
dealloc(newmem)

Free Upgrades:

Code: Select all

[ENABLE]
Assets.Scripts.Simulation.Towers.TowerManager.GetFreeUpgrade:
db B0 01 C3

[DISABLE]
Assets.Scripts.Simulation.Towers.TowerManager.GetFreeUpgrade:
db 44 89 54

Free Tower Upgrades:

Code: Select all

[ENABLE]
aobscanregion(get_TUpgradeCost,Assets.Scripts.Unity.Player.Btd6Player.AcquireUpgrade,Assets.Scripts.Unity.Player.Btd6Player.AcquireUpgrade+50,0F 28 F3)
aobscanregion(get_TCanUpgrade,Assets.Scripts.Unity.Player.Btd6Player.CanAcquireUpgrade,Assets.Scripts.Unity.Player.Btd6Player.CanAcquireUpgrade+10,48 89 5C 24 08)
registersymbol(get_TUpgradeCost)
registersymbol(get_TCanUpgrade)

get_TUpgradeCost:
db 0F 28 DE

get_TCanUpgrade:
db B0 01 C3

[DISABLE]
get_TUpgradeCost:
db 0F 28 F3

get_TCanUpgrade:
db 48 89 5C

unregistersymbol(get_TUpgradeCost)
unregistersymbol(get_TCanUpgrade)

Freeze Knowledge + No Monkey Money Cost:

Code: Select all

[ENABLE]
aobscanregion(get_SetKnowledgePoints,Assets.Scripts.Unity.Player.Btd6Player.AcquireKnowledge,Assets.Scripts.Unity.Player.Btd6Player.AcquireKnowledge+100,8D 50 FF E8 * * * * 48 8B)
registersymbol(get_SetKnowledgePoints)
alloc(saved,5)
registersymbol(saved)

saved:
readMem(get_SetKnowledgePoints+3,5)

get_SetKnowledgePoints+3:
  db 90 90 90 90 90

Assets.Scripts.Unity.UI_New.Knowledge.KnowledgeHelper.GetMMCost:
db B8 00 00 00 00 C3

[DISABLE]
get_SetKnowledgePoints+3:
readMem(saved,5)

Assets.Scripts.Unity.UI_New.Knowledge.KnowledgeHelper.GetMMCost:
db 41 57 48 83 EC 50 80

unregistersymbol(get_SetKnowledgePoints)
unregistersymbol(saved)

Chest Always Available:

Code: Select all

[ENABLE]
Assets.Scripts.Unity.UI_New.Main.WorldItems.OpenChest.IsChestReady:
db B0 01 C3

[DISABLE]
Assets.Scripts.Unity.UI_New.Main.WorldItems.OpenChest.IsChestReady:
db 48 83 EC

Attack Through Everything:

Code: Select all

[ENABLE]
Assets.Scripts.Simulation.Track.Map.IsTargetLineClear:
db B0 01 C3

Assets.Scripts.Simulation.Towers.Projectiles.Projectile.ShouldCollideWithMap:
db B0 00 C3

[DISABLE]
Assets.Scripts.Simulation.Track.Map.IsTargetLineClear:
db 40 55 56

Assets.Scripts.Simulation.Towers.Projectiles.Projectile.ShouldCollideWithMap:
db 48 89 5C

Place Towers Anywhere:

Code: Select all

[ENABLE]
Assets.Scripts.Simulation.Track.Map.CanPlace:
db B0 01 C3

[DISABLE]
Assets.Scripts.Simulation.Track.Map.CanPlace:
db 4C 89 4C

infinite T5 Monkeys:

Code: Select all

[ENABLE]
Assets.Scripts.Simulation.Input.TowerInventory.IsPathTierLocked:
db B8 00 00 00 00 C3

[DISABLE]
Assets.Scripts.Simulation.Input.TowerInventory.IsPathTierLocked:
db 48 89 6C 24 20 56

Infinite Heroes:

Code: Select all

[ENABLE]
aobscanregion(get_HasTowerInventory,Assets.Scripts.Unity.UI_New.InGame.StoreMenu.TowerPurchaseButton.GetLockedState,Assets.Scripts.Unity.UI_New.InGame.StoreMenu.TowerPurchaseButton.GetLockedState+200,48 8B 53 68 45 33 C0)
aobscanregion(get_isThereAny,Assets.Scripts.Simulation.Input.InputManager.CreateTowerAt,Assets.Scripts.Simulation.Input.InputManager.CreateTowerAt+200,44 3B F0 0F 8D 44 03 00 00) //JNL
registersymbol(get_isThereAny)
alloc(newmem,$1000,"GameAssembly.dll"+3BA79E)
label(code)
label(return)

newmem:

code:
  mov rdx,[rbx+68]
  xor r8d,r8d
  jmp return+05

get_HasTowerInventory:
  jmp newmem
  nop 2
return:
registersymbol(get_HasTowerInventory)

get_isThereAny:
db 90 90 90 90 90 90 90 90 90

[DISABLE]
get_HasTowerInventory:
db 48 8B 53 68 45 33 C0

get_isThereAny:
db 44 3B F0 0F 8D 44 03 00 00

unregistersymbol(get_isThereAny)
unregistersymbol(get_HasTowerInventory)
dealloc(newmem)

Rapid Fire:

Code: Select all

[ENABLE]
aobscanregion(get_CalcRateFrames,Assets.Scripts.Simulation.Towers.Weapons.Weapon.CalcRateFrames,Assets.Scripts.Simulation.Towers.Weapons.Weapon.CalcRateFrames+100,F3 0F 10 40 78)
alloc(newmem,$1000,GameAssembly.dll)
label(code)
label(return)
label(fireRate)
registersymbol(fireRate)

newmem:

code:
  movss xmm0,[fireRate]
  jmp return

fireRate:
dd (float)0.01 //CHANGE THIS TO INCREASE/DECREASE RATE (CURRENT VALUE IS AS FAST AS IT CAN BE)

get_CalcRateFrames:
  jmp newmem
return:
registersymbol(get_CalcRateFrames)

[DISABLE]
get_CalcRateFrames:
  db F3 0F 10 40 78

unregistersymbol(get_CalcRateFrames)
dealloc(newmem)

Banana Farm Rain:

Code: Select all

[ENABLE]
aobscanregion(get_FilterEmission,Assets.Scripts.Simulation.Towers.Weapons.Behaviors.EmissionsPerRoundFilter.FilterEmission,Assets.Scripts.Simulation.Towers.Weapons.Behaviors.EmissionsPerRoundFilter.FilterEmission+100,83 BB 80 00 00 00 00)
alloc(newmem,$1000,"GameAssembly.dll"+738817)
label(code)
label(return)

newmem:

code:
  mov [rbx+00000080],2
  cmp dword ptr [rbx+00000080],00
  jmp return

get_FilterEmission:
  jmp newmem
  nop 2
return:
registersymbol(get_FilterEmission)

[DISABLE]
get_FilterEmission:
  db 83 BB 80 00 00 00 00

unregistersymbol(get_FilterEmission)
dealloc(newmem)

Auto Pickup:

Code: Select all

[ENABLE]
//MOV JE INC
aobscanregion(get_PickupProcess,Assets.Scripts.Simulation.Towers.Projectiles.Behaviors.Pickup.Process,Assets.Scripts.Simulation.Towers.Projectiles.Behaviors.Pickup.Process+300,C6 83 81 00 00 00 00 0F)
alloc(newmem,$1000,GameAssembly.dll)
label(code)
label(return)

newmem:

code:
  mov byte ptr [rbx+00000081],00
  jmp get_PickupProcess+D
  jmp return

get_PickupProcess:
  jmp newmem
  nop 2
return:
registersymbol(get_PickupProcess)

[DISABLE]
get_PickupProcess:
  db C6 83 81 00 00 00 00

unregistersymbol(get_PickupProcess)
dealloc(newmem)

All Avatars Usable:

Code: Select all

[ENABLE]
aobscanregion(get_Avatar,Assets.Scripts.Unity.UI_New.PlayerStats.AvatarItem.ShowLockedAvatar,Assets.Scripts.Unity.UI_New.PlayerStats.AvatarItem.ShowLockedAvatar+100,0F 85 88 00 00 00)
registersymbol(get_Avatar)

get_Avatar:
db E9 89 00 00 00 90

[DISABLE]
get_Avatar:
db 0F 85 88 00 00 00

unregistersymbol(get_Avatar)

Errors also exist in the editable values, but it wont open a popup for the errors there.

Edit:

Pardon me, I was unaware it needed to be loaded at the main menu first

[29800020]

available OK

[Vaultjumper]

hey guys a word of warning I think if you use temporary scripts they might ban you.

[phillyphan66]

they ban you from playing with people and you cant get on leader boards

[Vividruin]

Is it possible to make an insta-monkey script? Like one that automatically triggers the r100 insta-monkey, or maybe one that lets you pick which one you'll get from it.