Can you make an infinite energy script?cfemen wrote: ↑Fri Jul 24, 2020 3:37 pmwell, changing health value crashes the game and all strings are obfuscated.
its not their first game with custom anti-cheat,looks like Devolver Digital really hates modding/cheating...
//
i've reversed how it works and made a proper god mode for the steam version(works also for the windows-store version)
edit:
+added a "stupid enemies" script.
+new god mode(no physic effects on the bio-mass while getting hit)
//
really funny how much shit is accessing the health value...
Carrion Game Pass version
-
- Noobzor
- Posts: 7
- Joined: Mon Jul 27, 2020 2:04 pm
- Reputation: 8
Re: Carrion Game Pass version
Re: Carrion Game Pass version
Oh, I haven't gotten to any other abilities yet. This game is a pain in the ass and super time consuming.Gabe.Newell wrote: ↑Mon Jul 27, 2020 2:09 pmYour script only works for invisibilityRhark wrote: ↑Mon Jul 27, 2020 1:34 amInfinite EnergyCode: Select all
[ENABLE] aobscanmodule(energy,Carrion.exe,29 78 10 B8 01 00 00 00 48 83 C4 28 5E 5F C3 48) // should be unique energy: db 90 90 90 registersymbol(energy) [DISABLE] energy: db 29 78 10 unregistersymbol(energy)
-
- Noobzor
- Posts: 7
- Joined: Mon Jul 27, 2020 2:04 pm
- Reputation: 8
Re: Carrion Game Pass version
This MOD is works,His compressed package"lab. JSON" is extracted and replaces the source files in your \Content\Levels directory
Re: Carrion Game Pass version
that's weird, is there no content folder in the GOG version ?
and if there is can you find other level files in Carrion\Content\Levels ?
and if you can: can your read the text in it when you open the level files with a text editor?
Re: Carrion Game Pass version
well, was just an obervation from my experience with Devolver Digital games (obscured vars, hash checks) or other methods to try prevent cheating.
this game is a exception that allows changing the .jsons
hmm...not sure if i will spend more time with this game...
yes, at first i did a thread to call the "body-generator" function and added it to the player struct, but eventually changed that to a Super Mass script.killerkrok555 wrote: ↑Sat Jul 25, 2020 5:07 pmDo you think there is a way to change the mass by baypassing the anti cheat?
or you can find another way
that script causes that you can get a huge amount of new body parts, it also bypasses the max. limit(if you eat enemies)
(extreme) example:
didn't test it through the entire game, but if someone wants to play with it, its uploaded in a table at my first post.
im done with the game....
Re: Carrion Game Pass version
There are 3 places in the code for the energy, each for the different powers.
Here is the complete script:
Tested with the Xbox Live version.
I noticed one problem: in the last minutes of the game when you have reached your "final form" (don't want to spoil more), when I disabled the scripts (including god mode), the game crashed.
This shouldn't be a problem since its the end of the game anyway and it doesn't hurt to leave the cheats on, but I wanted to mention it.
Here is the complete script:
Tested with the Xbox Live version.
I noticed one problem: in the last minutes of the game when you have reached your "final form" (don't want to spoil more), when I disabled the scripts (including god mode), the game crashed.
This shouldn't be a problem since its the end of the game anyway and it doesn't hurt to leave the cheats on, but I wanted to mention it.
Code: Select all
[ENABLE]
aobscanmodule(aobCheckStealth,Carrion.exe,29 78 10 B8 01 00 00 00 48 83 C4 28 5E 5F C3 48 8B 46 28)
aobscanmodule(aobCheckSpikes,Carrion.exe,EB 06 83 41 10 D8 EB 07)
aobscanmodule(aobCheckArmor,Carrion.exe,F3 0F 2C C0 89 47 10 48 8B 86 E0 00 00 00)
aobCheckStealth:
db 90 90 90
aobCheckSpikes:
db EB 06 90 90 90 90 EB 07
aobCheckArmor:
db F3 0F 2C C0 90 90 90 48 8B 86 E0 00 00 00
registersymbol(aobCheckStealth)
registersymbol(aobCheckSpikes)
registersymbol(aobCheckArmor)
[DISABLE]
aobCheckStealth:
db 29 78 10
aobCheckSpikes:
db EB 06 83 41 10 D8 EB 07
aobCheckArmor:
db F3 0F 2C C0 89 47 10 48 8B 86 E0 00 00 00
unregistersymbol(aobCheckStealth)
unregistersymbol(aobCheckSpikes)
unregistersymbol(aobCheckArmor)
Re: Carrion Game Pass version
I'm not sure that (or at least all of it) is actually deliberate obfuscation/anti-cheat or even the developers doing.cfemen wrote: ↑Fri Jul 24, 2020 3:37 pmwell, changing health value crashes the game and all strings are obfuscated.
its not their first game with custom anti-cheat,looks like Devolver Digital really hates modding/cheating...
i've reversed how it works and made a proper god mode for the steam version(works also for the windows-store version)
really funny how much shit is accessing the health value...
This thing is compiled with .NET Core 3.1 (as opposed to the regular .NET which is normally quite moddable as you can decompile the assemblies). From my limited poking around it does some weird stuff to executables. I make a "hello world" program, the produced dll seemed normal and I could find the string (as widechar utf16), but when I turned it into a executable (with trimmed and single self contained binary) I could no longer find the hello world string. Now I know I wasn't running any obfuscation stuff. I put in some 'magic numbers' like a loop that ran 13371337 iterations and couldn't find them in there either.
Poking through it with a hex editor I noticed it was also inserting some kind of a randomly generated word soup into the binary with broken fragments of html and so on.
I think there is a few things going on under the hood. Some precompiled native stuff mixed with JIT bytecode. The actual executable might be compressed and uncompressed in memory at runtime or some crap. And some security stuff to prevent buffer overflows such as guard values.
Re: Carrion Game Pass version
Hi H3g3m0n,H3g3m0n wrote: ↑Sun Aug 02, 2020 8:12 am
I'm not sure that (or at least all of it) is actually deliberate obfuscation/anti-cheat or even the developers doing.
This thing is compiled with .NET Core 3.1 (as opposed to the regular .NET which is normally quite moddable as you can decompile the assemblies). From my limited poking around it does some weird stuff to executables. I make a "hello world" program, the produced dll seemed normal and I could find the string (as widechar utf16), but when I turned it into a executable (with trimmed and single self contained binary) I could no longer find the hello world string. Now I know I wasn't running any obfuscation stuff. I put in some 'magic numbers' like a loop that ran 13371337 iterations and couldn't find them in there either.
Poking through it with a hex editor I noticed it was also inserting some kind of a randomly generated word soup into the binary with broken fragments of html and so on.
I think there is a few things going on under the hood. Some precompiled native stuff mixed with JIT bytecode. The actual executable might be compressed and uncompressed in memory at runtime or some crap. And some security stuff to prevent buffer overflows such as guard values.
you have a really good point with .NET Core (i never used it or have seen it in a game before)
made some tests:
simple console application that writes a "Testy" string with Console.WriteLine
compiling/publishing created a executable and a DLL
Executable is precompiled
DLL contains the C# code
Executable loops native code,then jumps to JIT code from the DLL and then again native code to call the Console.WriteLine(System.Console)
JIT Code:
the call leads to this:
system.console is precompiled code:
Call 7FFEFC6F1950 = Console.dll+1950 - precompiled
you can see my "Testy" as wstring in the dump( RDX address) - i found my string with a UTF-16 search with cheat engine.
x64dbg or cheat engines referenced strings search didn't find it.
//
hmm the strange thing is that Carrion never jumped into JIT generated code, and i didn't find the DLL that contains JIT code (but i didn't look into it too much, already uninstalled the game)
//
also strange that you didn't find the string as UTF 16 , do you have a DLL and EXE like me in your compiled test? i have a feeling that you only have a EXE without DLL.
Edit:
for my test i've used Visual Studio 2017 coz i have problems with Visual Studio 2019 and Unity...VS 2017 only supports .NET Core 2.1
i guess this could be an explanation why we have different results for the strings.
will maybe later if i have more time install VS 2019 and compile some .NET Core 3.1 stuff to analyze it.
Re: Carrion Game Pass version
game use monogame+NativeAOTcfemen wrote: ↑Sun Aug 02, 2020 3:02 pmHi H3g3m0n,H3g3m0n wrote: ↑Sun Aug 02, 2020 8:12 am
I'm not sure that (or at least all of it) is actually deliberate obfuscation/anti-cheat or even the developers doing.
This thing is compiled with .NET Core 3.1 (as opposed to the regular .NET which is normally quite moddable as you can decompile the assemblies). From my limited poking around it does some weird stuff to executables. I make a "hello world" program, the produced dll seemed normal and I could find the string (as widechar utf16), but when I turned it into a executable (with trimmed and single self contained binary) I could no longer find the hello world string. Now I know I wasn't running any obfuscation stuff. I put in some 'magic numbers' like a loop that ran 13371337 iterations and couldn't find them in there either.
Poking through it with a hex editor I noticed it was also inserting some kind of a randomly generated word soup into the binary with broken fragments of html and so on.
I think there is a few things going on under the hood. Some precompiled native stuff mixed with JIT bytecode. The actual executable might be compressed and uncompressed in memory at runtime or some crap. And some security stuff to prevent buffer overflows such as guard values.
you have a really good point with .NET Core (i never used it or have seen it in a game before)
made some tests:
simple console application that writes a "Testy" string with Console.WriteLine
compiling/publishing created a executable and a DLL
Executable is precompiled
DLL contains the C# code
Executable loops native code,then jumps to JIT code from the DLL and then again native code to call the Console.WriteLine(System.Console)
JIT Code:
the call leads to this:
system.console is precompiled code:
Call 7FFEFC6F1950 = Console.dll+1950 - precompiled
you can see my "Testy" as wstring in the dump( RDX address) - i found my string with a UTF-16 search with cheat engine.
x64dbg or cheat engines referenced strings search didn't find it.
//
hmm the strange thing is that Carrion never jumped into JIT generated code, and i didn't find the DLL that contains JIT code (but i didn't look into it too much, already uninstalled the game)
//
also strange that you didn't find the string as UTF 16 , do you have a DLL and EXE like me in your compiled test? i have a feeling that you only have a EXE without DLL.
Edit:
for my test i've used Visual Studio 2017 coz i have problems with Visual Studio 2019 and Unity...VS 2017 only supports .NET Core 2.1
i guess this could be an explanation why we have different results for the strings.
will maybe later if i have more time install VS 2019 and compile some .NET Core 3.1 stuff to analyze it.