Carrion Game Pass version

Ask about cheats/tables for single player games here
Gabe.Newell
Noobzor
Noobzor
Posts: 7
Joined: Mon Jul 27, 2020 2:04 pm
Reputation: 8

Re: Carrion Game Pass version

Post by Gabe.Newell »

cfemen wrote:
Fri Jul 24, 2020 3:37 pm
well, changing health value crashes the game and all strings are obfuscated.
its not their first game with custom anti-cheat,looks like Devolver Digital really hates modding/cheating...

//

i've reversed how it works and made a proper god mode for the steam version(works also for the windows-store version)

edit:
+added a "stupid enemies" script.
+new god mode(no physic effects on the bio-mass while getting hit)

//
really funny how much shit is accessing the health value...
Can you make an infinite energy script?

User avatar
Rhark
Expert Cheater
Expert Cheater
Posts: 3473
Joined: Tue Apr 16, 2019 1:27 am
Reputation: 1395

Re: Carrion Game Pass version

Post by Rhark »

Gabe.Newell wrote:
Mon Jul 27, 2020 2:09 pm
Rhark wrote:
Mon Jul 27, 2020 1:34 am
Infinite Energy

Code: Select all

[ENABLE]

aobscanmodule(energy,Carrion.exe,29 78 10 B8 01 00 00 00 48 83 C4 28 5E 5F C3 48) // should be unique

energy:
  db 90 90 90
registersymbol(energy)

[DISABLE]

energy:
  db 29 78 10

unregistersymbol(energy)
Your script only works for invisibility
Oh, I haven't gotten to any other abilities yet. This game is a pain in the ass and super time consuming.

Gabe.Newell
Noobzor
Noobzor
Posts: 7
Joined: Mon Jul 27, 2020 2:04 pm
Reputation: 8

Re: Carrion Game Pass version

Post by Gabe.Newell »

TemptingIcarus wrote:
Mon Jul 27, 2020 2:44 am
thewibi77 wrote:
Sun Jul 26, 2020 12:54 am
btw if you want to have all the abilities at the start of the game here is a mod i made i put all the ability jars in the first room of the game
just backup your Files if you care and extract Content.rar in your game directory
Mod doesn't work for me, I got the GOG version.
This MOD is works,His compressed package"lab. JSON" is extracted and replaces the source files in your \Content\Levels directory

thewibi77
Novice Cheater
Novice Cheater
Posts: 16
Joined: Thu Oct 12, 2017 8:33 pm
Reputation: 5

Re: Carrion Game Pass version

Post by thewibi77 »

TemptingIcarus wrote:
Mon Jul 27, 2020 2:44 am
thewibi77 wrote:
Sun Jul 26, 2020 12:54 am
btw if you want to have all the abilities at the start of the game here is a mod i made i put all the ability jars in the first room of the game
just backup your Files if you care and extract Content.rar in your game directory
Mod doesn't work for me, I got the GOG version.
that's weird, is there no content folder in the GOG version ?

and if there is can you find other level files in Carrion\Content\Levels ?
and if you can: can your read the text in it when you open the level files with a text editor?

User avatar
cfemen
RCE Fanatics
RCE Fanatics
Posts: 900
Joined: Fri Feb 15, 2019 5:45 pm
Reputation: 1714

Re: Carrion Game Pass version

Post by cfemen »

thewibi77 wrote:
Sun Jul 26, 2020 12:42 am

i doubt the devs hate modding as much as you say because the levels and a lot of other stuff is in plain text in the game files
well, was just an obervation from my experience with Devolver Digital games (obscured vars, hash checks) or other methods to try prevent cheating.
this game is a exception that allows changing the .jsons :)
Gabe.Newell wrote:
Mon Jul 27, 2020 2:13 pm
Can you make an infinite energy script?
hmm...not sure if i will spend more time with this game...
killerkrok555 wrote:
Sat Jul 25, 2020 5:07 pm
Do you think there is a way to change the mass by baypassing the anti cheat?
or you can find another way
yes, at first i did a thread to call the "body-generator" function and added it to the player struct, but eventually changed that to a Super Mass script.
that script causes that you can get a huge amount of new body parts, it also bypasses the max. limit(if you eat enemies)

(extreme) example:
Image

didn't test it through the entire game, but if someone wants to play with it, its uploaded in a table at my first post.
im done with the game....

ShaneRR
Noobzor
Noobzor
Posts: 7
Joined: Fri Jun 05, 2020 5:51 pm
Reputation: 1

Re: Carrion Game Pass version

Post by ShaneRR »

There are 3 places in the code for the energy, each for the different powers.
Here is the complete script:

Tested with the Xbox Live version.
I noticed one problem: in the last minutes of the game when you have reached your "final form" (don't want to spoil more), when I disabled the scripts (including god mode), the game crashed.
This shouldn't be a problem since its the end of the game anyway and it doesn't hurt to leave the cheats on, but I wanted to mention it.

Code: Select all

[ENABLE]

aobscanmodule(aobCheckStealth,Carrion.exe,29 78 10 B8 01 00 00 00 48 83 C4 28 5E 5F C3 48 8B 46 28)
aobscanmodule(aobCheckSpikes,Carrion.exe,EB 06 83 41 10 D8 EB 07)
aobscanmodule(aobCheckArmor,Carrion.exe,F3 0F 2C C0 89 47 10 48 8B 86 E0 00 00 00)

aobCheckStealth:
  db 90 90 90

aobCheckSpikes:
  db EB 06 90 90 90 90 EB 07

aobCheckArmor:
  db F3 0F 2C C0 90 90 90 48 8B 86 E0 00 00 00

registersymbol(aobCheckStealth)
registersymbol(aobCheckSpikes)
registersymbol(aobCheckArmor)

[DISABLE]

aobCheckStealth:
  db 29 78 10

aobCheckSpikes:
  db EB 06 83 41 10 D8 EB 07

aobCheckArmor:
  db F3 0F 2C C0 89 47 10 48 8B 86 E0 00 00 00

unregistersymbol(aobCheckStealth)
unregistersymbol(aobCheckSpikes)
unregistersymbol(aobCheckArmor)

H3g3m0n
What is cheating?
What is cheating?
Posts: 1
Joined: Sun Aug 02, 2020 7:46 am
Reputation: 1

Re: Carrion Game Pass version

Post by H3g3m0n »

cfemen wrote:
Fri Jul 24, 2020 3:37 pm
well, changing health value crashes the game and all strings are obfuscated.
its not their first game with custom anti-cheat,looks like Devolver Digital really hates modding/cheating...

i've reversed how it works and made a proper god mode for the steam version(works also for the windows-store version)

really funny how much shit is accessing the health value...
I'm not sure that (or at least all of it) is actually deliberate obfuscation/anti-cheat or even the developers doing.

This thing is compiled with .NET Core 3.1 (as opposed to the regular .NET which is normally quite moddable as you can decompile the assemblies). From my limited poking around it does some weird stuff to executables. I make a "hello world" program, the produced dll seemed normal and I could find the string (as widechar utf16), but when I turned it into a executable (with trimmed and single self contained binary) I could no longer find the hello world string. Now I know I wasn't running any obfuscation stuff. I put in some 'magic numbers' like a loop that ran 13371337 iterations and couldn't find them in there either.

Poking through it with a hex editor I noticed it was also inserting some kind of a randomly generated word soup into the binary with broken fragments of html and so on.

I think there is a few things going on under the hood. Some precompiled native stuff mixed with JIT bytecode. The actual executable might be compressed and uncompressed in memory at runtime or some crap. And some security stuff to prevent buffer overflows such as guard values.

User avatar
cfemen
RCE Fanatics
RCE Fanatics
Posts: 900
Joined: Fri Feb 15, 2019 5:45 pm
Reputation: 1714

Re: Carrion Game Pass version

Post by cfemen »

H3g3m0n wrote:
Sun Aug 02, 2020 8:12 am

I'm not sure that (or at least all of it) is actually deliberate obfuscation/anti-cheat or even the developers doing.

This thing is compiled with .NET Core 3.1 (as opposed to the regular .NET which is normally quite moddable as you can decompile the assemblies). From my limited poking around it does some weird stuff to executables. I make a "hello world" program, the produced dll seemed normal and I could find the string (as widechar utf16), but when I turned it into a executable (with trimmed and single self contained binary) I could no longer find the hello world string. Now I know I wasn't running any obfuscation stuff. I put in some 'magic numbers' like a loop that ran 13371337 iterations and couldn't find them in there either.

Poking through it with a hex editor I noticed it was also inserting some kind of a randomly generated word soup into the binary with broken fragments of html and so on.

I think there is a few things going on under the hood. Some precompiled native stuff mixed with JIT bytecode. The actual executable might be compressed and uncompressed in memory at runtime or some crap. And some security stuff to prevent buffer overflows such as guard values.
Hi H3g3m0n,

you have a really good point with .NET Core (i never used it or have seen it in a game before)

made some tests:
simple console application that writes a "Testy" string with Console.WriteLine
compiling/publishing created a executable and a DLL
Executable is precompiled
DLL contains the C# code

Executable loops native code,then jumps to JIT code from the DLL and then again native code to call the Console.WriteLine(System.Console)

JIT Code:
Image

the call leads to this:
Image

system.console is precompiled code:

Image

Call 7FFEFC6F1950 = Console.dll+1950 - precompiled

you can see my "Testy" as wstring in the dump( RDX address) - i found my string with a UTF-16 search with cheat engine.
x64dbg or cheat engines referenced strings search didn't find it.

//

hmm the strange thing is that Carrion never jumped into JIT generated code, and i didn't find the DLL that contains JIT code (but i didn't look into it too much, already uninstalled the game)

//

also strange that you didn't find the string as UTF 16 , do you have a DLL and EXE like me in your compiled test? i have a feeling that you only have a EXE without DLL.

Edit:
for my test i've used Visual Studio 2017 coz i have problems with Visual Studio 2019 and Unity...VS 2017 only supports .NET Core 2.1
i guess this could be an explanation why we have different results for the strings.
will maybe later if i have more time install VS 2019 and compile some .NET Core 3.1 stuff to analyze it.

User avatar
mochongli
Expert Cheater
Expert Cheater
Posts: 82
Joined: Wed Apr 22, 2020 7:36 pm
Reputation: 97

Re: Carrion Game Pass version

Post by mochongli »

cfemen wrote:
Sun Aug 02, 2020 3:02 pm
H3g3m0n wrote:
Sun Aug 02, 2020 8:12 am

I'm not sure that (or at least all of it) is actually deliberate obfuscation/anti-cheat or even the developers doing.

This thing is compiled with .NET Core 3.1 (as opposed to the regular .NET which is normally quite moddable as you can decompile the assemblies). From my limited poking around it does some weird stuff to executables. I make a "hello world" program, the produced dll seemed normal and I could find the string (as widechar utf16), but when I turned it into a executable (with trimmed and single self contained binary) I could no longer find the hello world string. Now I know I wasn't running any obfuscation stuff. I put in some 'magic numbers' like a loop that ran 13371337 iterations and couldn't find them in there either.

Poking through it with a hex editor I noticed it was also inserting some kind of a randomly generated word soup into the binary with broken fragments of html and so on.

I think there is a few things going on under the hood. Some precompiled native stuff mixed with JIT bytecode. The actual executable might be compressed and uncompressed in memory at runtime or some crap. And some security stuff to prevent buffer overflows such as guard values.
Hi H3g3m0n,

you have a really good point with .NET Core (i never used it or have seen it in a game before)

made some tests:
simple console application that writes a "Testy" string with Console.WriteLine
compiling/publishing created a executable and a DLL
Executable is precompiled
DLL contains the C# code

Executable loops native code,then jumps to JIT code from the DLL and then again native code to call the Console.WriteLine(System.Console)

JIT Code:
Image

the call leads to this:
Image

system.console is precompiled code:

Image

Call 7FFEFC6F1950 = Console.dll+1950 - precompiled

you can see my "Testy" as wstring in the dump( RDX address) - i found my string with a UTF-16 search with cheat engine.
x64dbg or cheat engines referenced strings search didn't find it.

//

hmm the strange thing is that Carrion never jumped into JIT generated code, and i didn't find the DLL that contains JIT code (but i didn't look into it too much, already uninstalled the game)

//

also strange that you didn't find the string as UTF 16 , do you have a DLL and EXE like me in your compiled test? i have a feeling that you only have a EXE without DLL.

Edit:
for my test i've used Visual Studio 2017 coz i have problems with Visual Studio 2019 and Unity...VS 2017 only supports .NET Core 2.1
i guess this could be an explanation why we have different results for the strings.
will maybe later if i have more time install VS 2019 and compile some .NET Core 3.1 stuff to analyze it.
game use monogame+NativeAOT

Post Reply

Who is online

Users browsing this forum: Neobleak, sookaroo2