EDIT->UPDATED: Added Checksum Spoofer Bypass Method V2.0 (It has been improved! Wink The number of checksums to grab is no longer hard coded to 3 [See my second post in this thread for more info on other improvements])
Added Infinite Arrows v2.0 (for those of you that it didn't work before)
This is my Crysis 3 CT so far...
It doesn't contain any pointers, it has:
*2 Different Integrity Check Bypass Methods (Scripts that I wrote Wink neither one is the infinite loop method)
EDIT: Fixed the AOB for health! Should actually enable now! lol
JUST ADDED: *Infinite Health (for player only Very Happy) Thanks to DDS (♦ DarKDragonSlayer ♦)
*Kill Me hack (In case you get stuck / fall off of somewhere and don't die [/w infinite health enabled] [there is no restart from last checkpoint option])
*Infinite Ammo + No Reload
*Infinite Arrows
*Infinite Energy
JUST ADDED: *Infinite Cloak Time! Use the cloak for as long as you want! Must have infinite energy enabled also!
JUST ADDED: *Infinite NanoSuit Upgrades Don't get the heavy armor upgrade as it says slower movement speed, just use infinite health instead Wink[/b]
JUST ADDED: *Player Teleport Fly - Kind of like a no-clip, but based on coordinates relative to the map, rather then relative to your view angle... Upon enabling the script, then pressing F1 in game (toggles teleport fly on/off) it will lift you up into the air slightly, and you can 'fly' around using the WSAD keys, left shift to move you up, left control to move you down.
JUST ADDED: *Enemy Vac A fun one! Upon enabling the script, then pressing F2 in game (toggles the vac on/off) it vacs all enemies within the area to your current position and locks them in place! Move the vac around with the arrow keys and right control + right alt to move it up and down
To see what they are like view this video here: (although I've since then adjusted the fly and move speed to 0.2 by default as it was too hard to control before)
[Link]
Will be updating as I find more cheats! If anymore are even needed...
Instructions:
Enable one of the bypass methods first! (I recommend the second one on the CT, but try both if one or the other doesn't work for you)
If using the second bypass method, after enabling wait until 'ChecksumIndex' equals 3 before enabling any other cheats... (It has to capture the three valid Checksums before it's bypassing you)
If using the first bypass method, after enabling just wait between 1-2 minutes to know for certain it's in effect, then feel free to enable other cheats!
Enjoy Very Happy
EDIT: With the help of DDS (♦ DarKDragonSlayer ♦), I was able to track down the real health address, and find a location where only the player's health address passes through! It also contains the decryption key in the eax register (or +4 from the health address)
By finding the health percentage standard 4 byte value (when full health it's at 100) you can reverse from there, and pretty easily find an instruction that accesses the real health address at offset 24(which is a float value, which also happens to have a simple xor encryption on it (that's why you can't find it with increased/decreased scans)) It was only 2 returns into the call stack I believe...
Here's the health script contained in the updated CT:
Code:
//Crysis 3
//Infinite Health
//Steve Andrew /w Credit To: DDS (♦ DarKDragonSlayer ♦)
//Thanks for helping me DDS!
[enable]
alloc(InfiniteHealth,64)
aobscan(PlayerOnlyHealthAddress,8b 56 ? ? ? 89 54 24 ? 8b 01 d9 44 24)
label(PlayerOnlyHealthAddy)
label(HealthRet)
label(FullHealthValue)
registersymbol(PlayerOnlyHealthAddy)
InfiniteHealth:
mov edx,[FullHealthValue]
xor edx,eax //eax contains encryption/decryption key here
mov [esi+24],edx //copy encrypted full health to player health addy
xor edx,eax //have decrypted value in edx before jumping back
jmp HealthRet
FullHealthValue:
dd (float)1000
PlayerOnlyHealthAddress:
PlayerOnlyHealthAddy:
jmp InfiniteHealth
HealthRet:
[disable]
PlayerOnlyHealthAddy:
mov edx,[esi+24]
xor edx,eax
dealloc(InfiniteHealth)
unregistersymbol(PlayerOnlyHealthAddy)
Here's the player teleport fly script here so you can get an idea of how I pulled it off: (I found a value at offset d4 into the structure which contains the coordinates, that is only a certain value when it's the player, so that's how I was able to tell them apart)
Code:
//Crysis 3
//Teleport Fly Hack
//Steve Andrew
[enable]
alloc(TeleportFly,128)
alloc(KeyHandlerThread,256)
aobscan(TeleportFlyAddress,8b 4e 74 8b 56 78 8b 46 7c 89 4d ? 89 55 ? 89 45)
label(TeleportFlyAddy)
label(ExitKeyHandler)
label(ToggleOnOff)
label(TeleportFlyFullyDisabled)
label(TestKeyAndIncreaseDecreaseIfNeeded)
label(IncreaseIt)
label(NotPressed)
label(InitialLiftAmount)
label(FlySpeed)
label(TeleportFlyEnabled)
label(CurrentCoords)
label(AlreadyGotCoords)
label(TeleportRet)
createthread(KeyHandlerThread)
registersymbol(TeleportFlyAddy)
registersymbol(TeleportFlyFullyDisabled)
registersymbol(CurrentCoords)
registersymbol(FlySpeed)
TeleportFly:
mov edx,[esi+78]
mov eax,[esi+7c]
cmp [esi+d4],2 //Not player if it's not 2
jne TeleportRet
cmp [TeleportFlyEnabled],1
jne TeleportRet
cmp [CurrentCoords],0
jne AlreadyGotCoords
mov [CurrentCoords],ecx //X
mov [CurrentCoords+4],edx //Y
mov [CurrentCoords+8],eax //Z
fld dword ptr [CurrentCoords+8]
fadd dword ptr [InitialLiftAmount] //Lift you up a little bit to start
fstp dword ptr [CurrentCoords+8]
AlreadyGotCoords:
mov ecx,[CurrentCoords]
mov edx,[CurrentCoords+4]
mov eax,[CurrentCoords+8]
jmp TeleportRet
KeyHandlerThread:
push 0a
call Sleep
cmp [TeleportFlyFullyDisabled],1
je ExitKeyHandler
push 70 //F1
call GetAsyncKeyState
test ax,ax
jne ToggleOnOff
cmp [TeleportFlyEnabled],1
jne KeyHandlerThread
push CurrentCoords //X
push 1 //increase it if key is down
push 'D' //Key: 'D'
call TestKeyAndIncreaseDecreaseIfNeeded
push CurrentCoords //X
push 0 //decrease it if key is down
push 'A' //Key: 'A'
call TestKeyAndIncreaseDecreaseIfNeeded
push CurrentCoords+4 //Y
push 1
push 'W'
call TestKeyAndIncreaseDecreaseIfNeeded
push CurrentCoords+4 //Y
push 0
push 'S'
call TestKeyAndIncreaseDecreaseIfNeeded
push CurrentCoords+8 //Z
push 1
push a0 //Key: 'left shift'
call TestKeyAndIncreaseDecreaseIfNeeded
push CurrentCoords+8 //Z
push 0
push a2 //Key: 'left control'
call TestKeyAndIncreaseDecreaseIfNeeded
jmp KeyHandlerThread
ToggleOnOff:
xor eax,eax
mov [CurrentCoords],eax
xor [TeleportFlyEnabled],1
push 96
call Sleep
jmp KeyHandlerThread
ExitKeyHandler:
ret
//void __stdcall TestKeyAndIncDec(int Key, bool IncOrDec, float *pFloatValue)
TestKeyAndIncreaseDecreaseIfNeeded:
push ebp
mov ebp,esp
push [ebp+8] //Key
call GetAsyncKeyState
test ax,ax
je NotPressed
mov eax,[ebp+10] //Address of the coordinate
fld dword ptr [eax]
cmp [ebp+0c],1 //Increase or decrease it?
je IncreaseIt
fsub dword ptr [FlySpeed]
fstp dword ptr [eax]
jmp NotPressed
IncreaseIt:
fadd dword ptr [FlySpeed]
fstp dword ptr [eax]
NotPressed:
mov esp,ebp
pop ebp
ret 0c
TeleportFlyEnabled:
dd 0
TeleportFlyFullyDisabled:
dd 0
FlySpeed:
dd (float)0.2
InitialLiftAmount:
dd (float)5
CurrentCoords:
dd 0 0 0
TeleportFlyAddress+3:
TeleportFlyAddy:
jmp TeleportFly
nop
TeleportRet:
[disable]
TeleportFlyAddy:
mov edx,[esi+78]
mov eax,[esi+7c]
TeleportFlyFullyDisabled:
dd 1
dealloc(TeleportFly)
unregistersymbol(TeleportFlyAddy)
unregistersymbol(TeleportFlyFullyDisabled)
unregistersymbol(CurrentCoords)
unregistersymbol(FlySpeed)
If while using the infinite health script, you get stuck after falling off into water for example (as shown in this image) where you were supposed to die normally, then enable the 'Kill Me' script! then disable it right away, then in game it will say low energy / health critical (you are really dead though) press escape as if bringing up the menu and you will respawn Very Happy
Stuck in the water on the bottom of the map, an ideal place to use the 'Kill Me' script:
How to use this cheat table?
- Install Cheat Engine
- Double-click the .CT file in order to open it.
- Click the PC icon in Cheat Engine in order to select the game process.
- Keep the list.
- Activate the trainer options by checking boxes or setting values from 0 to 1