Can't update old script for GHOST MODE function in ASPHALT 9: LEGENDS v1.2.4a - Please Help!

[MartaLabieniec]

Hello.

Can someone help me hack again the GHOST MODE function in ASPHALT 9: LEGENDS game in 1.2.4a version? (Windows 10 Play Store)

I can't update old script for GHOST MODE in this game, here it is old script :

Code: Select all

[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
 
newmem:
 
originalcode:
mov [edi+00002228],01
 
exit:
jmp returnhere
 
"Asphalt9_w10_x86_rtl.exe"+3040D1:
jmp newmem
nop
returnhere:
 
 
[DISABLE]
dealloc(newmem)
"Asphalt9_w10_x86_rtl.exe"+3040D1:
mov [edi+00002228],al
//Alt: db 88 87 28 22 00 00
 
{
// ORIGINAL CODE - INJECTION POINT: "Asphalt9_w10_x86_rtl.exe"+3040D1
 
"Asphalt9_w10_x86_rtl.exe"+3040B5: 75 11                 -  jne Asphalt9_w10_x86_rtl.exe+3040C8
"Asphalt9_w10_x86_rtl.exe"+3040B7: 8B CE                 -  mov ecx,esi
"Asphalt9_w10_x86_rtl.exe"+3040B9: E8 61 0C D3 FF        -  call Asphalt9_w10_x86_rtl.exe+34D1F
"Asphalt9_w10_x86_rtl.exe"+3040BE: 80 78 05 00           -  cmp byte ptr [eax+05],00
"Asphalt9_w10_x86_rtl.exe"+3040C2: 75 04                 -  jne Asphalt9_w10_x86_rtl.exe+3040C8
"Asphalt9_w10_x86_rtl.exe"+3040C4: 33 C0                 -  xor eax,eax
"Asphalt9_w10_x86_rtl.exe"+3040C6: EB 03                 -  jmp Asphalt9_w10_x86_rtl.exe+3040CB
"Asphalt9_w10_x86_rtl.exe"+3040C8: 33 C0                 -  xor eax,eax
"Asphalt9_w10_x86_rtl.exe"+3040CA: 40                    -  inc eax
"Asphalt9_w10_x86_rtl.exe"+3040CB: 8D B7 68 05 00 00     -  lea esi,[edi+00000568]
// ---------- INJECTING HERE ----------
"Asphalt9_w10_x86_rtl.exe"+3040D1: 88 87 28 22 00 00     -  mov [edi+00002228],al
// ---------- DONE INJECTING  ----------
"Asphalt9_w10_x86_rtl.exe"+3040D7: 8B CE                 -  mov ecx,esi
"Asphalt9_w10_x86_rtl.exe"+3040D9: E8 1D 55 02 00        -  call Asphalt9_w10_x86_rtl.exe+3295FB
"Asphalt9_w10_x86_rtl.exe"+3040DE: 80 BF 60 05 00 00 00  -  cmp byte ptr [edi+00000560],00
"Asphalt9_w10_x86_rtl.exe"+3040E5: 74 4B                 -  je Asphalt9_w10_x86_rtl.exe+304132
"Asphalt9_w10_x86_rtl.exe"+3040E7: 8B 87 58 01 00 00     -  mov eax,[edi+00000158]
"Asphalt9_w10_x86_rtl.exe"+3040ED: 8D 8F 58 01 00 00     -  lea ecx,[edi+00000158]
"Asphalt9_w10_x86_rtl.exe"+3040F3: 8B 40 0C              -  mov eax,[eax+0C]
"Asphalt9_w10_x86_rtl.exe"+3040F6: 03 C8                 -  add ecx,eax
"Asphalt9_w10_x86_rtl.exe"+3040F8: 8B 01                 -  mov eax,[ecx]
"Asphalt9_w10_x86_rtl.exe"+3040FA: FF 50 10              -  call dword ptr [eax+10]
}

How I found this function?
I was using 4-byte Search and search for 0 value when the car after crash was not cover by lights, and I was searching for 1 value when the car after crash was covered by lights - and then I was able to find one address or some addresses with the function of the GHOST MODE enabled.

Now in the newest version, I can't find it anymore - I don't know why...
But I saw and recorded a gameplay for MultiPlayer Race that someone hacked it again but now, instead of BLUE LIGHTS when the GHOST MODE is enabled, now are RED LIGHTS when GHOST MODE is enabled. Why? Please watch this video --> [Link]

GHOST MODE means you are a "ghost" to other cars and noone can knock you down.

Thank you for your help.
Best Regards.

[fantomas]

Hi

I do not have that game but according to that code you pasted, your value can be find here

"Asphalt9_w10_x86_rtl.exe"+3040D1: 88 87 28 22 00 00 - mov [edi+00002228],al

I guess there are many chances that the offset (0x2228) changed since that last update so you'll have to be a little bit tricky to find the right opcode.

Make a search for an array of bytes and put something like this:

88 87 * * 00 00 but there is a million chance that you end up with several hundred (maybe more) matches, so retry with something like that:

88 87 * * 00 00 8B CE and so on until you end up with just one match. That will be your new code.