Sethioz Industries Forum

[Sethioz]

UPDATE: about year ago i opened Knowledge Database (wiki) with lot of hacking articles in it. Start from wiki if you dont know what tools to use or how to use them. my wiki has lot of detailed articles with tutorials and examples.

* Also read MMO Hacking Extended by ronokae


Lately a lot of ppl have asked me about MMO game hacking (runescape, last chaos, archlord, ragnarok..etc). So i tought i will post a basic guide on how you can probably hack most MMO games.
As far as i know, all MMO games have some kind of magic powers or force powers in it and also they have levels and different level spells.
also they all have money/credits (gold, stone..whtever).
The reason why its way harder to hack MMO game, is because most things are controlled by server.

////////////////////////////////////////////////////////////////////////////////////////

If some links are not working or if you do not know how to use those tools, then visit my Knowledge Database and search for articles like "basic game hacking" "unlimited ammo hack" "time hacking" and other hack related terms, there are lots of good articles, which will explain in detail how to use hack tools in order to hack games.
It is VERY important that you visit knowledge database first and read the articles on how to hack games.

knowledge database also includes detailed articles about each and every tool listed, including tool itself (download) so plz visit knowledge database before asking stupid things.

////////////////////////////////////////////////////////////////////////////////////////

In other online games, health, ammo, money and such are only controlled by server, but in MMOs:
server usually controls health, ammo, money, damage, weapons, levels, speed, attack speed..etc. This is because you will become stronger and faster when you gain levels. Now think what if you can simply change your level (or any other thing that comes with level), it would be too easy and it would be a total fail if its so easy to simply change things.

There's still lot of things you can do and here's few tips and hints and tools.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------


So far only MMO i have hacked and tried to hack is Last Chaos. In Last Chaos it was possible to change attack speed and run speed too. Also animation to get instant spells. That was all done with a memory editor (i used Tsearch).

Some MMO games have anti-cheat system. so you can't use normal memory editors, then you need a stealth memory editior. here's few memory editors:

Normal Memory Editors:
Tsearch - my favorite.
ArtMoney - good for searching text values and ALL types (float, byte, double..etc)
Cheat Engine - not so easy to use and also glitches, but sometimes it finds values that Tsearch doesn't

Stealth Memory Editors:
Kiki
GhostKiller
MoonLight
Artmoney Pro/Vip edition also work on some.

Stealth memory editors may not be enought to hack games protected wtih some anti-hack system. Im quite sure that if nothing helps, then SoftIce is only program that can defeat any anti-hack system. SoftIce is a driver debugger actually. it was designed to debug windows drivers, so it means it runs "under" windows. even windows can't detect its presence. So in theory anti-hack systems can't detect it. I haven't tried it on games myself, so im not sure.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------


It's also possible to use packet editors to hack MMO games. Basically what you can do:
for example you can replace level1 magic with level90 magic (even when you still level1). it CAN be done with memory editor too, but its extremely hard to find right spot.

Let me explain:
When you do level 1 magic, then your client (game) sends a packet to server that tells server that you did level 1 magic. Lets say that this part where it says its level 1 magic looks like this:
"00 01 0C BD F1 CA" This is in HEX. You simply record the packet and then examine it. (i never said its easy)
Now you have sniffed out the level 1 magic.
you do level 2 magic and see that packet is same, execpt one part:
"00 02 0C BD F1 CA" - ofcourse it is NOT 01 02 03 probably. so you have to examine packets more, it is just a easy example.
so now you know that second byte in that HEX string tells server which level magic you do. Now you simply replace it and make it look like this:
"00 5A 0C BD F1 CA" - now when you send this packet, game tells server that you did level 90 magic (5A in HEX is 90 in DEC, you can use WINDOWS calculator to convert between HEX and DEC, simply type in value and then click either on HEX or DEC. you need scientific mode !!!)

Now you can make a permanent filter to always get level 90 magic. Here's some packet tools and editors:

WPE Pro - most popular tool i guess. theres lot of tutorials that use this, but WPE Pro sucks actually.
CommView - my favorite packet tool, but it can't make the replace filter which is required for such game hacking.
Proxocket - this is awsome tool. Made by Luigi. it is a .dll proxy, which allows you to capture packets and also edit them on the fly. It also allows you to block ips and ports or bind network adapters. It can be used to make permanent filters for MMO games. it is quite hard to use. you need to manually compile it as .dll to make a filter, but once you know how to compile, then you see that it is 100 times better than wpe pro.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

So where do i start ??
well really can't tell you like this, but you may want to read Basic game hacking to better understand how memory tools work and then try to search and edit something (like speed in last chaos). you may also want to check Last Chaos hacks topic and see what can be done there, using memory tools.

as about packet editing. as i said. you have to capture packets and then examine them closely and see where the difference is. You can use WPE pro to test your stuff out. in WPE pro you can right click and packet into send list, then you can resend it and see if you get the same effect as you did when you made this action in game (magic, spell..whtever). if this works, then you can try to edit that packet and then resend and see if it has different effect. analyzing packets like this can be pain in the ass sometimes.
If you have found what you looking for and need a simple replace filter (replace "test" with "blah") for example, then you can post it here and i can make it with proxocket and post the .dll filter.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[wolfguardiann]

hey , good post seth , i love yr tutorials , ure a master coder! ahahaha, hey , im trying to make a flyhack on an mmorpg , ok, BUT , everytime i play the game the address that is responsable to the Y coordinate( The Y that is the coord to UP , X = front Z = Back) , everytime i get it , i logout and its another adress , course , its an online game, but , how can i get the adress or pointer to always get the flyhack adress , so i dont nee to start all the process of searching the adress and sheet ?

theres is acctuly an problem when i do the debuggingpart , cuz , the game freezes , even whit olly debbuger ... , what do i do ?

[Sethioz]

you need to find breakpoint for it, either using memory editor like tsearch or olly.
game doesnt freeze, olly pauses game when you attach it to process.
try this article Breakpoints and NOP
if you still dont understand, let me know.

[wolfguardiann]

yeah i got it , i understood all , the problem is , every time i logogut of change character , make an logout action, it changes the "fly hack " adrees once i found it ( using tSearch ) , so then i get the adress , open olly and attach and sheet , good , hen i go to the part where u need to "Go to Adress" i found the adress ok , here is the problem , what do i do now ? cuz , i tryed getting the patched number or these things , just like to make a trainer but , i wasnt going to make it , just getting the adress so i can use the flyhck whitout making the find adress . next , bla bla ,

the second problem is , when i attach olly debugger , the game " pause" like u said , and i unpause clicking on the blue arrows ( like yr tutorial on the olink u send showed) but , the game stop responding and everything i did crashs ... but , sometimes it go ok , but, the question , the central part is this ;

How do i get the adrees to the flyhack , whitout need to search for it again when i restart the game , cuz its a mmorpg , and the adress changes , isnt compared to offline , SP games , in which is much easier , the question is there ,

Thank you very much for this support , asu know , game hacking is hard, even on mmo's , cuz adress changes, and MOst of the games have an anti-hack program , such the game called " The duel " or dofus ( i dont plsaay both , just giving examples :P ) to make a bypass is something UNKNOW to me , i dont even know where to start to make an anti-hack program bypass ... i only know that u need some DLLs to do this , but HOW? aaahahaha , well anyways , the question is there , the confusion part too ,

Tyvm gl , and keep on the awesome job , love this site/forum , i hope i keep up here for a long time, ure sure a good coder , and thats not easy to find.

Keep up the good job! 10/10 to u!

[Sethioz]

it is not cuz its mmo or cuz it has some anti-hack thingy. its called DMA (dynamic memory allocation). this is why you need to find the breakpoint.
you dont find the address, you write your own code and change the values before they get written on that address.

take a look into resident evil 5 hacks or aliens vs predator 2010 hacks. both threads are under game hacks obviously.
you can get an idea how to write easywrite script in tsearch.

if you still cant do it, do this :

in tsearch, once you have found the breakpoint. highlight it in autohack window.
click on "disassembler" tab (it is in autohack window, at bottom).
now highlight the top line, then move up about 3-4 times using UP arrow on keyboard.
now move back down using DOWN arrow.
if breakpoint stays same and you can move back to it, good, make a screenshot of it.
if it changes, it means that tsearch broke in middle of function (nothing wrong with this).
go to the closest address. if your breakpoint was 12305 and changed is 12300, then make screenshot of that.
this is not changing actually, it just moves to a full function if you move up, i just need to know if its in middle of function or not.

so in short, i need to see the function that handles the change of height. you can do same in olly. doesnt really matter.

[wolfguardiann]

ohh i see , so i need to make a breakpoint and get the numbers from there so i make a new code , hmmm , got it , ill try that , ill try to give a response wheneever i cna , ( wont take much ) ill then use tsearch o get the adress , once i have ill use the olly bla bla , go to _> fly hack adress , make a breakpoints , and ill add that to chea list , ill take a loo k , ill responde in a lil . tyvm for the supprot till here . good job !!

[Sethioz]

no you dont add anything into cheatlist, into easywrite. this is my script for RE5, which changes ammo to FFFF which is 65535 in dec.
this is going offtopic, if you have more questions about debugging, you should make new thread called "debugging games or code injection" and prolly not into game hacking. i think it fits more into programming section, but up to you. i can always move it.

read these articles:

Code Injection
Unlimited Ammo Hack

[wolfguardiann]

well yeah , didnt worked so well , my tsearch doesnt find the adresses thati need , like , the Y position right now is 102.43 ( this is the position i need to make the flyhack ) when i search this on the cheat engine it found no problems , but when i tryto find the same thing but on tsearch , i put on that number and float , it only show " 102." whiel cheat enngine show everything "102.4387664788" , its hard to work whit this , haha


after i get the adress from CE , i put on olly "breakpoint" - hardware, on access - byte

what do i do ? i actually dont know what to do , olly is relly good but , i dont know how to actually use it right , ;P

any tips here would be great , tyvm for teh support


EDIT: sorry didnt saw yr last psot, what do i do then ?

[Sethioz]

as i said this is going offtopic, it is coding and debugging, not hacking MMOs.
i have explained everything already, i even gave examples. you also havent read articles and tutorials, where i explain about tsearch's default settings. you must set it to search all memory, not just parts of it.
make new thread if you have issues with debugging and writing a script.

[cosmin]

Hello i am new here.
I want to use wpe pro to hack a game called 9Dragons.
I find the packet i need but when i send it back to server i get DC.
How should i propely use wpe pro?
If you have any tutorials on it please post a link.
Thx on advance.

[Sethioz]

search wpe pro on my knowledge database. there is one good article

[cosmin]

i will thanks a lot.
Interesting now i understand a bit more of wpe pro.
But still i don't know where i can find the drop.
Should i wait and pick up the drop than stop the packet snifing?

[Sethioz]

test different packets and see what happens. it isnt easy to find right packet/s.
alternetively you can use proxocket (see wiki again for tutorials), but its very advanced stuff.

[cosmin]

i read on other sites that wpe pro only edits clientsided stuff and can not edit serversided stuff so is not useful.
The same thing what an UCE can do.
Now i am working to try and remotely acces their computer.

[Sethioz]

i dont understand what you are talking about. WPE pro is a packet editor and so is proxocket, but proxocket is working in advanced level, where you have to compile it from .c code.
proxocket has every feature that wpe pro has. proxocket makes it extremely easy to make filters. in wpe pro you need to get the socket id, each time you want to use your "hacks"

[cosmin]

But wpe pro can edit serversided stuff?

[Sethioz]

i just said no. wpe pro is a packet editor, if you do not know what it is, google for packet editor or check on wikipedia for explanation.
basically if server is vulnerable, you can exploit it and make server give you something. just read what packet editor/sniffer means.

[XaneXXXX]

Hi man, I'm just wondering if it's possible to change the money/gp runescape?
If you change the value of the gp then it's emedietly changes back even if you freeze it.
But of course it can't be that easy, so I was thinking for example, if you complete a quest and you get let's say 2000 gp, is it possible to find the value of the *thing* that gives you the quest money? And change to like 1000000 gp, then after you complete the quest you gets alot of money instead of 2000? Thanks :)

[Sethioz]

i have explained this here already. you need packet editor.
find the packet and see if you can change the value there. WPE pro, rPE and proxocket are tools for the job. i have no interest in runescape, so cant help personally.

[XaneXXXX]

yoo, i have tried out wpe pro, and tried to change strength level on runescape. and it seems like they have a big protection.. because when i send a packet back to their server its only working for like 2 sek after i added it.. if i wait any longer to send it i gets a packet error.. i record packets right before i level and after i stop it. so how can i find the right packet for the strength level if they blocking/changes the packet efter 2, ive read you tutorial a few times, maybe you already explaned this but i didnt find it thanks :)