[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y ] [Search | Home]
4Archive logo
How hard is it to exploit RPG games? I don't...
If images are not shown try to refresh the page. If you like this website, please disable any AdBlock software!

You are currently reading a thread in /g/ - Technology

Thread replies: 71
Thread images: 2
How hard is it to exploit RPG games? I don't mean botting, I mean like dupe exploits/bugs.
Could be very profitable, but I never found any info on this for some reason...
Also, /g/, how to work around packet encryption if you're developing a bot? IMO it's essential if it's for an FPS game where every ms matters.
General Game bugging/exploitation thread I guess.
>>
>>44929919
[theoric info]

I've heard that you need to RE the game and intercept info you need before they get sent, and after they get decrypted
>>
>>44929997
Usually you just use the games encryptor/decryptor.
>>
>>44929919
>developing a bot?
>FPS game where every ms matters.

A bot for fps games? What for?

>>44930011
that's what I meant, thanks.


Also, I see no reason why devs wouldn't detect a bot playing without the correct client.
>>
>>44930034
I'm not much of a gamer, but don't people use things like auto aimers in FPS games?
>>
>>44930034
How would they know it's incorrect?
OP here, the only hack in MMORPG games I've ever done was PayPal hack and even then it was just a PayPal exploit to change prices. Was fun, got banned.
>>
>>44930062
FPS stands for first-person-shooters, there are FPS mmorpgs as well. Apart from that bots are very useful to farm in FPS, like you get something for every match, a bot would be very valuable.
>>
>>44930062
Oh, a bot and an aimbot (auto-aimer as you call them) isn't that same thing.
An aimbot is more to help you play the game than farm generally.


>>44930063
It'd be tedious to simulate all the packets a regular client should send. (It really depends on the game ofc)

>>44930087
a bot for an fps would be quite hard to do
>>
Why is /g/ always full of "r8" or "personal assistance" threads though then something more related to technology.
>>
>>44930139
Well, that's why they are rare.
I've seen a lot of exploits patched in MMORPG's, how do people find those exploits/bugs, is game hacking really that unpopular, everything with Google search brings up nothing then packet editing and crappy cheat engine.
>>
>>44930178
Yeah game hacking is quite elitist (because of pathetic kids that c/c some c++ into a random IDE and complain it don't compile

It's also a way to make money, so people don't really share. Even if it's damn fun.
>>
The most dangerous thing one could do is gaining access to admin rights and doing so in a way that no one detects it.

Basically...suck up to some admin in a game, nurse their cock all day, and maybe they'll let you in.
>>
>>44930235
a lot of people stopped sharing because paysites copying code and selling their cheats

a lot of those sharing also started selling their own
>>
>>44930244
Hm what? What admin? Let you in what?
>>
>>44930244
Ahh, come on, surely web-hacking is easier than game-hacking to just find the password of the admin, but he'd still have logs for everything. Anyway I am interested in knowledge, not in bypasses even if the outcome is the same.
>>44930235
Well, that's why I want to know more about it, saw the web-hacking market? filled with asians, game-hacking caught my eyes, it's super-profitable and less illegal than anything. Especially if the game your hacking hires you.
>>
>>44930264
I think he's bringing web-hacking and social engineering into this topic.
>>44930263
Well that explains a lot.
>>44930279
Don't mind my English, it's not my native language. you're*
>>
>>44930263
I forgot this, I mean yeah that's because of money too.

>>44930279
>just find the password of the admin, but he'd still have logs for everything
>removing logs

>Especially if the game your hacking hires you.
That'd be neat, did it ever happened?
>>
>>44930330
Nope, like I said I have 0 experience with this. I opened this thread for some good infosites/infotexts/infotorrents/infobooks and general discussion.
I have idea of debugging programs/games, understanding the logic behind them, but all the useful info is blank on the internet. It's either nobody shares it or its covered with that cheat engine crap.
>>
>teach me how to hack guise?? :D

You really thought this is a topic for /g/, huh?

Try >>>/b/.
>>
>>44929919
What game is this?
I need a weeaboo mmorpg to fuck around in
>>
>>44930355
cheat engine is a great intro to game hacking

Also, search for general reverse engineering. Like cracking and stuff, that'll teach you a lot. And you can apply that to game.

Still, it's my choice but when I'll be botting a game, it'll use the original client without modifying it. Always in a undetectable way.
>>
>>44930398
I dont know exactly, I think it's Perfect World, was fun until they started charging everyone who wants to play good enough 2k$.
>>44930375
I didn't ask how to hack, I asked for info-graphics on this subject since its impossible to find them yourself through any search engine.
Try >>>/b/ if you want to shitpost more.
>>
>>44930355
if you want into making hacks for games you might want to check out unknowncheats.me for info

gamedeception was the other big site withloads of info but it was shut down some time ago, would've been 10 years this year

game hacks usually work somewhat like this

>inject code into game
>code hooks functions where it will run its logic, often directx functions or specific game functions
>information needed can be obtained by reading memory or calling engine/game functions
>do whatever with information
>>
>>44930375
Deco Online (reverse image)

>>44930419
There's no easy pz infographics on this subject. As I said, google some cracking books or tutorial, learn to use ida pro and other soft, have fun.

>>44930433
you missed the part when you avoid getting banned by the anti-cheat
>>
>>44930409
Cheat Engine is, but come on, it's just hex editing and it won't get me anywhere far, I have idea how it works so I guess I went through intro. I don't believe it works in multi-player unless the MMORPG has bad code written which would just parse user input into their server.
Any books you know of?
>>44930443
Never saw anti-cheats in MMORGP's. But yeah, in FPS games its important.
>>
>>44930443
depends on the anti cheat

vac doesn't like you modifying read only sections, in case of source games you would hook functions through vtables which it doesn't give a fuck about

other method was to null a pointer in the function you wanted to hook and cause an exception and use that as a hook

for wow, warden only checks some specific addresses and it was easy to find out which, you could also just hook d3d9 endscene and do everything

signature scans aren't a problem if you keep the cheat to yourself
>>
>>44930433
Great website for bots, definitely will check it out.
What about game bugging, such as duping/etc... How do people find that out, they can't be just lucky and randomly find it?
>>
>>44929919
>me being cute as fuck under the map in TERA
does this count?
>>
>>44930398
Mabinogi
>>
>>44930599
It does if its server-side, how'd that happen?
>>
>>44930473
Hex editing .. uh you might want to check CE again. You can inject code, deassemble etc.
Nah, I don't know any books about this.

>>44930510
Yeah, I just don't like when you have to try to be sure you won't get detected.
Is there now a way to test your cheat against vac? I don't think so since it seems like they do some post analysis and finally do a ban wave.

>>44930513
>they can't be just lucky and randomly find it?
that's it.

>>44930620
physics bug generally
>>
>>44930662
I saw a lot of exploits on MMORGP's done by the same guy over years in a MMORPG, he'd just change IP to evade ban and make new accounts. So it can't be luck if he's exploiting a MMORPG right? When I talk about MMORPG I don't really mean a huge game, just average one.
How can you inject code when you can't read the game itself., even if it's de-assambled - IMO nobody reads assembly that well.
>>
>>44930620
yeah its not a client glitch, hp deductions are calculated serverside and i lost most of mine when i fell down, i just parcour all over the place, you can get up on top of shit you aren't meant to be able to get, you can even get into collisions above the map, to other players it looks like you are running in midair

still trying to get into the skybox so i can project a massive image of myself up into the sky
>>
>>44930722
That's funny, I remember an easy bug, you'd just disable trees client-side, sit in a tree and kill everyone, nobody could select you/kill you.
>>
>>>/v/

I want summerfags to die
>>
>>44930705
> when you can't read the game itself
Uh? You can attach CE to any process and read its memory.
Also, if you're going to learn RE, learn assembly, because yes you'll have to read it. (even if ida will give some help)
>>
>>44930749
>announcing sage
against the rules faggot
>>
>>44930749
>complains about a very active and valid thread
>apparently oldfags sure are gettin' retarded
>>
I've got a question, could vac detect if I where to read the player positions on a map and then fake user input to aim at them.
>>
>>44930751
Well, no serious game is literally played in raw mode where you can see the whole memory.
Also, assuming you can into assembly, what would it give? Isn't it impossible to understand a game from assembly, or do you more like try to understand the assembly of a specific function? Like encryption/decryption or move commands right?
>>
>>44930780
vac doesn't give a fuck about an external process reading memory and sending input
>>
Dupe exploit = not able to be used without a third party interference, i.e. memory editing.
Dupe bug = able to be used without a third party, i.e. it's doable in-game by repeating a certain order of steps.
Dupe exploits and bugs are found by trial and error. You can't really find a dupe exploit/bug by walking around unless the developer really screwed up. Usually you need to look in the right direction.
Take Minecraft for example. When horses were released, so was a new type of storage (the horse pocket storage thingy). Experienced exploiters knew that the new storage medium could contain bugs (newer content is usually more buggy), so they did trial and error. If you find out when the game "saves" storage information, you could exploit that. IIRC the bug with the horse pockets involved "incomplete saving". If you transferred items from your storage to the horse pocket, the game would save the horse pocket but not your inventory. If you promptly logged off after transferring items, the horse pocket would retain the items you transferred and so would your inventory.

tl;dr
Exploiting games = trial and error
You don't experience bugs by pure luck (unless the developer is retarded)
You need to start in the right direction.

>>44930473
>Cheat Engine is, but come on, it's just hex editing and it won't get me anywhere far, I have idea how it works so I guess I went through intro. I don't believe it works in multi-player unless the MMORPG has bad code written which would just parse user input into their server.
Game hacking is basically just memory editing...
It doesn't work in "multi player" because a lot of things are server sided and most multi player games have some type of AntiCheat system.
Gold is usually server sided, or else you'd be able to edit your gold simply by editing a file on your PC.
Gold "hacks" usually involve editing things like sell value or drop amount rather than the actual gold value.
>>
>>44930780
Uhh, as long as all of those player positions are already sent to you, but your client hides them from you it shouldn't. I don't know about the aiming part, mostly likely not something like vac, but anything better would easily scope you out after seeing you firing through walls.
>>
>>44930812
Well thanks for the insight, I am looking at botting/dupe exploiting direction, the ones I am avoiding is brute-forcing, ddosing, blackmailing in RPG's and etc...
How long would it take to develop an exploit approximately - days/months? Also would it be better to decrypt/encrypt packets rather than just sent them through the client naturally assuming I was making a bot? I saw a lot of bots that send packets themselves, does it have to do something with games updating and bot becoming incompatible?
>>
>>44930806
I wouldn't be so sure of that.

>>44930805
You've got many tools to get where you want in the program.
I'm not a pro at RE or what ever anyway. I really suggest you search a bit about cracking.

>>44930812
Also, if you know how the game works, it'll be easier to find bugs in new features. Or if you find a bug in one situation, you can try to apply it somewhere to get a benefit.

>>44930812
Any correct modern mmorpg will give very little trust to the client.
Because if you trust the client too much, then what happened to DayZ(mod) will happen again.
>>
>>44930888
I think you don't have the necessary knowledge to ask good questions.
Just try, take a game, try to exploit it in a way, fail, learn, try again.
>>
>>44929919
>role playing game games
kekekekekekeklekkekekklekekke
Depends on how shit the dev team is. Diablo 3 had some silly bug where people were generating trillions of gold because they could do negative bids or some shit, GW2 had players duping omega golems and making thousands of gold off that. It really depends on how large the game is and how shit the dev team is.
>>
fuck off, not technology

>>>/v/
>>
>>44930917
>negative bids

I wouldn't even think the dev are stupid enough to try this.

>>44930930
game hacking -> RE -> how a program works -> technology
game -> technology
bots -> technology
>>
>>44930917
I don't really care if it was something else, but MMORPG have more player than any other gendre that throw cash out the window.
>>44930914
I think you're right, maybe thee are any simple MMORPG's I could try to exploit you know of?
>>44930900
Well I am concerned more about how am I going to know where I need to get. A good destination would be something like market function, sell/buy function, would that be possible to find in the memory using something like backtrace?
>>
>>44930888
>days/months?
lol
>>
>>44930952
Most of the exploits like that are logic exploits directly accessible through the game. Like the GW2 exploit you could put siege in the mystic forge box, use it to stick it in your characters hands, then pull it back out of the forge to dupe it. Just small shit like that that no one thinks to test.
Some of the more involved ones are similar to that in that they exploit the game logic, but they do packet editing to get around safeguards that are only put in the GUI for example.
>>
>>44930900
vac can't detect if a process is reading the games memory, i highly doubt any anti cheat cares about input
>>
>>44930900
>Also, if you know how the game works, it'll be easier to find bugs in new features. Or if you find a bug in one situation, you can try to apply it somewhere to get a benefit.
I forgot to mention this. Game mechanics are important. If you know how to the game works, you'll have an easier time finding bugs or exploits.

>>44930888
>How long would it take to develop an exploit approximately - days/months?
Depends on the game. Some games are bug free and only possible to "exploit" via memory editing or injection.

>Also would it be better to decrypt/encrypt packets rather than just sent them through the client naturally assuming I was making a bot? I saw a lot of bots that send packets themselves, does it have to do something with games updating and bot becoming incompatible?
What do yo mean by decrypt/encrypt packets? Botting doesn't involve packets.
Botting generally means automation... Are you taking about this type of botting? Updated game = changed memory addresses and patches. If your bot relies on reading the game's memory to obtain the state of something, a game patch would change the memory address. All you need to do as the writer of the bot is update the memory address. The rest of the automation code should be fine.
>>
>>44929919
i remember finalfantasy10 on ps2.. jammed the controller in a draw so the stick was held up and X was pushed down and left it running forward into a wall with constant default attack, leveled up 30 times while i was asleep

probably be able to do similar with an mmo, 0 hack detection risk
>>
MMOs are so boring even making cheats for them doesn't help.
>>
>>44930994
You can't read the game memory and get anything out of it unless you already cracked the game engine. The memory is dynamic and you won't get anything out of it in a modern game if you were just looking at it.
>>
>>44930994
i have heard of people getting vac banned just because they had a hex editor open while playing a game, i wouldnt risk it if you have a bunch of games on your account
>>
>>44930980
Like the exploit in LoL with putting an item in your ward place caused the active to be infinite.
Or the one that is going on right now by using abilities on your allies and etc... Yeah makes a lot of sense, you find mistakes of programmers through logic.
>>44931001
Well I did saw a lot of bots which sent commands directly rather than using the GUI on MPHG.
>>
>>44931036
the question was if vac could detect if he read player position and sent input, which would be easiest through an external process which vac doesn't care about

if he injected into the game that's another thing
>>
>>44931055
Pretty sure steam also checks if you went to known cheating sites
>>
>>44931034
They are profitable.
>>44931074
Maybe, should always try on a new account with another I.P and incognito browser.
>>
>>44931056
>Well I did saw a lot of bots which sent commands directly rather than using the GUI on MPHG.
Send commands directly instead of using the GUI?
They are probably using SendMessage/PostMessage/similar to send key input to the game
>>
>>44930971
>simple MMORPG's

why not try a simple game?

>find in the memory using something like backtrace?
Well you don't "use" backtrace. But yes there's no reason you couldn't access those functions.

>>44930980
Still sad that just sending the same packet again could cause double spends in some games. It's a sign that the game isn't well coded.

>>44930994
I'm pretty sure they log everything they can, but they might not ban you for it.
Also if you use a public external hack, you can get banned. (simply by signature I guess)

>>44931001
(botting can involve packets, it's when you litteraly simulate a game client (log in, join serv then move around and fight, I know Dofus was targetted by those kinds of bots))

>>44931034
It does! I only played eve online to create bots on it.

>>44931055
They won't ban you for a hex editor, no.

>>44931091
incognito browser won't do anything about dns cache
>>
>>44931063
how is he going to read the memory?
>>
I feel like we're discussing, but there's not much real information here.

Next time you feel like creating a game hacking thread, create a RE thread.
>>
>>44931098
Maybe I overlooked I guess
>>44931103
Isn't everything poor coded, just yet to be found?
>>44931138
Well, as far as it goes everything posted here has to do with RE.
Pretty insightful information which is better to read here than some blog.
>>
>>44931119
>find out where and how to read what you need
>call OpenProcess to get a handle
>call ReadProcessMemory to read
>>
>>44931103
some mmos install literal rootkits to check that memory isn't being tampered with
see raiderz
>>
>>44931165
The time investment in hacking a game is much more than you'd gain from it in the time it take them to ban you on a personal scale. They hire people to test games for a reason. Finding an exploit is usually by luck and good luck finding it over the millions of others playing the same game.
>>
>>44931178
>find out where and how to read what you need
how do you propose someone does this on dynamic memory?
Thread replies: 71
Thread images: 2
Thread DB ID: 18851



[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at [email protected] with the post's information.