Newbie Spellweaver
- Joined
- Feb 2, 2015
- Messages
- 77
- Reaction score
- 53
Today i will share how to detect memory hack. (not pro code but its work. i still newbie in C++)
there is three part.
- how to cheat with memory editor (for test where we need to protect it)
- detect it from server (send value to server then check it)
- detect it from client (clone variable in omi the encypt and compare and calculate ShuttleChild)
----------------------------------
1. how to cheat with memory editor
you can check it out in video. this is some way to cheat with CE.
in the frist video he cheat it with change some ShuttleChild variable. too easy just find some float value and change it. this way they can instant change value.
in the second video he browse the memory to edit some client memory (from omi.tex loaded) with item name and change data like a reatk missile shot. this way they need to reload data with change character. (not instant)
so now we need to take care that point.
for who don't know that ShuttleChild do. i give some guide
(in the source side)
(in the cheater side) * 9B 43 is 310 (in float)
ShuttleChild will load data from memory (from omi.tex) then calculate data (equip item) for that character
ex. load engine booster speed + enchant item bonus + buff bonus = shuttle value
for who don't know that omi.tex loaded i will call CItemInfo
(in the source side) Range is Booster for Engine Item
(in the cheater side) * 36 01 is 310 (in hex)
2. detect memory hack from server (sync data between client)
from ep 4.3 release have some detect function but i tested it not 100% work to detect who is player or cheater. maybe they not release that part i think. so i continue the job from that function.
file list address for newbie
ProjectAtum Side :
go to AtumApplication.cpp looking CAtumApplication::FrameMove() function. this part will loop every half second
declare: every 30 second SendHackTime_EngineInfo will sync data to server
then in the same file edit this function for send what variable to server
in the AtumProtocol.h edit variable you need to send (edit both of them client and server atumprotocal.h)
ProjectServer Side:
go to FieldIOCPSocket2.cpp the put this function for compare float variable
then go to CFieldIOCPSocket::CheckMemoryHackEngine edit what you need to check
3. detect memory hack from client (self check duplicate value with encypt)
later i write again. this time is too many fail with preview:
this is sample video what it should look like be
for citeminfo (client check every 1 second and sync every 30 sec)
for shuttle (client check every 1 second and sync every 30 sec)
i hope this will help you guys.
there is three part.
- how to cheat with memory editor (for test where we need to protect it)
- detect it from server (send value to server then check it)
- detect it from client (clone variable in omi the encypt and compare and calculate ShuttleChild)
----------------------------------
1. how to cheat with memory editor
you can check it out in video. this is some way to cheat with CE.
in the frist video he cheat it with change some ShuttleChild variable. too easy just find some float value and change it. this way they can instant change value.
in the second video he browse the memory to edit some client memory (from omi.tex loaded) with item name and change data like a reatk missile shot. this way they need to reload data with change character. (not instant)
so now we need to take care that point.
for who don't know that ShuttleChild do. i give some guide
(in the source side)
(in the cheater side) * 9B 43 is 310 (in float)
ShuttleChild will load data from memory (from omi.tex) then calculate data (equip item) for that character
ex. load engine booster speed + enchant item bonus + buff bonus = shuttle value
for who don't know that omi.tex loaded i will call CItemInfo
(in the source side) Range is Booster for Engine Item
(in the cheater side) * 36 01 is 310 (in hex)
2. detect memory hack from server (sync data between client)
from ep 4.3 release have some detect function but i tested it not 100% work to detect who is player or cheater. maybe they not release that part i think. so i continue the job from that function.
file list address for newbie
ProjectAtum Side :
go to AtumApplication.cpp looking CAtumApplication::FrameMove() function. this part will loop every half second
declare: every 30 second SendHackTime_EngineInfo will sync data to server
Code:
int nCheckTime = 1000 * 30; // 30 second to sync
m_dwHackCheckTime += m_fElapsedTime*1000; //count the time in second
if(m_pTutorial->IsTutorialMode() == FALSE && m_dwHackCheckTime > nCheckTime)
{
SendHackTime_EngineInfo();
m_dwHackCheckTime=0;
}
Code:
void CAtumApplication::SendHackTime_EngineInfo()
{
MSG_FC_CHARACTER_GET_REAL_ENGINE_INFO_OK msg_Engine;
// struct in AtumProtocal.h what variable you need to send go to declare it on there
CItemInfo* pItemEngine = g_pStoreData->FindItemInInventoryByWindowPos(POS_REAR);
//get Engine Data From Item if you Equip
if(pItemEngine) {
msg_Engine.ItemUID0 = pItemEngine->UniqueNumber;
msg_Engine.RangeH0 = pItemEngine->GetItemInfo()->Range;
m_pFieldWinSocket->SendMsg( T_FC_CHARACTER_GET_REAL_ENGINE_INFO_OK, (char*)&msg_Engine, sizeof(msg_Engine));
}
}
in the AtumProtocol.h edit variable you need to send (edit both of them client and server atumprotocal.h)
Code:
struct MSG_FC_CHARACTER_GET_REAL_ENGINE_INFO_OK
{
UID64_t ItemUID0;
float RangeH0;
};
ProjectServer Side:
go to FieldIOCPSocket2.cpp the put this function for compare float variable
Code:
bool cmpf(float A, float B, float epsilon = 0.005f)
{
return (fabs(A - B) < epsilon);
}
then go to CFieldIOCPSocket::CheckMemoryHackEngine edit what you need to check
Code:
void CFieldIOCPSocket::CheckMemoryHackEngine(ITEM_GENERAL *i_pItemGen, MSG_FC_CHARACTER_GET_REAL_ENGINE_INFO_OK *i_pRealInfo)
{
if(NULL == i_pItemGen || ITEMKIND_SUPPORT != i_pItemGen->Kind)
return;
int getHackCount =0;
// Omi Check
if(cmpf(i_pItemGen->ItemInfo->Range , i_pRealInfo->RangeH0) == FALSE)
getHackCount++;
if(getHackCount > 0)
{
CFieldIOCPSocket *pTargetFISoc = ms_pFieldIOCP->GetFieldIOCPSocketByCharacterUniqueNumber(i_pItemGen->Possess);
if(NULL == pTargetFISoc || FALSE == pTargetFISoc->IsValidCharacter(FALSE))
{
//kick failed
}
g_pFieldGlobal->WriteSystemLogEX(TRUE, "[WLOG] kicked %s (%d) \r\n", GetCharacterString(pTargetFISoc->GetCharacter(), string()) ,i_pItemGen->Possess );
pTargetFISoc->Close(0x14070);
}
3. detect memory hack from client (self check duplicate value with encypt)
later i write again. this time is too many fail with preview:
this is sample video what it should look like be
for citeminfo (client check every 1 second and sync every 30 sec)
for shuttle (client check every 1 second and sync every 30 sec)
i hope this will help you guys.
Last edited: