Cheat Engine

ph00d · How do I cheat? Reputation: 0 Joined: 15 Mar 2016 Posts: 3

I tried searching for this but wasn't able to find any similar questions, but sorry if this is a duplicate.

I'm trying to write a save game editor for a game I'm playing. The save has a 32-bit checksum that I need to crack. I have an example where one bit changed and the resulting checksum was an entirely different number, so it's not something I'm going to be able to guess unfortunately.

How would I ago about finding the assembly code that executes to compute this checksum? I am hopeful that I could reverse engineer the algorithm if I can find the assembly, but I don't know where to begin. I'm very new to cheat engine so any high level tips on how to attack this problem would be greatly appreciated. I am familiar with assembly and programming, but not game design or hacking.

Thanks!

ParkourPenguin · Posted: Wed Mar 16, 2016 4:31 pm Post subject:

Add that address to the address list as a 4-byte value.
Right click on it and select "Find out what writes to this address".
Backtrace it from there. Topic involving backtracing here.

You could also choose "Find out what accesses this address", find a read from it, and see how it decrypts that.

Ultimap might also be useful to find the call to encrypt/decrypt stuff.

It might be easier to find the subroutine asking "Hey, is this checksum right?" and always make it return "Yeah, it's fine, just go ahead and load the save". Ultimap would be pretty useful in that case, but you could also try to backtrace the right read(s) from the checksum to find it.

ph00d · How do I cheat? Reputation: 0 Joined: 15 Mar 2016 Posts: 3

++METHOS · Posted: Fri Mar 18, 2016 8:50 pm Post subject:

I would first explain how you determined that the target was performing some sort of integrity check. It wouldn't hurt to also share the name of the target, if possible, or, at least state whether or not the target retrieves any sort of data from a remote server. If a server-sided check is being performed, you may want to reconsider moving forward.

ParkourPenguin · Posted: Fri Mar 18, 2016 8:59 pm Post subject:

Oh. I figured you had found it already in the game's memory. I guess you could try searching around for the same bytes that's on disk.

If you still can't find it, then I guess you could try to backtrace it from whatever routine writes to the file (e.g. WriteFile from Kernel32.dll). Get creative with your use of conditional breakpoints to find it. I really would not recommend doing it like this as it would probably take too much time to make it worthwhile.

Again... if there's a "save" button or something, ultimap should easily be able to find the subroutine that saves data. Look into it; it's probably your best hope.

ph00d · How do I cheat? Reputation: 0 Joined: 15 Mar 2016 Posts: 3

++METHOS · Posted: Wed Mar 23, 2016 5:23 pm Post subject:

Does JC3 have any online components such as stored stats, ranks, awards etc.? If not, I don't see why there would be any checks on the save file.

When you make changes to the save file, are you doing it while the process is running? Have you tried making changes to the save file while the target process is not running?

Are you using the VEH debugger?