| View previous topic :: View next topic |
| Author |
Message |
TsTg
Master Cheater
 Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
 Posted: Tue Aug 13, 2013 9:19 am Post subject: The aimbot hack |
 |
|
Just want to ask how generally how's the aimbot hack being done, what values to search for.
from what i guess: it's about the crosshair position x and y, but for the enimies, what values do i need to find?, their position?(as if i'm doing a teleport hack), or what else?, and are there a difference between doing this for an FPS game rather than 3D person ones?
|
|
| Back to top |
|
 |
lprulzcrossover
Newbie cheater
![]() Reputation: 0
Joined: 10 Jul 2013
Posts: 10
|
| Posted: Tue Aug 13, 2013 10:50 am Post subject: |
|
|
I don't know if you can get an aimbot to work only with cheat engine, but there's a quiet good tutorial on this on youtube (you need a bit of c# to understand this...):
/watch?v=NUeifQK7ukM
hope it helps you 
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Aug 13, 2013 10:57 am Post subject: |
|
|
It really depends on the game; whether or not there is a targeting system, if that targeting system has lock-on capabilities, what method(s) of attack are available and how they are handled, how the coordinates are handled for both, enemy and ammo etc.
Once you have determined the best approach based on how the game is coded, you may still have multiple, viable methods, depending on your skill/comfort level etc. Using Cheat Engine, solely, is very doable.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Mon Aug 19, 2013 5:04 am Post subject: |
|
|
Late reply, kinda forgot about it after I read it on my phone
The basic method of making an aimbot is find your eye position and the player position. And figure out how your eye direction is done. (e.g ut2k4 uses a 2 byte in the range of 0 to 65536 for horizontal and vertical rotation)
Then just do some basic trigonometry to find out how to change your eye rotattion to point to the closes player coords. (or nearest to the center of your eyes if you don't want to do 180 degree turns)
Also, check this:
http://forum.cheatengine.org/download.php?id=37465
It's a hybrid between auto assembler and dll injection
In this aimbot (ut2k4, I used he same framework for ut3) I use the code that renders the players and store their coordinates.
Then when the whole scene is rendered I check if the "aimbot" key is down, and if so, pick a target, change the eye position to that target, and press the fire button
It also makes use of the object speed, your own speed, and the lag variable to calculate where the player will be when you shoot
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Aug 19, 2013 5:30 am Post subject: |
|
|
The most common method would be to match your weapon crosshairs or reticle to the enemy coordinates. However, how would you realistically go about targeting a single enemy at a time on a game that randomly spawns multiple enemies? Furthermore, how would you force the bot to be selective, so that it targets the closest enemy first?
Thanks.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Mon Aug 19, 2013 6:02 am Post subject: |
|
|
Since you have the coordinates of all the targets, and your own (X, Y and Z), you can just calculate which target has the shortest distance, and pick that target to shoot at.
You can combine that with saving a pointer to the target struct you shot at last time and check if it's still in the target list so you don't randomly switch while the key is down even if somene else comes closer. (reset the pointer when the key goes up or target health becomes 0)
As for the smallest distance from lookat direction calculate for every target how much you should change the horizontal and vertical aim direction. That leaves you with a simple square triangle that you can calculate the size of the 3th line, and thus pick the one with the smallest distance to move
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Aug 19, 2013 6:46 am Post subject: |
|
|
| Dark Byte wrote: | | Since you have the coordinates of all the targets, and your own (X, Y and Z), you can just calculate which target has the shortest distance, and pick that target to shoot at. |
-Right...but how would you do this using simple assembly? How can I properly filter out all addresses so that I am left with only one enemy that has the closest xyz values to the hero character?
| Dark Byte wrote: | | You can combine that with saving a pointer to the target struct you shot at last time and check if it's still in the target list so you don't randomly switch while the key is down even if somene else comes closer. (reset the pointer when the key goes up or target health becomes 0) |
-This is good. I think resetting or cycling based on key-pressed being true is a natural way that follows most games. Thanks.
| Dark Byte wrote: | | As for the smallest distance from lookat direction calculate for every target how much you should change the horizontal and vertical aim direction. That leaves you with a simple square triangle that you can calculate the size of the 3th line, and thus pick the one with the smallest distance to move |
-Okay...this probably answers my question regarding how to filter out addresses...but I'm not sure I can wrap my head around it without seeing the formula written out...especially as some of the coordinates may have a negative value. There should be a way to just use simple addition and subtraction to determine this, but I'm not sure if it can be done this way.
Thanks for responding.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Mon Aug 19, 2013 9:52 am Post subject: |
|
|
Look at the ut2k4 source. I did the calculations and list handling inside a dll,and used the autoassembler to hook the code to the dll function entrypoints
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Aug 19, 2013 7:11 pm Post subject: |
|
|
| ut2k4.CEA and ut2k4.CES appear to be empty. Where should I be looking?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Mon Aug 19, 2013 7:19 pm Post subject: |
|
|
ut2k42.cea
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Aug 19, 2013 8:45 pm Post subject: |
|
|
Thanks. Looking at this, I don't see where you calculated enemy position to target closest enemy...or did you?
I think, an easier way to do this would be to just load one set of enemy coordinates at a time. Just compare enemy health to 0 and je to originalcode, otherwise je aimbot. Then, compare [x], [y], or [z] values to 0, and jne to originalcode. Then, just program a controller button to reset those values to zero (e.g. when the target is dead or out of your line of sight), so that everything gets reset again, and the next set of enemy coordinates are naturally loaded in to [x], [y] & [z], respectively.
However, it might become a hassle to always have to switch to a different target because the enemy isn't viewable...and that's assuming that it would even switch to a different target without establishing another conditional jump. For all I know, it may just keep trying to load the same coordinate values back in to [x][y][z]. In your script it looks like you avoid this by finding the address that determines whether or not the target is visible...is that correct? Maybe other games are coded similarly...I don't know.
Needless to say, I think it might be necessary to have a way to determine if a target is 'shootable', at the very least, so that it doesn't become too tedious. I don't know if I can fully make sense of how you went about it...even looking at your script.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Mon Aug 19, 2013 8:54 pm Post subject: |
|
|
check helperfunctions.pas which is the actual code.
when a player is rendered to the screen it calls aim_addtarget which adds it to the list
When a gametick is done(One frame fully rendered) it calls aim_ticker, where the list is checked and calculated which one to shoot at (smallest distance)
When aim_ticker is done, the list is cleared, restarting the whole cycle
| Code: |
//find the best target
besttarget:=-1;
for i:=0 to targetpos-1 do
begin
...
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Aug 19, 2013 9:16 pm Post subject: |
|
|
That looks complicated. 
Can something like this be done, solely with assembly?:
| Code: | //get deltax,y and z and use that to calculate the target closests to the center
deltax:=targetlist[i].headpos.x-playerpos.x;
deltay:=targetlist[i].headpos.y-playerpos.y;
deltaz:=targetlist[i].headpos.z-playerpos.z;
if (deltax<0) then
hshouldbe:= trunc((arctan(deltay/deltax)/(2*pi))*65536+(65536/2))
else
hshouldbe:= trunc((arctan(deltay/deltax)/(2*pi))*65536);
distance:=sqrt(((playerpos.x-targetlist[i].headpos.x)*(playerpos.x-targetlist[i].headpos.x))+((playerpos.y-targetlist[i].headpos.y)*(playerpos.y-targetlist[i].headpos.y)));
vshouldbe:= trunc((arctan(deltaz/distance)/(2*pi))*65536);
deltah:=Smallint(hshouldbe)-Smallint(player_horizontal);
deltav:=Smallint(vshouldbe)-Smallint(player_vertical);
//check the differences between hshouldbe and vshouldbe and actual horizontal/vertical
diff:=trunc(sqrt((deltah*deltah)+(deltav*deltav)));
if besttarget=-1 then
begin
besttarget:=i;
besttarget_diff:=diff;
end
else
begin
if diff<besttarget_diff then
begin
besttarget:=i;
besttarget_diff:=diff;
end;
end;
end;
end; |
If I can't figure this out, I will have to rely on a more simple approach. I almost wonder if simply teleporting my bullet to enemy position might be a better approach. The only problem with that, is, not all games may allow you to control bullets in this manner. Sleeping Dogs does, but it's not perfect or ideal.
Have you ever tried looking to see if any games hold a value that determines if a character object is visible or not? I know that some games load character objects when they are in range...but they may not necessarily be visible to you. I have never looked to see if there were any values that determined if a target was actually visible or not. If such an address could be found, it would make things much easier, and I could avoid trying to calculate anything...because, as of right now, I do not understand your code. I have some very basic knowledge of assembly, and that is about it.
I appreciate your help. It is interesting to see what is possible...even if I don't know how to do it.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Mon Aug 19, 2013 9:22 pm Post subject: |
 |
|
It can be done in assembly but that's really not needed in my opinion. It's very easy to make DLL's
It's usually a function called more if it's visible or not so the game engine renders it or a secondary thing like the name (in some games if you're close enough to someone you see their name above their head)
So if you can pinpoint that function (start with the x,y, z coordinates and check what accesses it when visible and not visible) you can use that to mark it as visible or not.
Of course, if their body is visible, but their head is behind an object that won't work. In those cases you have to do more specific coding or don't care and shoot for the body with a secondary key specifically for body. (E.g in the ut2k4 aimbot I call their own internal method to see if the head bone is in line of sight but not many games are that nice to show all the symbols)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Mon Aug 19, 2013 9:48 pm Post subject: |
|
|
Thanks. When you put it that way, it makes a lot of sense.
I still can't +rep you until I +rep someone else. I guess I owe you +2, now. 
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
