| View previous topic :: View next topic |
| Author |
Message |
Psychopaths
How do I cheat?
![]() Reputation: 0
Joined: 12 Oct 2014
Posts: 9
|
 Posted: Sun Oct 12, 2014 5:59 pm Post subject: Can I send Packets for amounts of Gold (example) picked up? |
 |
|
I only have experience with pretty basic Cheat Engine hacking.
There's this one game that I can edit the values of with CE (visually only) which don't actually affect the gameplay of. So I'm assuming the games' values (attack, gold, etc.) are all server sided.
However, there's a certain quest which only allows a certain amount of tries per day. I was able to change my PC's clock, which the game took as a different day, and so I was able to retry the quest. (Don't know what that was about.)
Anyway, I was wondering if learning more about WPE would allow me to be more successful in hacking the game. For example, sending a packet to the server telling it that I do have enough money for buying a certain item. Or telling the server that I picked up 1,000 gold instead of 100, etc.
Am I totally misunderstanding what packet sending and sniffing can do?
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sun Oct 12, 2014 11:45 pm Post subject: |
|
|
In most games things will not be that poorly coded where you can just say what you picked up. Instead, you would inform the server that you are attempting to pickup an item with a given index in the world. The game server would then validate if that item even exists where you are located trying to pick it up and so on.
However in some cases, the game server does not always validate such things. In some games you can send a vendor packet over and over saying you are selling an item to a vendor that you no longer have and game server will honor it assuming you did without validating you had the item still. It's a matter of trial and error at that point to play around and see what you can do with the game at hand to find the flaws in the servers code.
Things like experience are typically not hackable at all since its something calculated on the server when you kill a monster. However, some games do have items that you can use to gain a set amount of experience and sometimes you can resend the item use packet to gain experience you shouldn't have gotten.
_________________
- Retired. |
|
| Back to top |
|
|
Psychopaths
How do I cheat?
![]() Reputation: 0
Joined: 12 Oct 2014
Posts: 9
|
| Posted: Mon Oct 13, 2014 2:06 am Post subject: |
|
|
| atom0s wrote: | In most games things will not be that poorly coded where you can just say what you picked up. Instead, you would inform the server that you are attempting to pickup an item with a given index in the world. The game server would then validate if that item even exists where you are located trying to pick it up and so on.
However in some cases, the game server does not always validate such things. In some games you can send a vendor packet over and over saying you are selling an item to a vendor that you no longer have and game server will honor it assuming you did without validating you had the item still. It's a matter of trial and error at that point to play around and see what you can do with the game at hand to find the flaws in the servers code.
Things like experience are typically not hackable at all since its something calculated on the server when you kill a monster. However, some games do have items that you can use to gain a set amount of experience and sometimes you can resend the item use packet to gain experience you shouldn't have gotten. |
Thanks, your post was extremely helpful. Though I have a few questions regarding what you wrote.
Let's say I record myself killing a monster which gives me a certain amount of exp. Wouldn't I be able to just resend that packet over and over telling the server that I am killing the monsters for the experience?
As for the vendor, wouldn't the same thing apply? I.e. selling an item and resending the packets over and over to a vendor even though I don't have the item.
I read over the stickied WPE tutorial made by Monkeys here and that's as far as my knowledge goes so far, so I'm sorry if my questions seem a bit rudimentary.
EDIT: Also, what's it mean if I can't target the specified game in WPE PRO? It doesn't show up when I try to select the target.
|
|
| Back to top |
|
|
zm0d
Master Cheater
 Reputation: 7
Joined: 06 Nov 2013
Posts: 423
|
| Posted: Mon Oct 13, 2014 4:08 am Post subject: |
|
|
| Psychopaths wrote: | | Let's say I record myself killing a monster which gives me a certain amount of exp. Wouldn't I be able to just resend that packet over and over telling the server that I am killing the monsters for the experience? |
Usually not, because the server will mostly check if your enemy/monster exists. You hit it and then the server receives some packets indicating what you hit and calculating the damage to represent back to you and other players. So the server always knows with which monster/enemy you are fighting and it would be a shame, if it doesn't check for some states (monster alive/exists).
| Psychopaths wrote: | | As for the vendor, wouldn't the same thing apply? |
at0mos already answered this...
| atom0s wrote: | | In some games you can send a vendor packet over and over saying you are selling an item to a vendor that you no longer have and game server will honor it assuming you did without validating you had the item still. |
| Psychopaths wrote: | | Also, what's it mean if I can't target the specified game in WPE PRO? |
AFAIK the game doesn't use Winsocks then.
|
|
| Back to top |
|
|
Psychopaths
How do I cheat?
![]() Reputation: 0
Joined: 12 Oct 2014
Posts: 9
|
| Posted: Mon Oct 13, 2014 12:29 pm Post subject: |
|
|
| zm0d wrote: |
Usually not, because the server will mostly check if your enemy/monster exists. You hit it and then the server receives some packets indicating what you hit and calculating the damage to represent back to you and other players. So the server always knows with which monster/enemy you are fighting and it would be a shame, if it doesn't check for some states (monster alive/exists). |
Ah I understand it now, thanks.
| zm0d wrote: |
at0mos already answered this...
| atom0s wrote: | | In some games you can send a vendor packet over and over saying you are selling an item to a vendor that you no longer have and game server will honor it assuming you did without validating you had the item still. |
|
Okay, I tried selling an item to the vendor and resending the packets a few times just to test out if it was working. However, it didn't seem to work and when I tried to re-open the vendor or go to a different zone, it wouldn't allow me to. I could still walk around, check my inventory, etc. Though when I tried to change "instances" or talk to a vendor it would just stay in a loading phase. So, I'm assuming I am SOL in that department? Or is there something I'm missing or another way around that? I'm guessing it's constantly checking what items I have in my inventory or something. Again, sorry for my lack of experience.
EDIT: I'm guessing it has something to do with the checksums' not matching up or something? (read from dEagle's stickied guide)
| zm0d wrote: |
AFAIK the game doesn't use Winsocks then. |
I had just forgotten to run WPE PRO with Admin rights. I'm using Win 8. Thanks.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Mon Oct 13, 2014 1:07 pm Post subject: |
|
|
In those instances you will need to start analyzing the packet data if they are unencrpyted. It comes a matter of determining if the packets are protected in some fashion from being replayed like that. If they are encrypted, you are going to go have to go about doing things differently and get into hooking functions within the game to handle the packets then.
If not, then you just need to see what the packet contains and if there is some syncing mechanic in place. Such as a timestamp or packet count when you are trying to replay a packet to prevent the same one from being reused.
Either way, they could have the protection in place on the server to prevent it altogether so you may just be out of luck no matter what.
_________________
- Retired. |
|
| Back to top |
|
|
Psychopaths
How do I cheat?
![]() Reputation: 0
Joined: 12 Oct 2014
Posts: 9
|
| Posted: Mon Oct 13, 2014 7:08 pm Post subject: |
|
|
| atom0s wrote: | In those instances you will need to start analyzing the packet data if they are unencrpyted. It comes a matter of determining if the packets are protected in some fashion from being replayed like that. If they are encrypted, you are going to go have to go about doing things differently and get into hooking functions within the game to handle the packets then.
If not, then you just need to see what the packet contains and if there is some syncing mechanic in place. Such as a timestamp or packet count when you are trying to replay a packet to prevent the same one from being reused.
Either way, they could have the protection in place on the server to prevent it altogether so you may just be out of luck no matter what. |
I do believe the packet data is protected in some way. Here's what it looks like selling an item to the vendor:
(Sorry for the big image; I blocked the IPs as I wasn't sure if they were harmful in any way. There were about 10 more received packets that got cut off from the image.)
imgur.c o m/GFBEaDl.png (I can't post images yet, I'm sorry if this is against the rules)
In terms of hooking functions within the game, is there a tutorial or a Google search you could point me towards to get me started? Is that possible with CE?
Hopefully they don't have the protection on the server. I'm willing to find out the hard way.
Thanks again.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Mon Oct 13, 2014 7:19 pm Post subject: |
|
|
The packet you receive is not what you would want to replay. You would want to resend the packet you sent to the server while selling the item to the vendor etc.
_________________
- Retired. |
|
| Back to top |
|
|
Psychopaths
How do I cheat?
![]() Reputation: 0
Joined: 12 Oct 2014
Posts: 9
|
| Posted: Mon Oct 13, 2014 7:35 pm Post subject: |
|
|
| atom0s wrote: | | The packet you receive is not what you would want to replay. You would want to resend the packet you sent to the server while selling the item to the vendor etc. |
Yes, I know that. I was sending all the packages that I had sent. None of the received ones. I just wanted to include that little bit of info in my image in case it meant anything.
Everytime I try to resend the sent packets, the vendor gets frozen or something and it stays in a sort of "loading" phase with no changes.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
