-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Obfuscation Wrapper #71
Comments
Really appreciate this! from what i have understood its a static dictionary containing all of the now obfuscated entries, For baseplayer stuff, (objectclasstype +0x20) == localplayer's BasePlayer, in which case, we can update a map 'playerinventorymap'. That is where i am at thusfar, id appreciate if you could provide code on iterating the Objectlist. As for determining our localplayer's BasePlayer, would you just check if (objectclasstype +0x20) == (gameassembly + class LocalPlayer) or is that not how parent works? Again, thanks for all of this info, its more than UC has had over the last couple of days. |
uint64_t objectlist = mem.Read<uint64_t>(Dictionary + 0x18); Then just check the actual name is == to the class you want. Object will be the address for it. parent will be the parent for it. This should be enough for you to figure it out. I don't want to give too much out as I know facepunch is using this repo. As I have spent the past day all nighting this new system I noticed all the new pointer encryption (not class encryption) were targeted at this cheat in particular. At random fields that are minor cheat features. So they clearly used this project as it perfectly disables this project yet all my major rage features such as anti aim have no encryption causing any issues. So, don't update this repo or any public repos regarding the new encryption stuff for at least 2 months. It isn't worth giving them any ideas to change everything again. Going through all the pointer encryption, it was targeted at this cheat. Even though you can completely circumvent all their encryption by using 4 lines of shellcode to call the get functions, I wouldn't advise giving them more of a reason to invest time into this encryption system. Give them their little win. |
Thats somewhat disheartening, sounds like it will be too much effort to keep this publically updated. Thanks for all of the info on the wrapper class and whatnot. I did mention that i would swap out adminflag for interactive debug, so i thought i would drop the code for it incase anyone is looking to add this to their fork too. ` double previousYaw = 0.0;
}` Eyes_C = just the localplayer eye class Eyes_C ] + 0xB8 ] = Eyes |
alrohewitt is there any where i can contact you like discord or something, recently just bought a dma card on the pretence of using this wouldn't mind paying for access to your private branch. |
I wouldnt subject anyone else to my terrible programming especially at a cost. I would advise you to look elsewhere, |
received with many thanks can i subject your code? i was struggling with drawing to prefabs and now back to 0 |
So changing like before is not working anymore right? I will need to make my own loop thought the class that I want to get info bout? Im knew building cheats in general, I was waiting my DMA board arrive to continue improving this code, but now with this encryption Im a little confused. |
This information is outdated now but still provides some valid information. |
@arlohewitt Since you wanted this in another issue, here is the encryption wrapper:
Go to any encrypted class instance(base networkable for instance)
Then go into the class encryption container class.
Control click onto the inheritor of the class:
Find the static class for that in script.json.
Ok so read the dictionary in your code like this:
Class = Read gameassembly + class
static = Read Class + 0xb8
Dictionary = Read Static + 0x0
Objectlist = Read Dictionary + 0x18
Objectlist size = Read objectlist + 0x18
Then loop the list:
object = read I
objectclasstype = read object
parent = read objectclasstype + 0x20
nameptr = read objectclasstype + 0x10
name = read as char array(char addname[36]) at the nameptr address
ListDictionary`2 is the names of basenetworkable list and visible playerlist. first instance is base networkable, 2nd is visibleplayerlist
Baseplayer is localbaseplayer
To read stuff for baseplayer you need to incrementally keep updating a map with the pointers for lets say playerinventory
The pointer to the baseplayer is the parent. So store a map with parent as key and object as value and then call it playerinventorymap. Then just update that map enough and you can just grab it from that map. Do that to all those hidden classes, if implemented correctly there is little performance impact.
That's how you circumvent the obfuscation wrapper. I would give you the code and all but i am too burnt out right now so you have to deal with the pseudo code as my code is a right mess from the 700 commits my rust cheat has gotten.
The text was updated successfully, but these errors were encountered: