Operation Cheatme!

User projects written in or related to FreeBASIC.
Post Reply
mrminecrafttnt
Posts: 105
Joined: Feb 11, 2013 12:23

Operation Cheatme!

Post by mrminecrafttnt »

Hi i've just programmed a nice anticheating Engine - Your mission is to hack the displayed Value without changing the Sourcecode.
You need 1.09.0 x64 to compile it - no guarantee that will work in other versions.. - i hope you did it :)

Code: Select all

type ac_ubyte_simple
        dim value2 as ubyte
        dim value as ubyte
        dim key2 as ubyte
        dim key as ubyte
        dim sabotageflag as ubyte
        declare sub set(value as ubyte)
        declare function get as ubyte
        declare constructor
    end type

    constructor ac_ubyte_simple
        this.set 123
        if this.get <> (this.value xor this.key) then sabotageflag = 1
        this.set 222
        if this.get <> 222 then sabotageflag = 2
    end constructor

    sub ac_ubyte_simple.set (value as ubyte)
        if sabotageflag = 1 then exit sub
        this.key = int(rnd*256)
        this.value = value xor this.key
        this.key2 = int(rnd*256)
        this.value2 = value xor this.key2
    end sub

    function ac_ubyte_simple.get as ubyte
        
        if sabotageflag = 2 then this.set int(rnd*256) : sabotageflag = 1
        if sabotageflag = 1 then exit function
        return value xor key
    end function

    type ac_ubyte_getter
        v as ac_ubyte_simple
        declare function get as ubyte
        declare sub set(value as ubyte)
    end type


    sub ac_ubyte_getter.set (value as ubyte)
        if value <= 10 then
            v.set value
        end if
    end sub

    function ac_ubyte_getter.get as ubyte
        if v.get <= 10 then
            return v.get
        else
            return 0
        end if
    end function

    type ac_integer
        dim m as ac_ubyte_getter
        dim om as ac_ubyte_getter
        key(10) as integer
        keycv(10) as integer
        decheat as integer
        v(10) as integer
        cv(10) as integer
        locked as integer
        ignore(10) as ac_ubyte_getter
        hash as uinteger
        declare sub lock_set
        declare sub terminatedata
        declare sub set(value as integer)
        declare function get as integer
        declare function gen_hash as integer
    end type

    sub ac_integer.terminatedata
        erase(key)
        erase(keycv)
        erase(v)
        erase(cv)
        for i as integer = 0 to 9
            ignore(i).set int(rnd*256)
        next
        m.set 0
        om.set 0
        hash = 0
    end sub


    function ac_integer.gen_hash as integer
        dim as integer h
        for i as integer = lbound(v) to ubound(v)
            h += v(i) + cv(i) + key(i) + keycv(i) + m.get
        next
        'if h = 0 then decheat = 1
        return h
    end function

    sub ac_integer.set(value as integer)
        dim as integer valh = value
        
        if decheat = 1 or locked = 1 then exit sub
        if (cv(m.get) xor keycv(m.get)) <> (v(m.get) xor key(m.get)) then ignore(m.get).set 1
        if ignore(m.get).get <> 0 then   
            dim as integer t = timer
            do
               
                m.set ((m.get + 1) mod 10)           
                if decheat = 1 then exit sub           
                if (timer-t) > .25 then
                    decheat = 1       
                    this.terminatedata
                    exit sub
                end if
               
            loop until ignore(m.get).get = 0
        end if   
        if m.get = 10 then
            m.set 0
        end if
        key(m.get)= int(rnd*99999999)
        keycv(m.get)= int(rnd*99999999)
        cv(m.get)=value xor keycv(m.get)
        v(m.get)=value xor key(m.get)
        if valh <> (v(m.get) xor key(m.get)) then hash = 0
        if (v(m.get) xor key(m.get)) <> value then ignore(m.get).set 1
        hash = gen_hash
    end sub

    function ac_integer.get as integer
        if m.get > ubound(v) then terminatedata : hash = -1
        om.set m.get
        if hash <> gen_hash then set 0 : decheat = 1 
        if decheat = 1 then return 0
        if (v(m.get) xor key(m.get)) <> (cv(m.get) xor keycv(m.get)) then return 0
       
        m.set m.get + 1
        this.set v(m.get-1) xor key(m.get-1)
        if om.get = m.get then set 0
        if m.get > 0 then
            
            return v(m.get) xor key(m.get)
        else
            return v(0) xor key(0)
        end if
    end function

    type ac_lv_1
        decheatflag as ubyte
        value as ac_integer
        value2 as ac_integer
        key as ac_integer
        key2 as ac_integer
        hash as integer
        declare sub set(v as integer)
        declare function get as integer
       
    end type


       

    sub ac_lv_1.set (v as integer)
        if decheatflag = 1 then v = 0
        key.set int(rnd*99999999)
        key2.set int(rnd*99999999)
            value.set v xor key.get '+ 1

       
       
        value2.set v xor key2.get
        hash = value.get + value2.get
        if (value.get xor key.get) <> v then decheatflag = 1
    end sub

    function ac_lv_1.get as integer
        if hash = value.get + value2.get then
            return value.get xor key.get
        else
            value.decheat = 1 : value2.decheat = 1
            return 0
        end if
       
    end function

    type ac_lv_2
        value as ac_lv_1
        value2 as ac_lv_1
        key   as ac_lv_1
        key2  as ac_lv_1
        hash  as ac_lv_1
       
        declare sub set (v as integer)
        declare function get as integer   
    end type




    sub ac_lv_2.set (v as integer)
        key.set int(rnd*9999999)
        key2.set int(rnd*9999999)
        value.set v xor key.get
        value2.set v xor key2.get
        hash.set (value.value.get + value2.value.get)
    end sub

    function ac_lv_2.get as integer
       
        if hash.get = value.value.get + value2.value.get then
            return value.get xor key.get '+ int(rnd *2000)
        else
            return 0
        end if
    end function

    type ac_lv_3
        value(9) as ac_lv_2
        key(9) as ac_lv_2
        readcycles as ac_lv_2 'count the cycles of reading
        declare sub set (value as integer)
        declare function get as integer
        locked as ac_lv_2
    end type

    sub ac_lv_3.set (value as integer)
        if locked.get <> 0 then exit sub
        for i as integer = 0 to 8
            key(i).set int(rnd*999999999)
            this.value(i).set value xor key(i).get
        next
    end sub

    function ac_lv_3.get as integer
        if locked.get = 2 then return 0
        readcycles.set 0
        dim as ac_lv_2 h
       
        for i as integer = 0 to 8
            readcycles.set readcycles.get + 1
            if (this.value(i).get xor key(i).get) = (this.value(i+1).get xor key(i+1).get) then
                h.set h.get + 1
            end if
        next
        if h.get = 8 then
            dim as ac_lv_2 sum
            for i as integer = 0 to 8
                readcycles.set readcycles.get + 1
                sum.set sum.get + (this.value(i).get xor this.key(i).get)
            next
            if sum.get = 0 then return 0
            if cint(sum.get) / 9 <> (this.value(1).get xor this.key(1).get) then
               
                return this.value(1).get xor this.key(1).get
            else
                if readcycles.get <> 18 then this.set 0 : return 0
                return cint(sum.get) / 9' + int(rnd*2)
            end if
            return 0
        end if
    end function

    type ac_lv_4
        value1 as ac_lv_3
        value2 as ac_lv_3
        key1 as ac_lv_3
        key2 as ac_lv_3
        hash as ac_lv_3
        dim as ac_ubyte_simple usemax_flag,decheat
        dim as ac_integer max_movement
        lockctrl_passcode as integer
        declare sub set(value as integer)
        declare function get as integer
        declare sub lockctrl(value as integer,passcode as integer = 0)
        declare sub enable_max_movement
        declare sub set_max_movement(value as integer)
        declare function lockreader as integer
        declare sub disable
        declare constructor () ' use this to lock access as default
    end type

    constructor ac_lv_4
        lockctrl_passcode = int(rnd*99999999)
        lockctrl 1,lockctrl_passcode   
    end constructor
       





    function ac_lv_4.lockreader as integer
        return(value1.locked.get + value2.locked.get) / 2
    end function


    sub ac_lv_4.enable_max_movement
        usemax_flag.set 1
    end sub

    sub ac_lv_4.set_max_movement(value as integer)
        max_movement.set 100
    end sub



    sub ac_lv_4.set (value as integer)
        if usemax_flag.get = 1 then
            if (value >= (get + max_movement.get)) or (value <= (get - max_movement.get)) then usemax_flag.set 0 : set 0 : decheat.set 1 : usemax_flag.set 1 : this.value1.set 0 : lockctrl 1, lockctrl_passcode : lockctrl_passcode = 0 : exit sub
        end if
    key1.set int(rnd*999999)
    key2.set int(rnd*999999)
    value1.set value xor key1.get
    value2.set value1.get xor key2.get
    value1.set 0
    end sub

    function ac_lv_4.get as integer
        if decheat.get = 1 then  return 0
         return (value2.get xor key2.get) xor key1.get
    end function

    sub ac_lv_4.lockctrl (value as integer,passcode as integer = 0)
       ' print "LOCK CTRL",value
        if lockctrl_passcode = 0   then EXIT SUB
        if (passcode > 0) and (lockctrl_passcode > 0) and (passcode = lockctrl_passcode) then
          '  PRINT "ACCSESS ALLOWED"
            select case value
            case 1
                value1.locked.set 1
                value2.locked.set 1
                key1.locked.set 1
                key2.locked.set 1
                hash.locked.set 1
           '     PRINT "LOCKED"
            case 0
                value1.locked.set 0
                value2.locked.set 0
                key1.locked.set 0
                key2.locked.set 0
                hash.locked.set 0
             '   PRINT "UNLOCKED"
            case else
                'Print "LOCK CONTROL ERROR - UNSOPPORTED LOCK STATE"
            end select
        else
            'print "ACCESS DENINED",passcode,lockctrl_passcode,value
            lockctrl 1, lockctrl_passcode
        end if
    end sub

    sub ac_lv_4.disable
        lockctrl 1,lockctrl_passcode
        value1.set 0
        value2.set 0
        key1.set 0
        key2.set 0
        hash.set 0
        lockctrl 1,lockctrl_passcode
    end sub

       






    'main area
    dim shared as ac_lv_4 example
    dim shared as ac_lv_3 ov,nv
    dim shared as ubyte cid
    dim as string chartbl = "|/-\"
    const init_val = 10000
    dim as ubyte initalized

    sub pass(state as ubyte)
        select case state
        case 1
            print "PASSED"
        case else
            color 12
            print "NOT PASSED"
            beep
            sleep
            end
        end select
        color 7
    end sub


    sub init(initalized as ubyte)
        if initalized = 1 then print "ERROR : ALREADY INITALIZED" : EXIT SUB
        if initalized > 1 then example.set 0 : exit sub
       dim as integer clr = cast (integer,@example)
       dim as integer length = len(example)
       for i as integer = clr to clr+length
           poke i,0
       next
       'selftest here
       
       PRINT "**SELFTEST**"
        randomize int(timer * 999999999)
       
        PRINT "EXECUTING SYSTEM TEST SCRIPT"
            PRINT "AC_UBYTE SIMPLE: ";
            dim as ac_ubyte_simple test,passcount
            test.set 123
            if test.get = 123 then pass 1 : passcount.set  passcount.get + 1 else pass 0
            PRINT "AC_INTEGER: ";
            dim test2 as ac_integer
            test2.set 123456
            if test2.get = 123456 then pass 1 : passcount.set passcount.get + 1 else pass 0
            PRINT "AC_LV_1: ";
            dim test3 as ac_lv_1
            test3.set 123456
            if test3.get =123456 then pass 1 : passcount.set passcount.get + 1 else pass 0
            PRINT "AC_LV2: ";
            dim test4 as ac_lv_2
            test4.set 123456
            if test4.get = 123456 then pass 1 : passcount.set passcount.get + 1 else pass 0
            PRINT "AC_LV3: ";
            dim test5 as ac_lv_3
            test5.set 123456
            if test5.get = 123456 then pass 1 : passcount.set passcount.get + 1 else pass 0
           
            PRINT "DONE"
            color 15
            example.lockctrl 0,example.lockctrl_passcode

           
           
       
       
        dim as ac_lv_4 self_t
        self_t.lockctrl 0,self_t.lockctrl_passcode
        PRINT "CHECKING ENGINE FOR INACEPTABLE MODIFICATIONS..";
        self_t.set 12345
        if self_t.get + 54321 <> 66666 then
            print "NOT PASSED"       
            color 15
           
       
           
            'end
            'exit sub
        ELSE
            PRINT "PASSED"
        end if
       
            PRINT "CHECKING LOCK SYSTEM..";
            if self_t.lockctrl_passcode = 0 then self_t.lockctrl_passcode = 1244 'else print "MEMORY ERROR?"
            self_t.lockctrl 1 , 1244
            self_t.set 0
            if self_t.get = 0 then
                print "NOT PASSED"
            else
                PRINT  "PASSED"
                PRINT "TESTING CALCULATION UNIT..";
                example.set init_val
                example.set example.get + 1
                example.set example.get - 2
                example.set example.get + 1
                if example.get <> init_val then
                    PRINT "NOT PASSED"
                   
                    example.lockctrl 2,55132
                ELSE
                    PRINT "PASSED"
                end if
               ' PRINT "S1"
                example.lockctrl_passcode = 1244
                if example.lockreader < 2 then example.lockctrl 1,1244
               
               ' PRINT "N1"
            end if
           
            if example.get <> init_val then
                print "TO HARD TO DO IT FOR YOU??"
                PRINT "SELFTEST NOT PASSED"
                beep
               
                end
            ELSE
                example.set_max_movement 2
                example.enable_max_movement
               
            end if
           
       
       cid = &hFF
        locate ,,0
    end sub

init 0
example.lockctrl 0,example.lockctrl_passcode
example.max_movement.set 10000
example.set 1000
example.max_movement.set 0
example.max_movement.locked = 1
example.lockctrl 1,example.lockctrl_passcode
color 7
do

locate 15,1
print "CHANGE THIS VALUE -->";
color 15
print example.get;
color 7
print " TO 12345 WITH CHEATENGINE- GOOD LOOK :)"
loop until example.get = 12345 or inkey <> ""
if example.get = 12345 then print "CONGRATULATIONS YOU DID IT!"
sleep
     
Post Reply