Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - s0beit

Pages: 1 2 3 4 [5] 6
Cheat Requests / Re: APB Reloaded Aimbot
« on: May 30, 2011, 11:40:50 pm »
It's possible but you'd need a Unreal Engine 3 SDK generator to accomplish it.

I have one nearly finished, but there's some bugs I'm too lazy to fix  :icon_laugh

Armed Assault 2 / PBO packet analysis
« on: May 30, 2011, 11:36:02 pm »
I've spent some time debugging and fucking around with packets (under bi.key, not bi2.key), and i think I've figured it out for the most part

Code: [Select]
WORD PacketSize = *( WORD* )( buf );
BYTE PacketType = *( BYTE* )( buf + 0x02 );
BYTE PacketID = *( BYTE* )( buf + 0x03 );
DWORD UnknownHash = *( DWORD* )( buf + 0x04 );
DWORD PBONumber = *( DWORD* )( buf + 0x08 );
DWORD PBOGroup = *( DWORD* )( buf + 0x0C );
DWORD UnknownFF = *( DWORD* )( buf + 0x10 );
DWORD PreviousPBONum = *( DWORD* )( buf + 0x14 );

After that it gets a little murky, but here, I'll try to explain

Here is a visual aid for some people
Code: [Select]
//[B4 01][00][A0][9E AC 1A CC][09 00 00 00][1B 00 00 00][FF FF FF 07][07 00 00 00][03 20][61 00 00 02][CE 01][72-character-hash][00][C7 01 03]
//[68 01][80][A0][9B AE 5F A3][0A 00 00 00][1B 00 00 00][FF FF FF 07][09 00 00 00][C7 01 20][61 00 00 03]
//[6C 01][80][A0][DD 65 E5 A3][10 00 00 00][1B 00 00 00][FF FF FF 07][0F 00 00 00][C7 01 20][61 00 00 03]
//[8B 01][00][A0][81 FB 44 01][73 00 00 00][22 00 00 00][FF FF FF FF][72 00 00 00][03 20][61 00 00 02][C7 01 03]
//[84 01][00][A0][2C 20 C8 F4][74 00 00 00][22 00 00 00][FF FF FF FF][73 00 00 00][03 20][61 00 00 03][C7 01 FC C2 02]

After the bytes with the [] it gets a little murky and unpredictable, as far as i can tell (but right after the end of each of these is a string containing the PBO name)

What i do know, however, is that after the string, which looks like

Now, the issue here is, the BI KEY can have different lengths.

Code: [Select]
#define BIKEY_SIZE 153

If the start of [BI KEY] is 'bi' then it's a version 1 bikey, if the start of [BI KEY] is 'bi2' then it's a version 2 key, all you _really_ need to know about these is that the bi2 key contains one more byte (because it has one extra character, '2', in the header)

The bikey data, the first one anyway, is the actual key content from bi.key or bi2.key, depending on how it decides to roll.

The second key i assume is related to the PBO itself  :icon_teehee

There _can_ be some extra data after this key, but I've only seen that occur when unsigned pbos are passed through packets

I hope i was able to shed some light on how this entire process works, I'm hoping somebody can tell me what the bytes at the tail end of the packets above mean, or the UnknownFF area, but that wasn't really the purpose of this topic. Have fun with that!

Armed Assault 2 / Re: Operation Arrowhead
« on: August 05, 2010, 07:26:41 am »
I just got hold of this game.
Will be looking at the online possibilities.  :smile


ESP in this game isn't exactly "easy" but you CAN do it outside of the scripting engine, but the scripting engine is sooo easy to use.

Sorry if this is the wrong ESP you were thinking of, lol.

I found a pool of pointers representing players, it seems, with names and all in OA.

I was going to work on ESP/Aimbot but, scripting was much more fun :)

Armed Assault 2 / Re: Hack PBO [Undetected by Battleye]
« on: July 27, 2010, 05:51:15 am »
Soebit, pls update your hack  :icon_thumbsup

Update what?  :icon_confused2

Armed Assault 2 / Re: Hacking Zargabad Life
« on: July 26, 2010, 04:07:38 am »
BE from what i've seen is a pretty sad joke compared to others, the only useful thing is the GUID and im absolutely sure i can get around that eventually.

Like this here for example:
BOOL __stdcall Process32First(HANDLE hSnapshot, LPPROCESSENTRY32 lppe)
BOOL __stdcall Process32Next(HANDLE hSnapshot, LPPROCESSENTRY32 lppe)
BOOL __stdcall Toolhelp32ReadProcessMemory(DWORD th32ProcessID, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T cbRead, SIZE_T *lpNumberOfBytesRead)
BOOL __stdcall Module32First(HANDLE hSnapshot, LPMODULEENTRY32 lpme)

.text:100030B0 HookFunction    proc near

Found ^ by tracing FlushInstructionCache (it hooks winsock functions on the client................................)

That said, i inject my own DLL to spoof my ID and bypass signatures, and BE detects nothing.

Armed Assault 2 / Its raining men.. err.. planes
« on: July 25, 2010, 05:36:12 am »
This is based off of the buckfast/soundpack GBU bomb script

some guy rained planes on me and i wanted my own  :icon_rolleyes2

_coordinate = getpos player;

hint "Dropping planes nearby";

? ((_this select 0) == "remote"): _coordinate = _this select 1;

hint "Dropping planes somewhere else";

_i = 0

? _i >= 10: goto "exit";

_cv = "C130J_US_EP1" createvehicle [(_coordinate select 0) - 50 + random 100, (_coordinate select 1) - 50 + random 100, ((getpos player) select 2)]

_cv SetPos [(getpos player select 0),(getpos player select 1),(getpos player select 2) + 250];
_cv setdir getdir player
_cv Lock TRUE;

_i = _i + 1

goto "loop"

hint "Planes spawned.."

Its built for Operation Arrowhead btw, but that can be changes by replacing "C130J_US_EP1" with the ARMA2 model.

Armed Assault 2 / Re: Some Zargabad life scripts [1.7]
« on: July 25, 2010, 05:33:31 am »
Like i said i may compile them into a PBO but right now im refining the way my PBO works.

The menu is way too large, thats why in my other topic i asked about a menu, ill probably release it later if its really good ;)

Armed Assault 2 / Re: Hack PBO [Undetected by Battleye]
« on: July 25, 2010, 04:36:42 am »
It isnt that easy, you either have to use WPE or do like me, and write a C++ hook for "sendto"

Armed Assault 2 / Making a better menu?
« on: July 24, 2010, 10:22:23 pm »
I am working on my own hack script, as people may have seen from other topics.

This scroll mouse shit is killing my index finger, is there any menu examples (click-able or just generally easier to use) i can learn from?

Armed Assault 2 / Re: Some Zargabad life scripts [1.7]
« on: July 24, 2010, 07:20:16 pm »
I might upload a PBO sometime but right now those are just basically the source codes to SQS files which you put inside of a PBO.

Armed Assault 2 / Re: Hack PBO [Undetected by Battleye]
« on: July 24, 2010, 05:28:50 pm »
Nice job  dude :icon_teehee

Actually i don't think that was me, me and my friends are more subtle then that ;)

Maybe a bomb here or there every half hour, or one plane spam, but nothing that crazy.

thats no fun  :icon_shifty

Armed Assault 2 / Some Zargabad life scripts 1.7/6.0
« on: July 24, 2010, 03:14:33 pm »
These are some VERY simple scripts that allow you to have some fun.

Double your paycheck (Civilians, Cops, Mayor and Chief respectively):

Force Mayor:

Force Gang Leader:

Force Cop (untested, and the effects would be client side):

Cheap Gang Creation (you can also make it 0, lol):

Double Gang Income:

Faster Respawn:

Infinite Petrol:


Kill MOTD:

I will add the scripts as i develop them, but you can have some fun with those (yes when you force mayor you also get the extra $3000)

Armed Assault 2 / Re: Hack PBO [Undetected by Battleye]
« on: July 24, 2010, 03:23:37 am »
I updated that "buckfast" stuff in the downloads to be more ARMA2:OA friendly, it is easy with some helpful links.


Now i have no errors and i will be adding things to it, maybe releasing if it gets good enough.

Thanks all and you will probably see me raising hell in the future, now to mess with battleye. (i don't kill servers btw, just some playful fun :))

Armed Assault 2 / Re: Hack PBO [Undetected by Battleye]
« on: July 23, 2010, 07:34:20 pm »
You can feel free to join me in 7Cav anytime you want ;)

Pages: 1 2 3 4 [5] 6