Author Topic: Something to work on  (Read 888 times)

0 Members and 1 Guest are viewing this topic.

Rav3n

  • Klass Klown
  • ***
  • Posts: 419
    • View Profile
Something to work on
« on: April 14, 2008, 09:19:16 pm »
NO KICK..
I know a few people have been succesful in this and MRM has given me a few methods
I did have it working at one stage but i played with so many address's i cant remember it(plus the game ended up crashing)
I also managed to send my ID as 1 which means its definitely possible to change your ID

Those that know how to make invisible will have noticed that when this hack is applied before entering a server you get
"class limit reached" when trying to select a class.

Those who have looked deeper will also notice your ID is not sent to the server..

I have found the address that passes my ID to the server but when i try and change it i either crash the game or get stuck with class limit reached.

I have no idea how to FORCE a class and a long and extensive search for the class address turned out nothing.

If anyone thinks they can help with this PM me on the forum.

A method
Open 2 Vietcongs (click on the EXE twice really fast if you dont have the hacked version)
Attach Cheat engine or T search or whatever you use to one of the process's (this will be your client)
Create a server with your other VC process and then connect to it using your client.

get your ID number and do a straight 4 byte search for it
exit the server
rejoin
do a search for the new ID  value
you should now have it
find what access's that address
you will notice that the ID is passed to ECX and if you follow the code its passed there a bit further up
change the ECX to your new ID value in HEX
Example : mov [addresshere],00000107   <<   107 is hex for 263 (when you create a server you are issued an ID of 263 might be useful)

If you can then force a class after this you "should" enter the server but you'll probably be invisible.
But unkickable lol


Free Rapidshare Prem Accounts
http://rapidshare dot com/files/111551586/Free-PremAccs.rar

mesengr

  • Relentless Teamkiller
  • **
  • Posts: 51
    • View Profile
Re: Something to work on
« Reply #1 on: April 15, 2008, 11:11:40 am »
I took a look at this. Here's what I have so far:

(1) Notice that you actually get 2 static locations for PLAYERID: one from game.dll and one from logs.dll
(2) I traced the code all the way back to when it actually takes the PLAYERID from the network-input-buffer.

(3) Hint #1: check out the pointer at address 0xe9e9cc
(4) Hint #2: the instruction that makes this happen is mov [edx],eax -- exactly 0x6194 bytes before the instruction you mentioned :)
(5) Interesting side note: 0xe9f238 seems to be a network-input-buffer... changes constantly, and lots of data gets read from there.... useful for future hacks?

(6) Anyways, now we've found the exact instruction where PLAYERID is received by the client.
(7) So we modify the code to mov[edx],107 (code cave...)
(8] Now, both game.dll & logs.dll works with the 107h value
(9) When you select "US Army" and then select "Soldier"... the HOST (i.e., the SERVER) gets a SELECT WEAPON menu.

If you play around with it, there's a few other interesting things that happen. e.g., the client "stays" in the game even after you leave and rejoin (then there's 3 players).

I think this is progress... or it might just be taking us a longer route...

MrMedic or others who have done this... are we on the right track?

mesengr

  • Relentless Teamkiller
  • **
  • Posts: 51
    • View Profile
Re: Something to work on
« Reply #2 on: April 15, 2008, 11:37:34 am »
UPDATE... It kinda works... when the host server is a Dedicated Server, you are able to select a weapon and spawn and play! And the admin cannot kick you no matter how many times he tries!

LMAO... even AUTO-TEAMKILL-KICK cannot get rid of you... and your ping is always low (but not "host-ping"). You probably can't get kicked for AUTO-KICK-HIGH-PING anyways.

Have not tested it in hradba206 servers yet... but it works in unprotected servers.

Only problem is you can't really play... all the players are frozen... sitting ducks either way :icon_biggrin2

Obviously, there's still more work to be done... it would be great if we could still actually play... also, if you leave and re-join, you cannot select a weapon immediately.
« Last Edit: April 15, 2008, 08:19:17 pm by mesengr »

mesengr

  • Relentless Teamkiller
  • **
  • Posts: 51
    • View Profile
Re: Something to work on
« Reply #3 on: April 15, 2008, 11:52:57 am »
Third post in a row...

I've actually seen this hack in action, several times. Based upon what I've seen, my theory is that we have to modify our IP address as well. I've seen hackers come in with pings of 11 ("host ping") and stay as long as they wanted, and then finally crash the server. I searched for my IP (text), and sure enough, Vietcong stores this information. We have to see if it uses it...

Rav3n

  • Klass Klown
  • ***
  • Posts: 419
    • View Profile
Re: Something to work on
« Reply #4 on: April 15, 2008, 09:18:06 pm »
Good job you got MSN?

Id be happy to work on this with you PM me m8

I assume VC stores your IP for IP bans
i know someone who has a PERFECT Anti Ban no IP or hour bans.
Im gonna check out those address's above and see wot happens

I have been on a server and left a "ghost" of myself in it 5 times i noticed the admin was kicking each one trying to get to me LOL



Free Rapidshare Prem Accounts
http://rapidshare dot com/files/111551586/Free-PremAccs.rar

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Something to work on
« Reply #5 on: April 16, 2008, 12:28:34 am »
Quote
i know someone who has a PERFECT Anti Ban no IP or hour bans.
If you know whats up there is -no- game that can ID ban you...and no way to IP ban you even if the host looks at logs later. They may be banning -somebodies- IP but not yours.
The method is not the same as spoofing an IP as you need to receive info not just send it...it makes you a bit laggy on your end (yet playable) and I am sure it is not 100% legal.

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*