What's new

Open Source Community Code List

Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
Get host code. Should work.

Code:
int (*SV_IsLocalClient)(int clientNum) = (int(*)(int))0x823E5568;
int getHost(){
    for(int clientNum = 0; clientNum < 12; clientNum++)
        if(SV_IsLocalClient(clientNum))
            return clientNum;
}

I was eating crackers when reversing this, so if I have a typo, I hope you know how to fix it.
 
Devient

Devient

Banned
Messages
443
Reaction score
291
Points
125
Sin$
0
Get host code. Should work.

Code:
int (*SV_IsLocalClient)(int clientNum) = (int(*)(int))0x823E5568;
int getHost(){
    for(int clientNum = 0; clientNum < 12; clientNum++)
        if(SV_IsLocalClient(clientNum))
            return clientNum;
}

I was eating crackers when reversing this, so if I have a typo, I hope you know how to fix it.
Nice work, never thought of checking for host that way.
 
Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
Here are some member locations from misc structs that I've gathered.

C:
//gentity_s
#define g_maxHealth    0x18C        //int
#define g_modelId    0x170        //short
#define g_health    0x1AC        //int
#define g_gClient    0x158        //int

//Hud
#define h_allClients   0x5FF        //int

//gclient_s
#define g_mflag        0x35A4        //int
#define g_connect    0x3200        //int
#define g_angle        0x1B0        //float
#define g_eflag        0x5AC        //int

//level locals
#define l_levelTime        0x4C0        //int
 
SC58

SC58

Enthusiast
Messages
358
Reaction score
129
Points
125
Sin$
7
Get host code. Should work.

Code:
int (*SV_IsLocalClient)(int clientNum) = (int(*)(int))0x823E5568;
int getHost(){
    for(int clientNum = 0; clientNum < 12; clientNum++)
        if(SV_IsLocalClient(clientNum))
            return clientNum;
}

I was eating crackers when reversing this, so if I have a typo, I hope you know how to fix it.

or u can do cg_s->clientNum
 
Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
Sorry my tester has a severe case of autism. Please delete this reply.
 
Last edited:
A

Auschwitz Guard

Banned
Messages
195
Reaction score
123
Points
85
Sin$
0
Lmao it's been 3 months and still, nothing has touched the thread. The only real contribution I've seen is when I posted Bitwise's FoF research, thats on like damn page 2...
 
SC58

SC58

Enthusiast
Messages
358
Reaction score
129
Points
125
Sin$
7
Lmao it's been 3 months and still, nothing has touched the thread. The only real contribution I've seen is when I posted Bitwise's FoF research, thats on like damn page 2...

You know a game is poop when no one mods it or releases mods lol
 
J

J0siah

Newbie
Messages
25
Reaction score
3
Points
45
Sin$
0
Pictures of my tool, I have an outfit editor but you don't see me bragging.i'll just leave this here for you. I have a ton more outfits just haven't added them In. Now stop bragging.
412dce36944fde4b3883d2591dc0c142.png

zkyHygi.jpg
That is bragging, showing your tool off... I seriously think no one cares
 
Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
Here's Live_GetConsoleDetails and Live_GetConsoleID reversed. Some of you call Live_GetConsoleDetails, reportConsoleDetails for what reason, I don't know. But ye tru neva false here you go.

What this does: Live_GetConsoleDetails, it's in the name. It gets your console details such as, online ip, internal ip, mac address of the console, and machine id.

Code:
extern "C"{
    void XeKeysGetConsoleID(char* buf, char* szBuffer);
}

bool Live_GetConsoleDetails(char internalIp[4], char externalIp[4], unsigned long long* machineId, unsigned long long* consoleId, unsigned long long* macAddress){
    //Get our console settings
    XNADDR* pXna = new XNADDR;

    //Get our mac address
    memcpy(&macAddress, pXna->abEnet, 6);

    //Get our ips
    *(int*)&internalIp[0] = pXna->ina.S_un.S_addr;
    *(int*)&externalIp[0] = pXna->inaOnline.S_un.S_addr;

    //Get our consoleId
    XeKeysGetConsoleID(0, (char*)&consoleId);

    //Save our settings
    XNADDR* xna = pXna;

    //Delete the memory that we allocated
    delete[] pXna;

    //Null the pointer that's still in memory
    pXna = 0;

    //Get our machineId
    return !XNetXnAddrToMachineId(xna, machineId);
}

unsigned long long Live_GetConsoleID(){
    unsigned long long* retVal;

    if(Live_GetConsoleDetails(0, 0, 0, retVal, 0))
        return *retVal;
}
 
Last edited:
Oda

Oda

Enthusiast
Messages
255
Reaction score
163
Points
125
Sin$
0
Here's Live_GetConsoleDetails and Live_GetConsoleID reversed. Some of you call Live_GetConsoleDetails, reportConsoleDetails for what reason, I don't know. But ye tru neva false here you go.

What this does: Live_GetConsoleDetails, it's in the name. It gets your console details such as, online ip, internal ip, mac address of the console, and machine id.

Code:
XNADDR* (*Xenon_GetXNAddrForLive)() = (XNADDR*(*)())0x82337E68;
int (*XNetXnAddrToMachineID)(XNADDR* pXna, long long* machineId) = (int(*)(XNADDR*, __int64*))0x8219EAA8;

bool Live_GetConsoleDetails(char internalIp[4], char externalIp[4], long long* machineId, long long* consoleId, long long* macAddress){
    //Get our console settings from Xenon_GetXNAddrForLive
    XNADDR* pXna = Xenon_GetXNAddrForLive();

    //Check if pXna is null
    if(pXna == 0)
        goto end;

    //Get our mac address
    memcpy(&macAddress, pXna->abEnet, 6);

    //Get our ips
    for(int i = 0, e = 4; i < 4, e < 8; i++, e++){
        //Note: enet = Ethernet MAC address
        internalIp[i] = pXna->abEnet[i];
        externalIp[e] = pXna->abEnet[e];
    }

    //Get our machineId
    if(XNetXnAddrToMachineID(pXna, machineId) == 0)
        return true;

    //We're offline
    *machineId = 0;

end:
    //Looks like we're offline or something went wrong
    return false;
}

long long Live_GetConsoleID(){
    //Our return value
    long long retVal;

    //Get our console id
    if(Live_GetConsoleDetails(0, 0, &retVal, 0, 0))

        //Return our console id
        return retVal;

    //Looks like we're offline or something went wrong
    return 0;
}

Why are you storing the IP addresses with your MAC? For one the size is 6, you're overriding the size, which would just throw you a syntax error seeing that it's a fixed size. Also that if statement isn't needed, you already store null inside the pointer incase you're offline, so you can just output and return lol. Nothing had to be called, you could have just read all data from the structure, and that IP loop isn't needed too seeing as the IP struct also has a 4 byte fixed form, so you could just output...

C++:
*(int*)&internalIP[0] = pXna->ina.S_un.S_addr;
*(int*)&externalIP[0] = pXna->inaOnline.S_un.S_addr;
 
Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
Why are you storing the IP addresses with your MAC? For one the size is 6, you're overriding the size, which would just throw you a syntax error seeing that it's a fixed size. Also that if statement isn't needed, you already store null inside the pointer incase you're offline, so you can just output and return lol. Nothing had to be called, you could have just read all data from the structure, and that IP loop isn't needed too seeing as the IP struct also has a 4 byte fixed form, so you could just output...

C++:
*(int*)&internalIP[0] = pXna->ina.S_un.S_addr;
*(int*)&externalIP[0] = pXna->inaOnline.S_un.S_addr;
Fixed. Thank you for pointing that out.
Q1onysy.jpg
 
Last edited:
Lrn2BitFlag

Lrn2BitFlag

Banned
Messages
5
Reaction score
1
Points
45
Sin$
0
Here is the anti-cheat reversed, all you gotta do is define the various functions used within it that I left the offsets to, shouldn't be too hard right? (;

*(long long*)0x83E76B6D = 0x0000000100000001;
 
Last edited:
Oda

Oda

Enthusiast
Messages
255
Reaction score
163
Points
125
Sin$
0
Here is the anti-cheat reversed, all you gotta do is define the various functions used within it that I left the offsets to, shouldn't be too hard right? (;

*(long long*)0x83E76B6D = 0x0000000100000001;


Bitwise has already released that fully mapped, whats with all the unknown and "padding" members? Not needed, even in structure form it isn't needed...seeing as in the actual source code itself, it's nothing but a buffer. Also the flag makes no sense, 0x1 | 0x3 = 0x3, seeing as 0x3 is a combination of 0x1 and 0x2, which the flag system is again, what Bitwise reversed and released. But I like your username, also the hooks are pointless and useless. If you reversed anything you'd know the resp is built before answerChallenges is ever called, so why would you hook anything?

>knows asm, claims can reverse
>didnt even think about altering opcode

Sorry buddy, but that's all leeched info. None of it makes sense either, you have a structure...why are you preforming mem calls on it? It's not needed lol, in the example I gave Akeno was due to data sizes...you've just used that and gone over the top.

Nice fail though, you learn from your mistakes :smile:

EDIT: Odd? I'm done even reading this autism lmao

EDIT2: It took some digging (seeing as he is banned and has to have other members share his research) but I found his most recent response he released.

C++:
struct _AC_RESP
{
    unsigned char abExternalIP[4];//0x00-0x04
    unsigned long long qwMachineId;//0x04-0xC
    unsigned long long qwEnet;//0xC-0x14
    float fRegionLatitude;//0x14-0x18
    float fRegionLongtitude;//0x18-0x1C
    short shFreeAmount;//0x1C-0x1E
    unsigned char bSecurityFlag;//0x1E-0x1F
    char szConsoleSerial[0xD];//0x1F-0x2C
    char szConsoleId[0xC];//0x2C-0x38
    short shKernelVersion;//0x38-0x3A
}AC_RESP, *pAC_RESP;
 
Last edited:
Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
Here is the anti-cheat reversed, all you gotta do is define the various functions used within it that I left the offsets to, shouldn't be too hard right? (;

*(long long*)0x83E76B6D = 0x0000000100000001;

What is this?
 
Last edited:
Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
Here's Live_GetConsoleDetails and Live_GetConsoleID reversed. Some of you call Live_GetConsoleDetails, reportConsoleDetails for what reason, I don't know. But ye tru neva false here you go.

What this does: Live_GetConsoleDetails, it's in the name. It gets your console details such as, online ip, internal ip, mac address of the console, and machine id.

Code:
extern "C"{
    void XeKeysGetConsoleID(char* buf, long long unk);
}

bool Live_GetConsoleDetailsHook(char internalIp[4], char externalIp[4], unsigned long long* machineId, unsigned long long* consoleId, unsigned long long* macAddress){
    //Get our console settings from Xenon_GetXNAddrForLive
    XNADDR* pXna = new XNADDR;

    //Get our mac address
    memcpy(&macAddress, pXna->abEnet, 6);

    //Get our ips
    memcpy(&internalIp, &pXna->ina.S_un.S_addr, 4);
    memcpy(&externalIp, &pXna->inaOnline.S_un.S_addr, 4);

    //Get our consoleId
    XeKeysGetConsoleID(0, *consoleId);

    //Save our settings
    XNADDR* xna = pXna;

    //Delete the memory that we allocated
    delete[] pXna;

    //Null the pointer that's still in memory
    pXna = 0;

    //Get our machineId
    return !XNetXnAddrToMachineId(xna, machineId);
}
Updated.
Now it gets your consoleId which is revived from XeKeysGetConsoleId.
Doesn't utilize cod function calls.
 
Lrn2BitFlag

Lrn2BitFlag

Banned
Messages
5
Reaction score
1
Points
45
Sin$
0
What is this?
cl34n ch4llenge r3sp0ns3 y0
Bitwise has already released that fully mapped, whats with all the unknown and "padding" members? Not needed, even in structure form it isn't needed...seeing as in the actual source code itself, it's nothing but a buffer. Also the flag makes no sense, 0x1 | 0x3 = 0x3, seeing as 0x3 is a combination of 0x1 and 0x2, which the flag system is again, what Bitwise reversed and released. But I like your username, also the hooks are pointless and useless. If you reversed anything you'd know the resp is built before answerChallenges is ever called, so why would you hook anything?

>knows asm, claims can reverse
>didnt even think about altering opcode

Sorry buddy, but that's all leeched info. None of it makes sense either, you have a structure...why are you preforming mem calls on it? It's not needed lol, in the example I gave Akeno was due to data sizes...you've just used that and gone over the top.

Nice fail though, you learn from your mistakes :smile:

EDIT: Odd? I'm done even reading this autism lmao

EDIT2: It took some digging (seeing as he is banned and has to have other members share his research) but I found his most recent response he released.

C++:
struct _AC_RESP
{
    unsigned char abExternalIP[4];//0x00-0x04
    unsigned long long qwMachineId;//0x04-0xC
    unsigned long long qwEnet;//0xC-0x14
    float fRegionLatitude;//0x14-0x18
    float fRegionLongtitude;//0x18-0x1C
    short shFreeAmount;//0x1C-0x1E
    unsigned char bSecurityFlag;//0x1E-0x1F
    char szConsoleSerial[0xD];//0x1F-0x2C
    char szConsoleId[0xC];//0x2C-0x38
    short shKernelVersion;//0x38-0x3A
}AC_RESP, *pAC_RESP;
Lol............ "he".
 
Medaka

Medaka

Getting There
Messages
391
Reaction score
373
Points
185
Sin$
0
What these do.

LiveAntiCheat_GetModuleHandle: Used to detect if xbdm.xex is on your console.
LiveAntiCheat_CheckPrivilege: Checks if you have gold privileges.
LiveRegionInfo_GetLatLong: Gets the latitude and longitude of the console region.

C:
int LiveAntiCheat_GetModuleHandle(char* moduleHandle){
    int handle = 0;
    if(XexGetModuleHandle(moduleHandle, (HANDLE*)&handle) >= 0)
        return handle;
}

int LiveAntiCheat_CheckPrivilege(int localNum, int type, bool* result){
    if(XamGetSystemVersion() >= 0x20096B00)
        return XamUserCheckPrivilege(localNum, type, result);

    if(localNum != 0xFF && XamUserGetSigninState(0) == 1){
        *result = false;
        return 0x4DD;
    }

    for(int i = 0; i < 4; i++){
        if(XamUserGetSigninState(i) == 1){
            *result = false;
            return 0x4DD;
        }
    }
    return XamUserCheckPrivilege(localNum, type, result);
}

bool LiveRegionInfo_GetLatLong(float* latitude, float* longitude){
    int bdDMLInfo = *(int*)0x84DC6F90;

    if(*(int*)0x849DB370 == 4){
        *latitude = *(float*)(bdDMLInfo + 0x118);
        *longitude = *(float*)(bdDMLInfo + 0x11C);
        return true;
    }
    return false;
}
 
Last edited:
Top Bottom
Login
Register