12 replies to this topic

[jojo54696]

Hi,

 

I'm a computer science geek. I've developed cheats for many games but am new to league 'scripting' scene.

I thought this looked especially interesting because of its lack of injection.

 

I finally got GOS up and running after some trouble with it and a busy week at work. The scripts/api and development for GOS are simple and strightfoward. I was just curious how GOS is getting game information. I've only ever developed an injected code or 'internal' cheat before.

 

For example, I was playing a test game and the enemy ryze backs away off screen. The recall tracker is able to tell me when he starts recalling.

 

It seems unlikely that LoL devs would store in-game info outside the process. If you aren't looking at what the display is outputting or injecting into the games memory. How does it know when he is recalling?

 

Just like 2 sentences, I can go look it up if you tell me what the concept is.

[westlot]

its a good question

[Cloud]

I dont know if you've actually created any hacks. Seems like you dont know how simple RPMS and logix work.

[TheBob]

Short answer:

• The server sends a variable that says the player is B-ing in a packet.
• That variable is saved to an address in memory.
• That address is checked every X tick(s) of the bot to see if someone is B-ing. The users can check this with an API command.

Reading memory wont get you banned unless they have some sort of anti-cheat, and state that they will ban you in their TOS. RIOT servers do not seem to have either of these, but Garena does (XINCODE3).

 

Not 100% sure about RIOT's reason for the Recall thing, but this would be mine:

The reason B-ing is always readable is because: if a player is lagging and shoots a missile, they should still have the info sent to them for where people are B-ing to hide the lag of that missile. Imaging if you shot an Ashe R, lag, and don't see your arrow hit someone because the packet of them being there returning to base hasn't gotten to you yet. Just because you don't see it doesn't mean its not saved in memory.

 

If you wanted to write a simple pseudo hack ('Hello World' level):

• Scan memory to find the BASE address in ram for the program. Do this every launch. The BASE is the address where a programs memory allocation starts, this changes every launch.
• Scan memory addresses starting at that base address for something you know (the players name in this example), and note that address.
• Subtract the BASE address from your character name address. This is the "offset" for the player name. Save this to a variable.
• Add the "offset" you just found to the BASE address to always get the location of the player name in memory. You need to do this because the BASE changes every run on most machines.
• Read the address of the sum in the last step to get the player name.

Note: Some developers/compilers hide these well, and you have to use patterns to find the offsets in real time at launch. You will also need to re-acquire the offsets and check the patterns after each new build of the program is released (each patch in a game).

 

 

TLDR: GOS uses magnets. 

[jojo54696]

Short answer:

• The server sends a variable that says the player is B-ing in a packet.
• That variable is saved to an address in memory.
• That address is checked every X tick(s) of the bot to see if someone is B-ing. The users can check this with an API command.

Reading memory wont get you banned unless they have some sort of anti-cheat, and state that they will ban you in their TOS. RIOT servers do not seem to have either of these, but Garena does (XINCODE3).

 

Not 100% sure about RIOT's reason for the Recall thing, but this would be mine:

The reason B-ing is always readable is because: if a player is lagging and shoots a missile, they should still have the info sent to them for where people are B-ing to hide the lag of that missile. Imaging if you shot an Ashe R, lag, and don't see your arrow hit someone because the packet of them being there returning to base hasn't gotten to you yet. Just because you don't see it doesn't mean its not saved in memory.

 

If you wanted to write a simple pseudo hack ('Hello World' level):

• Scan memory to find the BASE address in ram for the program. Do this every launch. The BASE is the address where a programs memory allocation starts, this changes every launch.
• Scan memory addresses starting at that base address for something you know (the players name in this example), and note that address.
• Subtract the BASE address from your character name address. This is the "offset" for the player name. Save this to a variable.
• Add the "offset" you just found to the BASE address to always get the location of the player name in memory. You need to do this because the BASE changes every run on most machines.
• Read the address of the sum in the last step to get the player name.

Note: Some developers/compilers hide these well, and you have to use patterns to find the offsets in real time at launch. You will also need to re-acquire the offsets and check the patterns after each new build of the program is released (each patch in a game).

 

 

TLDR: GOS uses magnets. 

 

 

I sent you a PM TheBob, would you mind reading it? thanks

[jojo54696]

I'll post my question to TheBob here since he isn't replying

 

I know about offsets and how to find them and stuff. That is what I do when I make a cheat for an FPS or something.
I just didn't realize you could do it without injecting into the process. Why wouldn't every cheat just be external if you can do all the same things/read the memory without injecting? Is injecting just easier because the offsets are always the same?

Or can you not invoke the games own functions/SDK without injection... can you only read from the outside?

also you say at the end of your post...
tl;dr: GOS uses magnets. I tried to google what this means but had a hard time. Can you explain this?

 

Thanks again

[Cloud]

I'll post my question to TheBob here since he isn't replying

 

I know about offsets and how to find them and stuff. That is what I do when I make a cheat for an FPS or something.
I just didn't realize you could do it without injecting into the process. Why wouldn't every cheat just be external if you can do all the same things/read the memory without injecting? Is injecting just easier because the offsets are always the same?

Or can you not invoke the games own functions/SDK without injection... can you only read from the outside?

also you say at the end of your post...
tl;dr: GOS uses magnets. I tried to google what this means but had a hard time. Can you explain this?

 

Thanks again

Again this relates to my second post, I don't believe you know your reversing. The lack of injection means that GoS can not do detours therefore functions like CreateObj cannot be hooked etc. External tends to be heavily reliant and time critical in its RPM's since it has to scan every tick (often delayed to prevent lag) in order to keep up with changes in the game. Hopefully this is enough to actually get you to google **** and figure out what the hell you're doing.

[Deftsu]

there is an event for OnProcessRecall/OnTeleport, you could just hook it, that's all

[jojo54696]

Again this relates to my second post, I don't believe you know your reversing. The lack of injection means that GoS can not do detours therefore functions like CreateObj cannot be hooked etc. External tends to be heavily reliant and time critical in its RPM's since it has to scan every tick (often delayed to prevent lag) in order to keep up with changes in the game. Hopefully this is enough to actually get you to google **** and figure out what the hell you're doing.

I never claimed to be an expert. I have reversed FPS's before but that was just following others examples, adding my own stuff and not knowing all the technical details. I'm a software developer not a reverse engineer. I do use google lol. Most of the top stuff on google is tutorials on how to make cheats for the old CoD games hahahaha. I wanted to know specifically how GoS works so I posted on the GoS forums, god forbid I inconvenience you. No need for you to be a complete ******* for no reason. does that make you feel good, trashing random strangers who don't care what you think? 

[Cloud]

I never claimed to be an expert. I have reversed FPS's before but that was just following others examples, adding my own stuff and not knowing all the technical details. I'm a software developer not a reverse engineer. I do use google lol. Most of the top stuff on google is tutorials on how to make cheats for the old CoD games hahahaha. I wanted to know specifically how GoS works so I posted on the GoS forums, god forbid I inconvenience you. No need for you to be a complete ******* for no reason. does that make you feel good, trashing random strangers who don't care what you think? 

"I have reversed FPS's before but that was just following others examples"
"I'm a software developer not a reverse engineer"
"cheats for the old CoD games"

So what i've collected thus far is,

A) You're not a software engineer and if you are a software engineer you must be terrible and very good at C+P.

B ) So you basically C+P'd others examples and expected it to work, lul

C) Most games are reversed the same. Example : Entity list in CoD is ObjectManager class in League... So saying "creating cheats for old CoD games" must mean you just c+p'd your way.

Please go learn some **** and stop copying and pasting and also stop wasting our time.  http://lmgtfy.com/?q=External+hacks the first result literally is External VS Internal hacks. If you were even good at googling you would have already come to the conclusion that GoS EXTERNAL only reads memory and does not write to it. Go and learn. And as for me caring what others think, I could give two ****s but I strongly dislike people like you who make claims that they have created x and y but have no clue on how it works.

[TheBob]

Sorry. Had irl crunch time. I'll message you back tomorrow. But what they said ^

 

 

Edit: messaged ya!

[jedi]

I love cloud.

[Cloud]

I love cloud.

love you too bebe