It worked ( I think ), butOriginally Posted by Wesker
that's just one address out of many.
Which one is the one that actually injects the bot?,
like, when I start my bot, it says [9.8.4.0] Not logged in.
which means I'm not injected ;S
It worked ( I think ), but
that's just one address out of many.
Which one is the one that actually injects the bot?,
like, when I start my bot, it says [9.8.4.0] Not logged in.
which means I'm not injected ;S
i got no idea i didnt got to that part yet........
im on assembly atm
I think that one is just the IsConnected address which is easily found with Cheat Engine. Simply log in and search for 10, then log out and search for 0 and repeat until you only have one address left, that is your IsConnected address.
The problem with HP is that it is XOr'd, so it will be more difficult (but not impossible) to find. The best way to find it is using OllyDBG, and by entering Tibia.exe, and looking for your HP followed closely by an XOr command. That gets a bit complex though, as does everything at this stage of development.
A brief explanation of XOr is this:
XOr means Exclusive Or. It is a comparative operator, meaning it takes two values and returns a value based on the two values entered. With any two of the values of an XOr calculation, you can find the third. It is also a bitwise comparison, so the operation itself isn't done on a number which you will be able to use, but the bits which represent that number in your computers memory.
An example (You might want to crack out calculator and notepad and follow along to understand it well):
Let's say your health is 123.
Let's also say your XOr key is 321.
123 in binary is 001111011 (I added the extra 0's to make sure that the length of the two values was the same, just to make it easier to look at)
321 in binary is 101000001
So how does it work? Well, like this:
001111011 This is the binary representation of 123
101000001 This is the binary representation of 321
011000101
Look at this column by column, the first number in the first row is 0, the first number in the second row is 1, because these are different, the XOr value is 0. The second number in the first row is 0, as is the second number in the second row. Because these numbers are the same, the XOr value of this bit is 1. The process proceeds through the numbers as such.
This is implemented into Tibia by having an XOr key stored in memory, and each time you receive a packet that updates your health, the XOr calculation is processed. The number stored in your memory as your health will be stored as the third line of binary above, 011000101, and whenever your HP needs to be updated on screen you'll notice that this value is XOr'd with the key (which we selected as 321). We don't know the XOr key for Tibia, as it changes on startup, but the address at which it is saved is always in the same place (except for using ASLR).
I'll also point out that disabling ASLR isn't that important a thing to do. All that ASLR does is changes the base address of Tibia from 0x400000 (or something around there) to something random, and the base address can be obtained by taking Tibias process from your memory (using System.Diagnostics; Process p = Process.GetProcessesByName("Tibia")[0]; IntPtr baseAddress = p.MainModule.BaseAddress; ) This will get the first Tibia client in the list of open clients, assign the process of that client to variable p, and then store the base address of the main module (basically the main thread) to the variable baseAddress. It kinda bypasses ASLR very effectively.
What you are describing is the AND operator. XOR bits will only be 1 if the values are different.
001111011
101000001
100111010 <-- xor
Can I have a cookie?
Posting Permissions
Reply With Quote