[EXAMPLE - Bloons Tower Defence 3] How to hack AS3 games.

[killer1478]

i know but u can still hack it if you actualy try

[RaNdOmCaPs]

When I was trying to hack another AS3 game, I followed the steps you said and got this:

Code:

000024  64  // int[18] = 100

and this:

Code:

 37    pushstring    	"Weapons Upgrade"
40    pushbyte      	100

Then I searched the hex value "24 64" in the flash game and it came up with more than 70 instances!
Is there any way to make the search more specific or am I doing something wrong?

Oh btw, the game I'm hacking is called Space Pips.

[mathewthe2]

When I was trying to hack another AS3 game, I followed the steps you said and got this:

Code:

000024  64  // int[18] = 100

and this:

Code:

 37    pushstring    	"Weapons Upgrade"
40    pushbyte      	100

Then I searched the hex value "24 64" in the flash game and it came up with more than 70 instances!
Is there any way to make the search more specific or am I doing something wrong?

Oh btw, the game I'm hacking is called Space Pips.

did u extract the game with rjtcrypt first?

[RJT]

Try to search as many known opcodes leading up to your code as possible, this will greatly decrease the number of search results you have.

By the way, what game are you trying to hack? Maybe I could help you with what to search.

[RaNdOmCaPs]

The game is called Space Pips. I am having trouble finding the OPcodes for the instructions above or below the targeted line. Here is an extended code

Code:

L2: 
      27    label         	
      28    findpropstrict	private::addBox
      31    pushbyte      	1
      33    pushstring    	"a double shot weapon"
      36    getlocal0     	
      37    pushstring    	"Weapons Upgrade"
      40    pushbyte      	100
      42    getlex        	Shop::ShopGFX
      45    getproperty   	SHOOT_LEVEL_2
      48    findpropstrict	private::calcPos
      51    pushbyte      	0
      53    dup           	
      54    pushbyte      	3
      56    callproperty  	private::calcPos (3)
      60    pushbyte      	0
      62    getlocal1     	
      63    getlex        	Shop::ShopFuncs
      66    getproperty   	weaponFunc
      69    callpropvoid  	private::addBox (10)
      73    jump          	L3

How do i find out which OPcode corresponds to an instruction?

EDIT: Omg, the game was already hacked.

[Royce]

I understand what your saying, basically you find tons of results for the same code of 'PUSHBYTE 100'. By taking a look at the code around it you can search for uncommon opcodes in the same array.

For example:
If you take a look at the first line of your code you can see that your code is in array (L2).

Code:

L2:
      27    label

In order for array L2 to work all the code in it has to be structured together. Therefore trying searching something extremely uncommon in the array.

Code:

pushstring       "a double shot weapon"

That is a string, and IMO they are the best for searching. Why? Simply because they contain there own array of hex ready to be searched. Once you find the string in the hex file, highlight the whole area from the string to the jump (jump L3 - Next array). In the highlighted area CTRL+F and type 2464 (or whatever your hex was).

[ManAnGel]

Lmfao. I don't really understand the tutorial why the 25 thingy part. I think hacking normal games would be easier than AS3 after all.

[Buloxine]

This is so hard.
You can make it verry easy.
Cheat Engine RuleZ
Example ; you have 100 lives..
100x8=800
search for 800
now you have 10 lives
8x10=80
Etc
............

[mathewthe2]

This is so hard.
You can make it verry easy.
Cheat Engine RuleZ
Example ; you have 100 lives..
100x8=800
search for 800
now you have 10 lives
8x10=80
Etc
............

dammit this is a prehack tutorial not cheat engine

[scsnake]

i tried RJT's dissembler on Dead Frontier Online (decompressed), but there were few infomations in the dump file.
i searched "push" or "property" and there was no result at all, does that mean i can do nothing with RJT's method?

by the way, how can i find op codes of operations other than "pushshort" or "pushint" ??