As I Lay Dying! (Page 1)

As I Lay Dying!

-migrated-

Launch Trainer!
Adventure Pixel Platform Puzzle

Wondering where the hacks are at? Register or Sign In to find out!

Wondering where the sol files are at? Register or Sign In to find out!

	Link	Submitted By	Actions
	Game On Kongregate	blahblahman
	Game On Newgrounds	gates
	Game On Armor Games	gates

As I Lay Dying! -migrated- Last Updated: 12/19/2010 18:15

Sorry, there are no badges available for this game.

Game Dscription

Join Teale and Christie as a regular hike turns into an epic adventure in this unique game inspired by William Faulkner’s classic novel. Need help? Watc...

As I Lay Dying! Posted on: 12/17/2010 7:07pm

Monkop

Additional Info

Developer: DigYourOwnGrave

Link: http://www.kongregate.com/games/DigYour ... -lay-dying

Description: Join Teale and Christie as a regular hike turns into an epic adventure in this unique game inspired by William Faulkner

Re: As I Lay Dying! Posted on: 12/17/2010 11:41pm

Doomware

Additional Info

Is anyone familiar with the Novel it's inspired by?

Can't wait for Invincibility or fly, those crows are evil(The body hasn't even chilled yet!).

Edit:Vultures are worse.

Re: As I Lay Dying! Posted on: 12/18/2010 1:31am

zetsubou

Additional Info

So much for sure, it's not 4B*1, *8 nor *8+6

Probably have to find AOBs, but I'm no good at that.

Wysiwyg editors are utter shit.

Re: As I Lay Dying! Posted on: 12/18/2010 5:21am

kolonelkadat

Never let a computer tell me shit.

Additional Info

sothink crashes even with raw data mode. heres the best i got

holding corpse doesnt impede jumping
60 f3 07 90
25 90 08 90

caution: icy floors just for fun
f2 07 24 08 a2 27 12
f2 07 24 01 a2 27 12

I use this AoB tool to make all the AoBs I post. Try the online version if you dont feel like downloading it.
"Obviously, windows are central to Windows. They are so important that they named the operating system after them. But what is a window?"

Re: As I Lay Dying! Posted on: 12/18/2010 4:28pm

Hack Bot

System Bot

Additional Info

Don't get hurt
d1 4e 86 02 01 d1
47 4e 86 02 01 d1

Infinite Jumps
60 a1 02 66 e5 01 96
10 07 00 00 66 e5 01

This post was imported from an account that no longer exists!
Previous Name: Anonymous

Re: As I Lay Dying! Posted on: 12/18/2010 7:51pm

Hack Bot

System Bot

Additional Info

For those asking how to create a jump hack like this, here is how:

Here is the jump call:

if ((FlxG.keys.justPressed("W") || FlxG.keys.justPressed("I")) && !velocity.y)
{
jump();
}

This means that if you press "W" or "I" and you aren't in the air (y velocity) then you can jump. The !velocity.y is what is not allowing us to jump while in the air.

All of this is assembly looks like so:

Code: [Select]

//60 e7 02 
_as3_getlex org.flixel::FlxG
//66 b4 0c 
_as3_getproperty keys
//2c d4 05 
_as3_pushstring "W"
//46 a8 05 01 
_as3_callproperty justPressed(param count:1)
//76 
_as3_convert_b 
//2a 
_as3_dup 
//11 0f 00 00 
_as3_iftrue offset: 15
//29 
_as3_pop 
//60 e7 02 
_as3_getlex org.flixel::FlxG
//66 b4 0c 
_as3_getproperty keys
//2c bc 05 
_as3_pushstring "I"
//46 a8 05 01 
_as3_callproperty justPressed(param count:1)
//76 
_as3_convert_b 
//2a 
_as3_dup 
//12 08 00 00 
_as3_iffalse offset: 8
//29 
_as3_pop 
//60 a1 02 
_as3_getlex velocity
//66 e5 01 
_as3_getproperty y
//96 
_as3_not 
//12 14 00 00 
_as3_iffalse offset: 20
//5d f9 07 
_as3_findpropstrict jump
//4f f9 07 00
_as3_callpropvoid jump(param count:0)

The first jump (11 0f 00 00) says that if you just pressed "W" then jump 15 bytes. Couting the bytes, this goes to this point:

Code: [Select]

//2a 
_as3_dup 
//12 08 00 00 
_as3_iffalse offset: 8
//29 
_as3_pop 
//60 a1 02 
_as3_getlex velocity
//66 e5 01 
_as3_getproperty y
//96 
_as3_not 
//12 14 00 00 
_as3_iffalse offset: 20
//5d f9 07 
_as3_findpropstrict jump
//4f f9 07 00
_as3_callpropvoid jump(param count:0)

The next jump says jump 8 bytes if false. "W" being pressed is still true, so this jump does nothing, which leaves us with:

Code: [Select]

//29 
_as3_pop 
//60 a1 02 
_as3_getlex velocity
//66 e5 01 
_as3_getproperty y
//96 
_as3_not 
//12 14 00 00 
_as3_iffalse offset: 20
//5d f9 07 
_as3_findpropstrict jump
//4f f9 07 00
_as3_callpropvoid jump(param count:0)

Now this is exactly where we want to be. It is checking the y velocity. If you are in the air (y velocity is true - and then it is NOT'd which makes it false), the 12 14 00 00 jump statement is going to jump right over our game jump function, so in essence we want to bypass the y velocity check and jump over the if false jump. We can't change the offset on the last iffalse to jump 0 bytes or else we would float off the screen. We only want to bypass it if "W" or "I" is pressed.

We want to jump:

Code: [Select]

start jump:
//60 a1 02 
_as3_getlex velocity
//66 e5 01 
_as3_getproperty y
//96 
_as3_not 
//12 14 00 00 
_as3_iffalse offset: 20
end jump:

Putting this in a string, it becomes:

Code: [Select]

 
60 a1 02 66 e5 01 96 12 14 00 00

Which is 11 bytes. Using the 10 opcode, which takes 4 bytes, we need to jump over 7 bytes,

which leaves us with

Code: [Select]

10 07 00 00 66 e5 01 12 14 00 00

I removed the 96 because I don't like to leave partial op code strings.

Hope that makes sense.....

This post was imported from an account that no longer exists!
Previous Name: Anonymous

Re: As I Lay Dying! Posted on: 12/18/2010 8:39pm

kolonelkadat

Never let a computer tell me shit.

Additional Info

not to be a massive faggot, but how did you get sothink to not choke on it like a river of gob?

im using 5.6 b546 and it locks up if you try and view the avm2 codes

Re: As I Lay Dying! Posted on: 12/18/2010 10:51pm

whatever

Additional Info

Quote from: "kolonelkadat"

not to be a massive faggot, but how did you get sothink to not choke on it like a river of gob?

im using 5.6 b546 and it locks up if you try and view the avm2 codes

Re: As I Lay Dying! Posted on: 12/18/2010 11:05pm

Hack Bot

System Bot

Additional Info

Quote from: "whatever"

Quote from: "kolonelkadat"
not to be a massive faggot, but how did you get sothink to not choke on it like a river of gob?

im using 5.6 b546 and it locks up if you try and view the avm2 codes
+1

+1

This post was imported from an account that no longer exists!
Previous Name: phreneticus

Re: As I Lay Dying! Posted on: 12/19/2010 4:14am

Hack Bot

System Bot

Additional Info

It is encrypted with SWF Encrypt. There are a variety of tools that will remove it. When it gets decrypted, the code changes. I usually use SWF Reader because I have found that the decrypted version is closest to the original compared to other tools - but still usually have to wildcards to find the aob from the decrypted to the encrypted version and do the searches in Raw Mode. For example, in the code above, my decrypted version said the last iffalse jump was 7 and looks like this:

//12 07 00 00
_as3_iffalse offset: 7
//5d f9 07
_as3_findpropstrict jump
//4f f9 07 00
_as3_callpropvoid jump(param count:0)

The encrypted version looks like this (the offset is 14 not 7)

12 14 00 00 5D F9 07 27 12 08 00 00 24 05 29 29 10 04 00 00 4F F9 07 00

You can see the 5d f9 07 and the 4f f9 07 00 in there, but the encrypted version added in the middle

27 12 08 00 00 24 05 29 29 10 04 00 00

Which says - Push false and then If false (which it will always jump after pushing false), jump 8 bytes - which brings us back to the decrypted version of 5d f9 07 4f f9 07 00

The garbage in the iffalse jump is random code and is what crashes the decompiler. The client always jumps over that random code and never even sees it, but the decompiler tries to process it and if it isn't valid, it crashes. I changed the example I made above to encorporate the encryped jump offsets with the decrypted offsets so it still worked on the game.

This post was imported from an account that no longer exists!
Previous Name: Anonymous

Re: As I Lay Dying! Posted on: 12/19/2010 5:02am

blahblahman

( ͡° ͜ʖ ͡°)

Additional Info

IOU 2 karma.

Flash .sol locations
Chrome: \AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\
Normal: \AppData\Roaming\Macromedia\Flash Player\#SharedObjects

Re: As I Lay Dying! Posted on: 12/19/2010 5:59am

Hack Bot

System Bot

Additional Info

Quote from: "praetor"

It is encrypted with SWF Encrypt. There are a variety of tools that will remove it. When it gets decrypted, the code changes.

As far as I know and as far as I've tested SWF Encrypt myself in the past (v6.0.3), it doesn't encrypt the file at all. It's just it's name. What it does is obsfucating the code, but none of the files I "encrypted" with SWF Encrypt ever crashed when being decompiled. Also, UnSWFEncryptUNP can perfectly deobsfucate SWF Encrypt without any changes to the AoBs. (broken image removed)

Edit: I just rechecked it - see for yourself (both of these didn't crash):

AS2 game example

Code: [Select]

onClipEvent (load)
{
    function ()
    {
        x03 = 1812 % 511 * true;
        if (!"x01")
        {
            
        } // end if
        return (eval("x03"));
    } // End of the function
    var x01 = 279 + x04x05();
    for (x01 = eval("x01") - 234; eval("x01") == 833; x01 = eval("x01") + 854)
    {
        x01 = eval("x01") - 732;
        if (false)
        {
            continue;
        } // end if
    } // end of for
    if (eval("x01") == 324)
    {
        x01 = eval("x01") - 77;
        if (!null)
        {
        }
        else
        {
            x01 = eval("x01") + 277;
        } // end else if

AS3 game example

Code: [Select]

        public function _2016881b( 
:Number) : FlxPoint
        {
            var _loc_2:* = this._2016861b.x +  
 * Math.cos(PlayState._20175b1b(angle));
            var _loc_3:* = this._2016861b.y +  
 * Math.sin(PlayState._20175b1b(angle));
            return new FlxPoint(_loc_2, _loc_3);
        }// end function

You can download the .swf files here. (broken image removed)

This post was imported from an account that no longer exists!
Previous Name: phreneticus

Re: As I Lay Dying! Posted on: 12/19/2010 7:40am

Hack Bot

System Bot

Additional Info

Last thing I am going to say about this..

It is not obfuscated and I wouldn't even call it encryption. It's just a bunch of useless jumps over garbage code. Run the swf though the app on http://www.swfdecrypt.com and look at the difference in a hex editor.

This post was imported from an account that no longer exists!
Previous Name: Anonymous

Re: As I Lay Dying! Posted on: 12/19/2010 12:26pm

Hack Bot

System Bot

Additional Info

Quote from: "praetor"

It is not obfuscated and I wouldn't even call it encryption. It's just a bunch of useless jumps over garbage code. Run the swf though the app on http://www.swfdecrypt.com and look at the difference in a hex editor.

I never used SWF Decrypt to deobsfucate/decrypt files which were obsfucated/encrypted by Amayeta, but I'll test it out. UnSWFEncryptUNP always did the job for me.

This post was imported from an account that no longer exists!
Previous Name: phreneticus

Re: As I Lay Dying! Posted on: 12/19/2010 6:15pm

Maximillian

Additional Info

[spoiler=mega quote:2anc6pr8]

Quote from: "praetor"

For those asking how to create a jump hack like this, here is how:

Here is the jump call:

if ((FlxG.keys.justPressed("W") || FlxG.keys.justPressed("I")) && !velocity.y)
{
jump();
}

This means that if you press "W" or "I" and you aren't in the air (y velocity) then you can jump. The !velocity.y is what is not allowing us to jump while in the air.

All of this is assembly looks like so:
Code: [Select]
//60 e7 02 _as3_getlex org.flixel::FlxG //66 b4 0c _as3_getproperty keys //2c d4 05 _as3_pushstring "W" //46 a8 05 01 _as3_callproperty justPressed(param count:1) //76 _as3_convert_b //2a _as3_dup //11 0f 00 00 _as3_iftrue offset: 15 //29 _as3_pop //60 e7 02 _as3_getlex org.flixel::FlxG //66 b4 0c _as3_getproperty keys //2c bc 05 _as3_pushstring "I" //46 a8 05 01 _as3_callproperty justPressed(param count:1) //76 _as3_convert_b //2a _as3_dup //12 08 00 00 _as3_iffalse offset: 8 //29 _as3_pop //60 a1 02 _as3_getlex velocity //66 e5 01 _as3_getproperty y //96 _as3_not //12 14 00 00 _as3_iffalse offset: 20 //5d f9 07 _as3_findpropstrict jump //4f f9 07 00 _as3_callpropvoid jump(param count:0)
The first jump (11 0f 00 00) says that if you just pressed "W" then jump 15 bytes. Couting the bytes, this goes to this point:

Code: [Select]
//2a _as3_dup //12 08 00 00 _as3_iffalse offset: 8 //29 _as3_pop //60 a1 02 _as3_getlex velocity //66 e5 01 _as3_getproperty y //96 _as3_not //12 14 00 00 _as3_iffalse offset: 20 //5d f9 07 _as3_findpropstrict jump //4f f9 07 00 _as3_callpropvoid jump(param count:0)
The next jump says jump 8 bytes if false. "W" being pressed is still true, so this jump does nothing, which leaves us with:

Code: [Select]
//29 _as3_pop //60 a1 02 _as3_getlex velocity //66 e5 01 _as3_getproperty y //96 _as3_not //12 14 00 00 _as3_iffalse offset: 20 //5d f9 07 _as3_findpropstrict jump //4f f9 07 00 _as3_callpropvoid jump(param count:0)
Now this is exactly where we want to be. It is checking the y velocity. If you are in the air (y velocity is true - and then it is NOT'd which makes it false), the 12 14 00 00 jump statement is going to jump right over our game jump function, so in essence we want to bypass the y velocity check and jump over the if false jump. We can't change the offset on the last iffalse to jump 0 bytes or else we would float off the screen. We only want to bypass it if "W" or "I" is pressed.

We want to jump:

Code: [Select]
start jump: //60 a1 02 _as3_getlex velocity //66 e5 01 _as3_getproperty y //96 _as3_not //12 14 00 00 _as3_iffalse offset: 20 end jump:
Putting this in a string, it becomes:

Code: [Select]
60 a1 02 66 e5 01 96 12 14 00 00
Which is 11 bytes. Using the 10 opcode, which takes 4 bytes, we need to jump over 7 bytes,

which leaves us with

Code: [Select]
10 07 00 00 66 e5 01 12 14 00 00
I removed the 96 because I don't like to leave partial op code strings.

Hope that makes sense.....

Quote from: "praetor"

It is encrypted with SWF Encrypt. There are a variety of tools that will remove it. When it gets decrypted, the code changes. I usually use SWF Reader because I have found that the decrypted version is closest to the original compared to other tools - but still usually have to wildcards to find the aob from the decrypted to the encrypted version and do the searches in Raw Mode. For example, in the code above, my decrypted version said the last iffalse jump was 7 and looks like this:

//12 07 00 00
_as3_iffalse offset: 7
//5d f9 07
_as3_findpropstrict jump
//4f f9 07 00
_as3_callpropvoid jump(param count:0)

The encrypted version looks like this (the offset is 14 not 7)

12 14 00 00 5D F9 07 27 12 08 00 00 24 05 29 29 10 04 00 00 4F F9 07 00

You can see the 5d f9 07 and the 4f f9 07 00 in there, but the encrypted version added in the middle

27 12 08 00 00 24 05 29 29 10 04 00 00

Which says - Push false and then If false (which it will always jump after pushing false), jump 8 bytes - which brings us back to the decrypted version of 5d f9 07 4f f9 07 00

The garbage in the iffalse jump is random code and is what crashes the decompiler. The client always jumps over that random code and never even sees it, but the decompiler tries to process it and if it isn't valid, it crashes. I changed the example I made above to encorporate the encryped jump offsets with the decrypted offsets so it still worked on the game.

Quote from: "phreneticus"

Quote from: "praetor"
It is encrypted with SWF Encrypt. There are a variety of tools that will remove it. When it gets decrypted, the code changes.
As far as I know and as far as I've tested SWF Encrypt myself in the past (v6.0.3), it doesn't encrypt the file at all. It's just it's name. What it does is obsfucating the code, but none of the files I "encrypted" with SWF Encrypt ever crashed when being decompiled. Also, UnSWFEncryptUNP can perfectly deobsfucate SWF Encrypt without any changes to the AoBs. :)

Edit: I just rechecked it - see for yourself (both of these didn't crash):

AS2 game example
Code: [Select]
onClipEvent (load) { function () { x03 = 1812 % 511 * true; if (!"x01") { } // end if return (eval("x03")); } // End of the function var x01 = 279 + x04x05(); for (x01 = eval("x01") - 234; eval("x01") == 833; x01 = eval("x01") + 854) { x01 = eval("x01") - 732; if (false) { continue; } // end if } // end of for if (eval("x01") == 324) { x01 = eval("x01") - 77; if (!null) { } else { x01 = eval("x01") + 277; } // end else if
AS3 game example
Code: [Select]
public function _2016881b( :Number) : FlxPoint { var _loc_2:* = this._2016861b.x + * Math.cos(PlayState._20175b1b(angle)); var _loc_3:* = this._2016861b.y + * Math.sin(PlayState._20175b1b(angle)); return new FlxPoint(_loc_2, _loc_3); }// end function
You can download the .swf files here. ;)

Quote from: "praetor"

Last thing I am going to say about this..

It is not obfuscated and I wouldn't even call it encryption. It's just a bunch of useless jumps over garbage code. Run the swf though the app on http://www.swfdecrypt.com and look at the difference in a hex editor.

(broken image removed)

You just done gone made mah head exploded

Check before you post, someone may have beaten you there.

Don't fear my banhammer, fear the God holding it...