In this tutorial I will show you how to hack mochicrypted and encrypted games in general. I've chosen a game that is both mochicrypted and encrypted, so you will learn how to hack both kind of games without having to read two different tutorials. If you have problems with the tutorial or any questions, just send me a PM.

Step 1: Download the .swf file(s)

We will hack the game Knight: Orc Assault. Use the tool .swf dump to download the game.

Open the game and start .swf dump.

(broken image removed)

- Select your browser process (remember to pick "plugin-container.exe" not firefox.exe if you're using Firefox!)
- Hit scan to see the loaded .swf files
- Here are your scan results listed
- Select these files, we need all of them
- Hit dump to download the files in the same folder as .swf dump


Step 2: Find the right .swf file

For this step you will need SoThink, which can be downloaded here. We dumped all .swf files in the last step, because they all come in handy when you're trying to hack the game. The confusing thing about mochicrypt is, that there are always 4-5 files listed in .swf dump for the game you want to hack.

There are four possible types of files that you will get:

• normal file
• corrupted file
• mochicrypted file
• Others (only sprites, etc.)

- Good
- Bad

Start SoThink.

(broken image removed)

- Choose the folder where your files are in
- Built-in searchbar, we will use it later
- Different types to view the code
- The resources of the .swf
- If you see this, the game is mochicrypted and you can move on to the next one

Continue to look through the files until you find the right one.

(broken image removed)

Congratulations! You just found the right .swf file, you can delete all the others now.


Step 3: Decrypt the .swf file

If you would search for something with the 'Search All AS' Button, or just randomly search through the AS files, SoThink would crash. This is caused by a method of encryption. We don't want this to happen, so we have to decrypt the file. For this purpose, download SWF Decrypt here.

Start SWF Decrypt and drop your .swf on it.

(broken image removed)


Step 4: Decompile and hack the game

Now that we've decrypted the game, we can hack it without any worries. There's a snag to it though. If you decrypt the encrypted type of files like this, the AoBs also change. So every time we find something in the decrypted .swf, we have to decompile the encrypted one too and pray to god that SoThink won't crash when you open the AS file you found something in. This method of searching costs immense time so we are only going to search for one AoB. You can find more AoBs after you read this on your own, I hope.

Open the decrypted and the encrypted .swf in SoThink.

We are going to use the built-in search to find what we need. We want to change the money you get per coin. Type "money" in the searchbar and press on 'Search all AS'.

(broken image removed)

We're searching for the code that is black framed. The SourceCode won't help us so we switch to RawData.

player.money.add(1);Will look like this in RawData

//60 be 0b
_as3_getlex player
//66 86 06
_as3_getproperty money
//24 01
_as3_pushbyte 1
//4f ce 01 01
_as3_callpropvoid add(param count:1)
60 be 0b 66 86 06 24 01 4f ce 01 01

Remember what I said, this AoB is basically useless because we have to find it in the original .swf!

Close the SoThink tab in which you loaded the decrypted .swf and switch to the original one.

We need to be very carefully now, because we don't want SoThink to crash. We found our last AoB in Action/ke/KnightElite, so we're searching in the same ActionScript file.

(broken image removed)

Type "money" in the search bar again, but this time don't press 'Search all AS'! Press Enter until you find the AoB we were searching for in the decrypted .swf.

(broken image removed)

60 23 66 b9 01 24 01 4f f2 01 01

This is the AoB which we will change. If you look at the RawData, you will notice the line:

//24 01
_as3_pushbyte 1
This is the part we want to change. It sets the money we get per coin to "1". This isn't enough for us, so we are going to change it to a higher number, for example 100. We need to convert this number into Hex. If you don't know Hex, you can use this site. 100 translates to 64 in Hex.

Our final AoB will be this:
60 23 66 b9 01 24 01 4f f2 01 01 =>
60 23 66 b9 01 24 64 4f f2 01 01

With this AoB, you will get 100 money for each coin. I hope you understood everything and as I said at the beginning, if you have any questions about this feel free to ask me.

Thanks to Derek for the grammar check! (broken image removed)

sorry. yes here ya go.

http://www.swfdecrypt.com/

yes. unfortunately every link in this post is dead... hopefully the mods will do something about fixxing it.

in the mean time you can find swfmdump here though.
http://www.forceprojectx.com/SWFMemoryDumper.zip?attredirects=0&d=1

.swf dump is attached to this post