Contents:
With a Decompiler
Without a Decompiler
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Making hacks with a decompiler
Game being used:
L.I.F.E - http://konghack.com/games/game_view.php?g=71249
Programs being used:
EDIT: You can now use this tool to get most of the needed tools!
Cheat Engine -
http://cheatengine.org/
Kadat's Flash Dumper -
http://www.forceprojectx.com/SWFMemoryDumper.zip?attredirects=0
Kadat's AOB Extractor (Not essential, but speeds up the process)-
http://www.forceprojectx.com/services/rawdata/AoBExtractor.zip?attredirects=0
SoThink SWF Decompiler -
http://www.sothink.com/product/flashdecompiler/
A list of operations used for AOB hacking -
https://konghack.com/content/19-avm2instructions
or
http://www.anotherbigidea.com/javaswf/avm2/AVM2Instructions.html
Step 1
Download and open Kadat's Flash Dumper. It will dump the flash file to where-ever the .EXE is located, so make sure to put it in a smart place
With this program, select the correct Flash Player process and scan for games. The game usually the file denoted by an asterisks (*).
Click it and press "Dump to Disk"
Step 2
Open the newly made file with SoThink SWF Decompiler
Assuming you have just downloaded and installed the SWF Decompiler, it should look something like this:
Click the tab button at the top of the program named "ActionScript".
Step 3
A different menu will come up when ActionScript is selected
Now lets say you'd like to find something to a). Give a lot of health or b). Not able to get hurt.
First, we would go to the file manager on the right and click the + next to the file name to expand what's inside the SWF
**When searching, make sure to select P-Code **
If P-Code or Raw Data is not selected, SoThink will crash anytime you search for something (In 95% of games made around date of posting)
Option A). We would search for something along the lines of "health, hp, life, etc."
Use the search bar and type in any of the above or another variation you might be able to come up with, but those are the most common
After you have it typed in, click "Search All AS"
Scroll through the search results at the bottom of the screen and find a class name that sounds like it could work. In this case, Person is the class name we would want.
We would want this little section of code:
(This is found by switching to Source Code view)
As you can see, _health = 100; is in a snippet of code and not in a private var, therefore it is easier to edit/hack
To edit (make an AOB hack) we need to switch over the Raw Data view
Find the code you wanted (_health = 100)
Since 100 is under 127, the value is stored as a pushbyte, here you can see _as3_pushbyte 100 and then the initproperty with Person::_health
Copy a few lines above so cheat engine will return as few hits as possible
Copy the code and then head over to Step 4 :)
Option B). We would search for something along the lines of "hurt, damage, hit, etc."
Use the search bar and type in any of the above or another variation you might be able to come up with, but those are the most common
After you have it typed in, click "Search All AS"
Scroll through the search results at the bottom of the screen and find a class name that sounds like it could work. In this case, Person is the class name we would want.
In this particular case, we would want to use this:
This can be found by switch to Source Code, seeing that's what makes get hurt, then switching to Raw Data to get the AOB's
Copy a couple lines of that and then head over to Step 4 :)
Step 4
This is where we get to making the hack
Open Kadat's AOB Extractor program and paste your AOB
Option A). Changing the starting life.
Since Pushbyte (0x24) (a 2 byte operation) can only go up to 7f or 127, we'll need to use a totally different operation (Pushint, 0x2d)
For this tutorial, we'll be using the Pushint 2d 0e which has a value of 16777215
In the AOB Extractor, paste your code into the "Original Codes go Here" pane.
Click the buttons marked "Get AoB" and "Copy to Edit Pane".
Change the 4th line up, marked //24 64 to //2d 0e and then press the second "Get AoB" button, assuming nothing else was changed, the Shorter by label should disapear
Now that you have your AOB's, skip down to Step 5
Option B). Hurt doesn't register
This one is a bit easier to modify, but can be harder to find
Since the whole Hurt function is what makes the damage happen, we can just turn it off with little to no repercussions
The code to end a function is 0x47 (returnvoid)
Paste your code from the decompiler into the "Original codes go here" pane
Proceed to click the "Get AoB" and "Copy to Edit Pane" buttons
All we need to do is change the first byte in the function, which is //d0 and replace it with //47 and finally click the second "Get AoB" button
This will cancel any codes following it..Once that is done, head over to step 5 :)
Step 5
Hang in there, we're almost done.
All that is left now is to test it. At this point, the AOB is finished and could technically be published...But we don't even know if it works
Open Cheat Engine, refresh the game page so that you have a new copy of the game and input your AOB into cheat engine as if you got it off the KongHack database.
I don't think any pictures for this section is necessary, if pictures are needed, please refer yourself to the KH 101, located here.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Making hacks without a decompiler
I personally do not recommend this method unless you have experience with the language Assembly and have not tried the decompiler way before. However, I am simply a person with no power over you so I can't stop you. Have fun :)
Here is a video from KolonelKadat at ForceProjectX showing how to do this.
