Cheat Engine Tutorial
Testing out the nice copy/pasta features...
Cheat Engine Tutorial Posted on: 03/10/2012 5:46am
Quote Post
TIM the Enchanter
Level: 1
ADR Info

by? zhaoli? ?>> Wed Sep 30, 2009 8:07 pm

For all of those who keep asking "What do I do with these numbers?" - here's your answer. No, I'm not a big time hacker - I can manage root variable scans, but array of byte stuff still eludes me. That being said:

HOW TO HACK A GAME
and/or reproduce a hack that someone else has found

There are a few different types of hacks and tools out there. Currently, the two main tools are? Cheat Engine? and? Kongregate Badge Hack.

Cheat Engine is used to hack the game as it is running. It is the tool that will give you unlimited health, ammo, etc, etc. KBH does not actually do anything to the game, it simply tricks Kongregate's website into thinking that you have completed the criteria for a certain badge - in essence, it pretends to be the game signaling the website that you were successful.

CHEAT ENGINE 101

Doing it yourself - Variable Searching

I'm not going to go into a full tutorial on how to use Cheat Engine - that's included with the program and available on their website. I will give some basic explanations though. There are several ways that variables can be stored in memory. Each of these is called the variable type. If the variable is stored directly and is not a root variable (which is a pointer - more on that in a moment), then you should be able to just search for the variable and change it. Here are the common ways that a variable will be stored.

1) Straight value (4 byte)
This is the easiest. If you have 100hp, just search for 100 using cheat engine, and specifying the variable type as 4 byte. When you get hit and go down to 80 hp (or whatever) all you have to do is scan for the new amount. Repeat until you find a variable, and you're in business. If you're dealing with a variable that you don't know the numeric value for, you have to start with the "Unknown initial value" search and then search for an "increased" or "decreased" value as appropriate every time your health (or gold, or mana, or whatever) changes. This takes much longer, and often will give you multiple 'final' results, so whenever you know a value, put it in exactly.

2) Value * 8 (4 byte)
Some versions of Flash try to obfuscate their variables by multiplying everything by 8. So to use the example above, when you have 100hp, search for 800. When you have 80hp, search for 640, and so on. Apart from multiplying by 8 to get your search value, this is identical to the first method. Be careful about putting new values in - sometimes putting in a variable that is not a multiple of 8 will crash the game and/or your browser.

3) Double (Double)
A "double" is a type of variable that holds a decimal value, up to 15 digits precision. Some games use this, especially where you see decimal values in the game. Be careful though - sometimes a decimal value of "15.2 gold" will be represented by a 4-byte value of 152 (or 1216, as appropriate). This type of variable is also commonly used for quickly incrementing measurements - clocks, timers, etc.

4) Double *8 (Double)
I've only seen this once or twice, but occasionally the Double value will be multiplied by 8 in the same way as a 4-byte value can be. I've never seen an actual decimal be multiplied by 8, it's only been when the Double is being used to represent a whole number that this has occurred in my experience.

5) (Value *8) +X?
NEW (Updated 5-4-2010)
This is a 4 byte address that is modified after being multiplied. The most common permutation seems to be (Value *8) +6. So if your health was 100, you would search for 806. If your health drops to 90, search for 726.

6) Root Variables

The above are the easiest searches. Then you have root variables. To quote from Ignored's? excellent tutorial on hacking root variables:

AS2 uses _root variables as globals that can be accessed by any frame or script in the game. Hacking these variables with Cheat Engine is difficult because the values change their address any time they are updated.


If you wish to learn to hack root variables with CE, head on over to that tutorial. If you can't understand the theory, then scroll down to the "Step-by-step" guide. The only thing I will add is that it is possible to find your own root variables using CE - just do a text search for "_level0/:" and it will return every root variable in memory. Sometimes this is hundreds, but if you right click on the variable in the search result window and "browse memory location" you can see what the full variable is named. Common variables are things like '_level0/:gold', '_level0/:health', '_level0/:playerhp', and things like that. With some practice, you should be able to find what you need.

Doing it with Help - Array of Byte hacks


For a full guide on AOB hacking, take a look at pkedpker and maximillian's? awesome guide. If you manage to master this, you'll put yourself in the company of some of the better hackers on this site. If you just want to use an AOB hack that someone else provided, it's simple.

1) Find the AOB hack. Chances are, if you're here, you'll find it here. For an example, we'll use the following AOB hack from "Mushroom Madness" (kudos to Derek)

Unlimited Ammo
96 02 00 08 97 4e 51 -> 96 02 00 08 97 4e 02


2) Load up the game. DO NOT proceed past the initial screen/loader. Most games require that the game be freshly loaded into memory to apply the AOB hack - some even require you to apply the hack during the loader itself, which can get tricky as you try to do things quickly enough. CE's speedhack works well to help with that.

3) Start a search using "Array of Bytes" type of variable in CE. You want to search for the first value listed (in this case, 96 02 00 08 97 4e 51). AOBs are usually of sufficient length and complexity that you will only get one result, unless the operation occurs multiple times in the code. So you should only have to search once. Select your result (or all of them, if multiples come up) and add them to your CE variable list.

4) Change the value of your result(s) to the indicated value - in this case, 96 02 00 08 97 4e 02. You'll note that the arrays are nearly identical, the only difference being that the 51 at the end changed to 02. Be sure that you get all the changes, sometimes more than one value changes.

5) You're done, go ahead and play the game.

One of the disadvantages of AOB hacks is that often, an update to the game will change the code enough that the AOB hack no longer works. If you're sure you've done everything properly - ESPECIALLY the part about searching for the AOB right after the game loads - then that may be the case. There is no easy way to make an incorrect AOB work, you'll either have to wait for someone to come out with an updated one, or learn how to do it yourself.? (broken image removed status code: 404)


Kongregate Badge Hack
(this information is posted as of KBH 2.0.14 - it may change depending on future releases)
KBH will only work for some of you due to Kongregates site updates
KBH is fairly simple to use.?

1) Go to "menu" and select login. Login with your Kongregate username and password.?

2) Put the URL of the game into the URL bar. Hit "get categories."

3) Find the value in the left hand column that corresponds with the name/criteria of one of the badges. Click on the right arrow ( > ) to move it to the right column.

4) Hit "send packet to Kongregate"

5) Hit "clear all" to clear the variable out of the right column.

Repeat steps 3-5 to obtain all badges.



Hopefully this can give people a basic idea of where to start. If you're still having problems, NOW feel free to ask a question, but if the answer is in this little FAQ don't be surprised if people just mock you and post a link to this.




Everything's coming up KongHack!

"When you know nothing matters, the universe is yours" ~Rick Sanchez