Page 19 of 22 FirstFirst ... 91718192021 ... LastLast
Results 271 to 285 of 319
  1. #271
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    Originally kept this for myself but since I'm bored and stuck in the toilet ( Blame spicy food ), I decided to do this.

    MW3 Packet Checksums.

    Why? Because you don't necessarily need MW3 open to forge packets.

    Code:
    struct Packet{
       int magic; // -1
       char data[];
       unsigned short checksum;
    }
    Packets undergo the following process before they're sent:

    - The packet gets a 32 bit header ( All 1's )
    - The 16 bit CRC is added from the below function ( byte swapped )
    - The final packet is GZip compressed ( With OOB packets; Huffman is used if it's a game packet )

    Code:
    unsigned short NET_CalcChecksum( char* src, size_t length )
    {
        unsigned long checksum = 0;
        unsigned long partA = 0, partB = 0, partC = 0;
        size_t len_a = 0;
        auto* s = src;
        
        for( auto i = 0; i < ( ( length - 4 ) >> 2 ) + 1; i ++ )
        {
            partA += ( s[ i + 1 ] & 0xff ) | ( ( s[ i ] << 8 ) & 0xff );
            partB += ( s[ i + 3 ] & 0xff ) | ( ( s[ i + 2 ] << 8 ) & 0xff );
            s += 4;
        }
        
        len_a = length - 4 * ( ( ( length - 4 ) >> 2 ) + 1 );
        
        for( auto i = len_a; i; i -= 2 )
            partC += ( src[ i + 1 ] & 0xff ) | ( ( src[ i ] << 8 ) & 0xff );
        
        checksum = partA + partB + partC + ( src[ 0 ] & 0xff );
        
        for( auto i = ( checksum >> 16 ) & 0xffff; checksum >> 16; i = checksum >> 16 )
            checksum = i + ( checksum >> 16 );
        
        return ( ~checksum ) & 0xffff;
    }
    The procedure is:

    Code:
    auto NET_SendPacket( char* src, size_t len )
    {
        size_t outLen = 0;
    
    
        char* dst = ( char* ) calloc( len + 6 ), dst2 = nullptr;
        memcpy( &dst[ 4 ], src, len )
    
    
        *PINT( dst ) = -1;
        auto m_crc = NET_CalcChecksum( dst, len + 4 );
        
        dst[ len + 4 ] = m_crc >> 16;
        dst[ len + 5 ] = m_crc & 0xff;
        
        GZip_Compress( dst, dst2, len + 6, &outLen );
        
        auto result = sendto( router->sock, dst2, outLen, 0, reinterpret_cast< sockaddr* >( & netChan->remoteAddr ), sizeof( netChan->remoteAddr ) );
        free( dst );
        free( dst2 );
        
        return result == ( len + 6 );
    }

  2. The Following User Says Thank You to Hitokiri~ For This Useful Post:

    [MPGH]Eithan1231 (08-11-2015)

  3. #272
    AuT03x3C's Avatar
    Join Date
    Nov 2014
    Gender
    male
    Location
    kernel32.dll
    Posts
    456
    Reputation
    11
    Thanks
    3,953
    My Mood
    Sleepy
    Code:
    partyminplayers: 0x132FD24
    cg_fov: 0xB08738
    cg_gun_x: 0xB1ADA4
    cg_gun_y: 0xB1AD80
    cg_gun_z: 0xB1AD90
    g_compassShowEnemies: 0x1C293E4
    dvarOffset: 0xC
    Credits: AuT03x3C

  4. #273
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    Quote Originally Posted by AuT03x3C View Post
    Code:
    partyminplayers: 0x132FD24
    cg_fov: 0xB08738
    cg_gun_x: 0xB1ADA4
    cg_gun_y: 0xB1AD80
    cg_gun_z: 0xB1AD90
    g_compassShowEnemies: 0x1C293E4
    dvarOffset: 0xC
    Credits: AuT03x3C
    Why do dvars need credits?

  5. The Following User Says Thank You to Hitokiri~ For This Useful Post:

    [MPGH]Eithan1231 (08-11-2015)

  6. #274
    Eithan1231's Avatar
    Join Date
    Jan 2015
    Gender
    male
    Location
    Australia
    Posts
    1,592
    Reputation
    429
    Thanks
    4,274
    My Mood
    Angelic
    fov: 059E4EC4
    noclip: 01C2CA0C
    health: 01A62FC4
    ingame_name: 01C2C850
    party_maxplayers: 05C6763C
    party_minplayers: 059DA838
    primary ammo: 01C29868
    mapname: 00A01870
    ClientCleanName: 005C39B0
    Ingame: 008DBD84

    Credits: eithan



     
    https://www.youtube.com/watch?v=-GcAc0kovUs

  7. The Following 2 Users Say Thank You to Eithan1231 For This Useful Post:

    type9500 (12-28-2015),xDasEinhorn (08-16-2015)

  8. #275
    SamTheDope's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Location
    Australia
    Posts
    92
    Reputation
    30
    Thanks
    331
    My Mood
    Hot

    Red face

    Here are a few playerstate addresses I updated, these all require host and can be applied per client. To apply to any player just do: address + (client * 0x38EC), for the playermodel addresses do: address + (client * 0x274)

    Code:
    X Pos: 0x01C2945C
    Y Pos: 0x01C29460
    Z Pos: 0x01C29464
    X Velocity: 0x01C29468
    Y Velocity: 0x01C2946C
    Z Velocity: 0x01C29470
    Team: 0x01C2C810
    No-Clip: 0x01C2CA0C
    On-Host Red Boxes: 0x01C29450 Note: 16 for Red Boxes, 40 for Thermal, 24 for Thermal & Red Box
    Speed Multiplier: 0x01C2C7FC
    All Perks: 0x01C2992B Note: Write and array of 16 255s -> { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
    Playermodel Head: 0x01A63044 Note: Can crash the match
    Playermodel Body: 0x01A62F90
    All perks gives you all regular perks + some hidden ones such as dive to prone, less recoil, sprint while crouched, extended mags, explosive bullets. The address may actually start a few places before but I never could be bothered testing that.

    Credits:
    LughMods for Speed and All Perks, I just converted them to PC
    @NightmareTX for Playermodel, stolen from NinjaHack
    Last edited by SamTheDope; 08-12-2015 at 01:23 AM.
    #1 AU
    Instagram @SamTheDope

  9. #276
    AuT03x3C's Avatar
    Join Date
    Nov 2014
    Gender
    male
    Location
    kernel32.dll
    Posts
    456
    Reputation
    11
    Thanks
    3,953
    My Mood
    Sleepy
    Quote Originally Posted by Hitokiri~ View Post

    Why do dvars need credits?
    Because there are many people who don't know how to find them.

  10. #277
    Eithan1231's Avatar
    Join Date
    Jan 2015
    Gender
    male
    Location
    Australia
    Posts
    1,592
    Reputation
    429
    Thanks
    4,274
    My Mood
    Angelic
    Quote Originally Posted by AuT03x3C View Post
    Because there are many people who don't know how to find them.
    Like me



     
    https://www.youtube.com/watch?v=-GcAc0kovUs

  11. #278
    Raydenman's Avatar
    Join Date
    Nov 2013
    Gender
    male
    Location
    Italy
    Posts
    264
    Reputation
    10
    Thanks
    747
    My Mood
    Amused
    Quote Originally Posted by Hitokiri~ View Post
    Code:
    auto NET_SendPacket( char* src, size_t len )
    {
        size_t outLen = 0;
    
    
        char* dst = ( char* ) calloc( len + 6 ), dst2 = nullptr;
        memcpy( &dst[ 4 ], src, len )
    
    
        *PINT( dst ) = -1;
        auto m_crc = NET_CalcChecksum( dst, len + 4 );
        
        dst[ len + 4 ] = m_crc >> 16;
        dst[ len + 5 ] = m_crc & 0xff;
        
        GZip_Compress( dst, dst2, len + 6, &outLen );
        
        auto result = sendto( router->sock, dst2, outLen, 0, reinterpret_cast< sockaddr* >( & netChan->remoteAddr ), sizeof( netChan->remoteAddr ) );
        free( dst );
        free( dst2 );
        
        return result == ( len + 6 );
    }
    Bad bad bad.
    Do you know why?
    It can launch an UB (undefined behavior).
    The heap manager must deduce how to take ownership of the memory block.
    So it will have to use separate structure to list all allocated blocks.
    Call free() on addresses returned by malloc() functions
    Last edited by Raydenman; 08-12-2015 at 03:03 PM.

  12. #279
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    Quote Originally Posted by Raydenman View Post
    Bad bad bad.
    Do you know why?
    It can launch an UB (undefined behavior).
    The heap manager must deduce how to take ownership of the memory block.
    So it will have to use separate structure to list all allocated blocks.
    Call free() on addresses returned by malloc() functions
    Hey puto, read the whole source and you'll see I freed the memory.
    I'm not just some wanna-be coder. I actually know what I'm doing.

  13. The Following User Says Thank You to Hitokiri~ For This Useful Post:

    [MPGH]Eithan1231 (05-12-2016)

  14. #280
    Raydenman's Avatar
    Join Date
    Nov 2013
    Gender
    male
    Location
    Italy
    Posts
    264
    Reputation
    10
    Thanks
    747
    My Mood
    Amused
    Quote Originally Posted by Hitokiri~ View Post

    Hey puto, read the whole source and you'll see I freed the memory.
    I'm not just some wanna-be coder. I actually know what I'm doing.
    Free two times is WRONG.
    Quote Originally Posted by Raydenman View Post
    It can launch an UB (undefined behavior).

  15. #281
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    Quote Originally Posted by Raydenman View Post
    Free two times is WRONG.
    Free two times you're a fucking retard.

    Code:
        size_t outLen = 0;
    
    
        char* dst = ( char* ) calloc( len + 6 ) , dst2 = nullptr;
        memcpy( &dst[ 4 ], src, len )
    
    
        *PINT( dst ) = -1;
        auto m_crc = NET_CalcChecksum( dst, len + 4 );
        
        dst[ len + 4 ] = m_crc >> 16;
        dst[ len + 5 ] = m_crc & 0xff;
        
        GZip_Compress( dst, dst2, len + 6, &outLen );
        
        auto result = sendto( router->sock, dst2, outLen, 0, reinterpret_cast< sockaddr* >( & netChan->remoteAddr ), sizeof( netChan->remoteAddr ) );
        free( dst );
        free( dst2 );
        
        return result == ( len + 6 );

  16. The Following User Says Thank You to Hitokiri~ For This Useful Post:

    [MPGH]Eithan1231 (05-12-2016)

  17. #282
    Raydenman's Avatar
    Join Date
    Nov 2013
    Gender
    male
    Location
    Italy
    Posts
    264
    Reputation
    10
    Thanks
    747
    My Mood
    Amused
    Quote Originally Posted by Hitokiri~ View Post

    Free two times you're a fucking retard.

    Code:
        size_t outLen = 0;
    
    
        char* dst = ( char* ) calloc( len + 6 ) , dst2 = nullptr;
        memcpy( &dst[ 4 ], src, len )
    
    
        *PINT( dst ) = -1;
        auto m_crc = NET_CalcChecksum( dst, len + 4 );
        
        dst[ len + 4 ] = m_crc >> 16;
        dst[ len + 5 ] = m_crc & 0xff;
        
        GZip_Compress( dst, dst2, len + 6, &outLen );
        
        auto result = sendto( router->sock, dst2, outLen, 0, reinterpret_cast< sockaddr* >( & netChan->remoteAddr ), sizeof( netChan->remoteAddr ) );
        free( dst );
        free( dst2 );
        
        return result == ( len + 6 );
    Be careful with what you say, beast

    mmm yes I didn't note, you called two different pointers, so it's ok.
    If it was free(dst) and free(dst) no.
    I would add a check after making allocations through malloc, calloc to know if it was allocated.

    GZip_Compress( dst, dst2, len + 6, &outLen );
    ?

  18. #283
    殺す必要がある唯一のものは殺されるために準備され人 々である。
    Premium Member
    Hitokiri~'s Avatar
    Join Date
    Oct 2012
    Gender
    female
    Location
    Cancer.
    Posts
    1,195
    Reputation
    24
    Thanks
    863
    My Mood
    Bitchy
    Quote Originally Posted by Raydenman View Post
    Be careful with what you say, beast

    mmm yes I didn't note, you called two different pointers, so it's ok.
    If it was free(dst) and free(dst) no.
    I would add a check after making allocations through malloc, calloc to know if it was allocated.

    GZip_Compress( dst, dst2, len + 6, &outLen );
    ?
    GZip ( my implementation ) allocates a pointer itself ( hence the second free )
    Either way, it was meant as an example and not to be taken in literal terms.
    I don't provide C&P content. It's the theory that matters. Needless to say my code worked flawlessly.

  19. #284
    Nordiii's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    150
    Reputation
    61
    Thanks
    701
    My Mood
    Angelic
    Force host: 0x132FD24 offset: 0xC

    Name change: "iw5mp.exe"+0x58EC500 offset: 0x156

    My index in lobby (to determinate which player you are without checking names) : 0x8FD0F0

    Lobby size: 0x1329314 | 0x5C6763C

    Main weapon change (p1) : 0x1C296BC | 0x1C297E4 | 0x1C29864
    Secondary weapon change (p1): 0x1C296B4 | 0x1C2984C | 0x1C297D4

    Akimbo main (p1): 0x1C29709

    UVA (p1) : 0x1C2C8BC

    Rename player in match(p1): 0x1C3013C

  20. #285
    xDasEinhorn's Avatar
    Join Date
    May 2014
    Gender
    male
    Location
    Germany
    Posts
    15
    Reputation
    10
    Thanks
    15
    My Mood
    Busy
    can you find com_maxfps ? would be really nice

Page 19 of 22 FirstFirst ... 91718192021 ... LastLast

Similar Threads

  1. [Info] Source Code Section Thread List
    By CoderNever in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 8
    Last Post: 05-14-2012, 09:16 AM
  2. [Source Code] Battlefield 3 Hack Source Code / Reversal Thread
    By Helper in forum Battlefield 3 (BF3) Hacks & Cheats
    Replies: 7
    Last Post: 01-14-2012, 02:25 AM
  3. Buying blackops or modern warefare 3 or modern warfare 2 codes for steam
    By tavistavis in forum Buying Accounts/Keys/Items
    Replies: 4
    Last Post: 11-24-2011, 10:46 PM
  4. Modern Warfare 2 Addresses.
    By ovdoboy in forum Call of Duty Modern Warfare 2 Discussions
    Replies: 8
    Last Post: 03-13-2010, 10:40 AM
  5. Call of Duty 4/COD4 : Modern Warfare CD key/Serial Code very cheap
    By MarkoLeopard in forum Trade Accounts/Keys/Items
    Replies: 0
    Last Post: 10-08-2008, 09:09 PM

Tags for this Thread