Updating cubeone.....

[nilly]

Well I found the auto-nexus code in cubeone and managed to insert it into the current client.

Code:

pop
getlocal0 
getlex map_
getproperty player_
ifne 45
getlex map_
getproperty gs_
getproperty gsc_
getproperty server_
getproperty name_
pushstring Nexus
ifeq 26
getlex _-WA //current health variable (name changes with client update)
convert_d 
getlex _-PV //max health variable (name changes with client update)
convert_d 
divide 
pushdouble 2 //pushes .5 to stack
ifgt 11
getlex map_
getproperty gs_
getproperty gsc_
callpropvoid _-093,0 //name changes with client update
pushtrue

The code was changed so that it can be a simple insert into the current client. No need to add strings and what not. This code can be inserted by opening yogda, navigating to com.company.assembleegameclient.objects.player update(), scrolling to the last instruction, right clicking on returnvoid and clicking insert (remember to get rid of comments). The current auto-nexus point is at 50% health for reasons explained below.

There is one thing I don't understand that maybe one of you and help me with. How would one go about pushing .3 or .25 or whatever onto the stack? I understand for instructions like pushdouble, one would give an integer value that would reference a floating point variable in this thing a called a constant pool. I do not know how to look at this constant pool, make use it, or add to it. Anyone here have experience with this?

Also, anyone manage to find where cubeone put his aimbot and noclip code in his client?

---------- Post added at 01:40 AM ---------- Previous post was at 01:18 AM ----------

As I was writing the above I thought of a way to get .35 (so the auto-nexus would be set at 35% health).

Code:

pop
getlocal0 
getlex map_
getproperty player_
ifne 50
getlex map_
getproperty gs_
getproperty gsc_
getproperty server_
getproperty name_
pushstring Nexus
ifeq 31
getlex _-WA
convert_d 
getlex _-PV
convert_d 
divide 
pushbyte 7
convert_d
pushbyte 20
convert_d
divide
ifgt 11
getlex map_
getproperty gs_
getproperty gsc_
callpropvoid _-093,0
pushtrue

[059]

I tried looking a while ago, but couldn't find it.

[Dr Donkey Kong]

Well I found the auto-nexus code in cubeone and managed to insert it into the current client.

Code:

pop
getlocal0 
getlex map_
getproperty player_
ifne 45
getlex map_
getproperty gs_
getproperty gsc_
getproperty server_
getproperty name_
pushstring Nexus
ifeq 26
getlex _-WA //current health variable (name changes with client update)
convert_d 
getlex _-PV //max health variable (name changes with client update)
convert_d 
divide 
pushdouble 2 //pushes .5 to stack
ifgt 11
getlex map_
getproperty gs_
getproperty gsc_
callpropvoid _-093,0 //name changes with client update
pushtrue

The code was changed so that it can be a simple insert into the current client. No need to add strings and what not. This code can be inserted by opening yogda, navigating to com.company.assembleegameclient.objects.player update(), scrolling to the last instruction, right clicking on returnvoid and clicking insert (remember to get rid of comments). The current auto-nexus point is at 50% health for reasons explained below.

There is one thing I don't understand that maybe one of you and help me with. How would one go about pushing .3 or .25 or whatever onto the stack? I understand for instructions like pushdouble, one would give an integer value that would reference a floating point variable in this thing a called a constant pool. I do not know how to look at this constant pool, make use it, or add to it. Anyone here have experience with this?

Also, anyone manage to find where cubeone put his aimbot and noclip code in his client?

---------- Post added at 01:40 AM ---------- Previous post was at 01:18 AM ----------

As I was writing the above I thought of a way to get .35 (so the auto-nexus would be set at 35% health).

Code:

pop
getlocal0 
getlex map_
getproperty player_
ifne 50
getlex map_
getproperty gs_
getproperty gsc_
getproperty server_
getproperty name_
pushstring Nexus
ifeq 31
getlex _-WA
convert_d 
getlex _-PV
convert_d 
divide 
pushbyte 7
convert_d
pushbyte 20
convert_d
divide
ifgt 11
getlex map_
getproperty gs_
getproperty gsc_
callpropvoid _-093,0
pushtrue

you did get all the updated variables as have i, but you're not going to the correct lines on ifne, ifeq, and ifgt. Also depending on where you insert you'll need to update those lines. Currently my only issue is that my auto nexus code is being consumed into the other if, i was drunk doing this so my assumption is it will be easier today.

Code:

L501:
	  getlocal0
	  getlex			  QName(PackageNamespace(""), "map_")
      getproperty         QName(PackageNamespace(""), "player_")
      ifne                L523

      getlex              QName(PackageNamespace(""), "map_")
      getproperty         QName(PackageNamespace(""), "gs_")
      getproperty         QName(PackageNamespace(""), "gsc_")
      getproperty         QName(PackageNamespace(""), "server_")
      getproperty         QName(PackageNamespace(""), "name_")
      pushstring          "Nexus"
      ifeq                L523

      getlex              QName(PackageNamespace(""), "_-WA")
      convert_d
      getlex              QName(PackageNamespace(""), "_-PV")
      convert_d
      divide
      pushdouble          0.5
      ifgt                L523

      getlex              QName(PackageNamespace(""), "map_")
      getproperty         QName(PackageNamespace(""), "gs_")
      getproperty         QName(PackageNamespace(""), "gsc_")
      callpropvoid        QName(PackageNamespace(""), "_-093"), 0

[loldudev5]

Release a new client - it will be very useful for mpgh.net. people are tried from that nexus bug and old version visual.

[nilly]

you did get all the updated variables as have i, but you're not going to the correct lines on ifne, ifeq, and ifgt. Also depending on where you insert you'll need to update those lines. Currently my only issue is that my auto nexus code is being consumed into the other if, i was drunk doing this so my assumption is it will be easier today.

Code:

L501:
	  getlocal0
	  getlex			  QName(PackageNamespace(""), "map_")
      getproperty         QName(PackageNamespace(""), "player_")
      ifne                L523

      getlex              QName(PackageNamespace(""), "map_")
      getproperty         QName(PackageNamespace(""), "gs_")
      getproperty         QName(PackageNamespace(""), "gsc_")
      getproperty         QName(PackageNamespace(""), "server_")
      getproperty         QName(PackageNamespace(""), "name_")
      pushstring          "Nexus"
      ifeq                L523

      getlex              QName(PackageNamespace(""), "_-WA")
      convert_d
      getlex              QName(PackageNamespace(""), "_-PV")
      convert_d
      divide
      pushdouble          0.5
      ifgt                L523

      getlex              QName(PackageNamespace(""), "map_")
      getproperty         QName(PackageNamespace(""), "gs_")
      getproperty         QName(PackageNamespace(""), "gsc_")
      callpropvoid        QName(PackageNamespace(""), "_-093"), 0

The jumps look like they are going to different places because I hand written the jump length so it could be a drop in on yogda. Yogda's syntax is a little different with jumps, values are decimal and not hex. I invite you to try the code out, following the directions I provided. It does function correctly.

BTW I found what a lot of you guys are looking for and I think I understand why cubeone stopped updating...

Code:

function 0000 *(Number):void
 {
 
    // Max stack   	: 16
    // Local count 	: 14
    // Scope depth 	: 16
    // Max Scope depth 	: 18
    // Exception Count 	: 0
    // Trait Count 	: 0
    // Code Length  	: 314 bytes.
 
 
       0  pushfalse	
       1  pushtrue	
       2  setlocal2	
       3  setlocal3	
       4  getlocal0	
       5  pushscope	
       6  getlocal1	
       8  getlex	com.company.assembleegameclient.parameters:Parameters
       10  getproperty	data_
       13  getproperty	cameraAngle
       14  add	
       16  setlocal	7
       18  getlex	map_
       20  getproperty	gs_
       23  getproperty	mui_
       26  getproperty	private:_-bh
       30  iftrue	LOC_1:
       31  pushnull	
       33  coerce	com.company.assembleegameclient.objects:GameObject
       35  setlocal	4
       37  pushbyte	255
       39  setlocal	8
       41  pushbyte	0
       43  setlocal	9
       45  pushbyte	0
       47  setlocal	10
       48  pushnull	
       49  coerce_a	
       51  setlocal	11
       53  pushbyte	0
       55  setlocal	12
       57  pushbyte	0
       59  setlocal	13
       61  pushbyte	0
       63  setlocal	5
       65  getlex	map_
       68  getproperty	goDict_
       69  coerce_a	
       71  setlocal	6
       75  jump	LOC_2:
LOC_3:
LOC_7:
       76  label	
       78  getlocal	6
       80  getlocal	5
       81  nextvalue	
       83  coerce	com.company.assembleegameclient.objects:GameObject
       85  setlocal	4
       87  getlocal	10
       89  pushbyte	1
       90  add	
       92  setlocal	10
       94  getlocal	4
       96  getproperty	props_
       99  getproperty	isEnemy_
       103  iffalse	LOC_2:
       105  getlocal	4
       109  callproperty	_-F5,0
       113  iftrue	LOC_2:
       115  getlocal	4
       119  callproperty	_-QL,0
       123  iftrue	LOC_2:
       125  getlocal	4
       129  callproperty	_-Uc,0
       133  iftrue	LOC_2:
       135  getlocal	4
       139  callproperty	isPaused,0
       143  iftrue	LOC_2:
       145  getlex	Math
       147  getlocal	4
       149  getproperty	y_
       151  getlex	y_
       152  subtract	
       153  dup	
       154  multiply	
       156  getlocal	4
       158  getproperty	x_
       160  getlex	x_
       161  subtract	
       162  dup	
       163  multiply	
       164  add	
       168  callproperty	sqrt,1
       169  dup	
       171  setlocal	9
       173  getlex	com.company.assembleegameclient.objects:ObjectLibrary
       176  getproperty	_-jq
       179  getlex	_-jc
       181  pushbyte	0
       184  getproperty	multinameL
       185  convert_i	
       187  getproperty	multinameL
       189  getproperty	multinameL
       192  getproperty	_-qh
       194  pushbyte	0
       196  getproperty	multinameL
       198  getproperty	multinameL
       199  dup	
       201  setlocal	11
       204  getproperty	speed_
       207  pushshort	10000
       208  divide	
       210  getlocal	11
       213  getproperty	lifetime_
       214  multiply	
       218  ifgt	LOC_2:
       220  getlocal	8
       222  pushbyte	255
       226  ifeq	LOC_4:
       228  getlocal	9
       230  getlocal	8
       234  iflt	LOC_4:
       238  jump	LOC_2:
LOC_4:
       240  getlocal	4
       243  getproperty	_-rF
       244  dup	
       246  setlocal	13
       248  getlocal	12
       252  iflt	LOC_2:
       254  getlocal	13
       256  setlocal	12
       258  getlocal	9
       260  setlocal	8
       262  getlex	Math
       264  getlocal	4
       266  getproperty	y_
       268  getlex	y_
       269  subtract	
       271  getlocal	4
       273  getproperty	x_
       275  getlex	x_
       276  subtract	
       280  callproperty	atan2,2
       282  setlocal	7
       286  jump	LOC_2:
LOC_2:
       289  hasnext2	6,
       293  iftrue	LOC_3:
       295  kill	6
       297  kill	5
       299  getlocal	12
       301  pushbyte	0
       305  ifeq	LOC_6:
LOC_1:
       306  getlocal0	
       308  getlocal	7
       312  callpropvoid	private:shoot,1
LOC_6:
       313  returnvoid	
 }

[RonaldSeiger]

That is generally what I assume is trying to be achieved here. Otherwise why would such effort be put into this.

I've been trying to look through it and I knew the variables would be changed, but couldn't find it due to crashing programs, so I gave up. However, seeing as though you two have managed to find the auto-nexus code I'm tempted to take a peek again. I have no idea how to find the aimbot code but my friend thinks it works much like the mobs aiming on you. So surely we could look for something like that?

[nilly]

BTW Kong, what are you using to compile your code?

---------- Post added at 03:01 PM ---------- Previous post was at 02:57 PM ----------

That little code bit I posted a few min. ago is the aimbot code. I've been busy trying to machete that thing out of the old client and dropping it into the new one. I ran into a road block however.

[RonaldSeiger]

Oh I thought that was the auto-nexus code. Hats off to you.

EDIT: Oh I get the meaning behind your post now, of course my mistake, it's obvious why he stopped updating. Otherwise he'd have to search for the variable names each time.


---------- Post added at 10:17 PM ---------- Previous post was at 09:32 PM ----------

Note nilly that I'm having trouble doing what you instruct to add the auto-nexus via Yogda. Whenever I run the SWF I get 3 errors.

I cannot find

Code:

com.company.assembleegameclient.objects.player update()

and the best I can find is

Code:

com.company.assembleegameclient.objects:player Super

Which opens up a branch to other files.

[Dr Donkey Kong]

That isn't all the aimbot code.

hxxps://******.com/CyberShadow/RABCDAsm

[059]

I could not get rabcdasm to work, yogda is much better in my opinion, it's just much easier.

[nilly]

Oh I get the meaning behind your post now, of course my mistake, it's obvious why he stopped updating. Otherwise he'd have to search for the variable names each time.

Ya, what I think happened was the hack was made more difficult to implement and thus not really worth cubeone's time to update. Just updating the variable names isn't that difficult but have any of you guys notice that in cubeone's hacked client, objects::Player is readily readable by sothink and the same script crashes sothink on the current client? Wild Shadow definitely did something to protect the client from being aimbotted in the way cubeone did it.

There is a couple of problems I ran into. First, 2 of the variable names seem to have no name making it impossible to implement the hack via yogda directly. The other problem is the hack references 3 multinames that don't seem to have names (or they don't show up). I'm unsure how to locate the correct addresses in the new client for this second part. Another issue is yogda crashes when trying to change the auto shoot script.

[Dr Donkey Kong]

I could not get rabcdasm to work, yogda is much better in my opinion, it's just much easier.

agreed, but it isn't as powerful. I am writing my changes in ASM this means i can add functions and thereby not have to re-write everything every time.

[nilly]

BTW RonaldSeiger, the update function is inside player super. Just branch it out and look for the last entry. It should be the update function. Once in there. Scroll to the bottom to find the returnvalue function. Right click it and click insert then paste the code in.

[RonaldSeiger]

Okay thank you .

I looked at Rabcdasm as well, it looks interesting but I didn't download it.

In all fairness I think just an auto-nexus with a configurable point of teleporting would be fine. Aimbotting is nice as it allows you to move without having to concentrate on firing so you're just dodging the bullets, but in all fairness I can live without it. I just hate losing my character. Also that auto-nexus you picked out and inserted via Yogda works very well. Thanks

[UltraN00b]

I have 2 Questions:
1.How to get the new variable names after each update.
2.Please release the code to full screen client in Yogda (Less Leechers know how to code (rather insert codes), so I guess it'll be safe for sometime).

Lastly, the autonexus works great!