Basic Instruction Editing

[Kr4ken]

Before We Begin

You will need two things:
1. A decompiler - I use DNSpy but there are many including DotNet Resolver and .Net Reflector + reflexil plugin(use google)
2. Knowledge of how to use and navigate the decompiler

---

First example w/ screenshots

The first example will be infinite stamina which does not work in multiplayer anymore.
First: Open your decompiler then open Assembly-Csharp.dll found in Unturned_Data/Managed If using DNSpy click File at the top left then click open and navigate to your Unturned folder.

 

Second: open Assembly-CSharp and Assembly-CSharp.dll then scroll down to SDG.Unturned and open that.

 

Third: scroll down and find the class PlayerLife

 

Fourth: scroll down and find the "stamina" byte

 

Fifth: right click on stamina and select "edit IL instructions" your screen should now look like this

Sixth: Press delete to delete all intructions then press A twice to add two new instructions. Left click on the bottom or second "nop" to bring a list of opcodes to choose from. Find and left click on "ret" to select that opcode. Now on the top or first instruction click "nop" and find and left click ldc.i4. Change the operand to 100. Now hit enter and press okay and check the screenshot to see if your screen matches the screenshot. If so you have followed the steps correctly.

 

Seventh: Navigate back to the top left and select file > save module > ok to save your modifications and you have successfully given yourself infinite stamina.

---

Bypassing the server/client assembly comparison

Some of you have tried editing the assembly to make your own hack only to be stopped by the "Server is running a modified version of the game" error when attempting to join servers. In this section we will be bypassing this check in one of two ways that I know of this being changing what file the server assembly is being compared to. In my previous series "Charon" I changed that file to AAA.dll. Fewer screenshots for this because the instructions are basically the same. The second method is the more popular Gorzoid/Kunii method of using Mono.Cecil to write a static hash to the file ( because the server/client file comparison is based on a sha256 digest )

First: Navigate to your Unturned folder outside of your decompiler and copy and paste Assembly-Csharp.dll and rename the copy to something convenient i.e AAA.dll

Second: Navigate to SDG.Unturned inside of your decompiler(not AAA.dll) and find the class "ReadWrite"

Third: Find the byte "appOut" and right click on this > edit IL instructions.

Fourth: Now find the second instruction, or Index 1, or OpCode ldstr and change Assembly-Csharp to AAA. By doing this you are instructing the server to compare it's assembly with your clean copied AAA.dll so that it will find no changes.

Fifth: Save and exit. You can now edit your assembly and play on multiplayer servers.

---

Fly Hack (singleplayer):

This was included in one of my Charon hacks. This will work on multiplayer servers with CAN_TRUST_CLIENT_MOVEMENT set to true.

First: Navigate to class "PlayerMovement" in SDG.Unturned and find bool "isGrounded"
Second: right click on _isGrounded and edit IL instructions. Delete all and add two new instructions. Change the bottom instruction's opcode to ret and top opcode to ldc.i4.1 and press ok. If your screen now looks like this then you have now made a fly hack.

---

Misc. edits

Infinite Food (singleplayer):Same as stamina but instead of byte "stamina" find byte "food" and make the same IL instruction edits.

Infinite Health (singleplayer): Same as stamina with byte "health"

Infinite Oxygen (singleplayer): Same as stamina with byte "oxygen"

Infinite Water (singleplayer): Same as stamina with byte "water"

No Broken Bones (singleplayer): Find bool isBroken in class PlayerLife. Edit IL instructions and delete all. Add two new instructions bottom ret and top ldc.i4.0. It should look like this when done

No Bleeding (singleplayer): Same as no broken bones but under bool "isBleeding"

Credit Yourself:
In SDG.Unturned go to class "Provider". Scroll all the way down and find the strings "APP_AUTHOR" and "APP_NAME". Right click on "Unturned" or "Nelson Sexton" and edit IL instructions. Change Nelson Sexton to your name and Unturned to your client name. Save and exit and open unturned to have immediate satisfaction.

Higher Jump and Faster Speed (singleplayer): In SDG.Unturned navigate to class "PlayerMovement" and scroll down to find the float "JUMP". Right click on JUMP and Edit IL Instructions. Change the 7 above JUMP to a higher number to increase your jump. You'll notice that above JUMP are floats SPEED_CLIMB, SPEED_SWIM, etc. You can change the value for each to increase your speed. The values corresponding to each speed are here.

This is pretty much every edit I used in the Charon series and more. Enjoy.

[mlpalice]

Thx for your work

[Smoke]

Will put this as a sticky as it may help user's in the present and in the future.

[Hunter]

Nice tutorial, keep up the good work, OP.

[Hawkenist]

Thanks for the tutorial! I'll be learning from it. Many thanks!

[Hawkenist]

One last thing, I have downloaded the Zip file and extracted it. I don't know what to do, I don't see any install nor and execution file. Is there something I am missing out on?

[Kr4ken]

One last thing, I have downloaded the Zip file and extracted it. I don't know what to do, I don't see any install nor and execution file. Is there something I am missing out on?

Did you download the source code or the release?

[blitzkriegxx]

So this is semi-related, I want to override some of the methods at run time, is there a way to do that easily assuming I can load an external DLL? I don't want to go through reflection...

I was looking at an outdated hack on here for a custom /spy (Player::TakeScreenshot()) that custom rendered a screenshot (so hacks don't show). All he did was write a new TakeScreenshot() method. My loader is based in the UnityEngine.dll not in Assembly-CSharp.dll . Anyway to accomplish this? PM me if necessary.

EDIT: Also, after modifying the Assembly, with the only change being the file verification bypass to clean copy, I'm getting the "the server is running a modified assembly" message.

[AtiLion]

So this is semi-related, I want to override some of the methods at run time, is there a way to do that easily assuming I can load an external DLL? I don't want to go through reflection...

I was looking at an outdated hack on here for a custom /spy (Player::TakeScreenshot()) that custom rendered a screenshot (so hacks don't show). All he did was write a new TakeScreenshot() method. My loader is based in the UnityEngine.dll not in Assembly-CSharp.dll . Anyway to accomplish this? PM me if necessary.

There is a way to do it but you would need a c++ dlls to replace the code it is called a c# profiler that basically allows you to modify the code at runtime. The other method I am researching atm is by using the resolve event to modify the code before loading it however this is a much more difficult task in unity to accomplish than I thought

[blitzkriegxx]

EDIT: Nvm, can't apparently or I'm retarded and can't find the pm function.

I know how I'm going to do it but it's going to be a pain each update (might make an auto-build script or something). I just need to figure out why it's giving me the "The server is running a modified assembly" message despite the fact that I modified the byte[] check.

I have a quick solution for now but i still want to try C# Emission on this. Won't TypeBuilder.DefineMethodOverride do the trick? Write your own method and override the callsign at runtime.

[Hawkenist]

Did you download the source code or the release?

I think it was the sourcecode where there are bunch of files in a single file. Uhm, Where do I get the release? Tried finding it yet there were only Sourcecode 1 and 2

[jsshou123]

Thank You