Project! Lets port sph4ck's pyexternalbox to MW3

[c0z3n]

c0z3n here - long time reader, first time poster

Firstly, a warning. If you aren't much of a coder, this project probably won't mean a lot to you just yet. check back with us in a little while and see if we've made any progress.

Now, the pitch:
Wouldn't it be great if the hacking community could have an undetectable and stable base of code to work from in building non-code-injected hacks for MW3? Although not specifically designed this way, this is what pyexternalboxmw2 was to me, and I'm sure to a lot of other coders and hackers. pyexternalboxmw2 was a solid and easy to work with codebase, which was easy to add functionality to and customize, and fun to work on and play with. I believe this is something we should work on for MW3.

I've forked all of the original code from sph4ck's original repository into a new repo on google code, titled python-boxesp-mw3, which you can find right here

What needs to be done? well I'm glad you asked!

-Update Offsets this is probably the most obvious thing, and one of the simpler things to accomplish. I've compiled a list of offsets in a google doc (which you can find linked on the google code project page), but i'm not sure that list has all the offsets we'll need for a 1:1 port, so we might have to either find the remaining offsets, alter other code to work without unnecessary data, or cut features until we can get it straight. Along with the offsets, there's some sort of dark memory wizardry going on in PatternFinder.py which i've never had the need to figure out until now, and thus far havn't been able to completely understand on my own.

-Update Structs depending on the scope of changes made to the engine since MW2 (not much at all) we may have to modify the structs in structs.py slightly in order to match the structs in the game, and also edit the code which populates these structs (mostly in readgame.py)

-Map Images and associated data The MW2 version of the hack has a large stationary map of the entire map, which contains a background image. The background images of the map terrain (i'm pretty sure) are the actual resource files used by mw2 to display the background for the uav/minimap, extracted from game files. I have no experience with extracting this sort of resource myself, but i'm sure it would be possible. What might be even better, would be to find a source for the maps of the style to be used in COD: ELITE, because they're very shiny. then these maps have to be added into Textures.py to replace the mw2 mapset, and aligned to game coordinates.

New Sprites! Personally, I don't care for the old sprites anyways. but on top of replacing the old sprites, we'll also have to add new ones for new game elements that weren't in mw2, and remove the unused ones. I'm talking about the sprites used on the maps to denote air support, as well as the sprites used to warn about explosives in the game overlay window.

Other little things There are, of course, other things that will have to be updated. A few of these things off the top of my head are the weapons that are considered sniper rifles (for which the hack knows to use the aimbot upon holdbreath activation), some other weapon related data, the trajectory calculations for grenades and throwing knives might have to be updated, things of this nature. nothing operationally critical, but things that will need to be changed nonetheless.

I think this project would be a great achievement for the community, especially because once its working, anybody can download the source code as they please- as a learning tool, a code example, a framework for their own experimentation, the list goes on and on. the python aspect of this external hack makes it practically undetectable, especially if people begin to modify it into their own versions after its working, as I know many of us did with the mw2 version.

This port will go a lot quicker help, especially from some of the more experienced coders here (I won't lie, I know there are a lot of people better at this than me.) Take a look, and if you think you'd be of some use, just say so in this thread or PM me and I can add you to the project and allow you to commit code to the repo via SVN, or let you login to google code and edit online. Plus, if you contribute, then you get CREDITED! Which should be obvious, but I wanted to make sure I mentioned it. How great would it be to have your name listed in a project as great as this?

Anyways, sorry that was so much to read, but I thought I'd make my case. I hope some of you are willing to lend a hand!




(Mods- sorry if I used the wrong prefix on this post. I thought source code might be the most appropriate, but feel free to change or remove it if you like)

[aIW|Convery]

Wouldn't a open source base make the job easier for VAC as opposed to keeping the whole project 'in-house' where only a few coders have access to it?

But ye, get me MW3 and I'll post an external aimbot on MPGH..

[tgeX]

@aIW|Convery most of the vip hacking sites haven't got any hacks yet how can you release one

[c0z3n]

Wouldn't a open source base make the job easier for VAC as opposed to keeping the whole project 'in-house' where only a few coders have access to it?

Glad you asked! The short answer, in this case is no. At least to the best of my knowledge. there are a few reasons for this:

1- The hacks forms of interaction with the game are not definitively detectable. The only way this hack interacts with the game is through reading data out of memory (never modifying or writing), and input is done through virtual keyboard and mouse activity. Because of this, the game and VAC can't tell for sure if its a hack making crazy mouse movements, or if you're just dealing with a crazy badass cod player (or, if someones mouse is jittery, etc. etc.) because detection methods that might pick up the hack aren't 100% accurate, and could easily generate false positives, VAC won't implement them, being a completely automated and irrevocable banning system.

2-The other (and more likely) method of detection is by program/process signature. The first problem with this is that if anyone who downloads the hack changes anything about it (switches the order of two of the render functions in main_real.py, for example, or adds random unused variables or math functions, etc.) the program signature changes enough to avoid detection by a signature derived from the code as posted in the repo.

Honestly though, this even isn't much of a concern either, because of...

(a) the hack running contained in a python environment, which basically adds an abstraction layer. and

(b) a countermeasure the hack has which scrambles some memory every launch at runtime (located in stealth.py), in an attempt to mess with memory signature.

I feel like that may have been a foggy explanation, but I think I hit everything I meant to. Let me know if I can clarify anything.

As further evidence, I've been using this hack for MW2 in a couple different variants (as-is, and a couple modified versions) since last spring and my account remains "in good standing" with VAC. The source code for it has been available since long before that, and i'm sure the VAC folks have seen it.

@aIW|Convery most of the vip hacking sites haven't got any hacks yet how can you release one

I'm sorry, I don't understand what you're getting at. I'm not claiming to have released yet, nor is aIW|Convery.

[aIW|Convery]

@aIW|Convery most of the vip hacking sites haven't got any hacks yet how can you release one

Well, mainly because I don't need others to make the cheats for me? I'll just have to update my old MW2 projects when I get around to buying a russian key :3


@c0z3n
Sounds good, I don't have any experience with Python(nor do I have any intentions on learning it in the foreseeable future) so I wouldn't be of much help in this project. However,do you have some info about how VAC operates these days as I haven't been messing around with it for a good 2 years?

As some rumors claim that VAC is now monitoring NTReadProcessMemory so I'm not sure whether one would have to go at it at kernel level as I'm pretty sure the win_API is hooked to find these hacks..

[c0z3n]

@c0z3n
Sounds good, I don't have any experience with Python(nor do I have any intentions on learning it in the foreseeable future) so I wouldn't be of much help in this project. However,do you have some info about how VAC operates these days as I haven't been messing around with it for a good 2 years?

As some rumors claim that VAC is now monitoring NTReadProcessMemory so I'm not sure whether one would have to go at it at kernel level as I'm pretty sure the win_API is hooked to find these hacks..

I hadn't heard those rumors, although I think it would be safe to assume that if VAC had the ability to reliably detect a python hack such as this one, I'd be banned by now, considering my heavy use of it over the last ~10 months or so- and all the kids who say they're gonna report me and I'm gonna be banned in two weeks XD.

my understanding is thus on VAC: VAC1 was basically monitoring game data and resources for alteration, and VAC2 is scanning for application signatures and is able to better keep tabs on game memory modification.

The enjoyment I get from hacking, and using these methods for hacking, is that in theory if a human were to watch you playing, there would be no doubt that you were hacking, but due to the limitations of VAC (its an algorithm, and must have absolute 100% certainty to issue a perm-ban), I won't get banned, because any method they might use to detect a hack like this would be able to generate false positives- unlike game resource modification detection where they can compare data to known 100% correct data, or hack signature detection where they can get copies of hacks and then look for that exact process on other machines.

In my personal opinion, (and this is hypothetical, of course) If the only thing they can definitively detect is that something is /reading/ data from memory (not modifying or writing), and VAC triggers a full BAN based on this read only detection, they've taken things too far. But of course I understand that there are counterarguments to that.

As far as learning python, "learning" is an awfully strong word for picking up python. If you write in any other languages already, most of python is a cakewalk. on top of that, a lot of the nitty-gritty memory stuff in this hack is using C style code and structs anyways, I'd encourage you to have a peek!

[distiny]

i can't svn the source to take a good look at it

[c0z3n]

i can't svn the source to take a good look at it

Huh, what sort of problem is it having exactly?

you should be able to svn using the command

Code:

svn checkout https://python-boxesp-mw3.googlecode.com/svn/trunk/ python-boxesp-mw3-read-only

for read only access just fine, assuming you have an svn client installed. Let me know if the issue persists.
If you want to commit changes, let me know and I'll shoot you some credentials to log in.

[aIW|Convery]

Hmmm.. ye, I doubt I will have the time to look at python but when I get around to buying MW3 I can atleast post the source of the memory based hacks and see if it can be donw better in python :3 (C++ -> python shouldn't be too hard)

[c0z3n]

Hmmm.. ye, I doubt I will have the time to look at python but when I get around to buying MW3 I can atleast post the source of the memory based hacks and see if it can be donw better in python :3 (C++ -> python shouldn't be too hard)

Yeah, I can sympathize with that, time is a cruel mistress. I would be excited to check out some of your code at some point though, just for my own edification, see how other people are doing things, etc. If you don't want it going totally public, you can always feel free to PM me =)

[[MPGH]master131]

i can't svn the source to take a good look at it

Get TortoiseSVN and then install the latest version. Create a folder, right-click and click SVN Checkout. Add the following into the URL of repository box and click OK.

Code:

https://python-boxesp-mw3.googlecode.com/svn/trunk/

Also c0z3n, it would be greatly appreciated if you removed the link to the document with the offsets or at least, remove where you got the offset from because it is against the rules to post links to another hacking forum.

Also, the SENSITVITY_PTR_16 offset can be found by first finding the sensitivity DVAR address (eg. changing the sensitivity and scanning for values) and then checking what writes to the address. Click on More Information and it will come up something like this:
mov [edi+10],eax

Do a 4 byte scan for the value stored in the EDI register and the pointer you are looking for is in the 0xA00000-0xAA0000.

Well, that was the case for MW2 anyway, not sure about MW3.

[kevinr1]

Hey this is a great idea in my opinion.
I am not much of a coder, BUT if I could be of any help I would be gladd to do something.

PM me anytime

[chuckabat]

remember those .magic hacks from blops? hint hint

[distiny]

Get TortoiseSVN and then install the latest version. Create a folder, right-click and click SVN Checkout. Add the following into the URL of repository box and click OK.

Code:

https://python-boxesp-mw3.googlecode.com/svn/trunk/

I know ho to use svn >.< it's just not working for me, will try again now

EDIT: works now, had to be a a google server error

[[MPGH]master131]

remember those .magic hacks from blops? hint hint

They were just DLLs renamed to have a .magic extension... -.-