C# - Hack Client

[iiMix]

Hello, I am new to this community, so sorry if this is in an incorrect section and/or broke a rule.

So anyway, let's get started, shouldn't we?
Well, I wanted to create a C# Hack Client, I don't need help with the coding since I'm pretty sure I could do that myself, but I have other questions I need answers for. I will happily list them down.

1. How the Crossfire Client works?
2. How Can I access it?
3. How XTrap works and how to bypass it
4. How do I send stuff to the client or access an AUX server?
5. Do hacks have special codes/data I must send?

If possible, please provide a simple sample/code snippet of each answer.

Thanks,
iMix

[giniyat101]

hello and welcome to mpgh. this is the correct section and you dont need to worry.
let me answer your questions:

-crossfire mainly depends on several files:
   crossfire.exe : the mail executable file, it contains mainly, the engine code (lithtech jupiter), and xtrap initialization code.
   engine.rez : used by the game engine for some reason.
   cshell.dll : contains all game client code, is loaded by crossfire.exe after xtrap and engine initialization.
   object.dll : contains server side code, is loaded on demand by crossfire.exe .

-you may use access the game client using two different techniques :
   external manipulation : using an external executable, use ReadProcessMemory / WriteProcessMemory to manipulate game memory
   and enable hack features. but since xtrap blocks all external access to the game process, this method is not going to work.

   internal manipulation : probably the best method, works by injecting a dll into the game process, and starting
   a thread from its entry point,
   the thread will have a direct memory access so no Read/WriteProcessMemory apis needed (unsafe code might come in handy here ).
   but unfortunately, C# and other managed code based dlls dont have entry points, there is a work around for this,
   you might want to check this.

-i have no much information about xtrap. sorry. but you won't need to bypass it anyway. it wont detect the C# code running within CLR.

-i have no idea what 'AUX server' means, but i will assume you mean the game server.
   you may split packets sent or received by the client to two parts :
      TCP packets : used anywhere except the game room, for example, entering a channel, buying a weapon, chatting with friends, etc.
         they flow decrypted in both directions, and have some easy structure.
         they are managed by the game client itself, the packets flowing in direction C->S pass through a function called CClientLib::Send,
         while those flowing in direction S->C are received in main window produce via a special message code, for more information,
         check this.
         here is an example psedocode of how to send fake data to the server :
        

Code:

//assume that pPacket and pClientLib are valid pointers
pClientLib->Send(pPacket);

      UDP packets : used in game room only. those are managed mainly by the engine, and packed as a sort of "messages",
         packets flowing in direction C->S pass through ILTClient::SendToServer which is implemented in engine code,
         but those packets have an extra checksum, to prevent unwanted manipulation (or at least game developers hope so)
         packets flowing in direction S->S are received through IClientShell::OnMessage which is implemented in client code,
         there is no extra checks in these, and they are easy to manipulate.
         if you are want to manipulate UDP packets, you will have to acquire a copy of the engine, and implement
         the message functions to C#.
         google "NOLF2 SDK" if you want to download it.
         here is another psedocode:
        

Code:

//send a message to the server
pLTClient->SendToServer(pMsg);

//send a message to the client
pCShell->OnMessage(pMsg);



   of course, the two examples above depend on having a dll injected to your process, if you are going to use
   external executable, you will have to implement a proxy server.

-no, most hacks mainly depend on manipulating game memory, not packets and there should be no problem with it,
   but if you still want to fake packets, you will have to figure out how the checksum part work.
   here is another example of how to do a basic hack (sorry C++ not C#!):
  

Code:

//internal modification
pWeapon->AmmoDamage = 999.;

//external modification
WriteProcessMemory(pProcess, (VOID*)(pAddress + offsetof(struct WEAPONINFO, AmmoDamage)), &fValue, sizeof(float), &dwWritten);

any more questions? feel free to ask me.
regards.

[[\/]illager]

@giniyat101 can i ask you something?
Are client errors server or client sided? If it is client sided, do you know were this check is happening?

[giniyat101]

@giniyat101 can i ask you something?
Are client errors server or client sided? If it is client sided, do you know were this check is happening?

i think all of them are server sided
even this 28_x client error, i dont know exactly how it works, but i think a checksum is made on client and sent to the server, which produces a client error if it didnt match.

[iiMix]

-Snip as not to lengthen the page-

Thank you! If I encounter any problems I will post them here

Also, I think client errors are client-sided because if they weren't it wasn't going to be allowed on certain rooms and others not.

Example:
Speed Hacking at Resort is not detected/doesn't get a client error, since speed increasing is used when using "G Skill"


Also, what I meant by AUX Server is, having the group of hackers using my hack to be able to send messages to all hackers using my hack too. Like a mini server I will launch just for chatting or showing things, etc...

[bandi12]

Also, I think client errors are client-sided because if they weren't it wasn't going to be allowed on certain rooms and others not.

Maybe some of them , but most of client error's are server sided , your client just get a data packet that you were disconnected from the server.

[[\/]illager]

Also, I think client errors are client-sided because if they weren't it wasn't going to be allowed on certain rooms and others not.

Example:
Speed Hacking at Resort is not detected/doesn't get a client error, since speed increasing is used when using "G Skill"

The server can act differently in different maps and game mods, as an example you can have that weird TDM map were there is low gravity and super jump platforms and the game-mode you talked about. And I think that making client errors client sided would be a huge mistake because it would be easy to bypass. All the client does is receive a packet from the server with the reason for being disconnected, by the time it arrives you are probably already disconnected or being disconnected and nothing can be done about that infortunatly..

I just don't understand why they don't make the servers full authoritative .. That would stop a lot of common and easy to make hacks like no reload, speed hacking, etc..

[giniyat101]

Thank you! If I encounter any problems I will post them here

Also, I think client errors are client-sided because if they weren't it wasn't going to be allowed on certain rooms and others not.

Example:
Speed Hacking at Resort is not detected/doesn't get a client error, since speed increasing is used when using "G Skill"


Also, what I meant by AUX Server is, having the group of hackers using my hack to be able to send messages to all hackers using my hack too. Like a mini server I will launch just for chatting or showing things, etc...

i agree with villager's opinion here, maybe the server is just checking if you exceed a speed limit of each map, and in your case, using speed hack doesnt exceed the limit since g-skill players might get the same speed in a legit way
shooting through walls using a shotgun doesnt give you a client error since its ordinary for a shotgun to have bullet spread, and even if you aiming at a wall, a bullet or two may spread out and hit someone (or at least developers think so)

and about that aux server, since it will be a mini server running on your own, it will be no problem to deal with it too.