RotMG Unity Client Thread

[DCRNOPE]

This community kinda toxic lol. Thank god Matthew locks the threads now

[Azuki]

To bypass Cheater's Graveyard you have to remove any mention of Unity from the app engine web requests. If the app engine sees a request with Unity headers and Unity platform it will flag your account as a cheater for the next 30 minutes which will cause you to be sent to the Cheater's Graveyard even if you switch to a flash client. Enjoy playing on Unity!

its kinda funny how it works, especially because if you sent unity web requests, then wait 30 minutes in nexus with the unity client, it will still work, even if it sends more unity requests to the app/char or whatever

[Azuki]

to devs trying to get entitylist.
you're probably better off calling FindObjectsOfType<T> or FindObjectsOfType(T) and try to find the Entity object in a il2cpp dump or something.
Stubbed FindObjectsOfType function is at sub_181A41790 or il2cpp_resolve_icall_0(UnityEngine.Object::FindObj ectsOfType(System.Type))

[sc2darkwolf]

Will users still be able to play on the flash version once the unity client is out?

[SlickEashy]

Will users still be able to play on the flash version once the unity client is out?

The Flash client will eventually be discontinued once the Unity client has matured enough.

[Azuki]

The Flash client will eventually be discontinued once the Unity client has matured enough.

it's probably gonna take a while though, the unity client has a few exploits and a lot of downsides right now

[theross]

Exploits? interesting
Probably stuff not intended for the public ommunity, right?

[TheFallenBanda]

I'm a computer scientist and a programmer could someone guide me on how to get started with inspecting the unity code and maybe i could provide with some features to the upcoming client?

are you using dnspy to decompile the game assets?


if someone else is also interested in working on this or just messing around

[Azuki]

I'm a computer scientist and a programmer could someone guide me on how to get started with inspecting the unity code and maybe i could provide with some features to the upcoming client?

are you using dnspy to decompile the game assets?


if someone else is also interested in working on this or just messing around

game is il2cpp'd.
good luck trying to use dnspy for anything useful.
just dump the il2cpp assembly and use the rva's to reverse the functions that are interesting in ida.
if the name has been obfuscated try phishing your way across the assembly using unity functions.

[darkbadidea]

open beta live

[novastarz]

Azuki would you mind sharing the custom injector you are using? I'm a programmer new to hacking so not having to go full rambo would be nice

ty

[DIA4A]

Azuki would you mind sharing the custom injector you are using? I'm a programmer new to hacking so not having to go full rambo would be nice

ty

If you just want an injector, the one I use for everything from csgo to exalt is xenos which also is open source

[Azuki]

Azuki would you mind sharing the custom injector you are using? I'm a programmer new to hacking so not having to go full rambo would be nice

ty

i am not using a custom injector.
i use extreme injector

- - - Updated - - -

hey guys.
i've reversed part of the game handling mini map objects in order to get a better insight into entities.

Code:

il2cpp:0000000180AA15C0 ; void __stdcall CreateMinimap(NPOHFCAEIPO_o *this)

here's some pseudo i've reversed from this function

Code:

public static void Snippet() {
    Types v7 = *(this + 0xB4);
    // v7 = NPOHFCAEIPO_o.NEHLICCCJKO;
    var v8 = *(this + 0x18); // OBJECT PROPERTIES
    // v8 = NPOHFCAEIPO_o.KBHGDKHKJGB

    if (v7 == Character) {
        if (!v8) 
            throw new Exception();
        if (v8.isEnemy) {
            var v17 = v8.ColorElement;
            if (!v17) {
                // set color to red
            }
            var v19 = String.Replace(v17, "unk", "unk");
            UnityEngine.ColorUtility.TryParseHtmlString(v19, out v36)
        } else if (!(*(this 0x20))
            finalize();
    }
}

public enum Types{
    Character = 7
}

as you can see it has some fundamental enemy checks. so NPOHFCAEIPO is definitely the class we should look at :)
(previous update)

[DIA4A]

i am not using a custom injector.
i use extreme injector

- - - Updated - - -

hey guys.
i've reversed part of the game handling mini map objects in order to get a better insight into entities.

Code:

il2cpp:0000000180AA15C0 ; void __stdcall CreateMinimap(NPOHFCAEIPO_o *this)

here's some pseudo i've reversed from this function

Code:

public static void Snippet() {
    Types v7 = *(this + 0xB4);
    // v7 = NPOHFCAEIPO_o.NEHLICCCJKO;
    var v8 = *(this + 0x18); // OBJECT PROPERTIES
    // v8 = NPOHFCAEIPO_o.KBHGDKHKJGB

    if (v7 == Character) {
        if (!v8) 
            throw new Exception();
        if (v8.isEnemy) {
            var v17 = v8.ColorElement;
            if (!v17) {
                // set color to red
            }
            var v19 = String.Replace(v17, "unk", "unk");
            UnityEngine.ColorUtility.TryParseHtmlString(v19, out v36)
        } else if (!(*(this 0x20))
            finalize();
    }
}

public enum Types{
    Character = 7
}

as you can see it has some fundamental enemy checks. so NPOHFCAEIPO is definitely the class we should look at
(previous update)

This is pretty interesting stuff but do you by any chance know if this creates the minimap or is just instead of a __stdcall perhaps a __thiscall and its just part of a class so its simply doing m_pEntity.AddToMiniMap() or any sub pointer contained in entities like say csgo has for animstate that contains said info? If so a simple detour would allow one to just cache all entities probably, so if you dont mind any xrefs to it as 0000000180AA15C0 seems to be pointing to more or less fuckall in my IDA would be appreciated!

[Azuki]

This is pretty interesting stuff but do you by any chance know if this creates the minimap or is just instead of a __stdcall perhaps a __thiscall and its just part of a class so its simply doing m_pEntity.AddToMiniMap() or any sub pointer contained in entities like say csgo has for animstate that contains said info? If so a simple detour would allow one to just cache all entities probably, so if you dont mind any xrefs to it as 0000000180AA15C0 seems to be pointing to more or less fuckall in my IDA would be appreciated!

yeah all pointers from the version before current so they're outdated.
also it's probably a entity.AddToMinimap() but I haven't looked too much into it, I just gave the function that name so I could easily find it again in IDA.
I'm currently waiting on Autoanalysis to finish but I'll drop the new function here in a bit once that's finished.