How to locate new code for updating on each build

[JustAnoobROTMG]

You need
* Yogda
* Rabdcasm
* A good text editor like notepad++ or Ultraedit (NOT NOTEPAD)

From one version to another, we must update "names" in the hacks code. I mean value names, function names, classes names, property names...

AUTONEXUS :

Code:

getlex QName(PackageNamespace(""), "_-mH"); UPDATING
convert_d
getlex QName(PackageNamespace(""), "_-24"); UPDATING
convert_d
divide
pushbyte 7
convert_d
pushbyte 20
convert_d
divide
ifgt L475
getlex              QName(PackageNamespace(""), "map_")
getproperty         QName(PackageNamespace(""), "gs_")
getproperty         QName(PackageNamespace(""), "gsc_")
callpropvoid        QName(PackageNamespace(""), "_-m3"), 0 ; UPDATING (nexus function)

What does this code?

We are in a Player object. A player has some properties , such as Currenthealth and Maxhealth..
Retreiving this two values is done with

getlex QName(PackageNamespace(""), "_-mH"); //Getcurrenthealth
getlex QName(PackageNamespace(""), "_-24"); //GetMaxhealth

where _-mH and _-24 change on each build ..

I decompiled the 123.5.0 client using racbdasm and i used Astrogrep to find in the code where the old variable name is used..
Best way is to find and "initproperty" line...

So, first old variable to searh was "_-mH" . I found

Code:

 
  trait slot QName(PackageNamespace(""), "_-mH") type QName(PackageNamespace(""), "int") value Integer(200) end
  trait slot QName(PackageNamespace(""), "_-24") type QName(PackageNamespace(""), "int") value Integer(200) end

in GameObject.class.asasm.

A lucky find, because the other value , "_-24", is the other value we need
MaxHealth and CurrentHealth are by default initialised to 200 . It make perfect senses to use the same value for both.

We just have to search in the GameObject.class.asasm OF THE CURRENT BUILD (123.5.1) something similar to this..
And, guess what :

Code:

  trait slot QName(PackageNamespace(""), "_-LT") type QName(PackageNamespace(""), "int") value Integer(200) end
  trait slot QName(PackageNamespace(""), "_-aY") type QName(PackageNamespace(""), "int") value Integer(200) end

We have our two names !

If we dig a bit there is also

Code:

getlocal1
     pushstring          "MaxHitPoints"
     callproperty        Multiname("hasOwnProperty", [PrivateNamespace("*", "com.company.assembleegameclient.objects:GameObject#0"), StaticProtectedNs("_-iP"), PackageNamespace(""), PackageNamespace("com.company.assembleegameclient.objects"), ProtectedNamespace("_-iP"), PrivateNamespace("*", "com.company.assembleegameclient.objects:GameObject#1"), PackageInternalNs("com.company.assembleegameclient.objects"), Namespace("https://adobe.com/AS3/2006/builtin"), StaticProtectedNs("_-0-I")]), 1
     iffalse             L286

     getlocal0
     getlocal0
     findpropstrict      QName(PackageNamespace(""), "int")
     getlocal1
     getproperty         Multiname("MaxHitPoints", [PrivateNamespace("*", "com.company.assembleegameclient.objects:GameObject#0"), StaticProtectedNs("_-iP"), PackageNamespace(""), PackageNamespace("com.company.assembleegameclient.objects"), ProtectedNamespace("_-iP"), PrivateNamespace("*", "com.company.assembleegameclient.objects:GameObject#1"), PackageInternalNs("com.company.assembleegameclient.objects"), Namespace("https://adobe.com/AS3/2006/builtin"), StaticProtectedNs("_-0-I")])
     callproperty        QName(PackageNamespace(""), "int"), 1
     dup
     setlocal            5

     initproperty        QName(PackageNamespace(""), "_-LT")

     getlocal            5
     kill                5
     initproperty        QName(PackageNamespace(""), "_-aY")

     getlocal            6

See the "MaxHitPoints".. near a code where something is done to our beloved variables...


*FInding new nexus function :


1) Using Astrogrep, i locate in THE OLD DECOMPILED CLIENT the _-m3 function (which is the nexus function)


I found it is in the com/company/assembleegameclient/net/_-zc.class.asasm class . NB : THE _-zc PART CHANGE ON EACH BUILD !

2) We need to navigate to the matching class in yogda
com.company.assembleegameclient.net.-zc

"
Then, we must have a look at contants, variable names, function names that doenst change, like in this case ALLYSHOOT, AOEHACK..

3) Navigate to the _-m3 function and ... look at for easily memorizable code pattern, like this one


4) Now we need to find on the NEW BUILD, in the com/company/assembleegameclient/net
* what is the new class (old one was -_zc, remember?)

Here it is . Just search for same class pattern than in 5.0


5) Then
* in the new class, what is the news nexus function ?

browse for functions, and look for a function which is similar to the old nexus function



New nexus fonction is _-M6..


UPDATING NO DEBUFF

Just open "%ConditionEffects.class.asasm" (somewhere in you decompiled files) to fing a variable name under each "Condition Name" ("Blind", etc..)

Code:

  dup
    pushbyte            8
    getlocal0
    pushstring          "Blind"
    getlex              QName(PackageNamespace(""), "_-Et")
    pushbyte            41

To block this effect we need to find in the GameObject class (UNDER YOGDA) WHICH FUNCTION IS USING THIS "_-Et" property (and insert the pushfalse/returnvalue ).
We only need to look into the functions that has no arguments and returns a boolean

I.e Myfunction() : Boolean

Moreover, all functions of GameObject that are related to Conditions effects have this in the code

Code:

getproperty _-9B //same for each function (remember _-9Bchange on each build)
getlex com.company.assembleegameclient.util:ConditionEffect
getproperty _-sm  //property depending of the Condition effect. The property name we've just read in %ConditionEffects.class.asasm :)

So , we need to find the function with THIS CODE

Code:

getproperty _-9B //same for each function
getlex com.company.assembleegameclient.util:ConditionEffect
getproperty _-Et  //property depending of the Condition effect. The property name we've just read in %ConditionEffects.class.asasm :)

This is the _-rL function. We've just found the Blind function to modify

[059]

Great in depth tut.

[JustAnoobROTMG]

I will complete it with the aimbot & No particle tomorrow..
Aimbot require a lot of work !

[dwdude]

Astrogrep. Where have you been my entire life?

[gorgor]

awesome !
excatly what I was asking earlier.
Thanks a lot !

[john29990]

I have been messing with client and I was wondering if it would be possible to change dungeons so that as soon as you enter you see the whole map already laid out. I have found the dungeons but I am still a noob at doing all this. If it wasn't for the good directions I would have had no chance to make my own client. Any suggestions would be great. Thanks

[JustAnoobROTMG]

I have been messing with client and I was wondering if it would be possible to change dungeons so that as soon as you enter you see the whole map already laid out. I have found the dungeons but I am still a noob at doing all this. If it wasn't for the good directions I would have had no chance to make my own client. Any suggestions would be great. Thanks

I dont think it is possible . I think dungeon informations is send when you explore it..
Moreover, i dont like this kind of modification. Dungeon exploration may be tricky, that's the whole point of dungeons !

I was planning to explain how to update Aimbot by yourself but since DanZ and Whitebag scammers can't stop doing shit, i WONT DO THAT.
Stop supporting them, stop thanking them... Dont blame me , its their fault !
Suggestion : When the next build come so modified that we need a fresh updated client, i hope real hackers here will wait some time before updating aimbot...
We'll see if DanZ can do real work instead of putting his name on a course he made using someone else recipe..

I was on the way to delete the tutorial then i realised its useless : it was posted on the Internet, it can't be deleted

[john29990]

I was planning to explain how to update Aimbot by yourself but since DanZ and Whitebag scammers can't stop doing shit, i WONT DO THAT.
Stop supporting them, stop thanking them... Dont blame me , its their fault !
Suggestion : When the next build come so modified that we need a fresh updated client, i hope real hackers here will wait some time before updating aimbot...
We'll see if DanZ can do real work instead of putting his name on a course he made using someone else recipe..

I agree with you. I would rather find a way to update and work on it without all these people releasing it. I assume that now it is out there how we create the aim bot that the devs will change things to make it harder. I also find it funny that people will just copy and paste post here by 1 person and put it on other sites as their own. As for people releasing clients they should just stop. If people are too lazy to learn to do it themselves then they shouldn't have one. On top of that if you are not one of the people contributing the codes don't release a client.

BTW thanks for your help with what I was asking you

[Strudul]

I dont think it is possible . I think dungeon informations is send when you explore it..
Moreover, i dont like this kind of modification. Dungeon exploration may be tricky, that's the whole point of dungeons !

If it was possible though.....

When you are 8/8, dungeon exploring isn't tricky, it is just kinda frustrating going the wrong way all the time. It would also be nice to check for secret rooms in manor/snake/abyss.

[JustAnoobROTMG]

I was thinking about doing abyss with a robe class .. Even with a 8/8 one, those rushing deamons are quite frustrating
BTW, if you are a 8/8, exploring is a minor problem

[Strudul]

I was thinking about doing abyss with a robe class .. Even with a 8/8 one, those rushing deamons are quite frustrating
BTW, if you are a 8/8, exploring is a minor problem

I am 8/8 Necro (robe class) and abyss is still pretty easy.

You can't exactly rush... but working your way through ain't a problem.

Exploring isn't really a problem, more a waste of time. I usually go rush the boss, then have to explore every single room looking for the secret one. Most of the time it isn't even there, so I just wasted all that time when I could be farming pots or whatever. D:

[pokie]

Very nice tut for any1 who really wants to update their own client each build....tnx for that JustAnoobROTMG =3

Looks like you only listed auto-nexus tut+debuffs...what about auto-aim? etc xD Other then that, keep up the good work.

[JustAnoobROTMG]

read the whole thread ....

[pokie]

I still see auto-nexus+debuff in the code. Am I missing something? xD

[JustAnoobROTMG]

As more people want to learn, i should bump this thread