What’s going on, updates, and Terraria server!

So it’s been a while. Half a year I think since I’ve updated practically anything on this blog. Back then it was all about WoW stuff, hacking it, botting it, and what not. Those days are gone now. I’ve lost interest not only in World of Warcraft itself for nearly a year now, I’ve even lost interest in hacking, botting and cheating in every respect in it. That’s when you know a game is bad. The future of this blog won’t cover any World of Warcraft anymore, sorry folks! We’ll be focusing on coding still, and maybe hacking some other games – so there’s still much fun to be had!

I’ve been getting into these indie games lately, and I must say they’re quite fun to play – and on top of that, you can quit after 15 minutes. That is amazing. One of these games I’ve been playing is called Terraria. It’s been topping the Steam listings for a week or three now, and a few of my friends told me to get it, so I decided it may be worth the 10 quid, and gave it a go.

Now, the problem with these games is that I don’t really like playing solo. When I play these games, I love to do multiplayer with some mates, and have a go at things. Problem is you need a server to do so, because Terraria doesn’t support peer to peer, which is a good thing! However, when the developers launched with that idea, they didn’t figure out they may want to provide server software so third party hosters could host Terraria for us to play on! Instead, you have to run the game twice, sort your port forwarding, or use the ever-so-tedious Hamachi. You can’t run the server on a serverbox, because the game client requires Direct3D, direct 3D requires a graphics card, and server boxes do not have graphics cards. On top of that you need a whole lot of XNA and Visual Studio crap. Luckily for me, I already had those, so it wasn’t too much of a hassle.

There is a bright side to all this misery though; Terraria is written in C# .NET, and exposes its entire API. I think. Well, most of it anyway. That’s why I’ll be focusing the coming week on developing a server client for this which relies solely on the Terraria assembly, and can actually run on my server box. I’ll be posting the progress on here, and I’ll figure out what I do with the release – it may be open source, but I’m not sure what the Terraria devs think about that, so I guess I’ll contact them first. Hey, at least I’m not decompiling their assemblies and ripping their code to make a server (which required Direct3D still, so it still sucked) like the guy on their forums, who got banned by the way.

I’ve given it a spin for an hour or two earlier today, and turns out I can already have the client find the server across the internet, so I don’t think the rest will be a problem. What I do find worrying is that you can apparently connect to any TcpClient across the net with Terraria, and who knows what they stream at you through it? I don’t. If Terraria is to grow, they will most certainly need to step up their security, otherwise it’s going to be really easy for malicious developers to pull tricks with those servers.

See you in a few days when the first few screenshots, and perhaps a few lines of code can be spilled. Who knows!

ps. I’m going to have a good laugh if I beat the Terraria devs to making a properly working server package. Really.
ps 2. Yes, the entire thing will be freeware. Period. I’m not going to charge for something which compliments a successful game like this. Don’t worry!

World of Warcraft 4.0.1 updated IDA database

I know it’s a bit late, but still. If you haven’t got around to updating your IDA database by either a Diff file or by completely re-doing it, then this post is for you.

The attached IDA 32-bit database features:

• Rebased to 0×1000 for relative address space.
• Renamed all engine functions and LUA’s.
• Generic awesomeness.

Enjoy reversing and updating!

Download (21.99 MB) [*.r00 (WinRAR)]

Finding a process’ base address

Simply put; the addresses of World of Warcraft are now relative to its main thread. That being said, you need to be able to dynamically fetch the base address of the World of Warcraft process beforeyou can do any reads or writes.

Here’s a quick property to cycle through the selected process’ modules, and pick the one we’re after:

/// <summary>
        /// Gets or sets the process.
        /// </summary>
        /// <value>The process.</value>
        /// 14/10/2010 16:52
        public static Process Process { get; set; }

        /// <summary>
        /// Gets the base address of the World of Warcraft application.
        /// </summary>
        /// <value>The [IntPtr] BaseAddress.</value>
        /// 14/10/2010 16:55
        public static IntPtr BaseAddress
        {
            get
            {
                var ret = new IntPtr();
                var modules = Process.Modules;

                for (var i=0; i<modules.Count;i++)
                {
                    if (modules[i].ModuleName.Contains("Wow")) ret = modules[i].BaseAddress;
                }

                return ret;
            }
        }

Obviously you could also fetch Process.MainModule.BaseAddress, but again, I’d rather keep the loop – assuming there is no second module with Wow in it – this code will keep working even if at some point Wow isn’t its own main module. (Which would be odd, but hey)

Symphonix

** Warning – Very “dry” read up front, but an interesting read nonetheless.

Well, it’s been a while, but I think I have something big to announce here today. Pretty much, everyone’s heard about cloud computing by now, and if you haven’t, you’re probably either above the age of 50, or you have been living under a rock for the past few years. Can’t miss on that one.

Now, cloud computing is all fine and dandy, and the idea is absolutely brilliant, but we’re really, really far away from a proper implementation of it – that is, where it can actually replace your hard drive, which is the way Google presented the idea as. Now, we may be far away from that, but we’re not far away from applying the basic principle of cloud computing on a somewhat smaller scale.

Just count the amount of “small programs” you have on your computer, and if you’re someone who does more on his computer than just hanging around on MSN and playing a game every now and then, they can sum up to quite a few. All of these applications aren’t too large, something like 500KB up to 5MB, right? However, the developers of these applications often do still push updates for them.  Keeping them up to date and even organised can become quite a hectic and tedious process, the more of them you get.

This is the reason Symphonix was designed. It was designed to launch small (1KB – 20MB) applications entirely from the internet. Of course you do need to download them, but Symphonix takes care of all this for you. This way, all applications are at the developer’s ‘place’, and the customer can launch the most recent version whenever they need it, while their configuration files and preferences are stored by Symphonix, so the applications still adapt to their preferences.

Right now I can’t tell you too much about it, but what I can in fact tell is that Symphonix is compatible with over 99% of the world’s regular, http websites. Meaning you don’t have to have a special web-server of any sort, your current web host will most likely be able to host a program for Symphonix to run, in the near future.

Battle.net Authenticator for Windows

It’s here .. a Battle.net Authenticator for Windows!

And no, it’s not Blizzard’s. This is a custom, yet fully supporting Battle.net Authenticator to run on your PC.

Currently, this authenticator features the following:

• Full support for Battle.net accounts.
• Support for both EU and US.
• It’s always synced perfectly.

So, you don’t have to buy an authenticator, nor do you have to have your iPhone handy at all times to login to your account. You can now do all that, easily, and securely using this very authenticator. And of course, credtis to Kynox for his lib!

Read more…

Click To Move unsafe?

Recently, there have been quite the rumours about CTM not being safe, being detectable, and the works:

Originally posted by PiroX:

New Detection Information:
Very important! CTM seems to be unsafe at the moment. Disable CTM (Click to move) in bot under Main

Detection Status
– Safe with memory reading (pvpTool without Mem options)
– CTM seems to be unsafe
– MemLooting seems to be safe

Let me clear one thing up for you (or remind you, perhaps?) PiroX’s pvpTool is written in AutoIt. AutoIt CAN NOT HOOK. Which means it has to resort to direct memory writes to a pulsed struct to achieve something like CTM. Now, wouldn’t it be down-right easy for Warden to determine if the stuff in the CTM struct originates from an engine call or from an external program? (The CTM actions are timestamped, mind you. And 9.99/10 people don’t timestamp when they remotely write to the CTM struct)

Long story short, if you hook, and you do it properly; you’ll probably be safe until they nail your hook. If you write to the struct? You may end up with a ban, who knows. Warden is packed since 3.3.5, and no one really knows what it does yet.

I’m glad Blizzard is back into the anti-cheating stuff, being a bad kid gets boring if no one is watching the playground.

Originally Posted by Ski

What does that even mean? How would “CTM” be detectable? Its an ingame option that thousands of people, botters and nonbotters alike, use.

Rofl. I assumed a moderator of the Buddy Team would know his stuff. I assumed wrong.

IsSwimming, IsMounted

I’ve had someone asking me how to determine if the player is swimming or not, and I answered: it’s simple, reverse the IsSwimming LUA function.

So, dig it up in IDA, and look for the following:

.text:006D855E                 test    eax, eax
.text:006D8560                 jz      short loc_6D8589
.text:006D8562                 test    dword ptr [eax+0A30h], 200000h
.text:006D856C                 jz      short loc_6D8589

Now, say after me, eax is where the local player is stored, and eax+0A30h is being compared to 0×200000, eax+0a30h is very likely to return whether we’re swimming or not.

public bool IsSwimming
{
	return ObjectManager.Memory.ReadInt(BaseAddress + 0xA30h) == 0x200000;
}

Should therefore make sense, right?

IsMounted is reversed in the same manner, and uses the exact same field, just a different flag:

.text:006D865E                 test    eax, eax
.text:006D8660                 jz      short loc_6D8692
.text:006D8662                 cmp     dword ptr [eax+9C0h], 0
.text:006D8669                 jle     short loc_6D8692
.text:006D866B                 test    dword ptr [eax+0A30h], 10000000h
.text:006D8675                 jnz     short loc_6D8692

public bool IsMounted
{
	return ObjectManager.Memory.ReadInt(BaseAddress + 0x0A30h) == 0x10000000;
}

I haven't tested this code personally, but I'm pretty confident it's accurate.

GSpellTimer, simplified.

For the – by now, somewhat – old botters among us, and specifically those who used to make Custom Classes for Glider, you’ll know that Glider used a object called the GSpellTimer. The GSpellTimer was used extensively in Glider, and a sample of it shown here: Glider.Common.Objects.GSpellTimer. Now, I don’t know about you, but I find this functionality extremely useful when making Combat stuff, for example to use it for spell cooldowns!

As you may know, I’m currently working on a small gathering bot, which uses the Spectre Framework by Seifer as its main interface to World of Warcraft.

Now, I’ve coded a small, 20~ line of code class, which replicates exactly what the GSpellTimer did. And as per usual, some demo code:

public SpellTimer GlobalCooldown = new SpellTimer(1500);

if (GlobalCooldown.IsReady)
Logging.Write(“Global cooldown finished.”);

Enjoy.

Back to the Basics: List Manipulation

First in the Back to the Basics series: List Manipulation! This is probably the most boring, and tedious thing for the beginner-coder, if not done properly. Today we’ll be covering this stuff, along with a Visual Studio 2008 project so you can experiment a bit yourself.

Let’s shed some light on the structure of the application first, so you know what we’re working with:

• One central Order class. This contains all the properties related to the orders.
• One central List<Order>, containing all the Orders we have stored in our application.
• Various methods, ie. Insert, Update, Delete. These manipulate the objects in the list, in a straight-forward manner.

So, with that out of the way, there are a few things I highly recommend you read up on – it’ll make your life a lot easier!

Read more…

Spectre

In the coming month or so, I’ll be working on a project which goes by the name of Spectre.

It’ll be a ‘basic’ out-of-process bot for World of Warcraft, which may even end up being open-source and available to the general public.
Along with Spectre, I’ll be updating this journal again; posting some interesting pieces of code, and general methods and approaches.

So stay tuned, and it’ll definitely be worth your while dropping by every now and then!