-
[Guide] Creating AoB Edits - Advanced Flash Game Hacking
Intro:
The purpose of this guide is to hopefully explain the process as simple as possible so you can start creating your own AOBs for flash games you play. It is not difficult to learn, just tedious. At the end of this guide you will be decompiling games in no time. I only ask that you contribute your findings to this forum by creating a thread, but it is up to you to decide because you are the one who put in the effort to find them.
I will be using Neopets as an example for everything in this guide, as they are a good starting point for anyone wanting to learn to create Array of Bytes edits due to their relatively small game files.
Games... There are two ways to cheat games on Neopets: using a Score Sender (SS) or using Array of Bytes (AoB). In the Neopian world, Score Senders are superior in every way. SSing is convenient and and fast, plus someone else is doing most of the work for you. But SS is not very forgiving when it comes to human error. Submitting the wrong time or score can lead to a freeze/ban. AOBs on the other hand are very forgiving in this aspect. Any mistake you make in the game can be simply fixed by reloading the game. It is also versatile, there are many games besides neopets that you can use AOBs on.
If you want a lower risk alternative I would suggest using AOBs. It is a great way to get trophies and avatars especially if your score is going to be reviewed. The downside to using AOBs is it will require more effort on your part.
Requirements:- Knowledge to use AoB with Cheat Engine - See AoB sticky for more info
- Firefox - We will be using a firefox addon to download SWF. I wouldn't suggest using anything else if you want to follow along.
- Firefox Addon - Download Flash and Video - https://addons.mozilla.org/en-US/fir...ash-and-video/
- Cheat Engine - See tools sticky for more info
- Sothink SWF Decompiler - See tools sticky for more info (You can download the 30 day trial to follow along)
- Calculator - calc.exe on your computer will do. We need this to convert between our Decimal system and the game's Hexadecimal system. This is because AOBs are all in hexadecimal format.
Decimal system(Base 10): 0 1 2 3 4 5 6 7 8 9
Hexadecimal system(Base 16): 0 1 2 3 4 5 6 7 8 9 A B C D E F
Downloading the game to your computer:[LIST]
First, you will need a game to download. We will be using Sophie's Stew to follow along.
Games | Kids Games | Virtual Games & Pets | Games for Kids | Neopets
Once you are there, you will notice the icon with the down arrow become blue. Click it and select the swf that begins with a g.
Note: gxxx_vxx_xxxxx.swf only applies to Neopets.
Note2: This addon is really good at showing swf loaded by preloaders. Neopet uses a preloader. With firefox, if you right click on the page and select "Page Info" then go to the Media tab, sort the list by Types and look for an Object type, you will ONLY see np8_include_v20.swf. This is what we call a preloader. It is good to note that sometimes the addon can miss a file, and you should double check in Page Info if you feel you can't find the right swf. In Neopets, this never happens though.
Using Sothink SWF Decopiler
Once you open the file you have downloaded, to the right of the screen you should see this;
This is the decompiled view of the SWF you downloaded. The code we need is located SOMEWHERE in a folder called Action. Press the + from the above picture, and then the + from Action as well so you see the files inside.
Remember how I said this was a tedious task but not necessarily hard? Well, I'll make it easy for the sake of learning to use Sothink, but normally you'd have to find what you want to modify yourself by looking at the code, and doing "Search All AS" to find what the code is used for across the whole game. For now, do a "Search All AS" using this;
It should look like this;
The numbers I wrote are to make it easier for me to explain what is happening on the screen, they are not steps to take.
- 1. This is the Search field. When you find something in the code that might be relevant, you should write it down there and "Search All As" to find every instance of that keyword in the SWF. In our example today, we searched life_changeBy.
- 2. This is where the search results show up. If you click one, you can use the up and down arrows to navigate between the search results.
- 3. This shows you where the code you're currently viewing is located.
- 4. This is the line that we'll be creating an AoB edit with.
- 5. The picture you are currently seeing is using the Source Code view. This is where you'll be doing your searches.
- 6. The Raw Data button is what you'll use to find the Hexadecimal representation of the code. This is where you will find your Original AoB for your search in Cheat Engine.
Go ahead and press Raw Data once you've found this line.
Code:
_root.script.myGame.life_changeBy(-1);
Once you've clicked on Raw Data, life_changeBy will still be in the search field. Use the button called "Search Current AS". The first thing it will find will be part of the _constantPool - This is not what you want. Click "Search Current AS" once more and you will be at the location we now want.
The function we were looking at was at line 172 earlier, but in Raw Data mode, it's at line 1529! I am saying this to make you understand that every function requires multiple actions, which means multiple lines in Raw Data and you will need more than just the line you have found in Raw Data. For this example. I'll dissect it for you.
The first time I saw Raw Data - This was my reaction.
Fear not, it's not that complicated!
Creating the AoB edit
Code:
//96 0e 00 07 ff ff ff ff 07 01 00 00 00 04 02 08 31
_push 4294967295 1 register2 "script"
//4e
_getMember
//96 02 00 08 32
_push "myGame"
//4e
_getMember
//96 02 00 08 51
_push "life_changeBy"
//52
_callMethod
//17
_pop
This is the full section of Raw Data that represents our earlier line of code. Yes, this is 1 line. I have learned to sift through code like this by referencing myself with 2 sources. Use these sources to understand where _push begins and Register2 starts, etc.
AVM1/AS2 - Globeriz Project: Flash VM Instruction Reference/Overview
This link has a LOT of information on understanding Raw Data code and can teach you a LOT more if you wish to understand what is happening here.
AVM2/AS3(Newer flash games) - AVM2 Instructions
So taking out the assembly commands, we're left with this;
Code:
96 0e 00 07 ff ff ff ff 07 01 00 00 00 04 02 08 31 4e 96 02 00 08 32 4e 96 02 00 08 51 52 17
If you search for this using Cheat Engine, you will find 1 result. Great! However, there is certain rules I like to follow to make sure I don't have to update the AoB every time a patch comes along. The rules are listed at the end of this post. Lets make this AoB a bit shorter shall we?
So, using process of elimination, we notice that the only 1 in the Raw Data is on the first line and is probably the only 1 we'll need. Lets see if taking from _push to right before "script" still leave only 1 result. _push is (96) 4294967295 is (FF FF FF FF - Use the calculator you'll see) and we know that 1 in hex is 1. If you need to know more than this, use the AVM1/AS2 link I provided. All neopets games I've found so far are coded in AS2 - Facebook games for the most part in AS3.
Code:
96 0e 00 07 ff ff ff ff 07 01 00 00 00
This only gives 1 result! Great! It's also decently short, GREAT! 1 in hex is 01, so lets make this a 0 (00 in hex).
Code:
96 0e 00 07 ff ff ff ff 07 01 00 00 00
96 0e 00 07 ff ff ff ff 07 00 00 00 00
There you have it, your original and modified AoB! Enjoy your unlimited lives!
General Rules for creating AoB edits.
- The lenght of the modified AoB should ALWAYS be the same lenght as the original. Working with AS3 - If you're a few bytes short, fill the rest with "02" - This is NOP. Nop stands for "Do Nothing" in assembly. This is ****ing MAGICAL.
- Your AoB should only return 1 result when searched. Start with ONLY the few bytes you're changing, and add a byte, search... Etc until you only find 1 result. This ensures that cheat tables don't pick up the wrong AoB, as aobscan() only uses the first result found. It also makes it much easier for new users to use your AoB.
- Make your AoB as short as it can be while respecting the above rule. This is to ensure that if the game code changes, there is less chance that your AoB will no longer work.
- When editing numbers, never go over 127 (7F) per byte. 128 is -1.
- Keep track of how you found the AoB. Feel free to use the template I created below.
Code:
#############
# Goal: Unlimited Lives
# Code Location: Action/sprite 814(__Packages.classes.GrossFood)::function move()
# Action Required: Changed the Int pushed to life_changeBy from -1 to 0 when dropping items.
CODE: _root.script.myGame.life_changeBy(-1);
BYTE: 96 0e 00 07 ff ff ff ff 07 01 00 00 00
CODE: _root.script.myGame.life_changeBy(0);
BYTE: 96 0e 00 07 ff ff ff ff 07 00 00 00 00
Common techniques for making flash game AoB cheats:
- 1. Changing jump/if conditions
- 2. Changing the value of constants
- 3. Nop out a call using 0x02 AND nop out arguments to push onto stack
- 4. Change type of arithmetic operation
- 5. Change variable reference index
- 6. Unrandomize results by NOPping out the randomNumber instruction
Links you should keep handy:
AVM1/AS2 - Globeriz Project: Flash VM Instruction Reference/Overview
AVM2/AS3(Newer flash games) - AVM2 Instructions
I know this is lots of information to take in, so please leave constructive comments. If I can make it easier to understand or make some things more clear to you guys, I'd love to have the feedback and I will update the guide! Thanks for taking the time to absorb this knowledge and becoming the one holding the spoon handle rather than being the one being fed.
Last edited by Parog; 03-01-2014 at 12:21 AM.
What's a Parog?
Looking for competitive Valorant team!
-
Post Thanks / Like - 3 Thanks
-
Great job, commenting so I remember to come play tomorrow when I wake up.
-
Member
well detailed Guide thanks so easy
-
Member
-
Member
game hacker file is useful for these processes I downloaded from here Game Hacker Android Hile Apk indir
-
Member
Anime has a special place in everyone’s heart, whether it is a child or an adult. Anime is loved by everyone. Watching anime is the most peaceful and fun thing to do but imagine playing with anime characters. It looks so fun and exciting. There is an amazing gaming application where you can play with anime. The amazing gaming application which I am talking about is Saradas training Mod Apk Download For Android. This game was made with the story of Konoha village, this game was made for the training of Hokage. Who was the famous father of ninjas? The ninja in this game is you. Yes, you are given the character of ninja in this game. You have to pretend to be a ninja in this game. In the Saradas gaming application, you are given a role to play.
-
Member
Anime has a unique area in absolutely everyone’s heart, whether it's for a infant or a grownup. Anime is loved with the aid of anyone. Watching anime is the maximum peaceful and amusing factor to do but imagine playing with anime characters. It appears so a laugh and thrilling. There is an amazing gaming utility where you may play with anime. The fantastic gaming software that I am talking about is Saradas schooling Mod Apk Download For Android. This sport became made with the tale of Konoha village, this sport turned into made for th this game. You have to fake to be a ninja in this recreation. In the Saradas gaming application
Last edited by smithraaj; 01-30-2024 at 12:25 AM.